Merge remote-tracking branch 'origin/dev' into feat/openai-responses-api

feat(frontend): add "Run now" button to schedule view (#12388 )
2026-03-17 03:00:27 -04:00 · 2026-03-16 18:21:33 +09:00 · 2026-03-16 18:19:05 +09:00 · 2026-03-16 17:00:41 +08:00 · 2026-03-16 09:00:25 +00:00 · 2026-03-16 11:43:55 +09:00
201 changed files with 14167 additions and 1973 deletions
--- a/autogpt_platform/analytics/queries/auth_activities.sql
+++ b/autogpt_platform/analytics/queries/auth_activities.sql
@@ -0,0 +1,40 @@
+-- =============================================================
+-- View: analytics.auth_activities
+-- Looker source alias: ds49  |  Charts: 1
+-- =============================================================
+-- DESCRIPTION
+--   Tracks authentication events (login, logout, SSO, password
+--   reset, etc.) from Supabase's internal audit log.
+--   Useful for monitoring sign-in patterns and detecting anomalies.
+--
+-- SOURCE TABLES
+--   auth.audit_log_entries  — Supabase internal auth event log
+--
+-- OUTPUT COLUMNS
+--   created_at      TIMESTAMPTZ  When the auth event occurred
+--   actor_id        TEXT         User ID who triggered the event
+--   actor_via_sso   TEXT         Whether the action was via SSO ('true'/'false')
+--   action          TEXT         Event type (e.g. 'login', 'logout', 'token_refreshed')
+--
+-- WINDOW
+--   Rolling 90 days from current date
+--
+-- EXAMPLE QUERIES
+--   -- Daily login counts
+--   SELECT DATE_TRUNC('day', created_at) AS day, COUNT(*) AS logins
+--   FROM analytics.auth_activities
+--   WHERE action = 'login'
+--   GROUP BY 1 ORDER BY 1;
+--
+--   -- SSO vs password login breakdown
+--   SELECT actor_via_sso, COUNT(*) FROM analytics.auth_activities
+--   WHERE action = 'login' GROUP BY 1;
+-- =============================================================
+
+SELECT
+    created_at,
+    payload->>'actor_id'      AS actor_id,
+    payload->>'actor_via_sso' AS actor_via_sso,
+    payload->>'action'        AS action
+FROM auth.audit_log_entries
+WHERE created_at >= NOW() - INTERVAL '90 days'
--- a/autogpt_platform/analytics/queries/graph_execution.sql
+++ b/autogpt_platform/analytics/queries/graph_execution.sql
@@ -0,0 +1,105 @@
+-- =============================================================
+-- View: analytics.graph_execution
+-- Looker source alias: ds16  |  Charts: 21
+-- =============================================================
+-- DESCRIPTION
+--   One row per agent graph execution (last 90 days).
+--   Unpacks the JSONB stats column into individual numeric columns
+--   and normalises the executionStatus — runs that failed due to
+--   insufficient credits are reclassified as 'NO_CREDITS' for
+--   easier filtering.  Error messages are scrubbed of IDs and URLs
+--   to allow safe grouping.
+--
+-- SOURCE TABLES
+--   platform.AgentGraphExecution  — Execution records
+--   platform.AgentGraph           — Agent graph metadata (for name)
+--   platform.LibraryAgent         — To flag possibly-AI (safe-mode) agents
+--
+-- OUTPUT COLUMNS
+--   id                TEXT         Execution UUID
+--   agentGraphId      TEXT         Agent graph UUID
+--   agentGraphVersion INT          Graph version number
+--   executionStatus   TEXT         COMPLETED | FAILED | NO_CREDITS | RUNNING | QUEUED | TERMINATED
+--   createdAt         TIMESTAMPTZ  When the execution was queued
+--   updatedAt         TIMESTAMPTZ  Last status update time
+--   userId            TEXT         Owner user UUID
+--   agentGraphName    TEXT         Human-readable agent name
+--   cputime           DECIMAL      Total CPU seconds consumed
+--   walltime          DECIMAL      Total wall-clock seconds
+--   node_count        DECIMAL      Number of nodes in the graph
+--   nodes_cputime     DECIMAL      CPU time across all nodes
+--   nodes_walltime    DECIMAL      Wall time across all nodes
+--   execution_cost    DECIMAL      Credit cost of this execution
+--   correctness_score FLOAT        AI correctness score (if available)
+--   possibly_ai       BOOLEAN      True if agent has sensitive_action_safe_mode enabled
+--   groupedErrorMessage TEXT       Scrubbed error string (IDs/URLs replaced with wildcards)
+--
+-- WINDOW
+--   Rolling 90 days (createdAt > CURRENT_DATE - 90 days)
+--
+-- EXAMPLE QUERIES
+--   -- Daily execution counts by status
+--   SELECT DATE_TRUNC('day', "createdAt") AS day, "executionStatus", COUNT(*)
+--   FROM analytics.graph_execution
+--   GROUP BY 1, 2 ORDER BY 1;
+--
+--   -- Average cost per execution by agent
+--   SELECT "agentGraphName", AVG("execution_cost") AS avg_cost, COUNT(*) AS runs
+--   FROM analytics.graph_execution
+--   WHERE "executionStatus" = 'COMPLETED'
+--   GROUP BY 1 ORDER BY avg_cost DESC;
+--
+--   -- Top error messages
+--   SELECT "groupedErrorMessage", COUNT(*) AS occurrences
+--   FROM analytics.graph_execution
+--   WHERE "executionStatus" = 'FAILED'
+--   GROUP BY 1 ORDER BY 2 DESC LIMIT 20;
+-- =============================================================
+
+SELECT
+    ge."id"                                                        AS id,
+    ge."agentGraphId"                                              AS agentGraphId,
+    ge."agentGraphVersion"                                         AS agentGraphVersion,
+    CASE
+        WHEN jsonb_exists(ge."stats"::jsonb, 'error')
+         AND (
+               (ge."stats"::jsonb->>'error') ILIKE '%insufficient balance%'
+            OR (ge."stats"::jsonb->>'error') ILIKE '%you have no credits left%'
+             )
+        THEN 'NO_CREDITS'
+        ELSE CAST(ge."executionStatus" AS TEXT)
+    END                                                            AS executionStatus,
+    ge."createdAt"                                                 AS createdAt,
+    ge."updatedAt"                                                 AS updatedAt,
+    ge."userId"                                                    AS userId,
+    g."name"                                                       AS agentGraphName,
+    (ge."stats"::jsonb->>'cputime')::decimal                       AS cputime,
+    (ge."stats"::jsonb->>'walltime')::decimal                      AS walltime,
+    (ge."stats"::jsonb->>'node_count')::decimal                    AS node_count,
+    (ge."stats"::jsonb->>'nodes_cputime')::decimal                 AS nodes_cputime,
+    (ge."stats"::jsonb->>'nodes_walltime')::decimal                AS nodes_walltime,
+    (ge."stats"::jsonb->>'cost')::decimal                          AS execution_cost,
+    (ge."stats"::jsonb->>'correctness_score')::float               AS correctness_score,
+    COALESCE(la.possibly_ai, FALSE)                                AS possibly_ai,
+    REGEXP_REPLACE(
+        REGEXP_REPLACE(
+            TRIM(BOTH '"' FROM ge."stats"::jsonb->>'error'),
+            '(https?://)([A-Za-z0-9.-]+)(:[0-9]+)?(/[^\s]*)?',
+            '\1\2/...', 'gi'
+        ),
+        '[a-zA-Z0-9_:-]*\d[a-zA-Z0-9_:-]*', '*', 'g'
+    )                                                              AS groupedErrorMessage
+FROM platform."AgentGraphExecution" ge
+LEFT JOIN platform."AgentGraph" g
+       ON ge."agentGraphId" = g."id"
+      AND ge."agentGraphVersion" = g."version"
+LEFT JOIN (
+    SELECT DISTINCT ON ("userId", "agentGraphId")
+           "userId", "agentGraphId",
+           ("settings"::jsonb->>'sensitive_action_safe_mode')::boolean AS possibly_ai
+    FROM platform."LibraryAgent"
+    WHERE "isDeleted"  = FALSE
+      AND "isArchived" = FALSE
+    ORDER BY "userId", "agentGraphId", "agentGraphVersion" DESC
+) la ON la."userId" = ge."userId" AND la."agentGraphId" = ge."agentGraphId"
+WHERE ge."createdAt" > CURRENT_DATE - INTERVAL '90 days'
--- a/autogpt_platform/analytics/queries/node_block_execution.sql
+++ b/autogpt_platform/analytics/queries/node_block_execution.sql
@@ -0,0 +1,101 @@
+-- =============================================================
+-- View: analytics.node_block_execution
+-- Looker source alias: ds14  |  Charts: 11
+-- =============================================================
+-- DESCRIPTION
+--   One row per node (block) execution (last 90 days).
+--   Unpacks stats JSONB and joins to identify which block type
+--   was run.  For failed nodes, joins the error output and
+--   scrubs it for safe grouping.
+--
+-- SOURCE TABLES
+--   platform.AgentNodeExecution              — Node execution records
+--   platform.AgentNode                       — Node → block mapping
+--   platform.AgentBlock                      — Block name/ID
+--   platform.AgentNodeExecutionInputOutput   — Error output values
+--
+-- OUTPUT COLUMNS
+--   id                    TEXT         Node execution UUID
+--   agentGraphExecutionId TEXT         Parent graph execution UUID
+--   agentNodeId           TEXT         Node UUID within the graph
+--   executionStatus       TEXT         COMPLETED | FAILED | QUEUED | RUNNING | TERMINATED
+--   addedTime             TIMESTAMPTZ  When the node was queued
+--   queuedTime            TIMESTAMPTZ  When it entered the queue
+--   startedTime           TIMESTAMPTZ  When execution started
+--   endedTime             TIMESTAMPTZ  When execution finished
+--   inputSize             BIGINT       Input payload size in bytes
+--   outputSize            BIGINT       Output payload size in bytes
+--   walltime              NUMERIC      Wall-clock seconds for this node
+--   cputime               NUMERIC      CPU seconds for this node
+--   llmRetryCount         INT          Number of LLM retries
+--   llmCallCount          INT          Number of LLM API calls made
+--   inputTokenCount       BIGINT       LLM input tokens consumed
+--   outputTokenCount      BIGINT       LLM output tokens produced
+--   blockName             TEXT         Human-readable block name (e.g. 'OpenAIBlock')
+--   blockId               TEXT         Block UUID
+--   groupedErrorMessage   TEXT         Scrubbed error (IDs/URLs wildcarded)
+--   errorMessage          TEXT         Raw error output (only set when FAILED)
+--
+-- WINDOW
+--   Rolling 90 days (addedTime > CURRENT_DATE - 90 days)
+--
+-- EXAMPLE QUERIES
+--   -- Most-used blocks by execution count
+--   SELECT "blockName", COUNT(*) AS executions,
+--          COUNT(*) FILTER (WHERE "executionStatus"='FAILED') AS failures
+--   FROM analytics.node_block_execution
+--   GROUP BY 1 ORDER BY executions DESC LIMIT 20;
+--
+--   -- Average LLM token usage per block
+--   SELECT "blockName",
+--          AVG("inputTokenCount") AS avg_input_tokens,
+--          AVG("outputTokenCount") AS avg_output_tokens
+--   FROM analytics.node_block_execution
+--   WHERE "llmCallCount" > 0
+--   GROUP BY 1 ORDER BY avg_input_tokens DESC;
+--
+--   -- Top failure reasons
+--   SELECT "blockName", "groupedErrorMessage", COUNT(*) AS count
+--   FROM analytics.node_block_execution
+--   WHERE "executionStatus" = 'FAILED'
+--   GROUP BY 1, 2 ORDER BY count DESC LIMIT 20;
+-- =============================================================
+
+SELECT
+    ne."id"                                                            AS id,
+    ne."agentGraphExecutionId"                                         AS agentGraphExecutionId,
+    ne."agentNodeId"                                                   AS agentNodeId,
+    CAST(ne."executionStatus" AS TEXT)                                 AS executionStatus,
+    ne."addedTime"                                                     AS addedTime,
+    ne."queuedTime"                                                    AS queuedTime,
+    ne."startedTime"                                                   AS startedTime,
+    ne."endedTime"                                                     AS endedTime,
+    (ne."stats"::jsonb->>'input_size')::bigint                         AS inputSize,
+    (ne."stats"::jsonb->>'output_size')::bigint                        AS outputSize,
+    (ne."stats"::jsonb->>'walltime')::numeric                          AS walltime,
+    (ne."stats"::jsonb->>'cputime')::numeric                           AS cputime,
+    (ne."stats"::jsonb->>'llm_retry_count')::int                       AS llmRetryCount,
+    (ne."stats"::jsonb->>'llm_call_count')::int                        AS llmCallCount,
+    (ne."stats"::jsonb->>'input_token_count')::bigint                  AS inputTokenCount,
+    (ne."stats"::jsonb->>'output_token_count')::bigint                 AS outputTokenCount,
+    b."name"                                                           AS blockName,
+    b."id"                                                             AS blockId,
+    REGEXP_REPLACE(
+        REGEXP_REPLACE(
+            TRIM(BOTH '"' FROM eio."data"::text),
+            '(https?://)([A-Za-z0-9.-]+)(:[0-9]+)?(/[^\s]*)?',
+            '\1\2/...', 'gi'
+        ),
+        '[a-zA-Z0-9_:-]*\d[a-zA-Z0-9_:-]*', '*', 'g'
+    )                                                                  AS groupedErrorMessage,
+    eio."data"                                                         AS errorMessage
+FROM platform."AgentNodeExecution" ne
+LEFT JOIN platform."AgentNode" nd
+       ON ne."agentNodeId" = nd."id"
+LEFT JOIN platform."AgentBlock" b
+       ON nd."agentBlockId" = b."id"
+LEFT JOIN platform."AgentNodeExecutionInputOutput" eio
+       ON eio."referencedByOutputExecId" = ne."id"
+      AND eio."name" = 'error'
+      AND ne."executionStatus" = 'FAILED'
+WHERE ne."addedTime" > CURRENT_DATE - INTERVAL '90 days'
--- a/autogpt_platform/analytics/queries/retention_agent.sql
+++ b/autogpt_platform/analytics/queries/retention_agent.sql
@@ -0,0 +1,97 @@
+-- =============================================================
+-- View: analytics.retention_agent
+-- Looker source alias: ds35  |  Charts: 2
+-- =============================================================
+-- DESCRIPTION
+--   Weekly cohort retention broken down per individual agent.
+--   Cohort = week of a user's first use of THAT specific agent.
+--   Tells you which agents keep users coming back vs. one-shot
+--   use. Only includes cohorts from the last 180 days.
+--
+-- SOURCE TABLES
+--   platform.AgentGraphExecution  — Execution records (user × agent × time)
+--   platform.AgentGraph           — Agent names
+--
+-- OUTPUT COLUMNS
+--   agent_id            TEXT   Agent graph UUID
+--   agent_label         TEXT   'AgentName [first8chars]'
+--   agent_label_n       TEXT   'AgentName [first8chars] (n=total_users)'
+--   cohort_week_start   DATE   Week users first ran this agent
+--   cohort_label        TEXT   ISO week label
+--   cohort_label_n      TEXT   ISO week label with cohort size
+--   user_lifetime_week  INT    Weeks since first use of this agent
+--   cohort_users        BIGINT Users in this cohort for this agent
+--   active_users        BIGINT Users who ran the agent again in week k
+--   retention_rate      FLOAT  active_users / cohort_users
+--   cohort_users_w0     BIGINT cohort_users only at week 0 (safe to SUM)
+--   agent_total_users   BIGINT Total users across all cohorts for this agent
+--
+-- EXAMPLE QUERIES
+--   -- Best-retained agents at week 2
+--   SELECT agent_label, AVG(retention_rate) AS w2_retention
+--   FROM analytics.retention_agent
+--   WHERE user_lifetime_week = 2 AND cohort_users >= 10
+--   GROUP BY 1 ORDER BY w2_retention DESC LIMIT 10;
+--
+--   -- Agents with most unique users
+--   SELECT DISTINCT agent_label, agent_total_users
+--   FROM analytics.retention_agent
+--   ORDER BY agent_total_users DESC LIMIT 20;
+-- =============================================================
+
+WITH params AS (SELECT 12::int AS max_weeks, (CURRENT_DATE - INTERVAL '180 days') AS cohort_start),
+events AS (
+  SELECT e."userId"::text AS user_id, e."agentGraphId" AS agent_id,
+         e."createdAt"::timestamptz AS created_at,
+         DATE_TRUNC('week', e."createdAt")::date AS week_start
+  FROM platform."AgentGraphExecution" e
+),
+first_use AS (
+  SELECT user_id, agent_id, MIN(created_at) AS first_use_at,
+         DATE_TRUNC('week', MIN(created_at))::date AS cohort_week_start
+  FROM events GROUP BY 1,2
+  HAVING MIN(created_at) >= (SELECT cohort_start FROM params)
+),
+activity_weeks AS (SELECT DISTINCT user_id, agent_id, week_start FROM events),
+user_week_age AS (
+  SELECT aw.user_id, aw.agent_id, fu.cohort_week_start,
+         ((aw.week_start - DATE_TRUNC('week',fu.first_use_at)::date)/7)::int AS user_lifetime_week
+  FROM activity_weeks aw JOIN first_use fu USING (user_id, agent_id)
+  WHERE aw.week_start >= DATE_TRUNC('week',fu.first_use_at)::date
+),
+active_counts AS (
+  SELECT agent_id, cohort_week_start, user_lifetime_week, COUNT(DISTINCT user_id) AS active_users
+  FROM user_week_age WHERE user_lifetime_week >= 0 GROUP BY 1,2,3
+),
+cohort_sizes AS (
+  SELECT agent_id, cohort_week_start, COUNT(DISTINCT user_id) AS cohort_users FROM first_use GROUP BY 1,2
+),
+cohort_caps AS (
+  SELECT cs.agent_id, cs.cohort_week_start, cs.cohort_users,
+         LEAST((SELECT max_weeks FROM params),
+               GREATEST(0,((DATE_TRUNC('week',CURRENT_DATE)::date-cs.cohort_week_start)/7)::int)) AS cap_weeks
+  FROM cohort_sizes cs
+),
+grid AS (
+  SELECT cc.agent_id, cc.cohort_week_start, gs AS user_lifetime_week, cc.cohort_users
+  FROM cohort_caps cc CROSS JOIN LATERAL generate_series(0, cc.cap_weeks) gs
+),
+agent_names AS (SELECT DISTINCT ON (g."id") g."id" AS agent_id, g."name" AS agent_name FROM platform."AgentGraph" g ORDER BY g."id", g."version" DESC),
+agent_total_users AS (SELECT agent_id, SUM(cohort_users) AS agent_total_users FROM cohort_sizes GROUP BY 1)
+SELECT
+  g.agent_id,
+  COALESCE(an.agent_name,'(unnamed)')||' ['||LEFT(g.agent_id::text,8)||']'  AS agent_label,
+  COALESCE(an.agent_name,'(unnamed)')||' ['||LEFT(g.agent_id::text,8)||'] (n='||COALESCE(atu.agent_total_users,0)||')' AS agent_label_n,
+  g.cohort_week_start,
+  TO_CHAR(g.cohort_week_start,'IYYY-"W"IW')                               AS cohort_label,
+  TO_CHAR(g.cohort_week_start,'IYYY-"W"IW')||' (n='||g.cohort_users||')'  AS cohort_label_n,
+  g.user_lifetime_week, g.cohort_users,
+  COALESCE(ac.active_users,0)                                              AS active_users,
+  COALESCE(ac.active_users,0)::float / NULLIF(g.cohort_users,0)           AS retention_rate,
+  CASE WHEN g.user_lifetime_week=0 THEN g.cohort_users ELSE 0 END         AS cohort_users_w0,
+  COALESCE(atu.agent_total_users,0)                                        AS agent_total_users
+FROM grid g
+LEFT JOIN active_counts     ac  ON ac.agent_id=g.agent_id AND ac.cohort_week_start=g.cohort_week_start AND ac.user_lifetime_week=g.user_lifetime_week
+LEFT JOIN agent_names       an  ON an.agent_id=g.agent_id
+LEFT JOIN agent_total_users atu ON atu.agent_id=g.agent_id
+ORDER BY agent_label, g.cohort_week_start, g.user_lifetime_week;
--- a/autogpt_platform/analytics/queries/retention_execution_daily.sql
+++ b/autogpt_platform/analytics/queries/retention_execution_daily.sql
@@ -0,0 +1,81 @@
+-- =============================================================
+-- View: analytics.retention_execution_daily
+-- Looker source alias: ds111  |  Charts: 1
+-- =============================================================
+-- DESCRIPTION
+--   Daily cohort retention based on agent executions.
+--   Cohort anchor = day of user's FIRST ever execution.
+--   Only includes cohorts from the last 90 days, up to day 30.
+--   Great for early engagement analysis (did users run another
+--   agent the next day?).
+--
+-- SOURCE TABLES
+--   platform.AgentGraphExecution  — Execution records
+--
+-- OUTPUT COLUMNS
+--   Same pattern as retention_login_daily.
+--   cohort_day_start = day of first execution (not first login)
+--
+-- EXAMPLE QUERIES
+--   -- Day-3 execution retention
+--   SELECT cohort_label, retention_rate_bounded AS d3_retention
+--   FROM analytics.retention_execution_daily
+--   WHERE user_lifetime_day = 3 ORDER BY cohort_day_start;
+-- =============================================================
+
+WITH params AS (SELECT 30::int AS max_days, (CURRENT_DATE - INTERVAL '90 days') AS cohort_start),
+events AS (
+  SELECT e."userId"::text AS user_id, e."createdAt"::timestamptz AS created_at,
+         DATE_TRUNC('day', e."createdAt")::date AS day_start
+  FROM platform."AgentGraphExecution" e WHERE e."userId" IS NOT NULL
+),
+first_exec AS (
+  SELECT user_id, MIN(created_at) AS first_exec_at,
+         DATE_TRUNC('day', MIN(created_at))::date AS cohort_day_start
+  FROM events GROUP BY 1
+  HAVING MIN(created_at) >= (SELECT cohort_start FROM params)
+),
+activity_days AS (SELECT DISTINCT user_id, day_start FROM events),
+user_day_age AS (
+  SELECT ad.user_id, fe.cohort_day_start,
+         (ad.day_start - DATE_TRUNC('day',fe.first_exec_at)::date)::int AS user_lifetime_day
+  FROM activity_days ad JOIN first_exec fe USING (user_id)
+  WHERE ad.day_start >= DATE_TRUNC('day',fe.first_exec_at)::date
+),
+bounded_counts AS (
+  SELECT cohort_day_start, user_lifetime_day, COUNT(DISTINCT user_id) AS active_users_bounded
+  FROM user_day_age WHERE user_lifetime_day >= 0 GROUP BY 1,2
+),
+last_active AS (
+  SELECT cohort_day_start, user_id, MAX(user_lifetime_day) AS last_active_day FROM user_day_age GROUP BY 1,2
+),
+unbounded_counts AS (
+  SELECT la.cohort_day_start, gs AS user_lifetime_day, COUNT(*) AS retained_users_unbounded
+  FROM last_active la
+  CROSS JOIN LATERAL generate_series(0, LEAST(la.last_active_day,(SELECT max_days FROM params))) gs
+  GROUP BY 1,2
+),
+cohort_sizes AS (SELECT cohort_day_start, COUNT(DISTINCT user_id) AS cohort_users FROM first_exec GROUP BY 1),
+cohort_caps AS (
+  SELECT cs.cohort_day_start, cs.cohort_users,
+         LEAST((SELECT max_days FROM params), GREATEST(0,(CURRENT_DATE-cs.cohort_day_start)::int)) AS cap_days
+  FROM cohort_sizes cs
+),
+grid AS (
+  SELECT cc.cohort_day_start, gs AS user_lifetime_day, cc.cohort_users
+  FROM cohort_caps cc CROSS JOIN LATERAL generate_series(0, cc.cap_days) gs
+)
+SELECT
+  g.cohort_day_start,
+  TO_CHAR(g.cohort_day_start,'YYYY-MM-DD')                                AS cohort_label,
+  TO_CHAR(g.cohort_day_start,'YYYY-MM-DD')||' (n='||g.cohort_users||')'   AS cohort_label_n,
+  g.user_lifetime_day, g.cohort_users,
+  COALESCE(b.active_users_bounded,0)     AS active_users_bounded,
+  COALESCE(u.retained_users_unbounded,0) AS retained_users_unbounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(b.active_users_bounded,0)::float/g.cohort_users END    AS retention_rate_bounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(u.retained_users_unbounded,0)::float/g.cohort_users END AS retention_rate_unbounded,
+  CASE WHEN g.user_lifetime_day=0 THEN g.cohort_users ELSE 0 END          AS cohort_users_d0
+FROM grid g
+LEFT JOIN bounded_counts   b ON b.cohort_day_start=g.cohort_day_start AND b.user_lifetime_day=g.user_lifetime_day
+LEFT JOIN unbounded_counts u ON u.cohort_day_start=g.cohort_day_start AND u.user_lifetime_day=g.user_lifetime_day
+ORDER BY g.cohort_day_start, g.user_lifetime_day;
--- a/autogpt_platform/analytics/queries/retention_execution_weekly.sql
+++ b/autogpt_platform/analytics/queries/retention_execution_weekly.sql
@@ -0,0 +1,81 @@
+-- =============================================================
+-- View: analytics.retention_execution_weekly
+-- Looker source alias: ds92  |  Charts: 2
+-- =============================================================
+-- DESCRIPTION
+--   Weekly cohort retention based on agent executions.
+--   Cohort anchor = week of user's FIRST ever agent execution
+--   (not first login). Only includes cohorts from the last 180 days.
+--   Useful when you care about product engagement, not just visits.
+--
+-- SOURCE TABLES
+--   platform.AgentGraphExecution  — Execution records
+--
+-- OUTPUT COLUMNS
+--   Same pattern as retention_login_weekly.
+--   cohort_week_start = week of first execution (not first login)
+--
+-- EXAMPLE QUERIES
+--   -- Week-2 execution retention
+--   SELECT cohort_label, retention_rate_bounded
+--   FROM analytics.retention_execution_weekly
+--   WHERE user_lifetime_week = 2 ORDER BY cohort_week_start;
+-- =============================================================
+
+WITH params AS (SELECT 12::int AS max_weeks, (CURRENT_DATE - INTERVAL '180 days') AS cohort_start),
+events AS (
+  SELECT e."userId"::text AS user_id, e."createdAt"::timestamptz AS created_at,
+         DATE_TRUNC('week', e."createdAt")::date AS week_start
+  FROM platform."AgentGraphExecution" e WHERE e."userId" IS NOT NULL
+),
+first_exec AS (
+  SELECT user_id, MIN(created_at) AS first_exec_at,
+         DATE_TRUNC('week', MIN(created_at))::date AS cohort_week_start
+  FROM events GROUP BY 1
+  HAVING MIN(created_at) >= (SELECT cohort_start FROM params)
+),
+activity_weeks AS (SELECT DISTINCT user_id, week_start FROM events),
+user_week_age AS (
+  SELECT aw.user_id, fe.cohort_week_start,
+         ((aw.week_start - DATE_TRUNC('week',fe.first_exec_at)::date)/7)::int AS user_lifetime_week
+  FROM activity_weeks aw JOIN first_exec fe USING (user_id)
+  WHERE aw.week_start >= DATE_TRUNC('week',fe.first_exec_at)::date
+),
+bounded_counts AS (
+  SELECT cohort_week_start, user_lifetime_week, COUNT(DISTINCT user_id) AS active_users_bounded
+  FROM user_week_age WHERE user_lifetime_week >= 0 GROUP BY 1,2
+),
+last_active AS (
+  SELECT cohort_week_start, user_id, MAX(user_lifetime_week) AS last_active_week FROM user_week_age GROUP BY 1,2
+),
+unbounded_counts AS (
+  SELECT la.cohort_week_start, gs AS user_lifetime_week, COUNT(*) AS retained_users_unbounded
+  FROM last_active la
+  CROSS JOIN LATERAL generate_series(0, LEAST(la.last_active_week,(SELECT max_weeks FROM params))) gs
+  GROUP BY 1,2
+),
+cohort_sizes AS (SELECT cohort_week_start, COUNT(DISTINCT user_id) AS cohort_users FROM first_exec GROUP BY 1),
+cohort_caps AS (
+  SELECT cs.cohort_week_start, cs.cohort_users,
+         LEAST((SELECT max_weeks FROM params),
+               GREATEST(0,((DATE_TRUNC('week',CURRENT_DATE)::date-cs.cohort_week_start)/7)::int)) AS cap_weeks
+  FROM cohort_sizes cs
+),
+grid AS (
+  SELECT cc.cohort_week_start, gs AS user_lifetime_week, cc.cohort_users
+  FROM cohort_caps cc CROSS JOIN LATERAL generate_series(0, cc.cap_weeks) gs
+)
+SELECT
+  g.cohort_week_start,
+  TO_CHAR(g.cohort_week_start,'IYYY-"W"IW')                               AS cohort_label,
+  TO_CHAR(g.cohort_week_start,'IYYY-"W"IW')||' (n='||g.cohort_users||')'  AS cohort_label_n,
+  g.user_lifetime_week, g.cohort_users,
+  COALESCE(b.active_users_bounded,0)     AS active_users_bounded,
+  COALESCE(u.retained_users_unbounded,0) AS retained_users_unbounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(b.active_users_bounded,0)::float/g.cohort_users END    AS retention_rate_bounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(u.retained_users_unbounded,0)::float/g.cohort_users END AS retention_rate_unbounded,
+  CASE WHEN g.user_lifetime_week=0 THEN g.cohort_users ELSE 0 END         AS cohort_users_w0
+FROM grid g
+LEFT JOIN bounded_counts   b ON b.cohort_week_start=g.cohort_week_start AND b.user_lifetime_week=g.user_lifetime_week
+LEFT JOIN unbounded_counts u ON u.cohort_week_start=g.cohort_week_start AND u.user_lifetime_week=g.user_lifetime_week
+ORDER BY g.cohort_week_start, g.user_lifetime_week;
--- a/autogpt_platform/analytics/queries/retention_login_daily.sql
+++ b/autogpt_platform/analytics/queries/retention_login_daily.sql
@@ -0,0 +1,94 @@
+-- =============================================================
+-- View: analytics.retention_login_daily
+-- Looker source alias: ds112  |  Charts: 1
+-- =============================================================
+-- DESCRIPTION
+--   Daily cohort retention based on login sessions.
+--   Same logic as retention_login_weekly but at day granularity,
+--   showing up to day 30 for cohorts from the last 90 days.
+--   Useful for analysing early activation (days 1-7) in detail.
+--
+-- SOURCE TABLES
+--   auth.sessions  — Login session records
+--
+-- OUTPUT COLUMNS (same pattern as retention_login_weekly)
+--   cohort_day_start          DATE     First day the cohort logged in
+--   cohort_label              TEXT     Date string (e.g. '2025-03-01')
+--   cohort_label_n            TEXT     Date + cohort size (e.g. '2025-03-01 (n=12)')
+--   user_lifetime_day         INT      Days since first login (0 = signup day)
+--   cohort_users              BIGINT   Total users in cohort
+--   active_users_bounded      BIGINT   Users active on exactly day k
+--   retained_users_unbounded  BIGINT   Users active any time on/after day k
+--   retention_rate_bounded    FLOAT    bounded / cohort_users
+--   retention_rate_unbounded  FLOAT    unbounded / cohort_users
+--   cohort_users_d0           BIGINT   cohort_users only at day 0, else 0 (safe to SUM)
+--
+-- EXAMPLE QUERIES
+--   -- Day-1 retention rate (came back next day)
+--   SELECT cohort_label, retention_rate_bounded AS d1_retention
+--   FROM analytics.retention_login_daily
+--   WHERE user_lifetime_day = 1 ORDER BY cohort_day_start;
+--
+--   -- Average retention curve across all cohorts
+--   SELECT user_lifetime_day,
+--          SUM(active_users_bounded)::float / NULLIF(SUM(cohort_users_d0), 0) AS avg_retention
+--   FROM analytics.retention_login_daily
+--   GROUP BY 1 ORDER BY 1;
+-- =============================================================
+
+WITH params AS (SELECT 30::int AS max_days, (CURRENT_DATE - INTERVAL '90 days')::date AS cohort_start),
+events AS (
+  SELECT s.user_id::text AS user_id, s.created_at::timestamptz AS created_at,
+         DATE_TRUNC('day', s.created_at)::date AS day_start
+  FROM auth.sessions s WHERE s.user_id IS NOT NULL
+),
+first_login AS (
+  SELECT user_id, MIN(created_at) AS first_login_time,
+         DATE_TRUNC('day', MIN(created_at))::date AS cohort_day_start
+  FROM events GROUP BY 1
+  HAVING MIN(created_at) >= (SELECT cohort_start FROM params)
+),
+activity_days AS (SELECT DISTINCT user_id, day_start FROM events),
+user_day_age AS (
+  SELECT ad.user_id, fl.cohort_day_start,
+         (ad.day_start - DATE_TRUNC('day', fl.first_login_time)::date)::int AS user_lifetime_day
+  FROM activity_days ad JOIN first_login fl USING (user_id)
+  WHERE ad.day_start >= DATE_TRUNC('day', fl.first_login_time)::date
+),
+bounded_counts AS (
+  SELECT cohort_day_start, user_lifetime_day, COUNT(DISTINCT user_id) AS active_users_bounded
+  FROM user_day_age WHERE user_lifetime_day >= 0 GROUP BY 1,2
+),
+last_active AS (
+  SELECT cohort_day_start, user_id, MAX(user_lifetime_day) AS last_active_day FROM user_day_age GROUP BY 1,2
+),
+unbounded_counts AS (
+  SELECT la.cohort_day_start, gs AS user_lifetime_day, COUNT(*) AS retained_users_unbounded
+  FROM last_active la
+  CROSS JOIN LATERAL generate_series(0, LEAST(la.last_active_day,(SELECT max_days FROM params))) gs
+  GROUP BY 1,2
+),
+cohort_sizes AS (SELECT cohort_day_start, COUNT(DISTINCT user_id) AS cohort_users FROM first_login GROUP BY 1),
+cohort_caps AS (
+  SELECT cs.cohort_day_start, cs.cohort_users,
+         LEAST((SELECT max_days FROM params), GREATEST(0,(CURRENT_DATE-cs.cohort_day_start)::int)) AS cap_days
+  FROM cohort_sizes cs
+),
+grid AS (
+  SELECT cc.cohort_day_start, gs AS user_lifetime_day, cc.cohort_users
+  FROM cohort_caps cc CROSS JOIN LATERAL generate_series(0, cc.cap_days) gs
+)
+SELECT
+  g.cohort_day_start,
+  TO_CHAR(g.cohort_day_start,'YYYY-MM-DD')                                  AS cohort_label,
+  TO_CHAR(g.cohort_day_start,'YYYY-MM-DD')||' (n='||g.cohort_users||')'     AS cohort_label_n,
+  g.user_lifetime_day, g.cohort_users,
+  COALESCE(b.active_users_bounded,0)     AS active_users_bounded,
+  COALESCE(u.retained_users_unbounded,0) AS retained_users_unbounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(b.active_users_bounded,0)::float/g.cohort_users END    AS retention_rate_bounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(u.retained_users_unbounded,0)::float/g.cohort_users END AS retention_rate_unbounded,
+  CASE WHEN g.user_lifetime_day=0 THEN g.cohort_users ELSE 0 END            AS cohort_users_d0
+FROM grid g
+LEFT JOIN bounded_counts   b ON b.cohort_day_start=g.cohort_day_start AND b.user_lifetime_day=g.user_lifetime_day
+LEFT JOIN unbounded_counts u ON u.cohort_day_start=g.cohort_day_start AND u.user_lifetime_day=g.user_lifetime_day
+ORDER BY g.cohort_day_start, g.user_lifetime_day;
--- a/autogpt_platform/analytics/queries/retention_login_onboarded_weekly.sql
+++ b/autogpt_platform/analytics/queries/retention_login_onboarded_weekly.sql
@@ -0,0 +1,96 @@
+-- =============================================================
+-- View: analytics.retention_login_onboarded_weekly
+-- Looker source alias: ds101  |  Charts: 2
+-- =============================================================
+-- DESCRIPTION
+--   Weekly cohort retention from login sessions, restricted to
+--   users who "onboarded" — defined as running at least one
+--   agent within 365 days of their first login.
+--   Filters out users who signed up but never activated,
+--   giving a cleaner view of engaged-user retention.
+--
+-- SOURCE TABLES
+--   auth.sessions                  — Login session records
+--   platform.AgentGraphExecution   — Used to identify onboarders
+--
+-- OUTPUT COLUMNS
+--   Same as retention_login_weekly (cohort_week_start, user_lifetime_week,
+--   retention_rate_bounded, retention_rate_unbounded, etc.)
+--   Only difference: cohort is filtered to onboarded users only.
+--
+-- EXAMPLE QUERIES
+--   -- Compare week-4 retention: all users vs onboarded only
+--   SELECT 'all_users' AS segment, AVG(retention_rate_bounded) AS w4_retention
+--   FROM analytics.retention_login_weekly WHERE user_lifetime_week = 4
+--   UNION ALL
+--   SELECT 'onboarded', AVG(retention_rate_bounded)
+--   FROM analytics.retention_login_onboarded_weekly WHERE user_lifetime_week = 4;
+-- =============================================================
+
+WITH params AS (SELECT 12::int AS max_weeks, 365::int AS onboarding_window_days),
+events AS (
+  SELECT s.user_id::text AS user_id, s.created_at::timestamptz AS created_at,
+         DATE_TRUNC('week', s.created_at)::date AS week_start
+  FROM auth.sessions s WHERE s.user_id IS NOT NULL
+),
+first_login_all AS (
+  SELECT user_id, MIN(created_at) AS first_login_time,
+         DATE_TRUNC('week', MIN(created_at))::date AS cohort_week_start
+  FROM events GROUP BY 1
+),
+onboarders AS (
+  SELECT fl.user_id FROM first_login_all fl
+  WHERE EXISTS (
+    SELECT 1 FROM platform."AgentGraphExecution" e
+    WHERE e."userId"::text = fl.user_id
+      AND e."createdAt" >= fl.first_login_time
+      AND e."createdAt" < fl.first_login_time
+          + make_interval(days => (SELECT onboarding_window_days FROM params))
+  )
+),
+first_login AS (SELECT * FROM first_login_all WHERE user_id IN (SELECT user_id FROM onboarders)),
+activity_weeks AS (SELECT DISTINCT user_id, week_start FROM events),
+user_week_age AS (
+  SELECT aw.user_id, fl.cohort_week_start,
+         ((aw.week_start - DATE_TRUNC('week',fl.first_login_time)::date)/7)::int AS user_lifetime_week
+  FROM activity_weeks aw JOIN first_login fl USING (user_id)
+  WHERE aw.week_start >= DATE_TRUNC('week',fl.first_login_time)::date
+),
+bounded_counts AS (
+  SELECT cohort_week_start, user_lifetime_week, COUNT(DISTINCT user_id) AS active_users_bounded
+  FROM user_week_age WHERE user_lifetime_week >= 0 GROUP BY 1,2
+),
+last_active AS (
+  SELECT cohort_week_start, user_id, MAX(user_lifetime_week) AS last_active_week FROM user_week_age GROUP BY 1,2
+),
+unbounded_counts AS (
+  SELECT la.cohort_week_start, gs AS user_lifetime_week, COUNT(*) AS retained_users_unbounded
+  FROM last_active la
+  CROSS JOIN LATERAL generate_series(0, LEAST(la.last_active_week,(SELECT max_weeks FROM params))) gs
+  GROUP BY 1,2
+),
+cohort_sizes AS (SELECT cohort_week_start, COUNT(DISTINCT user_id) AS cohort_users FROM first_login GROUP BY 1),
+cohort_caps AS (
+  SELECT cs.cohort_week_start, cs.cohort_users,
+         LEAST((SELECT max_weeks FROM params),
+               GREATEST(0,((DATE_TRUNC('week',CURRENT_DATE)::date-cs.cohort_week_start)/7)::int)) AS cap_weeks
+  FROM cohort_sizes cs
+),
+grid AS (
+  SELECT cc.cohort_week_start, gs AS user_lifetime_week, cc.cohort_users
+  FROM cohort_caps cc CROSS JOIN LATERAL generate_series(0, cc.cap_weeks) gs
+)
+SELECT
+  g.cohort_week_start,
+  TO_CHAR(g.cohort_week_start,'IYYY-"W"IW')                               AS cohort_label,
+  TO_CHAR(g.cohort_week_start,'IYYY-"W"IW')||' (n='||g.cohort_users||')'  AS cohort_label_n,
+  g.user_lifetime_week, g.cohort_users,
+  COALESCE(b.active_users_bounded,0)     AS active_users_bounded,
+  COALESCE(u.retained_users_unbounded,0) AS retained_users_unbounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(b.active_users_bounded,0)::float/g.cohort_users END    AS retention_rate_bounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(u.retained_users_unbounded,0)::float/g.cohort_users END AS retention_rate_unbounded,
+  CASE WHEN g.user_lifetime_week=0 THEN g.cohort_users ELSE 0 END         AS cohort_users_w0
+FROM grid g
+LEFT JOIN bounded_counts   b ON b.cohort_week_start=g.cohort_week_start AND b.user_lifetime_week=g.user_lifetime_week
+LEFT JOIN unbounded_counts u ON u.cohort_week_start=g.cohort_week_start AND u.user_lifetime_week=g.user_lifetime_week
+ORDER BY g.cohort_week_start, g.user_lifetime_week;
--- a/autogpt_platform/analytics/queries/retention_login_weekly.sql
+++ b/autogpt_platform/analytics/queries/retention_login_weekly.sql
@@ -0,0 +1,103 @@
+-- =============================================================
+-- View: analytics.retention_login_weekly
+-- Looker source alias: ds83  |  Charts: 2
+-- =============================================================
+-- DESCRIPTION
+--   Weekly cohort retention based on login sessions.
+--   Users are grouped by the ISO week of their first ever login.
+--   For each cohort × lifetime-week combination, outputs both:
+--     - bounded rate: % active in exactly that week
+--     - unbounded rate: % who were ever active on or after that week
+--   Weeks are capped to the cohort's actual age (no future data points).
+--
+-- SOURCE TABLES
+--   auth.sessions  — Login session records
+--
+-- HOW TO READ THE OUTPUT
+--   cohort_week_start   The Monday of the week users first logged in
+--   user_lifetime_week  0 = signup week, 1 = one week later, etc.
+--   retention_rate_bounded   = active_users_bounded / cohort_users
+--   retention_rate_unbounded = retained_users_unbounded / cohort_users
+--
+-- OUTPUT COLUMNS
+--   cohort_week_start         DATE     First day of the cohort's signup week
+--   cohort_label              TEXT     ISO week label (e.g. '2025-W01')
+--   cohort_label_n            TEXT     ISO week label with cohort size (e.g. '2025-W01 (n=42)')
+--   user_lifetime_week        INT      Weeks since first login (0 = signup week)
+--   cohort_users              BIGINT   Total users in this cohort (denominator)
+--   active_users_bounded      BIGINT   Users active in exactly week k
+--   retained_users_unbounded  BIGINT   Users active any time on/after week k
+--   retention_rate_bounded    FLOAT    bounded active / cohort_users
+--   retention_rate_unbounded  FLOAT    unbounded retained / cohort_users
+--   cohort_users_w0           BIGINT   cohort_users only at week 0, else 0 (safe to SUM in pivot tables)
+--
+-- EXAMPLE QUERIES
+--   -- Week-1 retention rate per cohort
+--   SELECT cohort_label, retention_rate_bounded AS w1_retention
+--   FROM analytics.retention_login_weekly
+--   WHERE user_lifetime_week = 1
+--   ORDER BY cohort_week_start;
+--
+--   -- Overall average retention curve (all cohorts combined)
+--   SELECT user_lifetime_week,
+--          SUM(active_users_bounded)::float / NULLIF(SUM(cohort_users_w0), 0) AS avg_retention
+--   FROM analytics.retention_login_weekly
+--   GROUP BY 1 ORDER BY 1;
+-- =============================================================
+
+WITH params AS (SELECT 12::int AS max_weeks),
+events AS (
+  SELECT s.user_id::text AS user_id, s.created_at::timestamptz AS created_at,
+         DATE_TRUNC('week', s.created_at)::date AS week_start
+  FROM auth.sessions s WHERE s.user_id IS NOT NULL
+),
+first_login AS (
+  SELECT user_id, MIN(created_at) AS first_login_time,
+         DATE_TRUNC('week', MIN(created_at))::date AS cohort_week_start
+  FROM events GROUP BY 1
+),
+activity_weeks AS (SELECT DISTINCT user_id, week_start FROM events),
+user_week_age AS (
+  SELECT aw.user_id, fl.cohort_week_start,
+         ((aw.week_start - DATE_TRUNC('week', fl.first_login_time)::date) / 7)::int AS user_lifetime_week
+  FROM activity_weeks aw JOIN first_login fl USING (user_id)
+  WHERE aw.week_start >= DATE_TRUNC('week', fl.first_login_time)::date
+),
+bounded_counts AS (
+  SELECT cohort_week_start, user_lifetime_week, COUNT(DISTINCT user_id) AS active_users_bounded
+  FROM user_week_age WHERE user_lifetime_week >= 0 GROUP BY 1,2
+),
+last_active AS (
+  SELECT cohort_week_start, user_id, MAX(user_lifetime_week) AS last_active_week FROM user_week_age GROUP BY 1,2
+),
+unbounded_counts AS (
+  SELECT la.cohort_week_start, gs AS user_lifetime_week, COUNT(*) AS retained_users_unbounded
+  FROM last_active la
+  CROSS JOIN LATERAL generate_series(0, LEAST(la.last_active_week,(SELECT max_weeks FROM params))) gs
+  GROUP BY 1,2
+),
+cohort_sizes AS (SELECT cohort_week_start, COUNT(DISTINCT user_id) AS cohort_users FROM first_login GROUP BY 1),
+cohort_caps AS (
+  SELECT cs.cohort_week_start, cs.cohort_users,
+         LEAST((SELECT max_weeks FROM params),
+               GREATEST(0,((DATE_TRUNC('week',CURRENT_DATE)::date - cs.cohort_week_start)/7)::int)) AS cap_weeks
+  FROM cohort_sizes cs
+),
+grid AS (
+  SELECT cc.cohort_week_start, gs AS user_lifetime_week, cc.cohort_users
+  FROM cohort_caps cc CROSS JOIN LATERAL generate_series(0, cc.cap_weeks) gs
+)
+SELECT
+  g.cohort_week_start,
+  TO_CHAR(g.cohort_week_start,'IYYY-"W"IW')                                    AS cohort_label,
+  TO_CHAR(g.cohort_week_start,'IYYY-"W"IW')||' (n='||g.cohort_users||')'       AS cohort_label_n,
+  g.user_lifetime_week, g.cohort_users,
+  COALESCE(b.active_users_bounded,0)     AS active_users_bounded,
+  COALESCE(u.retained_users_unbounded,0) AS retained_users_unbounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(b.active_users_bounded,0)::float/g.cohort_users END    AS retention_rate_bounded,
+  CASE WHEN g.cohort_users>0 THEN COALESCE(u.retained_users_unbounded,0)::float/g.cohort_users END AS retention_rate_unbounded,
+  CASE WHEN g.user_lifetime_week=0 THEN g.cohort_users ELSE 0 END               AS cohort_users_w0
+FROM grid g
+LEFT JOIN bounded_counts   b ON b.cohort_week_start=g.cohort_week_start AND b.user_lifetime_week=g.user_lifetime_week
+LEFT JOIN unbounded_counts u ON u.cohort_week_start=g.cohort_week_start AND u.user_lifetime_week=g.user_lifetime_week
+ORDER BY g.cohort_week_start, g.user_lifetime_week
--- a/autogpt_platform/analytics/queries/user_block_spending.sql
+++ b/autogpt_platform/analytics/queries/user_block_spending.sql
@@ -0,0 +1,71 @@
+-- =============================================================
+-- View: analytics.user_block_spending
+-- Looker source alias: ds6  |  Charts: 5
+-- =============================================================
+-- DESCRIPTION
+--   One row per credit transaction (last 90 days).
+--   Shows how users spend credits broken down by block type,
+--   LLM provider and model.  Joins node execution stats for
+--   token-level detail.
+--
+-- SOURCE TABLES
+--   platform.CreditTransaction   — Credit debit/credit records
+--   platform.AgentNodeExecution  — Node execution stats (for token counts)
+--
+-- OUTPUT COLUMNS
+--   transactionKey        TEXT         Unique transaction identifier
+--   userId                TEXT         User who was charged
+--   amount                DECIMAL      Credit amount (positive = credit, negative = debit)
+--   negativeAmount        DECIMAL      amount * -1 (convenience for spend charts)
+--   transactionType       TEXT         Transaction type (e.g. 'USAGE', 'REFUND', 'TOP_UP')
+--   transactionTime       TIMESTAMPTZ  When the transaction was recorded
+--   blockId               TEXT         Block UUID that triggered the spend
+--   blockName             TEXT         Human-readable block name
+--   llm_provider          TEXT         LLM provider (e.g. 'openai', 'anthropic')
+--   llm_model             TEXT         Model name (e.g. 'gpt-4o', 'claude-3-5-sonnet')
+--   node_exec_id          TEXT         Linked node execution UUID
+--   llm_call_count        INT          LLM API calls made in that execution
+--   llm_retry_count       INT          LLM retries in that execution
+--   llm_input_token_count INT          Input tokens consumed
+--   llm_output_token_count INT         Output tokens produced
+--
+-- WINDOW
+--   Rolling 90 days (createdAt > CURRENT_DATE - 90 days)
+--
+-- EXAMPLE QUERIES
+--   -- Total spend per user (last 90 days)
+--   SELECT "userId", SUM("negativeAmount") AS total_spent
+--   FROM analytics.user_block_spending
+--   WHERE "transactionType" = 'USAGE'
+--   GROUP BY 1 ORDER BY total_spent DESC;
+--
+--   -- Spend by LLM provider + model
+--   SELECT "llm_provider", "llm_model",
+--          SUM("negativeAmount") AS total_cost,
+--          SUM("llm_input_token_count") AS input_tokens,
+--          SUM("llm_output_token_count") AS output_tokens
+--   FROM analytics.user_block_spending
+--   WHERE "llm_provider" IS NOT NULL
+--   GROUP BY 1, 2 ORDER BY total_cost DESC;
+-- =============================================================
+
+SELECT
+    c."transactionKey"                                        AS transactionKey,
+    c."userId"                                                AS userId,
+    c."amount"                                                AS amount,
+    c."amount" * -1                                           AS negativeAmount,
+    c."type"                                                  AS transactionType,
+    c."createdAt"                                             AS transactionTime,
+    c.metadata->>'block_id'                                   AS blockId,
+    c.metadata->>'block'                                      AS blockName,
+    c.metadata->'input'->'credentials'->>'provider'           AS llm_provider,
+    c.metadata->'input'->>'model'                             AS llm_model,
+    c.metadata->>'node_exec_id'                               AS node_exec_id,
+    (ne."stats"->>'llm_call_count')::int                       AS llm_call_count,
+    (ne."stats"->>'llm_retry_count')::int                      AS llm_retry_count,
+    (ne."stats"->>'input_token_count')::int                    AS llm_input_token_count,
+    (ne."stats"->>'output_token_count')::int                   AS llm_output_token_count
+FROM platform."CreditTransaction" c
+LEFT JOIN platform."AgentNodeExecution" ne
+       ON (c.metadata->>'node_exec_id') = ne."id"::text
+WHERE c."createdAt" > CURRENT_DATE - INTERVAL '90 days'
--- a/autogpt_platform/analytics/queries/user_onboarding.sql
+++ b/autogpt_platform/analytics/queries/user_onboarding.sql
@@ -0,0 +1,45 @@
+-- =============================================================
+-- View: analytics.user_onboarding
+-- Looker source alias: ds68  |  Charts: 3
+-- =============================================================
+-- DESCRIPTION
+--   One row per user onboarding record.  Contains the user's
+--   stated usage reason, selected integrations, completed
+--   onboarding steps and optional first agent selection.
+--   Full history (no date filter) since onboarding happens
+--   once per user.
+--
+-- SOURCE TABLES
+--   platform.UserOnboarding  — Onboarding state per user
+--
+-- OUTPUT COLUMNS
+--   id                            TEXT         Onboarding record UUID
+--   createdAt                     TIMESTAMPTZ  When onboarding started
+--   updatedAt                     TIMESTAMPTZ  Last update to onboarding state
+--   usageReason                   TEXT         Why user signed up (e.g. 'work', 'personal')
+--   integrations                  TEXT[]       Array of integration names the user selected
+--   userId                        TEXT         User UUID
+--   completedSteps                TEXT[]       Array of onboarding step enums completed
+--   selectedStoreListingVersionId TEXT         First marketplace agent the user chose (if any)
+--
+-- EXAMPLE QUERIES
+--   -- Usage reason breakdown
+--   SELECT "usageReason", COUNT(*) FROM analytics.user_onboarding GROUP BY 1;
+--
+--   -- Completion rate per step
+--   SELECT step, COUNT(*) AS users_completed
+--   FROM analytics.user_onboarding
+--   CROSS JOIN LATERAL UNNEST("completedSteps") AS step
+--   GROUP BY 1 ORDER BY users_completed DESC;
+-- =============================================================
+
+SELECT
+    id,
+    "createdAt",
+    "updatedAt",
+    "usageReason",
+    integrations,
+    "userId",
+    "completedSteps",
+    "selectedStoreListingVersionId"
+FROM platform."UserOnboarding"
--- a/autogpt_platform/analytics/queries/user_onboarding_funnel.sql
+++ b/autogpt_platform/analytics/queries/user_onboarding_funnel.sql
@@ -0,0 +1,100 @@
+-- =============================================================
+-- View: analytics.user_onboarding_funnel
+-- Looker source alias: ds74  |  Charts: 1
+-- =============================================================
+-- DESCRIPTION
+--   Pre-aggregated onboarding funnel showing how many users
+--   completed each step and the drop-off percentage from the
+--   previous step.  One row per onboarding step (all 22 steps
+--   always present, even with 0 completions — prevents sparse
+--   gaps from making LAG compare the wrong predecessors).
+--
+-- SOURCE TABLES
+--   platform.UserOnboarding  — Onboarding records with completedSteps array
+--
+-- OUTPUT COLUMNS
+--   step             TEXT     Onboarding step enum name (e.g. 'WELCOME', 'CONGRATS')
+--   step_order       INT      Numeric position in the funnel (1=first, 22=last)
+--   users_completed  BIGINT   Distinct users who completed this step
+--   pct_from_prev    NUMERIC  % of users from the previous step who reached this one
+--
+-- STEP ORDER
+--   1  WELCOME               9  MARKETPLACE_VISIT     17  SCHEDULE_AGENT
+--   2  USAGE_REASON         10  MARKETPLACE_ADD_AGENT  18  RUN_AGENTS
+--   3  INTEGRATIONS         11  MARKETPLACE_RUN_AGENT  19  RUN_3_DAYS
+--   4  AGENT_CHOICE         12  BUILDER_OPEN           20  TRIGGER_WEBHOOK
+--   5  AGENT_NEW_RUN        13  BUILDER_SAVE_AGENT     21  RUN_14_DAYS
+--   6  AGENT_INPUT          14  BUILDER_RUN_AGENT      22  RUN_AGENTS_100
+--   7  CONGRATS             15  VISIT_COPILOT
+--   8  GET_RESULTS          16  RE_RUN_AGENT
+--
+-- WINDOW
+--   Users who started onboarding in the last 90 days
+--
+-- EXAMPLE QUERIES
+--   -- Full funnel
+--   SELECT * FROM analytics.user_onboarding_funnel ORDER BY step_order;
+--
+--   -- Biggest drop-off point
+--   SELECT step, pct_from_prev FROM analytics.user_onboarding_funnel
+--   ORDER BY pct_from_prev ASC LIMIT 3;
+-- =============================================================
+
+WITH all_steps AS (
+  -- Complete ordered grid of all 22 steps so zero-completion steps
+  -- are always present, keeping LAG comparisons correct.
+  SELECT step_name, step_order
+  FROM (VALUES
+    ('WELCOME',               1),
+    ('USAGE_REASON',          2),
+    ('INTEGRATIONS',          3),
+    ('AGENT_CHOICE',          4),
+    ('AGENT_NEW_RUN',         5),
+    ('AGENT_INPUT',           6),
+    ('CONGRATS',              7),
+    ('GET_RESULTS',           8),
+    ('MARKETPLACE_VISIT',     9),
+    ('MARKETPLACE_ADD_AGENT', 10),
+    ('MARKETPLACE_RUN_AGENT', 11),
+    ('BUILDER_OPEN',          12),
+    ('BUILDER_SAVE_AGENT',    13),
+    ('BUILDER_RUN_AGENT',     14),
+    ('VISIT_COPILOT',         15),
+    ('RE_RUN_AGENT',          16),
+    ('SCHEDULE_AGENT',        17),
+    ('RUN_AGENTS',            18),
+    ('RUN_3_DAYS',            19),
+    ('TRIGGER_WEBHOOK',       20),
+    ('RUN_14_DAYS',           21),
+    ('RUN_AGENTS_100',        22)
+  ) AS t(step_name, step_order)
+),
+raw AS (
+  SELECT
+      u."userId",
+      step_txt::text AS step
+  FROM platform."UserOnboarding" u
+  CROSS JOIN LATERAL UNNEST(u."completedSteps") AS step_txt
+  WHERE u."createdAt" >= CURRENT_DATE - INTERVAL '90 days'
+),
+step_counts AS (
+  SELECT step, COUNT(DISTINCT "userId") AS users_completed
+  FROM raw GROUP BY step
+),
+funnel AS (
+  SELECT
+      a.step_name                          AS step,
+      a.step_order,
+      COALESCE(sc.users_completed, 0)      AS users_completed,
+      ROUND(
+        100.0 * COALESCE(sc.users_completed, 0)
+        / NULLIF(
+            LAG(COALESCE(sc.users_completed, 0)) OVER (ORDER BY a.step_order),
+            0
+          ),
+        2
+      )                                    AS pct_from_prev
+  FROM all_steps a
+  LEFT JOIN step_counts sc ON sc.step = a.step_name
+)
+SELECT * FROM funnel ORDER BY step_order
--- a/autogpt_platform/analytics/queries/user_onboarding_integration.sql
+++ b/autogpt_platform/analytics/queries/user_onboarding_integration.sql
@@ -0,0 +1,41 @@
+-- =============================================================
+-- View: analytics.user_onboarding_integration
+-- Looker source alias: ds75  |  Charts: 1
+-- =============================================================
+-- DESCRIPTION
+--   Pre-aggregated count of users who selected each integration
+--   during onboarding.  One row per integration type, sorted
+--   by popularity.
+--
+-- SOURCE TABLES
+--   platform.UserOnboarding  — integrations array column
+--
+-- OUTPUT COLUMNS
+--   integration            TEXT    Integration name (e.g. 'github', 'slack', 'notion')
+--   users_with_integration BIGINT  Distinct users who selected this integration
+--
+-- WINDOW
+--   Users who started onboarding in the last 90 days
+--
+-- EXAMPLE QUERIES
+--   -- Full integration popularity ranking
+--   SELECT * FROM analytics.user_onboarding_integration;
+--
+--   -- Top 5 integrations
+--   SELECT * FROM analytics.user_onboarding_integration LIMIT 5;
+-- =============================================================
+
+WITH exploded AS (
+  SELECT
+      u."userId" AS user_id,
+      UNNEST(u."integrations") AS integration
+  FROM platform."UserOnboarding" u
+  WHERE u."createdAt" >= CURRENT_DATE - INTERVAL '90 days'
+)
+SELECT
+    integration,
+    COUNT(DISTINCT user_id) AS users_with_integration
+FROM exploded
+WHERE integration IS NOT NULL AND integration <> ''
+GROUP BY integration
+ORDER BY users_with_integration DESC
--- a/autogpt_platform/analytics/queries/users_activities.sql
+++ b/autogpt_platform/analytics/queries/users_activities.sql
@@ -0,0 +1,145 @@
+-- =============================================================
+-- View: analytics.users_activities
+-- Looker source alias: ds56  |  Charts: 5
+-- =============================================================
+-- DESCRIPTION
+--   One row per user with lifetime activity summary.
+--   Joins login sessions with agent graphs, executions and
+--   node-level runs to give a full picture of how engaged
+--   each user is.  Includes a convenience flag for 7-day
+--   activation (did the user return at least 7 days after
+--   their first login?).
+--
+-- SOURCE TABLES
+--   auth.sessions                    — Login/session records
+--   platform.AgentGraph              — Graphs (agents) built by the user
+--   platform.AgentGraphExecution     — Agent run history
+--   platform.AgentNodeExecution      — Individual block execution history
+--
+-- PERFORMANCE NOTE
+--   Each CTE aggregates its own table independently by userId.
+--   This avoids the fan-out that occurs when driving every join
+--   from user_logins across the two largest tables
+--   (AgentGraphExecution and AgentNodeExecution).
+--
+-- OUTPUT COLUMNS
+--   user_id                   TEXT         Supabase user UUID
+--   first_login_time          TIMESTAMPTZ  First ever session created_at
+--   last_login_time           TIMESTAMPTZ  Most recent session created_at
+--   last_visit_time           TIMESTAMPTZ  Max of last refresh or login
+--   last_agent_save_time      TIMESTAMPTZ  Last time user saved an agent graph
+--   agent_count               BIGINT       Number of distinct active graphs built (0 if none)
+--   first_agent_run_time      TIMESTAMPTZ  First ever graph execution
+--   last_agent_run_time       TIMESTAMPTZ  Most recent graph execution
+--   unique_agent_runs         BIGINT       Distinct agent graphs ever run (0 if none)
+--   agent_runs                BIGINT       Total graph execution count (0 if none)
+--   node_execution_count      BIGINT       Total node executions across all runs
+--   node_execution_failed     BIGINT       Node executions with FAILED status
+--   node_execution_completed  BIGINT       Node executions with COMPLETED status
+--   node_execution_terminated BIGINT       Node executions with TERMINATED status
+--   node_execution_queued     BIGINT       Node executions with QUEUED status
+--   node_execution_running    BIGINT       Node executions with RUNNING status
+--   is_active_after_7d        INT          1=returned after day 7, 0=did not, NULL=too early to tell
+--   node_execution_incomplete BIGINT       Node executions with INCOMPLETE status
+--   node_execution_review     BIGINT       Node executions with REVIEW status
+--
+-- EXAMPLE QUERIES
+--   -- Users who ran at least one agent and returned after 7 days
+--   SELECT COUNT(*) FROM analytics.users_activities
+--   WHERE agent_runs > 0 AND is_active_after_7d = 1;
+--
+--   -- Top 10 most active users by agent runs
+--   SELECT user_id, agent_runs, node_execution_count
+--   FROM analytics.users_activities
+--   ORDER BY agent_runs DESC LIMIT 10;
+--
+--   -- 7-day activation rate
+--   SELECT
+--     SUM(CASE WHEN is_active_after_7d = 1 THEN 1 ELSE 0 END)::float
+--     / NULLIF(COUNT(CASE WHEN is_active_after_7d IS NOT NULL THEN 1 END), 0)
+--     AS activation_rate
+--   FROM analytics.users_activities;
+-- =============================================================
+
+WITH user_logins AS (
+  SELECT
+    user_id::text                                    AS user_id,
+    MIN(created_at)                                  AS first_login_time,
+    MAX(created_at)                                  AS last_login_time,
+    GREATEST(
+      MAX(refreshed_at)::timestamptz,
+      MAX(created_at)::timestamptz
+    )                                                AS last_visit_time
+  FROM auth.sessions
+  GROUP BY user_id
+),
+user_agents AS (
+  -- Aggregate AgentGraph directly by userId (no fan-out from user_logins)
+  SELECT
+    "userId"::text                AS user_id,
+    MAX("updatedAt")              AS last_agent_save_time,
+    COUNT(DISTINCT "id")          AS agent_count
+  FROM platform."AgentGraph"
+  WHERE "isActive"
+  GROUP BY "userId"
+),
+user_graph_runs AS (
+  -- Aggregate AgentGraphExecution directly by userId
+  SELECT
+    "userId"::text                        AS user_id,
+    MIN("createdAt")                      AS first_agent_run_time,
+    MAX("createdAt")                      AS last_agent_run_time,
+    COUNT(DISTINCT "agentGraphId")        AS unique_agent_runs,
+    COUNT("id")                           AS agent_runs
+  FROM platform."AgentGraphExecution"
+  GROUP BY "userId"
+),
+user_node_runs AS (
+  -- Aggregate AgentNodeExecution directly; resolve userId via a
+  -- single join to AgentGraphExecution instead of fanning out from
+  -- user_logins through both large tables.
+  SELECT
+    g."userId"::text                                                   AS user_id,
+    COUNT(*)                                                           AS node_execution_count,
+    COUNT(*) FILTER (WHERE n."executionStatus" = 'FAILED')             AS node_execution_failed,
+    COUNT(*) FILTER (WHERE n."executionStatus" = 'COMPLETED')          AS node_execution_completed,
+    COUNT(*) FILTER (WHERE n."executionStatus" = 'TERMINATED')         AS node_execution_terminated,
+    COUNT(*) FILTER (WHERE n."executionStatus" = 'QUEUED')             AS node_execution_queued,
+    COUNT(*) FILTER (WHERE n."executionStatus" = 'RUNNING')            AS node_execution_running,
+    COUNT(*) FILTER (WHERE n."executionStatus" = 'INCOMPLETE')         AS node_execution_incomplete,
+    COUNT(*) FILTER (WHERE n."executionStatus" = 'REVIEW')             AS node_execution_review
+  FROM platform."AgentNodeExecution" n
+  JOIN platform."AgentGraphExecution" g
+    ON g."id" = n."agentGraphExecutionId"
+  GROUP BY g."userId"
+)
+SELECT
+  ul.user_id,
+  ul.first_login_time,
+  ul.last_login_time,
+  ul.last_visit_time,
+  ua.last_agent_save_time,
+  COALESCE(ua.agent_count, 0)             AS agent_count,
+  gr.first_agent_run_time,
+  gr.last_agent_run_time,
+  COALESCE(gr.unique_agent_runs, 0)       AS unique_agent_runs,
+  COALESCE(gr.agent_runs, 0)              AS agent_runs,
+  COALESCE(nr.node_execution_count, 0)      AS node_execution_count,
+  COALESCE(nr.node_execution_failed, 0)     AS node_execution_failed,
+  COALESCE(nr.node_execution_completed, 0)  AS node_execution_completed,
+  COALESCE(nr.node_execution_terminated, 0) AS node_execution_terminated,
+  COALESCE(nr.node_execution_queued, 0)     AS node_execution_queued,
+  COALESCE(nr.node_execution_running, 0)    AS node_execution_running,
+  CASE
+    WHEN ul.first_login_time < NOW() - INTERVAL '7 days'
+     AND ul.last_visit_time  >= ul.first_login_time + INTERVAL '7 days' THEN 1
+    WHEN ul.first_login_time < NOW() - INTERVAL '7 days'
+     AND ul.last_visit_time  <  ul.first_login_time + INTERVAL '7 days' THEN 0
+    ELSE NULL
+  END AS is_active_after_7d,
+  COALESCE(nr.node_execution_incomplete, 0) AS node_execution_incomplete,
+  COALESCE(nr.node_execution_review, 0)     AS node_execution_review
+FROM user_logins ul
+LEFT JOIN user_agents     ua ON ul.user_id = ua.user_id
+LEFT JOIN user_graph_runs gr ON ul.user_id = gr.user_id
+LEFT JOIN user_node_runs  nr ON ul.user_id = nr.user_id
--- a/autogpt_platform/backend/.env.default
+++ b/autogpt_platform/backend/.env.default
@@ -37,6 +37,10 @@ JWT_VERIFY_KEY=your-super-secret-jwt-token-with-at-least-32-characters-long
 ENCRYPTION_KEY=dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw=
 UNSUBSCRIBE_SECRET_KEY=HlP8ivStJjmbf6NKi78m_3FnOogut0t5ckzjsIqeaio=

+## ===== SIGNUP / INVITE GATE ===== ##
+# Set to true to require an invite before users can sign up
+ENABLE_INVITE_GATE=false
+
 ## ===== IMPORTANT OPTIONAL CONFIGURATION ===== ##
 # Platform URLs (set these for webhooks and OAuth to work)
 PLATFORM_BASE_URL=http://localhost:8000
--- a/autogpt_platform/backend/backend/api/features/admin/model.py
+++ b/autogpt_platform/backend/backend/api/features/admin/model.py
@@ -1,8 +1,17 @@
-from pydantic import BaseModel
+from __future__ import annotations
+
+from datetime import datetime
+from typing import TYPE_CHECKING, Any, Literal, Optional
+
+import prisma.enums
+from pydantic import BaseModel, EmailStr

 from backend.data.model import UserTransaction
 from backend.util.models import Pagination

+if TYPE_CHECKING:
+    from backend.data.invited_user import BulkInvitedUsersResult, InvitedUserRecord
+

 class UserHistoryResponse(BaseModel):
    """Response model for listings with version history"""
@@ -14,3 +23,70 @@ class UserHistoryResponse(BaseModel):
 class AddUserCreditsResponse(BaseModel):
    new_balance: int
    transaction_key: str
+
+
+class CreateInvitedUserRequest(BaseModel):
+    email: EmailStr
+    name: Optional[str] = None
+
+
+class InvitedUserResponse(BaseModel):
+    id: str
+    email: str
+    status: prisma.enums.InvitedUserStatus
+    auth_user_id: Optional[str] = None
+    name: Optional[str] = None
+    tally_understanding: Optional[dict[str, Any]] = None
+    tally_status: prisma.enums.TallyComputationStatus
+    tally_computed_at: Optional[datetime] = None
+    tally_error: Optional[str] = None
+    created_at: datetime
+    updated_at: datetime
+
+    @classmethod
+    def from_record(cls, record: InvitedUserRecord) -> InvitedUserResponse:
+        return cls.model_validate(record.model_dump())
+
+
+class InvitedUsersResponse(BaseModel):
+    invited_users: list[InvitedUserResponse]
+    pagination: Pagination
+
+
+class BulkInvitedUserRowResponse(BaseModel):
+    row_number: int
+    email: Optional[str] = None
+    name: Optional[str] = None
+    status: Literal["CREATED", "SKIPPED", "ERROR"]
+    message: str
+    invited_user: Optional[InvitedUserResponse] = None
+
+
+class BulkInvitedUsersResponse(BaseModel):
+    created_count: int
+    skipped_count: int
+    error_count: int
+    results: list[BulkInvitedUserRowResponse]
+
+    @classmethod
+    def from_result(cls, result: BulkInvitedUsersResult) -> BulkInvitedUsersResponse:
+        return cls(
+            created_count=result.created_count,
+            skipped_count=result.skipped_count,
+            error_count=result.error_count,
+            results=[
+                BulkInvitedUserRowResponse(
+                    row_number=row.row_number,
+                    email=row.email,
+                    name=row.name,
+                    status=row.status,
+                    message=row.message,
+                    invited_user=(
+                        InvitedUserResponse.from_record(row.invited_user)
+                        if row.invited_user is not None
+                        else None
+                    ),
+                )
+                for row in result.results
+            ],
+        )
--- a/autogpt_platform/backend/backend/api/features/admin/user_admin_routes.py
+++ b/autogpt_platform/backend/backend/api/features/admin/user_admin_routes.py
@@ -0,0 +1,137 @@
+import logging
+import math
+
+from autogpt_libs.auth import get_user_id, requires_admin_user
+from fastapi import APIRouter, File, Query, Security, UploadFile
+
+from backend.data.invited_user import (
+    bulk_create_invited_users_from_file,
+    create_invited_user,
+    list_invited_users,
+    retry_invited_user_tally,
+    revoke_invited_user,
+)
+from backend.data.tally import mask_email
+from backend.util.models import Pagination
+
+from .model import (
+    BulkInvitedUsersResponse,
+    CreateInvitedUserRequest,
+    InvitedUserResponse,
+    InvitedUsersResponse,
+)
+
+logger = logging.getLogger(__name__)
+
+
+router = APIRouter(
+    prefix="/admin",
+    tags=["users", "admin"],
+    dependencies=[Security(requires_admin_user)],
+)
+
+
+@router.get(
+    "/invited-users",
+    response_model=InvitedUsersResponse,
+    summary="List Invited Users",
+)
+async def get_invited_users(
+    admin_user_id: str = Security(get_user_id),
+    page: int = Query(1, ge=1),
+    page_size: int = Query(50, ge=1, le=200),
+) -> InvitedUsersResponse:
+    logger.info("Admin user %s requested invited users", admin_user_id)
+    invited_users, total = await list_invited_users(page=page, page_size=page_size)
+    return InvitedUsersResponse(
+        invited_users=[InvitedUserResponse.from_record(iu) for iu in invited_users],
+        pagination=Pagination(
+            total_items=total,
+            total_pages=max(1, math.ceil(total / page_size)),
+            current_page=page,
+            page_size=page_size,
+        ),
+    )
+
+
+@router.post(
+    "/invited-users",
+    response_model=InvitedUserResponse,
+    summary="Create Invited User",
+)
+async def create_invited_user_route(
+    request: CreateInvitedUserRequest,
+    admin_user_id: str = Security(get_user_id),
+) -> InvitedUserResponse:
+    logger.info(
+        "Admin user %s creating invited user for %s",
+        admin_user_id,
+        mask_email(request.email),
+    )
+    invited_user = await create_invited_user(request.email, request.name)
+    logger.info(
+        "Admin user %s created invited user %s",
+        admin_user_id,
+        invited_user.id,
+    )
+    return InvitedUserResponse.from_record(invited_user)
+
+
+@router.post(
+    "/invited-users/bulk",
+    response_model=BulkInvitedUsersResponse,
+    summary="Bulk Create Invited Users",
+    operation_id="postV2BulkCreateInvitedUsers",
+)
+async def bulk_create_invited_users_route(
+    file: UploadFile = File(...),
+    admin_user_id: str = Security(get_user_id),
+) -> BulkInvitedUsersResponse:
+    logger.info(
+        "Admin user %s bulk invited users from %s",
+        admin_user_id,
+        file.filename or "<unnamed>",
+    )
+    content = await file.read()
+    result = await bulk_create_invited_users_from_file(file.filename, content)
+    return BulkInvitedUsersResponse.from_result(result)
+
+
+@router.post(
+    "/invited-users/{invited_user_id}/revoke",
+    response_model=InvitedUserResponse,
+    summary="Revoke Invited User",
+)
+async def revoke_invited_user_route(
+    invited_user_id: str,
+    admin_user_id: str = Security(get_user_id),
+) -> InvitedUserResponse:
+    logger.info(
+        "Admin user %s revoking invited user %s", admin_user_id, invited_user_id
+    )
+    invited_user = await revoke_invited_user(invited_user_id)
+    logger.info("Admin user %s revoked invited user %s", admin_user_id, invited_user_id)
+    return InvitedUserResponse.from_record(invited_user)
+
+
+@router.post(
+    "/invited-users/{invited_user_id}/retry-tally",
+    response_model=InvitedUserResponse,
+    summary="Retry Invited User Tally",
+)
+async def retry_invited_user_tally_route(
+    invited_user_id: str,
+    admin_user_id: str = Security(get_user_id),
+) -> InvitedUserResponse:
+    logger.info(
+        "Admin user %s retrying Tally seed for invited user %s",
+        admin_user_id,
+        invited_user_id,
+    )
+    invited_user = await retry_invited_user_tally(invited_user_id)
+    logger.info(
+        "Admin user %s retried Tally seed for invited user %s",
+        admin_user_id,
+        invited_user_id,
+    )
+    return InvitedUserResponse.from_record(invited_user)
--- a/autogpt_platform/backend/backend/api/features/admin/user_admin_routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/admin/user_admin_routes_test.py
@@ -0,0 +1,168 @@
+from datetime import datetime, timezone
+from unittest.mock import AsyncMock
+
+import fastapi
+import fastapi.testclient
+import prisma.enums
+import pytest
+import pytest_mock
+from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+from backend.data.invited_user import (
+    BulkInvitedUserRowResult,
+    BulkInvitedUsersResult,
+    InvitedUserRecord,
+)
+
+from .user_admin_routes import router as user_admin_router
+
+app = fastapi.FastAPI()
+app.include_router(user_admin_router)
+
+client = fastapi.testclient.TestClient(app)
+
+
+@pytest.fixture(autouse=True)
+def setup_app_admin_auth(mock_jwt_admin):
+    app.dependency_overrides[get_jwt_payload] = mock_jwt_admin["get_jwt_payload"]
+    yield
+    app.dependency_overrides.clear()
+
+
+def _sample_invited_user() -> InvitedUserRecord:
+    now = datetime.now(timezone.utc)
+    return InvitedUserRecord(
+        id="invite-1",
+        email="invited@example.com",
+        status=prisma.enums.InvitedUserStatus.INVITED,
+        auth_user_id=None,
+        name="Invited User",
+        tally_understanding=None,
+        tally_status=prisma.enums.TallyComputationStatus.PENDING,
+        tally_computed_at=None,
+        tally_error=None,
+        created_at=now,
+        updated_at=now,
+    )
+
+
+def _sample_bulk_invited_users_result() -> BulkInvitedUsersResult:
+    return BulkInvitedUsersResult(
+        created_count=1,
+        skipped_count=1,
+        error_count=0,
+        results=[
+            BulkInvitedUserRowResult(
+                row_number=1,
+                email="invited@example.com",
+                name=None,
+                status="CREATED",
+                message="Invite created",
+                invited_user=_sample_invited_user(),
+            ),
+            BulkInvitedUserRowResult(
+                row_number=2,
+                email="duplicate@example.com",
+                name=None,
+                status="SKIPPED",
+                message="An invited user with this email already exists",
+                invited_user=None,
+            ),
+        ],
+    )
+
+
+def test_get_invited_users(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.list_invited_users",
+        AsyncMock(return_value=([_sample_invited_user()], 1)),
+    )
+
+    response = client.get("/admin/invited-users")
+
+    assert response.status_code == 200
+    data = response.json()
+    assert len(data["invited_users"]) == 1
+    assert data["invited_users"][0]["email"] == "invited@example.com"
+    assert data["invited_users"][0]["status"] == "INVITED"
+    assert data["pagination"]["total_items"] == 1
+    assert data["pagination"]["current_page"] == 1
+    assert data["pagination"]["page_size"] == 50
+
+
+def test_create_invited_user(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.create_invited_user",
+        AsyncMock(return_value=_sample_invited_user()),
+    )
+
+    response = client.post(
+        "/admin/invited-users",
+        json={"email": "invited@example.com", "name": "Invited User"},
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert data["email"] == "invited@example.com"
+    assert data["name"] == "Invited User"
+
+
+def test_bulk_create_invited_users(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.bulk_create_invited_users_from_file",
+        AsyncMock(return_value=_sample_bulk_invited_users_result()),
+    )
+
+    response = client.post(
+        "/admin/invited-users/bulk",
+        files={
+            "file": ("invites.txt", b"invited@example.com\nduplicate@example.com\n")
+        },
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert data["created_count"] == 1
+    assert data["skipped_count"] == 1
+    assert data["results"][0]["status"] == "CREATED"
+    assert data["results"][1]["status"] == "SKIPPED"
+
+
+def test_revoke_invited_user(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    revoked = _sample_invited_user().model_copy(
+        update={"status": prisma.enums.InvitedUserStatus.REVOKED}
+    )
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.revoke_invited_user",
+        AsyncMock(return_value=revoked),
+    )
+
+    response = client.post("/admin/invited-users/invite-1/revoke")
+
+    assert response.status_code == 200
+    assert response.json()["status"] == "REVOKED"
+
+
+def test_retry_invited_user_tally(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    retried = _sample_invited_user().model_copy(
+        update={"tally_status": prisma.enums.TallyComputationStatus.RUNNING}
+    )
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.retry_invited_user_tally",
+        AsyncMock(return_value=retried),
+    )
+
+    response = client.post("/admin/invited-users/invite-1/retry-tally")
+
+    assert response.status_code == 200
+    assert response.json()["tally_status"] == "RUNNING"
--- a/autogpt_platform/backend/backend/api/features/chat/routes.py
+++ b/autogpt_platform/backend/backend/api/features/chat/routes.py
@@ -53,6 +53,8 @@ from backend.copilot.tools.models import (
    UnderstandingUpdatedResponse,
 )
 from backend.copilot.tracking import track_user_message
+from backend.data.redis_client import get_redis_async
+from backend.data.understanding import get_business_understanding
 from backend.data.workspace import get_or_create_workspace
 from backend.util.exceptions import NotFoundError

@@ -127,6 +129,7 @@ class SessionSummaryResponse(BaseModel):
    created_at: str
    updated_at: str
    title: str | None = None
+    is_processing: bool


 class ListSessionsResponse(BaseModel):
@@ -185,6 +188,28 @@ async def list_sessions(
    """
    sessions, total_count = await get_user_sessions(user_id, limit, offset)

+    # Batch-check Redis for active stream status on each session
+    processing_set: set[str] = set()
+    if sessions:
+        try:
+            redis = await get_redis_async()
+            pipe = redis.pipeline(transaction=False)
+            for session in sessions:
+                pipe.hget(
+                    f"{config.session_meta_prefix}{session.session_id}",
+                    "status",
+                )
+            statuses = await pipe.execute()
+            processing_set = {
+                session.session_id
+                for session, st in zip(sessions, statuses)
+                if st == "running"
+            }
+        except Exception:
+            logger.warning(
+                "Failed to fetch processing status from Redis; " "defaulting to empty"
+            )
+
    return ListSessionsResponse(
        sessions=[
            SessionSummaryResponse(
@@ -192,6 +217,7 @@ async def list_sessions(
                created_at=session.started_at.isoformat(),
                updated_at=session.updated_at.isoformat(),
                title=session.title,
+                is_processing=session.session_id in processing_set,
            )
            for session in sessions
        ],
@@ -828,6 +854,36 @@ async def session_assign_user(
    return {"status": "ok"}


+# ========== Suggested Prompts ==========
+
+
+class SuggestedPromptsResponse(BaseModel):
+    """Response model for user-specific suggested prompts."""
+
+    prompts: list[str]
+
+
+@router.get(
+    "/suggested-prompts",
+    dependencies=[Security(auth.requires_user)],
+)
+async def get_suggested_prompts(
+    user_id: Annotated[str, Security(auth.get_user_id)],
+) -> SuggestedPromptsResponse:
+    """
+    Get LLM-generated suggested prompts for the authenticated user.
+
+    Returns personalized quick-action prompts based on the user's
+    business understanding. Returns an empty list if no custom prompts
+    are available.
+    """
+    understanding = await get_business_understanding(user_id)
+    if understanding is None:
+        return SuggestedPromptsResponse(prompts=[])
+
+    return SuggestedPromptsResponse(prompts=understanding.suggested_prompts)
+
+
 # ========== Configuration ==========


--- a/autogpt_platform/backend/backend/api/features/chat/routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/chat/routes_test.py
@@ -1,6 +1,6 @@
-"""Tests for chat API routes: session title update and file attachment validation."""
+"""Tests for chat API routes: session title update, file attachment validation, and suggested prompts."""

-from unittest.mock import AsyncMock
+from unittest.mock import AsyncMock, MagicMock

 import fastapi
 import fastapi.testclient
@@ -249,3 +249,62 @@ def test_file_ids_scoped_to_workspace(mocker: pytest_mock.MockFixture):
    call_kwargs = mock_prisma.find_many.call_args[1]
    assert call_kwargs["where"]["workspaceId"] == "my-workspace-id"
    assert call_kwargs["where"]["isDeleted"] is False
+
+
+# ─── Suggested prompts endpoint ──────────────────────────────────────
+
+
+def _mock_get_business_understanding(
+    mocker: pytest_mock.MockerFixture,
+    *,
+    return_value=None,
+):
+    """Mock get_business_understanding."""
+    return mocker.patch(
+        "backend.api.features.chat.routes.get_business_understanding",
+        new_callable=AsyncMock,
+        return_value=return_value,
+    )
+
+
+def test_suggested_prompts_returns_prompts(
+    mocker: pytest_mock.MockerFixture,
+    test_user_id: str,
+) -> None:
+    """User with understanding and prompts gets them back."""
+    mock_understanding = MagicMock()
+    mock_understanding.suggested_prompts = ["Do X", "Do Y", "Do Z"]
+    _mock_get_business_understanding(mocker, return_value=mock_understanding)
+
+    response = client.get("/suggested-prompts")
+
+    assert response.status_code == 200
+    assert response.json() == {"prompts": ["Do X", "Do Y", "Do Z"]}
+
+
+def test_suggested_prompts_no_understanding(
+    mocker: pytest_mock.MockerFixture,
+    test_user_id: str,
+) -> None:
+    """User with no understanding gets empty list."""
+    _mock_get_business_understanding(mocker, return_value=None)
+
+    response = client.get("/suggested-prompts")
+
+    assert response.status_code == 200
+    assert response.json() == {"prompts": []}
+
+
+def test_suggested_prompts_empty_prompts(
+    mocker: pytest_mock.MockerFixture,
+    test_user_id: str,
+) -> None:
+    """User with understanding but no prompts gets empty list."""
+    mock_understanding = MagicMock()
+    mock_understanding.suggested_prompts = []
+    _mock_get_business_understanding(mocker, return_value=mock_understanding)
+
+    response = client.get("/suggested-prompts")
+
+    assert response.status_code == 200
+    assert response.json() == {"prompts": []}
--- a/autogpt_platform/backend/backend/api/features/executions/review/review_routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/executions/review/review_routes_test.py
@@ -638,7 +638,7 @@ async def test_process_review_action_auto_approve_creates_auto_approval_records(

    # Mock get_node_executions to return node_id mapping
    mock_get_node_executions = mocker.patch(
-        "backend.data.execution.get_node_executions"
+        "backend.api.features.executions.review.routes.get_node_executions"
    )
    mock_node_exec = mocker.Mock(spec=NodeExecutionResult)
    mock_node_exec.node_exec_id = "test_node_123"
@@ -936,7 +936,7 @@ async def test_process_review_action_auto_approve_only_applies_to_approved_revie

    # Mock get_node_executions to return node_id mapping
    mock_get_node_executions = mocker.patch(
-        "backend.data.execution.get_node_executions"
+        "backend.api.features.executions.review.routes.get_node_executions"
    )
    mock_node_exec = mocker.Mock(spec=NodeExecutionResult)
    mock_node_exec.node_exec_id = "node_exec_approved"
@@ -1148,7 +1148,7 @@ async def test_process_review_action_per_review_auto_approve_granularity(

    # Mock get_node_executions to return batch node data
    mock_get_node_executions = mocker.patch(
-        "backend.data.execution.get_node_executions"
+        "backend.api.features.executions.review.routes.get_node_executions"
    )
    # Create mock node executions for each review
    mock_node_execs = []
--- a/autogpt_platform/backend/backend/api/features/executions/review/routes.py
+++ b/autogpt_platform/backend/backend/api/features/executions/review/routes.py
@@ -6,10 +6,15 @@ import autogpt_libs.auth as autogpt_auth_lib
 from fastapi import APIRouter, HTTPException, Query, Security, status
 from prisma.enums import ReviewStatus

+from backend.copilot.constants import (
+    is_copilot_synthetic_id,
+    parse_node_id_from_exec_id,
+)
 from backend.data.execution import (
    ExecutionContext,
    ExecutionStatus,
    get_graph_execution_meta,
+    get_node_executions,
 )
 from backend.data.graph import get_graph_settings
 from backend.data.human_review import (
@@ -36,6 +41,38 @@ router = APIRouter(
 )


+async def _resolve_node_ids(
+    node_exec_ids: list[str],
+    graph_exec_id: str,
+    is_copilot: bool,
+) -> dict[str, str]:
+    """Resolve node_exec_id -> node_id for auto-approval records.
+
+    CoPilot synthetic IDs encode node_id in the format "{node_id}:{random}".
+    Graph executions look up node_id from NodeExecution records.
+    """
+    if not node_exec_ids:
+        return {}
+
+    if is_copilot:
+        return {neid: parse_node_id_from_exec_id(neid) for neid in node_exec_ids}
+
+    node_execs = await get_node_executions(
+        graph_exec_id=graph_exec_id, include_exec_data=False
+    )
+    node_exec_map = {ne.node_exec_id: ne.node_id for ne in node_execs}
+
+    result = {}
+    for neid in node_exec_ids:
+        if neid in node_exec_map:
+            result[neid] = node_exec_map[neid]
+        else:
+            logger.error(
+                f"Failed to resolve node_id for {neid}: Node execution not found."
+            )
+    return result
+
+
@router.get(
    "/pending",
    summary="Get Pending Reviews",
@@ -110,14 +147,16 @@ async def list_pending_reviews_for_execution(
    """

    # Verify user owns the graph execution before returning reviews
-    graph_exec = await get_graph_execution_meta(
-        user_id=user_id, execution_id=graph_exec_id
-    )
-    if not graph_exec:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"Graph execution #{graph_exec_id} not found",
+    # (CoPilot synthetic IDs don't have graph execution records)
+    if not is_copilot_synthetic_id(graph_exec_id):
+        graph_exec = await get_graph_execution_meta(
+            user_id=user_id, execution_id=graph_exec_id
        )
+        if not graph_exec:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Graph execution #{graph_exec_id} not found",
+            )

    return await get_pending_reviews_for_execution(graph_exec_id, user_id)

@@ -160,30 +199,26 @@ async def process_review_action(
        )

    graph_exec_id = next(iter(graph_exec_ids))
+    is_copilot = is_copilot_synthetic_id(graph_exec_id)

-    # Validate execution status before processing reviews
-    graph_exec_meta = await get_graph_execution_meta(
-        user_id=user_id, execution_id=graph_exec_id
-    )
-
-    if not graph_exec_meta:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"Graph execution #{graph_exec_id} not found",
-        )
-
-    # Only allow processing reviews if execution is paused for review
-    # or incomplete (partial execution with some reviews already processed)
-    if graph_exec_meta.status not in (
-        ExecutionStatus.REVIEW,
-        ExecutionStatus.INCOMPLETE,
-    ):
-        raise HTTPException(
-            status_code=status.HTTP_409_CONFLICT,
-            detail=f"Cannot process reviews while execution status is {graph_exec_meta.status}. "
-            f"Reviews can only be processed when execution is paused (REVIEW status). "
-            f"Current status: {graph_exec_meta.status}",
+    # Validate execution status for graph executions (skip for CoPilot synthetic IDs)
+    if not is_copilot:
+        graph_exec_meta = await get_graph_execution_meta(
+            user_id=user_id, execution_id=graph_exec_id
        )
+        if not graph_exec_meta:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Graph execution #{graph_exec_id} not found",
+            )
+        if graph_exec_meta.status not in (
+            ExecutionStatus.REVIEW,
+            ExecutionStatus.INCOMPLETE,
+        ):
+            raise HTTPException(
+                status_code=status.HTTP_409_CONFLICT,
+                detail=f"Cannot process reviews while execution status is {graph_exec_meta.status}",
+            )

    # Build review decisions map and track which reviews requested auto-approval
    # Auto-approved reviews use original data (no modifications allowed)
@@ -236,7 +271,7 @@ async def process_review_action(
            )
            return (node_id, False)

-    # Collect node_exec_ids that need auto-approval
+    # Collect node_exec_ids that need auto-approval and resolve their node_ids
    node_exec_ids_needing_auto_approval = [
        node_exec_id
        for node_exec_id, review_result in updated_reviews.items()
@@ -244,29 +279,16 @@ async def process_review_action(
        and auto_approve_requests.get(node_exec_id, False)
    ]

-    # Batch-fetch node executions to get node_ids
+    node_id_map = await _resolve_node_ids(
+        node_exec_ids_needing_auto_approval, graph_exec_id, is_copilot
+    )
+
+    # Deduplicate by node_id — one auto-approval per node
    nodes_needing_auto_approval: dict[str, Any] = {}
-    if node_exec_ids_needing_auto_approval:
-        from backend.data.execution import get_node_executions
-
-        node_execs = await get_node_executions(
-            graph_exec_id=graph_exec_id, include_exec_data=False
-        )
-        node_exec_map = {node_exec.node_exec_id: node_exec for node_exec in node_execs}
-
-        for node_exec_id in node_exec_ids_needing_auto_approval:
-            node_exec = node_exec_map.get(node_exec_id)
-            if node_exec:
-                review_result = updated_reviews[node_exec_id]
-                # Use the first approved review for this node (deduplicate by node_id)
-                if node_exec.node_id not in nodes_needing_auto_approval:
-                    nodes_needing_auto_approval[node_exec.node_id] = review_result
-            else:
-                logger.error(
-                    f"Failed to create auto-approval record for {node_exec_id}: "
-                    f"Node execution not found. This may indicate a race condition "
-                    f"or data inconsistency."
-                )
+    for node_exec_id in node_exec_ids_needing_auto_approval:
+        node_id = node_id_map.get(node_exec_id)
+        if node_id and node_id not in nodes_needing_auto_approval:
+            nodes_needing_auto_approval[node_id] = updated_reviews[node_exec_id]

    # Execute all auto-approval creations in parallel (deduplicated by node_id)
    auto_approval_results = await asyncio.gather(
@@ -281,13 +303,11 @@ async def process_review_action(
    auto_approval_failed_count = 0
    for result in auto_approval_results:
        if isinstance(result, Exception):
-            # Unexpected exception during auto-approval creation
            auto_approval_failed_count += 1
            logger.error(
                f"Unexpected exception during auto-approval creation: {result}"
            )
        elif isinstance(result, tuple) and len(result) == 2 and not result[1]:
-            # Auto-approval creation failed (returned False)
            auto_approval_failed_count += 1

    # Count results
@@ -302,22 +322,20 @@ async def process_review_action(
        if review.status == ReviewStatus.REJECTED
    )

-    # Resume execution only if ALL pending reviews for this execution have been processed
-    if updated_reviews:
+    # Resume graph execution only for real graph executions (not CoPilot)
+    # CoPilot sessions are resumed by the LLM retrying run_block with review_id
+    if not is_copilot and updated_reviews:
        still_has_pending = await has_pending_reviews_for_graph_exec(graph_exec_id)

        if not still_has_pending:
-            # Get the graph_id from any processed review
            first_review = next(iter(updated_reviews.values()))

            try:
-                # Fetch user and settings to build complete execution context
                user = await get_user_by_id(user_id)
                settings = await get_graph_settings(
                    user_id=user_id, graph_id=first_review.graph_id
                )

-                # Preserve user's timezone preference when resuming execution
                user_timezone = (
                    user.timezone if user.timezone != USER_TIMEZONE_NOT_SET else "UTC"
                )
--- a/autogpt_platform/backend/backend/api/features/library/model.py
+++ b/autogpt_platform/backend/backend/api/features/library/model.py
@@ -165,7 +165,6 @@ class LibraryAgent(pydantic.BaseModel):
    id: str
    graph_id: str
    graph_version: int
-    owner_user_id: str

    image_url: str | None

@@ -206,7 +205,9 @@ class LibraryAgent(pydantic.BaseModel):
        default_factory=list,
        description="List of recent executions with status, score, and summary",
    )
-    can_access_graph: bool
+    can_access_graph: bool = pydantic.Field(
+        description="Indicates whether the same user owns the corresponding graph"
+    )
    is_latest_version: bool
    is_favorite: bool
    folder_id: str | None = None
@@ -324,7 +325,6 @@ class LibraryAgent(pydantic.BaseModel):
            id=agent.id,
            graph_id=agent.agentGraphId,
            graph_version=agent.agentGraphVersion,
-            owner_user_id=agent.userId,
            image_url=agent.imageUrl,
            creator_name=creator_name,
            creator_image_url=creator_image_url,
--- a/autogpt_platform/backend/backend/api/features/library/routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/library/routes_test.py
@@ -42,7 +42,6 @@ async def test_get_library_agents_success(
                id="test-agent-1",
                graph_id="test-agent-1",
                graph_version=1,
-                owner_user_id=test_user_id,
                name="Test Agent 1",
                description="Test Description 1",
                image_url=None,
@@ -67,7 +66,6 @@ async def test_get_library_agents_success(
                id="test-agent-2",
                graph_id="test-agent-2",
                graph_version=1,
-                owner_user_id=test_user_id,
                name="Test Agent 2",
                description="Test Description 2",
                image_url=None,
@@ -131,7 +129,6 @@ async def test_get_favorite_library_agents_success(
                id="test-agent-1",
                graph_id="test-agent-1",
                graph_version=1,
-                owner_user_id=test_user_id,
                name="Favorite Agent 1",
                description="Test Favorite Description 1",
                image_url=None,
@@ -184,7 +181,6 @@ def test_add_agent_to_library_success(
        id="test-library-agent-id",
        graph_id="test-agent-1",
        graph_version=1,
-        owner_user_id=test_user_id,
        name="Test Agent 1",
        description="Test Description 1",
        image_url=None,
--- a/autogpt_platform/backend/backend/api/features/mcp/routes.py
+++ b/autogpt_platform/backend/backend/api/features/mcp/routes.py
@@ -24,7 +24,7 @@ from backend.blocks.mcp.oauth import MCPOAuthHandler
 from backend.data.model import OAuth2Credentials
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.providers import ProviderName
-from backend.util.request import HTTPClientError, Requests, validate_url
+from backend.util.request import HTTPClientError, Requests, validate_url_host
 from backend.util.settings import Settings

 logger = logging.getLogger(__name__)
@@ -80,7 +80,7 @@ async def discover_tools(
    """
    # Validate URL to prevent SSRF — blocks loopback and private IP ranges.
    try:
-        await validate_url(request.server_url, trusted_origins=[])
+        await validate_url_host(request.server_url)
    except ValueError as e:
        raise fastapi.HTTPException(status_code=400, detail=f"Invalid server URL: {e}")

@@ -167,7 +167,7 @@ async def mcp_oauth_login(
    """
    # Validate URL to prevent SSRF — blocks loopback and private IP ranges.
    try:
-        await validate_url(request.server_url, trusted_origins=[])
+        await validate_url_host(request.server_url)
    except ValueError as e:
        raise fastapi.HTTPException(status_code=400, detail=f"Invalid server URL: {e}")

@@ -187,7 +187,7 @@ async def mcp_oauth_login(

        # Validate the auth server URL from metadata to prevent SSRF.
        try:
-            await validate_url(auth_server_url, trusted_origins=[])
+            await validate_url_host(auth_server_url)
        except ValueError as e:
            raise fastapi.HTTPException(
                status_code=400,
@@ -234,7 +234,7 @@ async def mcp_oauth_login(
    if registration_endpoint:
        # Validate the registration endpoint to prevent SSRF via metadata.
        try:
-            await validate_url(registration_endpoint, trusted_origins=[])
+            await validate_url_host(registration_endpoint)
        except ValueError:
            pass  # Skip registration, fall back to default client_id
        else:
@@ -429,7 +429,7 @@ async def mcp_store_token(

    # Validate URL to prevent SSRF — blocks loopback and private IP ranges.
    try:
-        await validate_url(request.server_url, trusted_origins=[])
+        await validate_url_host(request.server_url)
    except ValueError as e:
        raise fastapi.HTTPException(status_code=400, detail=f"Invalid server URL: {e}")

--- a/autogpt_platform/backend/backend/api/features/mcp/test_routes.py
+++ b/autogpt_platform/backend/backend/api/features/mcp/test_routes.py
@@ -32,9 +32,9 @@ async def client():

@pytest.fixture(autouse=True)
 def _bypass_ssrf_validation():
-    """Bypass validate_url in all route tests (test URLs don't resolve)."""
+    """Bypass validate_url_host in all route tests (test URLs don't resolve)."""
    with patch(
-        "backend.api.features.mcp.routes.validate_url",
+        "backend.api.features.mcp.routes.validate_url_host",
        new_callable=AsyncMock,
    ):
        yield
@@ -521,12 +521,12 @@ class TestStoreToken:


 class TestSSRFValidation:
-    """Verify that validate_url is enforced on all endpoints."""
+    """Verify that validate_url_host is enforced on all endpoints."""

    @pytest.mark.asyncio(loop_scope="session")
    async def test_discover_tools_ssrf_blocked(self, client):
        with patch(
-            "backend.api.features.mcp.routes.validate_url",
+            "backend.api.features.mcp.routes.validate_url_host",
            new_callable=AsyncMock,
            side_effect=ValueError("blocked loopback"),
        ):
@@ -541,7 +541,7 @@ class TestSSRFValidation:
    @pytest.mark.asyncio(loop_scope="session")
    async def test_oauth_login_ssrf_blocked(self, client):
        with patch(
-            "backend.api.features.mcp.routes.validate_url",
+            "backend.api.features.mcp.routes.validate_url_host",
            new_callable=AsyncMock,
            side_effect=ValueError("blocked private IP"),
        ):
@@ -556,7 +556,7 @@ class TestSSRFValidation:
    @pytest.mark.asyncio(loop_scope="session")
    async def test_store_token_ssrf_blocked(self, client):
        with patch(
-            "backend.api.features.mcp.routes.validate_url",
+            "backend.api.features.mcp.routes.validate_url_host",
            new_callable=AsyncMock,
            side_effect=ValueError("blocked loopback"),
        ):
--- a/autogpt_platform/backend/backend/api/features/v1.py
+++ b/autogpt_platform/backend/backend/api/features/v1.py
@@ -55,6 +55,7 @@ from backend.data.credit import (
    set_auto_top_up,
 )
 from backend.data.graph import GraphSettings
+from backend.data.invited_user import get_or_activate_user
 from backend.data.model import CredentialsMetaInput, UserOnboarding
 from backend.data.notifications import NotificationPreference, NotificationPreferenceDTO
 from backend.data.onboarding import (
@@ -70,7 +71,6 @@ from backend.data.onboarding import (
    update_user_onboarding,
 )
 from backend.data.user import (
-    get_or_create_user,
    get_user_by_id,
    get_user_notification_preference,
    update_user_email,
@@ -136,12 +136,10 @@ _tally_background_tasks: set[asyncio.Task] = set()
    dependencies=[Security(requires_user)],
 )
 async def get_or_create_user_route(user_data: dict = Security(get_jwt_payload)):
-    user = await get_or_create_user(user_data)
+    user = await get_or_activate_user(user_data)

-    # Fire-and-forget: populate business understanding from Tally form.
-    # We use created_at proximity instead of an is_new flag because
-    # get_or_create_user is cached — a separate is_new return value would be
-    # unreliable on repeated calls within the cache TTL.
+    # Fire-and-forget: backfill Tally understanding when invite pre-seeding did
+    # not produce a stored result before first activation.
    age_seconds = (datetime.now(timezone.utc) - user.created_at).total_seconds()
    if age_seconds < 30:
        try:
@@ -165,7 +163,8 @@ async def get_or_create_user_route(user_data: dict = Security(get_jwt_payload)):
    dependencies=[Security(requires_user)],
 )
 async def update_user_email_route(
-    user_id: Annotated[str, Security(get_user_id)], email: str = Body(...)
+    user_id: Annotated[str, Security(get_user_id)],
+    email: str = Body(...),
 ) -> dict[str, str]:
    await update_user_email(user_id, email)

@@ -179,10 +178,16 @@ async def update_user_email_route(
    dependencies=[Security(requires_user)],
 )
 async def get_user_timezone_route(
-    user_data: dict = Security(get_jwt_payload),
+    user_id: Annotated[str, Security(get_user_id)],
 ) -> TimezoneResponse:
    """Get user timezone setting."""
-    user = await get_or_create_user(user_data)
+    try:
+        user = await get_user_by_id(user_id)
+    except ValueError:
+        raise HTTPException(
+            status_code=HTTP_404_NOT_FOUND,
+            detail="User not found. Please complete activation via /auth/user first.",
+        )
    return TimezoneResponse(timezone=user.timezone)


@@ -193,7 +198,8 @@ async def get_user_timezone_route(
    dependencies=[Security(requires_user)],
 )
 async def update_user_timezone_route(
-    user_id: Annotated[str, Security(get_user_id)], request: UpdateTimezoneRequest
+    user_id: Annotated[str, Security(get_user_id)],
+    request: UpdateTimezoneRequest,
 ) -> TimezoneResponse:
    """Update user timezone. The timezone should be a valid IANA timezone identifier."""
    user = await update_user_timezone(user_id, str(request.timezone))
--- a/autogpt_platform/backend/backend/api/features/v1_test.py
+++ b/autogpt_platform/backend/backend/api/features/v1_test.py
@@ -51,7 +51,7 @@ def test_get_or_create_user_route(
    }

    mocker.patch(
-        "backend.api.features.v1.get_or_create_user",
+        "backend.api.features.v1.get_or_activate_user",
        return_value=mock_user,
    )

--- a/autogpt_platform/backend/backend/api/model.py
+++ b/autogpt_platform/backend/backend/api/model.py
@@ -94,3 +94,8 @@ class NotificationPayload(pydantic.BaseModel):

 class OnboardingNotificationPayload(NotificationPayload):
    step: OnboardingStep | None
+
+
+class CopilotCompletionPayload(NotificationPayload):
+    session_id: str
+    status: Literal["completed", "failed"]
--- a/autogpt_platform/backend/backend/api/rest_api.py
+++ b/autogpt_platform/backend/backend/api/rest_api.py
@@ -19,6 +19,7 @@ from prisma.errors import PrismaError
 import backend.api.features.admin.credit_admin_routes
 import backend.api.features.admin.execution_analytics_routes
 import backend.api.features.admin.store_admin_routes
+import backend.api.features.admin.user_admin_routes
 import backend.api.features.builder
 import backend.api.features.builder.routes
 import backend.api.features.chat.routes as chat_routes
@@ -311,6 +312,11 @@ app.include_router(
    tags=["v2", "admin"],
    prefix="/api/executions",
 )
+app.include_router(
+    backend.api.features.admin.user_admin_routes.router,
+    tags=["v2", "admin"],
+    prefix="/api/users",
+)
 app.include_router(
    backend.api.features.executions.review.routes.router,
    tags=["v2", "executions", "review"],
--- a/autogpt_platform/backend/backend/blocks/_base.py
+++ b/autogpt_platform/backend/backend/blocks/_base.py
@@ -624,6 +624,7 @@ class Block(ABC, Generic[BlockSchemaInputType, BlockSchemaOutputType]):
        graph_id: str,
        graph_version: int,
        execution_context: "ExecutionContext",
+        is_graph_execution: bool = True,
        **kwargs,
    ) -> tuple[bool, BlockInput]:
        """
@@ -652,6 +653,7 @@ class Block(ABC, Generic[BlockSchemaInputType, BlockSchemaOutputType]):
            graph_version=graph_version,
            block_name=self.name,
            editable=True,
+            is_graph_execution=is_graph_execution,
        )

        if decision is None:
--- a/autogpt_platform/backend/backend/blocks/basic.py
+++ b/autogpt_platform/backend/backend/blocks/basic.py
@@ -126,7 +126,7 @@ class PrintToConsoleBlock(Block):
            output_schema=PrintToConsoleBlock.Output,
            test_input={"text": "Hello, World!"},
            is_sensitive_action=True,
-            disabled=True,  # Disabled per Nick Tindle's request (OPEN-3000)
+            disabled=True,
            test_output=[
                ("output", "Hello, World!"),
                ("status", "printed"),
--- a/autogpt_platform/backend/backend/blocks/email_block.py
+++ b/autogpt_platform/backend/backend/blocks/email_block.py
@@ -96,6 +96,7 @@ class SendEmailBlock(Block):
            test_credentials=TEST_CREDENTIALS,
            test_output=[("status", "Email sent successfully")],
            test_mock={"send_email": lambda *args, **kwargs: "Email sent successfully"},
+            is_sensitive_action=True,
        )

    @staticmethod
--- a/autogpt_platform/backend/backend/blocks/github/_utils.py
+++ b/autogpt_platform/backend/backend/blocks/github/_utils.py
@@ -0,0 +1,3 @@
+def github_repo_path(repo_url: str) -> str:
+    """Extract 'owner/repo' from a GitHub repository URL."""
+    return repo_url.replace("https://github.com/", "")
--- a/autogpt_platform/backend/backend/blocks/github/commits.py
+++ b/autogpt_platform/backend/backend/blocks/github/commits.py
@@ -0,0 +1,374 @@
+import asyncio
+from enum import StrEnum
+from urllib.parse import quote
+
+from typing_extensions import TypedDict
+
+from backend.blocks._base import (
+    Block,
+    BlockCategory,
+    BlockOutput,
+    BlockSchemaInput,
+    BlockSchemaOutput,
+)
+from backend.data.model import SchemaField
+
+from ._api import get_api
+from ._auth import (
+    TEST_CREDENTIALS,
+    TEST_CREDENTIALS_INPUT,
+    GithubCredentials,
+    GithubCredentialsField,
+    GithubCredentialsInput,
+)
+from ._utils import github_repo_path
+
+
+class GithubListCommitsBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        branch: str = SchemaField(
+            description="Branch name to list commits from",
+            default="main",
+        )
+        per_page: int = SchemaField(
+            description="Number of commits to return (max 100)",
+            default=30,
+            ge=1,
+            le=100,
+        )
+        page: int = SchemaField(
+            description="Page number for pagination",
+            default=1,
+            ge=1,
+        )
+
+    class Output(BlockSchemaOutput):
+        class CommitItem(TypedDict):
+            sha: str
+            message: str
+            author: str
+            date: str
+            url: str
+
+        commit: CommitItem = SchemaField(
+            title="Commit", description="A commit with its details"
+        )
+        commits: list[CommitItem] = SchemaField(
+            description="List of commits with their details"
+        )
+        error: str = SchemaField(description="Error message if listing commits failed")
+
+    def __init__(self):
+        super().__init__(
+            id="8b13f579-d8b6-4dc2-a140-f770428805de",
+            description="This block lists commits on a branch in a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubListCommitsBlock.Input,
+            output_schema=GithubListCommitsBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "branch": "main",
+                "per_page": 30,
+                "page": 1,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                (
+                    "commits",
+                    [
+                        {
+                            "sha": "abc123",
+                            "message": "Initial commit",
+                            "author": "octocat",
+                            "date": "2024-01-01T00:00:00Z",
+                            "url": "https://github.com/owner/repo/commit/abc123",
+                        }
+                    ],
+                ),
+                (
+                    "commit",
+                    {
+                        "sha": "abc123",
+                        "message": "Initial commit",
+                        "author": "octocat",
+                        "date": "2024-01-01T00:00:00Z",
+                        "url": "https://github.com/owner/repo/commit/abc123",
+                    },
+                ),
+            ],
+            test_mock={
+                "list_commits": lambda *args, **kwargs: [
+                    {
+                        "sha": "abc123",
+                        "message": "Initial commit",
+                        "author": "octocat",
+                        "date": "2024-01-01T00:00:00Z",
+                        "url": "https://github.com/owner/repo/commit/abc123",
+                    }
+                ]
+            },
+        )
+
+    @staticmethod
+    async def list_commits(
+        credentials: GithubCredentials,
+        repo_url: str,
+        branch: str,
+        per_page: int,
+        page: int,
+    ) -> list[Output.CommitItem]:
+        api = get_api(credentials)
+        commits_url = repo_url + "/commits"
+        params = {"sha": branch, "per_page": str(per_page), "page": str(page)}
+        response = await api.get(commits_url, params=params)
+        data = response.json()
+        repo_path = github_repo_path(repo_url)
+        return [
+            GithubListCommitsBlock.Output.CommitItem(
+                sha=c["sha"],
+                message=c["commit"]["message"],
+                author=(c["commit"].get("author") or {}).get("name", "Unknown"),
+                date=(c["commit"].get("author") or {}).get("date", ""),
+                url=f"https://github.com/{repo_path}/commit/{c['sha']}",
+            )
+            for c in data
+        ]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            commits = await self.list_commits(
+                credentials,
+                input_data.repo_url,
+                input_data.branch,
+                input_data.per_page,
+                input_data.page,
+            )
+            yield "commits", commits
+            for commit in commits:
+                yield "commit", commit
+        except Exception as e:
+            yield "error", str(e)
+
+
+class FileOperation(StrEnum):
+    """File operations for GithubMultiFileCommitBlock.
+
+    UPSERT creates or overwrites a file (the Git Trees API does not distinguish
+    between creation and update — the blob is placed at the given path regardless
+    of whether a file already exists there).
+
+    DELETE removes a file from the tree.
+    """
+
+    UPSERT = "upsert"
+    DELETE = "delete"
+
+
+class FileOperationInput(TypedDict):
+    path: str
+    content: str
+    operation: FileOperation
+
+
+class GithubMultiFileCommitBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        branch: str = SchemaField(
+            description="Branch to commit to",
+            placeholder="feature-branch",
+        )
+        commit_message: str = SchemaField(
+            description="Commit message",
+            placeholder="Add new feature",
+        )
+        files: list[FileOperationInput] = SchemaField(
+            description=(
+                "List of file operations. Each item has: "
+                "'path' (file path), 'content' (file content, ignored for delete), "
+                "'operation' (upsert/delete)"
+            ),
+        )
+
+    class Output(BlockSchemaOutput):
+        sha: str = SchemaField(description="SHA of the new commit")
+        url: str = SchemaField(description="URL of the new commit")
+        error: str = SchemaField(description="Error message if the commit failed")
+
+    def __init__(self):
+        super().__init__(
+            id="389eee51-a95e-4230-9bed-92167a327802",
+            description=(
+                "This block creates a single commit with multiple file "
+                "upsert/delete operations using the Git Trees API."
+            ),
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubMultiFileCommitBlock.Input,
+            output_schema=GithubMultiFileCommitBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "branch": "feature",
+                "commit_message": "Add files",
+                "files": [
+                    {
+                        "path": "src/new.py",
+                        "content": "print('hello')",
+                        "operation": "upsert",
+                    },
+                    {
+                        "path": "src/old.py",
+                        "content": "",
+                        "operation": "delete",
+                    },
+                ],
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("sha", "newcommitsha"),
+                ("url", "https://github.com/owner/repo/commit/newcommitsha"),
+            ],
+            test_mock={
+                "multi_file_commit": lambda *args, **kwargs: (
+                    "newcommitsha",
+                    "https://github.com/owner/repo/commit/newcommitsha",
+                )
+            },
+        )
+
+    @staticmethod
+    async def multi_file_commit(
+        credentials: GithubCredentials,
+        repo_url: str,
+        branch: str,
+        commit_message: str,
+        files: list[FileOperationInput],
+    ) -> tuple[str, str]:
+        api = get_api(credentials)
+        safe_branch = quote(branch, safe="")
+
+        # 1. Get the latest commit SHA for the branch
+        ref_url = repo_url + f"/git/refs/heads/{safe_branch}"
+        response = await api.get(ref_url)
+        ref_data = response.json()
+        latest_commit_sha = ref_data["object"]["sha"]
+
+        # 2. Get the tree SHA of the latest commit
+        commit_url = repo_url + f"/git/commits/{latest_commit_sha}"
+        response = await api.get(commit_url)
+        commit_data = response.json()
+        base_tree_sha = commit_data["tree"]["sha"]
+
+        # 3. Build tree entries for each file operation (blobs created concurrently)
+        async def _create_blob(content: str) -> str:
+            blob_url = repo_url + "/git/blobs"
+            blob_response = await api.post(
+                blob_url,
+                json={"content": content, "encoding": "utf-8"},
+            )
+            return blob_response.json()["sha"]
+
+        tree_entries: list[dict] = []
+        upsert_files = []
+        for file_op in files:
+            path = file_op["path"]
+            operation = FileOperation(file_op.get("operation", "upsert"))
+
+            if operation == FileOperation.DELETE:
+                tree_entries.append(
+                    {
+                        "path": path,
+                        "mode": "100644",
+                        "type": "blob",
+                        "sha": None,  # null SHA = delete
+                    }
+                )
+            else:
+                upsert_files.append((path, file_op.get("content", "")))
+
+        # Create all blobs concurrently
+        if upsert_files:
+            blob_shas = await asyncio.gather(
+                *[_create_blob(content) for _, content in upsert_files]
+            )
+            for (path, _), blob_sha in zip(upsert_files, blob_shas):
+                tree_entries.append(
+                    {
+                        "path": path,
+                        "mode": "100644",
+                        "type": "blob",
+                        "sha": blob_sha,
+                    }
+                )
+
+        # 4. Create a new tree
+        tree_url = repo_url + "/git/trees"
+        tree_response = await api.post(
+            tree_url,
+            json={"base_tree": base_tree_sha, "tree": tree_entries},
+        )
+        new_tree_sha = tree_response.json()["sha"]
+
+        # 5. Create a new commit
+        new_commit_url = repo_url + "/git/commits"
+        commit_response = await api.post(
+            new_commit_url,
+            json={
+                "message": commit_message,
+                "tree": new_tree_sha,
+                "parents": [latest_commit_sha],
+            },
+        )
+        new_commit_sha = commit_response.json()["sha"]
+
+        # 6. Update the branch reference
+        try:
+            await api.patch(
+                ref_url,
+                json={"sha": new_commit_sha},
+            )
+        except Exception as e:
+            raise RuntimeError(
+                f"Commit {new_commit_sha} was created but failed to update "
+                f"ref heads/{branch}: {e}. "
+                f"You can recover by manually updating the branch to {new_commit_sha}."
+            ) from e
+
+        repo_path = github_repo_path(repo_url)
+        commit_web_url = f"https://github.com/{repo_path}/commit/{new_commit_sha}"
+        return new_commit_sha, commit_web_url
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            sha, url = await self.multi_file_commit(
+                credentials,
+                input_data.repo_url,
+                input_data.branch,
+                input_data.commit_message,
+                input_data.files,
+            )
+            yield "sha", sha
+            yield "url", url
+        except Exception as e:
+            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/github/pull_requests.py
+++ b/autogpt_platform/backend/backend/blocks/github/pull_requests.py
@@ -1,4 +1,5 @@
 import re
+from typing import Literal

 from typing_extensions import TypedDict

@@ -20,6 +21,8 @@ from ._auth import (
    GithubCredentialsInput,
 )

+MergeMethod = Literal["merge", "squash", "rebase"]
+

 class GithubListPullRequestsBlock(Block):
    class Input(BlockSchemaInput):
@@ -558,12 +561,109 @@ class GithubListPRReviewersBlock(Block):
            yield "reviewer", reviewer


+class GithubMergePullRequestBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        pr_url: str = SchemaField(
+            description="URL of the GitHub pull request",
+            placeholder="https://github.com/owner/repo/pull/1",
+        )
+        merge_method: MergeMethod = SchemaField(
+            description="Merge method to use: merge, squash, or rebase",
+            default="merge",
+        )
+        commit_title: str = SchemaField(
+            description="Title for the merge commit (optional, used for merge and squash)",
+            default="",
+        )
+        commit_message: str = SchemaField(
+            description="Message for the merge commit (optional, used for merge and squash)",
+            default="",
+        )
+
+    class Output(BlockSchemaOutput):
+        sha: str = SchemaField(description="SHA of the merge commit")
+        merged: bool = SchemaField(description="Whether the PR was merged")
+        message: str = SchemaField(description="Merge status message")
+        error: str = SchemaField(description="Error message if the merge failed")
+
+    def __init__(self):
+        super().__init__(
+            id="77456c22-33d8-4fd4-9eef-50b46a35bb48",
+            description="This block merges a pull request using merge, squash, or rebase.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubMergePullRequestBlock.Input,
+            output_schema=GithubMergePullRequestBlock.Output,
+            test_input={
+                "pr_url": "https://github.com/owner/repo/pull/1",
+                "merge_method": "squash",
+                "commit_title": "",
+                "commit_message": "",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("sha", "abc123"),
+                ("merged", True),
+                ("message", "Pull Request successfully merged"),
+            ],
+            test_mock={
+                "merge_pr": lambda *args, **kwargs: (
+                    "abc123",
+                    True,
+                    "Pull Request successfully merged",
+                )
+            },
+            is_sensitive_action=True,
+        )
+
+    @staticmethod
+    async def merge_pr(
+        credentials: GithubCredentials,
+        pr_url: str,
+        merge_method: MergeMethod,
+        commit_title: str,
+        commit_message: str,
+    ) -> tuple[str, bool, str]:
+        api = get_api(credentials)
+        merge_url = prepare_pr_api_url(pr_url=pr_url, path="merge")
+        data: dict[str, str] = {"merge_method": merge_method}
+        if commit_title:
+            data["commit_title"] = commit_title
+        if commit_message:
+            data["commit_message"] = commit_message
+        response = await api.put(merge_url, json=data)
+        result = response.json()
+        return result["sha"], result["merged"], result["message"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            sha, merged, message = await self.merge_pr(
+                credentials,
+                input_data.pr_url,
+                input_data.merge_method,
+                input_data.commit_title,
+                input_data.commit_message,
+            )
+            yield "sha", sha
+            yield "merged", merged
+            yield "message", message
+        except Exception as e:
+            yield "error", str(e)
+
+
 def prepare_pr_api_url(pr_url: str, path: str) -> str:
    # Pattern to capture the base repository URL and the pull request number
-    pattern = r"^(?:https?://)?([^/]+/[^/]+/[^/]+)/pull/(\d+)"
+    pattern = r"^(?:(https?)://)?([^/]+/[^/]+/[^/]+)/pull/(\d+)"
    match = re.match(pattern, pr_url)
    if not match:
        return pr_url

-    base_url, pr_number = match.groups()
-    return f"{base_url}/pulls/{pr_number}/{path}"
+    scheme, base_url, pr_number = match.groups()
+    return f"{scheme or 'https'}://{base_url}/pulls/{pr_number}/{path}"
--- a/autogpt_platform/backend/backend/blocks/github/repo.py
+++ b/autogpt_platform/backend/backend/blocks/github/repo.py
@@ -1,5 +1,3 @@
-import base64
-
 from typing_extensions import TypedDict

 from backend.blocks._base import (
@@ -19,6 +17,7 @@ from ._auth import (
    GithubCredentialsField,
    GithubCredentialsInput,
 )
+from ._utils import github_repo_path


 class GithubListTagsBlock(Block):
@@ -89,7 +88,7 @@ class GithubListTagsBlock(Block):
        tags_url = repo_url + "/tags"
        response = await api.get(tags_url)
        data = response.json()
-        repo_path = repo_url.replace("https://github.com/", "")
+        repo_path = github_repo_path(repo_url)
        tags: list[GithubListTagsBlock.Output.TagItem] = [
            {
                "name": tag["name"],
@@ -115,101 +114,6 @@ class GithubListTagsBlock(Block):
            yield "tag", tag


-class GithubListBranchesBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-
-    class Output(BlockSchemaOutput):
-        class BranchItem(TypedDict):
-            name: str
-            url: str
-
-        branch: BranchItem = SchemaField(
-            title="Branch",
-            description="Branches with their name and file tree browser URL",
-        )
-        branches: list[BranchItem] = SchemaField(
-            description="List of branches with their name and file tree browser URL"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="74243e49-2bec-4916-8bf4-db43d44aead5",
-            description="This block lists all branches for a specified GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubListBranchesBlock.Input,
-            output_schema=GithubListBranchesBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                (
-                    "branches",
-                    [
-                        {
-                            "name": "main",
-                            "url": "https://github.com/owner/repo/tree/main",
-                        }
-                    ],
-                ),
-                (
-                    "branch",
-                    {
-                        "name": "main",
-                        "url": "https://github.com/owner/repo/tree/main",
-                    },
-                ),
-            ],
-            test_mock={
-                "list_branches": lambda *args, **kwargs: [
-                    {
-                        "name": "main",
-                        "url": "https://github.com/owner/repo/tree/main",
-                    }
-                ]
-            },
-        )
-
-    @staticmethod
-    async def list_branches(
-        credentials: GithubCredentials, repo_url: str
-    ) -> list[Output.BranchItem]:
-        api = get_api(credentials)
-        branches_url = repo_url + "/branches"
-        response = await api.get(branches_url)
-        data = response.json()
-        repo_path = repo_url.replace("https://github.com/", "")
-        branches: list[GithubListBranchesBlock.Output.BranchItem] = [
-            {
-                "name": branch["name"],
-                "url": f"https://github.com/{repo_path}/tree/{branch['name']}",
-            }
-            for branch in data
-        ]
-        return branches
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        branches = await self.list_branches(
-            credentials,
-            input_data.repo_url,
-        )
-        yield "branches", branches
-        for branch in branches:
-            yield "branch", branch
-
-
 class GithubListDiscussionsBlock(Block):
    class Input(BlockSchemaInput):
        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
@@ -283,7 +187,7 @@ class GithubListDiscussionsBlock(Block):
    ) -> list[Output.DiscussionItem]:
        api = get_api(credentials)
        # GitHub GraphQL API endpoint is different; we'll use api.post with custom URL
-        repo_path = repo_url.replace("https://github.com/", "")
+        repo_path = github_repo_path(repo_url)
        owner, repo = repo_path.split("/")
        query = """
        query($owner: String!, $repo: String!, $num: Int!) {
@@ -416,564 +320,6 @@ class GithubListReleasesBlock(Block):
            yield "release", release


-class GithubReadFileBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        file_path: str = SchemaField(
-            description="Path to the file in the repository",
-            placeholder="path/to/file",
-        )
-        branch: str = SchemaField(
-            description="Branch to read from",
-            placeholder="branch_name",
-            default="master",
-        )
-
-    class Output(BlockSchemaOutput):
-        text_content: str = SchemaField(
-            description="Content of the file (decoded as UTF-8 text)"
-        )
-        raw_content: str = SchemaField(
-            description="Raw base64-encoded content of the file"
-        )
-        size: int = SchemaField(description="The size of the file (in bytes)")
-
-    def __init__(self):
-        super().__init__(
-            id="87ce6c27-5752-4bbc-8e26-6da40a3dcfd3",
-            description="This block reads the content of a specified file from a GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubReadFileBlock.Input,
-            output_schema=GithubReadFileBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "file_path": "path/to/file",
-                "branch": "master",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                ("raw_content", "RmlsZSBjb250ZW50"),
-                ("text_content", "File content"),
-                ("size", 13),
-            ],
-            test_mock={"read_file": lambda *args, **kwargs: ("RmlsZSBjb250ZW50", 13)},
-        )
-
-    @staticmethod
-    async def read_file(
-        credentials: GithubCredentials, repo_url: str, file_path: str, branch: str
-    ) -> tuple[str, int]:
-        api = get_api(credentials)
-        content_url = repo_url + f"/contents/{file_path}?ref={branch}"
-        response = await api.get(content_url)
-        data = response.json()
-
-        if isinstance(data, list):
-            # Multiple entries of different types exist at this path
-            if not (file := next((f for f in data if f["type"] == "file"), None)):
-                raise TypeError("Not a file")
-            data = file
-
-        if data["type"] != "file":
-            raise TypeError("Not a file")
-
-        return data["content"], data["size"]
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        content, size = await self.read_file(
-            credentials,
-            input_data.repo_url,
-            input_data.file_path,
-            input_data.branch,
-        )
-        yield "raw_content", content
-        yield "text_content", base64.b64decode(content).decode("utf-8")
-        yield "size", size
-
-
-class GithubReadFolderBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        folder_path: str = SchemaField(
-            description="Path to the folder in the repository",
-            placeholder="path/to/folder",
-        )
-        branch: str = SchemaField(
-            description="Branch name to read from (defaults to master)",
-            placeholder="branch_name",
-            default="master",
-        )
-
-    class Output(BlockSchemaOutput):
-        class DirEntry(TypedDict):
-            name: str
-            path: str
-
-        class FileEntry(TypedDict):
-            name: str
-            path: str
-            size: int
-
-        file: FileEntry = SchemaField(description="Files in the folder")
-        dir: DirEntry = SchemaField(description="Directories in the folder")
-        error: str = SchemaField(
-            description="Error message if reading the folder failed"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="1355f863-2db3-4d75-9fba-f91e8a8ca400",
-            description="This block reads the content of a specified folder from a GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubReadFolderBlock.Input,
-            output_schema=GithubReadFolderBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "folder_path": "path/to/folder",
-                "branch": "master",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                (
-                    "file",
-                    {
-                        "name": "file1.txt",
-                        "path": "path/to/folder/file1.txt",
-                        "size": 1337,
-                    },
-                ),
-                ("dir", {"name": "dir2", "path": "path/to/folder/dir2"}),
-            ],
-            test_mock={
-                "read_folder": lambda *args, **kwargs: (
-                    [
-                        {
-                            "name": "file1.txt",
-                            "path": "path/to/folder/file1.txt",
-                            "size": 1337,
-                        }
-                    ],
-                    [{"name": "dir2", "path": "path/to/folder/dir2"}],
-                )
-            },
-        )
-
-    @staticmethod
-    async def read_folder(
-        credentials: GithubCredentials, repo_url: str, folder_path: str, branch: str
-    ) -> tuple[list[Output.FileEntry], list[Output.DirEntry]]:
-        api = get_api(credentials)
-        contents_url = repo_url + f"/contents/{folder_path}?ref={branch}"
-        response = await api.get(contents_url)
-        data = response.json()
-
-        if not isinstance(data, list):
-            raise TypeError("Not a folder")
-
-        files: list[GithubReadFolderBlock.Output.FileEntry] = [
-            GithubReadFolderBlock.Output.FileEntry(
-                name=entry["name"],
-                path=entry["path"],
-                size=entry["size"],
-            )
-            for entry in data
-            if entry["type"] == "file"
-        ]
-
-        dirs: list[GithubReadFolderBlock.Output.DirEntry] = [
-            GithubReadFolderBlock.Output.DirEntry(
-                name=entry["name"],
-                path=entry["path"],
-            )
-            for entry in data
-            if entry["type"] == "dir"
-        ]
-
-        return files, dirs
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        files, dirs = await self.read_folder(
-            credentials,
-            input_data.repo_url,
-            input_data.folder_path.lstrip("/"),
-            input_data.branch,
-        )
-        for file in files:
-            yield "file", file
-        for dir in dirs:
-            yield "dir", dir
-
-
-class GithubMakeBranchBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        new_branch: str = SchemaField(
-            description="Name of the new branch",
-            placeholder="new_branch_name",
-        )
-        source_branch: str = SchemaField(
-            description="Name of the source branch",
-            placeholder="source_branch_name",
-        )
-
-    class Output(BlockSchemaOutput):
-        status: str = SchemaField(description="Status of the branch creation operation")
-        error: str = SchemaField(
-            description="Error message if the branch creation failed"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="944cc076-95e7-4d1b-b6b6-b15d8ee5448d",
-            description="This block creates a new branch from a specified source branch.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubMakeBranchBlock.Input,
-            output_schema=GithubMakeBranchBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "new_branch": "new_branch_name",
-                "source_branch": "source_branch_name",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[("status", "Branch created successfully")],
-            test_mock={
-                "create_branch": lambda *args, **kwargs: "Branch created successfully"
-            },
-        )
-
-    @staticmethod
-    async def create_branch(
-        credentials: GithubCredentials,
-        repo_url: str,
-        new_branch: str,
-        source_branch: str,
-    ) -> str:
-        api = get_api(credentials)
-        ref_url = repo_url + f"/git/refs/heads/{source_branch}"
-        response = await api.get(ref_url)
-        data = response.json()
-        sha = data["object"]["sha"]
-
-        # Create the new branch
-        new_ref_url = repo_url + "/git/refs"
-        data = {
-            "ref": f"refs/heads/{new_branch}",
-            "sha": sha,
-        }
-        response = await api.post(new_ref_url, json=data)
-        return "Branch created successfully"
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        status = await self.create_branch(
-            credentials,
-            input_data.repo_url,
-            input_data.new_branch,
-            input_data.source_branch,
-        )
-        yield "status", status
-
-
-class GithubDeleteBranchBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        branch: str = SchemaField(
-            description="Name of the branch to delete",
-            placeholder="branch_name",
-        )
-
-    class Output(BlockSchemaOutput):
-        status: str = SchemaField(description="Status of the branch deletion operation")
-        error: str = SchemaField(
-            description="Error message if the branch deletion failed"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="0d4130f7-e0ab-4d55-adc3-0a40225e80f4",
-            description="This block deletes a specified branch.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubDeleteBranchBlock.Input,
-            output_schema=GithubDeleteBranchBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "branch": "branch_name",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[("status", "Branch deleted successfully")],
-            test_mock={
-                "delete_branch": lambda *args, **kwargs: "Branch deleted successfully"
-            },
-        )
-
-    @staticmethod
-    async def delete_branch(
-        credentials: GithubCredentials, repo_url: str, branch: str
-    ) -> str:
-        api = get_api(credentials)
-        ref_url = repo_url + f"/git/refs/heads/{branch}"
-        await api.delete(ref_url)
-        return "Branch deleted successfully"
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        status = await self.delete_branch(
-            credentials,
-            input_data.repo_url,
-            input_data.branch,
-        )
-        yield "status", status
-
-
-class GithubCreateFileBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        file_path: str = SchemaField(
-            description="Path where the file should be created",
-            placeholder="path/to/file.txt",
-        )
-        content: str = SchemaField(
-            description="Content to write to the file",
-            placeholder="File content here",
-        )
-        branch: str = SchemaField(
-            description="Branch where the file should be created",
-            default="main",
-        )
-        commit_message: str = SchemaField(
-            description="Message for the commit",
-            default="Create new file",
-        )
-
-    class Output(BlockSchemaOutput):
-        url: str = SchemaField(description="URL of the created file")
-        sha: str = SchemaField(description="SHA of the commit")
-        error: str = SchemaField(
-            description="Error message if the file creation failed"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="8fd132ac-b917-428a-8159-d62893e8a3fe",
-            description="This block creates a new file in a GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubCreateFileBlock.Input,
-            output_schema=GithubCreateFileBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "file_path": "test/file.txt",
-                "content": "Test content",
-                "branch": "main",
-                "commit_message": "Create test file",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                ("url", "https://github.com/owner/repo/blob/main/test/file.txt"),
-                ("sha", "abc123"),
-            ],
-            test_mock={
-                "create_file": lambda *args, **kwargs: (
-                    "https://github.com/owner/repo/blob/main/test/file.txt",
-                    "abc123",
-                )
-            },
-        )
-
-    @staticmethod
-    async def create_file(
-        credentials: GithubCredentials,
-        repo_url: str,
-        file_path: str,
-        content: str,
-        branch: str,
-        commit_message: str,
-    ) -> tuple[str, str]:
-        api = get_api(credentials)
-        contents_url = repo_url + f"/contents/{file_path}"
-        content_base64 = base64.b64encode(content.encode()).decode()
-        data = {
-            "message": commit_message,
-            "content": content_base64,
-            "branch": branch,
-        }
-        response = await api.put(contents_url, json=data)
-        data = response.json()
-        return data["content"]["html_url"], data["commit"]["sha"]
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        try:
-            url, sha = await self.create_file(
-                credentials,
-                input_data.repo_url,
-                input_data.file_path,
-                input_data.content,
-                input_data.branch,
-                input_data.commit_message,
-            )
-            yield "url", url
-            yield "sha", sha
-        except Exception as e:
-            yield "error", str(e)
-
-
-class GithubUpdateFileBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        file_path: str = SchemaField(
-            description="Path to the file to update",
-            placeholder="path/to/file.txt",
-        )
-        content: str = SchemaField(
-            description="New content for the file",
-            placeholder="Updated content here",
-        )
-        branch: str = SchemaField(
-            description="Branch containing the file",
-            default="main",
-        )
-        commit_message: str = SchemaField(
-            description="Message for the commit",
-            default="Update file",
-        )
-
-    class Output(BlockSchemaOutput):
-        url: str = SchemaField(description="URL of the updated file")
-        sha: str = SchemaField(description="SHA of the commit")
-
-    def __init__(self):
-        super().__init__(
-            id="30be12a4-57cb-4aa4-baf5-fcc68d136076",
-            description="This block updates an existing file in a GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubUpdateFileBlock.Input,
-            output_schema=GithubUpdateFileBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "file_path": "test/file.txt",
-                "content": "Updated content",
-                "branch": "main",
-                "commit_message": "Update test file",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                ("url", "https://github.com/owner/repo/blob/main/test/file.txt"),
-                ("sha", "def456"),
-            ],
-            test_mock={
-                "update_file": lambda *args, **kwargs: (
-                    "https://github.com/owner/repo/blob/main/test/file.txt",
-                    "def456",
-                )
-            },
-        )
-
-    @staticmethod
-    async def update_file(
-        credentials: GithubCredentials,
-        repo_url: str,
-        file_path: str,
-        content: str,
-        branch: str,
-        commit_message: str,
-    ) -> tuple[str, str]:
-        api = get_api(credentials)
-        contents_url = repo_url + f"/contents/{file_path}"
-        params = {"ref": branch}
-        response = await api.get(contents_url, params=params)
-        data = response.json()
-
-        # Convert new content to base64
-        content_base64 = base64.b64encode(content.encode()).decode()
-        data = {
-            "message": commit_message,
-            "content": content_base64,
-            "sha": data["sha"],
-            "branch": branch,
-        }
-        response = await api.put(contents_url, json=data)
-        data = response.json()
-        return data["content"]["html_url"], data["commit"]["sha"]
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        try:
-            url, sha = await self.update_file(
-                credentials,
-                input_data.repo_url,
-                input_data.file_path,
-                input_data.content,
-                input_data.branch,
-                input_data.commit_message,
-            )
-            yield "url", url
-            yield "sha", sha
-        except Exception as e:
-            yield "error", str(e)
-
-
 class GithubCreateRepositoryBlock(Block):
    class Input(BlockSchemaInput):
        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
@@ -1103,7 +449,7 @@ class GithubListStargazersBlock(Block):

    def __init__(self):
        super().__init__(
-            id="a4b9c2d1-e5f6-4g7h-8i9j-0k1l2m3n4o5p",  # Generated unique UUID
+            id="e96d01ec-b55e-4a99-8ce8-c8776dce850b",  # Generated unique UUID
            description="This block lists all users who have starred a specified GitHub repository.",
            categories={BlockCategory.DEVELOPER_TOOLS},
            input_schema=GithubListStargazersBlock.Input,
@@ -1172,3 +518,230 @@ class GithubListStargazersBlock(Block):
        yield "stargazers", stargazers
        for stargazer in stargazers:
            yield "stargazer", stargazer
+
+
+class GithubGetRepositoryInfoBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+
+    class Output(BlockSchemaOutput):
+        name: str = SchemaField(description="Repository name")
+        full_name: str = SchemaField(description="Full repository name (owner/repo)")
+        description: str = SchemaField(description="Repository description")
+        default_branch: str = SchemaField(description="Default branch name (e.g. main)")
+        private: bool = SchemaField(description="Whether the repository is private")
+        html_url: str = SchemaField(description="Web URL of the repository")
+        clone_url: str = SchemaField(description="Git clone URL")
+        stars: int = SchemaField(description="Number of stars")
+        forks: int = SchemaField(description="Number of forks")
+        open_issues: int = SchemaField(description="Number of open issues")
+        error: str = SchemaField(
+            description="Error message if fetching repo info failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="59d4f241-968a-4040-95da-348ac5c5ce27",
+            description="This block retrieves metadata about a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubGetRepositoryInfoBlock.Input,
+            output_schema=GithubGetRepositoryInfoBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("name", "repo"),
+                ("full_name", "owner/repo"),
+                ("description", "A test repo"),
+                ("default_branch", "main"),
+                ("private", False),
+                ("html_url", "https://github.com/owner/repo"),
+                ("clone_url", "https://github.com/owner/repo.git"),
+                ("stars", 42),
+                ("forks", 5),
+                ("open_issues", 3),
+            ],
+            test_mock={
+                "get_repo_info": lambda *args, **kwargs: {
+                    "name": "repo",
+                    "full_name": "owner/repo",
+                    "description": "A test repo",
+                    "default_branch": "main",
+                    "private": False,
+                    "html_url": "https://github.com/owner/repo",
+                    "clone_url": "https://github.com/owner/repo.git",
+                    "stargazers_count": 42,
+                    "forks_count": 5,
+                    "open_issues_count": 3,
+                }
+            },
+        )
+
+    @staticmethod
+    async def get_repo_info(credentials: GithubCredentials, repo_url: str) -> dict:
+        api = get_api(credentials)
+        response = await api.get(repo_url)
+        return response.json()
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            data = await self.get_repo_info(credentials, input_data.repo_url)
+            yield "name", data["name"]
+            yield "full_name", data["full_name"]
+            yield "description", data.get("description", "") or ""
+            yield "default_branch", data["default_branch"]
+            yield "private", data["private"]
+            yield "html_url", data["html_url"]
+            yield "clone_url", data["clone_url"]
+            yield "stars", data["stargazers_count"]
+            yield "forks", data["forks_count"]
+            yield "open_issues", data["open_issues_count"]
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubForkRepositoryBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository to fork",
+            placeholder="https://github.com/owner/repo",
+        )
+        organization: str = SchemaField(
+            description="Organization to fork into (leave empty to fork to your account)",
+            default="",
+        )
+
+    class Output(BlockSchemaOutput):
+        url: str = SchemaField(description="URL of the forked repository")
+        clone_url: str = SchemaField(description="Git clone URL of the fork")
+        full_name: str = SchemaField(description="Full name of the fork (owner/repo)")
+        error: str = SchemaField(description="Error message if the fork failed")
+
+    def __init__(self):
+        super().__init__(
+            id="a439f2f4-835f-4dae-ba7b-0205ffa70be6",
+            description="This block forks a GitHub repository to your account or an organization.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubForkRepositoryBlock.Input,
+            output_schema=GithubForkRepositoryBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "organization": "",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("url", "https://github.com/myuser/repo"),
+                ("clone_url", "https://github.com/myuser/repo.git"),
+                ("full_name", "myuser/repo"),
+            ],
+            test_mock={
+                "fork_repo": lambda *args, **kwargs: (
+                    "https://github.com/myuser/repo",
+                    "https://github.com/myuser/repo.git",
+                    "myuser/repo",
+                )
+            },
+        )
+
+    @staticmethod
+    async def fork_repo(
+        credentials: GithubCredentials,
+        repo_url: str,
+        organization: str,
+    ) -> tuple[str, str, str]:
+        api = get_api(credentials)
+        forks_url = repo_url + "/forks"
+        data: dict[str, str] = {}
+        if organization:
+            data["organization"] = organization
+        response = await api.post(forks_url, json=data)
+        result = response.json()
+        return result["html_url"], result["clone_url"], result["full_name"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            url, clone_url, full_name = await self.fork_repo(
+                credentials,
+                input_data.repo_url,
+                input_data.organization,
+            )
+            yield "url", url
+            yield "clone_url", clone_url
+            yield "full_name", full_name
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubStarRepositoryBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository to star",
+            placeholder="https://github.com/owner/repo",
+        )
+
+    class Output(BlockSchemaOutput):
+        status: str = SchemaField(description="Status of the star operation")
+        error: str = SchemaField(description="Error message if starring failed")
+
+    def __init__(self):
+        super().__init__(
+            id="bd700764-53e3-44dd-a969-d1854088458f",
+            description="This block stars a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubStarRepositoryBlock.Input,
+            output_schema=GithubStarRepositoryBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[("status", "Repository starred successfully")],
+            test_mock={
+                "star_repo": lambda *args, **kwargs: "Repository starred successfully"
+            },
+        )
+
+    @staticmethod
+    async def star_repo(credentials: GithubCredentials, repo_url: str) -> str:
+        api = get_api(credentials, convert_urls=False)
+        repo_path = github_repo_path(repo_url)
+        owner, repo = repo_path.split("/")
+        await api.put(
+            f"https://api.github.com/user/starred/{owner}/{repo}",
+            headers={"Content-Length": "0"},
+        )
+        return "Repository starred successfully"
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            status = await self.star_repo(credentials, input_data.repo_url)
+            yield "status", status
+        except Exception as e:
+            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/github/repo_branches.py
+++ b/autogpt_platform/backend/backend/blocks/github/repo_branches.py
@@ -0,0 +1,452 @@
+from urllib.parse import quote
+
+from typing_extensions import TypedDict
+
+from backend.blocks._base import (
+    Block,
+    BlockCategory,
+    BlockOutput,
+    BlockSchemaInput,
+    BlockSchemaOutput,
+)
+from backend.data.model import SchemaField
+
+from ._api import get_api
+from ._auth import (
+    TEST_CREDENTIALS,
+    TEST_CREDENTIALS_INPUT,
+    GithubCredentials,
+    GithubCredentialsField,
+    GithubCredentialsInput,
+)
+from ._utils import github_repo_path
+
+
+class GithubListBranchesBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        per_page: int = SchemaField(
+            description="Number of branches to return per page (max 100)",
+            default=30,
+            ge=1,
+            le=100,
+        )
+        page: int = SchemaField(
+            description="Page number for pagination",
+            default=1,
+            ge=1,
+        )
+
+    class Output(BlockSchemaOutput):
+        class BranchItem(TypedDict):
+            name: str
+            url: str
+
+        branch: BranchItem = SchemaField(
+            title="Branch",
+            description="Branches with their name and file tree browser URL",
+        )
+        branches: list[BranchItem] = SchemaField(
+            description="List of branches with their name and file tree browser URL"
+        )
+        error: str = SchemaField(description="Error message if listing branches failed")
+
+    def __init__(self):
+        super().__init__(
+            id="74243e49-2bec-4916-8bf4-db43d44aead5",
+            description="This block lists all branches for a specified GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubListBranchesBlock.Input,
+            output_schema=GithubListBranchesBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "per_page": 30,
+                "page": 1,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                (
+                    "branches",
+                    [
+                        {
+                            "name": "main",
+                            "url": "https://github.com/owner/repo/tree/main",
+                        }
+                    ],
+                ),
+                (
+                    "branch",
+                    {
+                        "name": "main",
+                        "url": "https://github.com/owner/repo/tree/main",
+                    },
+                ),
+            ],
+            test_mock={
+                "list_branches": lambda *args, **kwargs: [
+                    {
+                        "name": "main",
+                        "url": "https://github.com/owner/repo/tree/main",
+                    }
+                ]
+            },
+        )
+
+    @staticmethod
+    async def list_branches(
+        credentials: GithubCredentials, repo_url: str, per_page: int, page: int
+    ) -> list[Output.BranchItem]:
+        api = get_api(credentials)
+        branches_url = repo_url + "/branches"
+        response = await api.get(
+            branches_url, params={"per_page": str(per_page), "page": str(page)}
+        )
+        data = response.json()
+        repo_path = github_repo_path(repo_url)
+        branches: list[GithubListBranchesBlock.Output.BranchItem] = [
+            {
+                "name": branch["name"],
+                "url": f"https://github.com/{repo_path}/tree/{branch['name']}",
+            }
+            for branch in data
+        ]
+        return branches
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            branches = await self.list_branches(
+                credentials,
+                input_data.repo_url,
+                input_data.per_page,
+                input_data.page,
+            )
+            yield "branches", branches
+            for branch in branches:
+                yield "branch", branch
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubMakeBranchBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        new_branch: str = SchemaField(
+            description="Name of the new branch",
+            placeholder="new_branch_name",
+        )
+        source_branch: str = SchemaField(
+            description="Name of the source branch",
+            placeholder="source_branch_name",
+        )
+
+    class Output(BlockSchemaOutput):
+        status: str = SchemaField(description="Status of the branch creation operation")
+        error: str = SchemaField(
+            description="Error message if the branch creation failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="944cc076-95e7-4d1b-b6b6-b15d8ee5448d",
+            description="This block creates a new branch from a specified source branch.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubMakeBranchBlock.Input,
+            output_schema=GithubMakeBranchBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "new_branch": "new_branch_name",
+                "source_branch": "source_branch_name",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[("status", "Branch created successfully")],
+            test_mock={
+                "create_branch": lambda *args, **kwargs: "Branch created successfully"
+            },
+        )
+
+    @staticmethod
+    async def create_branch(
+        credentials: GithubCredentials,
+        repo_url: str,
+        new_branch: str,
+        source_branch: str,
+    ) -> str:
+        api = get_api(credentials)
+        ref_url = repo_url + f"/git/refs/heads/{quote(source_branch, safe='')}"
+        response = await api.get(ref_url)
+        data = response.json()
+        sha = data["object"]["sha"]
+
+        # Create the new branch
+        new_ref_url = repo_url + "/git/refs"
+        data = {
+            "ref": f"refs/heads/{new_branch}",
+            "sha": sha,
+        }
+        response = await api.post(new_ref_url, json=data)
+        return "Branch created successfully"
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            status = await self.create_branch(
+                credentials,
+                input_data.repo_url,
+                input_data.new_branch,
+                input_data.source_branch,
+            )
+            yield "status", status
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubDeleteBranchBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        branch: str = SchemaField(
+            description="Name of the branch to delete",
+            placeholder="branch_name",
+        )
+
+    class Output(BlockSchemaOutput):
+        status: str = SchemaField(description="Status of the branch deletion operation")
+        error: str = SchemaField(
+            description="Error message if the branch deletion failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="0d4130f7-e0ab-4d55-adc3-0a40225e80f4",
+            description="This block deletes a specified branch.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubDeleteBranchBlock.Input,
+            output_schema=GithubDeleteBranchBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "branch": "branch_name",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[("status", "Branch deleted successfully")],
+            test_mock={
+                "delete_branch": lambda *args, **kwargs: "Branch deleted successfully"
+            },
+            is_sensitive_action=True,
+        )
+
+    @staticmethod
+    async def delete_branch(
+        credentials: GithubCredentials, repo_url: str, branch: str
+    ) -> str:
+        api = get_api(credentials)
+        ref_url = repo_url + f"/git/refs/heads/{quote(branch, safe='')}"
+        await api.delete(ref_url)
+        return "Branch deleted successfully"
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            status = await self.delete_branch(
+                credentials,
+                input_data.repo_url,
+                input_data.branch,
+            )
+            yield "status", status
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubCompareBranchesBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        base: str = SchemaField(
+            description="Base branch or commit SHA",
+            placeholder="main",
+        )
+        head: str = SchemaField(
+            description="Head branch or commit SHA to compare against base",
+            placeholder="feature-branch",
+        )
+
+    class Output(BlockSchemaOutput):
+        class FileChange(TypedDict):
+            filename: str
+            status: str
+            additions: int
+            deletions: int
+            patch: str
+
+        status: str = SchemaField(
+            description="Comparison status: ahead, behind, diverged, or identical"
+        )
+        ahead_by: int = SchemaField(
+            description="Number of commits head is ahead of base"
+        )
+        behind_by: int = SchemaField(
+            description="Number of commits head is behind base"
+        )
+        total_commits: int = SchemaField(
+            description="Total number of commits in the comparison"
+        )
+        diff: str = SchemaField(description="Unified diff of all file changes")
+        file: FileChange = SchemaField(
+            title="Changed File", description="A changed file with its diff"
+        )
+        files: list[FileChange] = SchemaField(
+            description="List of changed files with their diffs"
+        )
+        error: str = SchemaField(description="Error message if comparison failed")
+
+    def __init__(self):
+        super().__init__(
+            id="2e4faa8c-6086-4546-ba77-172d1d560186",
+            description="This block compares two branches or commits in a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubCompareBranchesBlock.Input,
+            output_schema=GithubCompareBranchesBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "base": "main",
+                "head": "feature",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("status", "ahead"),
+                ("ahead_by", 2),
+                ("behind_by", 0),
+                ("total_commits", 2),
+                ("diff", "+++ b/file.py\n+new line"),
+                (
+                    "files",
+                    [
+                        {
+                            "filename": "file.py",
+                            "status": "modified",
+                            "additions": 1,
+                            "deletions": 0,
+                            "patch": "+new line",
+                        }
+                    ],
+                ),
+                (
+                    "file",
+                    {
+                        "filename": "file.py",
+                        "status": "modified",
+                        "additions": 1,
+                        "deletions": 0,
+                        "patch": "+new line",
+                    },
+                ),
+            ],
+            test_mock={
+                "compare_branches": lambda *args, **kwargs: {
+                    "status": "ahead",
+                    "ahead_by": 2,
+                    "behind_by": 0,
+                    "total_commits": 2,
+                    "files": [
+                        {
+                            "filename": "file.py",
+                            "status": "modified",
+                            "additions": 1,
+                            "deletions": 0,
+                            "patch": "+new line",
+                        }
+                    ],
+                }
+            },
+        )
+
+    @staticmethod
+    async def compare_branches(
+        credentials: GithubCredentials,
+        repo_url: str,
+        base: str,
+        head: str,
+    ) -> dict:
+        api = get_api(credentials)
+        safe_base = quote(base, safe="")
+        safe_head = quote(head, safe="")
+        compare_url = repo_url + f"/compare/{safe_base}...{safe_head}"
+        response = await api.get(compare_url)
+        return response.json()
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            data = await self.compare_branches(
+                credentials,
+                input_data.repo_url,
+                input_data.base,
+                input_data.head,
+            )
+            yield "status", data["status"]
+            yield "ahead_by", data["ahead_by"]
+            yield "behind_by", data["behind_by"]
+            yield "total_commits", data["total_commits"]
+
+            files: list[GithubCompareBranchesBlock.Output.FileChange] = [
+                GithubCompareBranchesBlock.Output.FileChange(
+                    filename=f["filename"],
+                    status=f["status"],
+                    additions=f["additions"],
+                    deletions=f["deletions"],
+                    patch=f.get("patch", ""),
+                )
+                for f in data.get("files", [])
+            ]
+
+            # Build unified diff
+            diff_parts = []
+            for f in data.get("files", []):
+                patch = f.get("patch", "")
+                if patch:
+                    diff_parts.append(f"+++ b/{f['filename']}\n{patch}")
+            yield "diff", "\n".join(diff_parts)
+
+            yield "files", files
+            for file in files:
+                yield "file", file
+        except Exception as e:
+            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/github/repo_files.py
+++ b/autogpt_platform/backend/backend/blocks/github/repo_files.py
@@ -0,0 +1,720 @@
+import base64
+from urllib.parse import quote
+
+from typing_extensions import TypedDict
+
+from backend.blocks._base import (
+    Block,
+    BlockCategory,
+    BlockOutput,
+    BlockSchemaInput,
+    BlockSchemaOutput,
+)
+from backend.data.model import SchemaField
+
+from ._api import get_api
+from ._auth import (
+    TEST_CREDENTIALS,
+    TEST_CREDENTIALS_INPUT,
+    GithubCredentials,
+    GithubCredentialsField,
+    GithubCredentialsInput,
+)
+
+
+class GithubReadFileBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        file_path: str = SchemaField(
+            description="Path to the file in the repository",
+            placeholder="path/to/file",
+        )
+        branch: str = SchemaField(
+            description="Branch to read from",
+            placeholder="branch_name",
+            default="main",
+        )
+
+    class Output(BlockSchemaOutput):
+        text_content: str = SchemaField(
+            description="Content of the file (decoded as UTF-8 text)"
+        )
+        raw_content: str = SchemaField(
+            description="Raw base64-encoded content of the file"
+        )
+        size: int = SchemaField(description="The size of the file (in bytes)")
+        error: str = SchemaField(description="Error message if reading the file failed")
+
+    def __init__(self):
+        super().__init__(
+            id="87ce6c27-5752-4bbc-8e26-6da40a3dcfd3",
+            description="This block reads the content of a specified file from a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubReadFileBlock.Input,
+            output_schema=GithubReadFileBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "file_path": "path/to/file",
+                "branch": "main",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("raw_content", "RmlsZSBjb250ZW50"),
+                ("text_content", "File content"),
+                ("size", 13),
+            ],
+            test_mock={"read_file": lambda *args, **kwargs: ("RmlsZSBjb250ZW50", 13)},
+        )
+
+    @staticmethod
+    async def read_file(
+        credentials: GithubCredentials, repo_url: str, file_path: str, branch: str
+    ) -> tuple[str, int]:
+        api = get_api(credentials)
+        content_url = (
+            repo_url
+            + f"/contents/{quote(file_path, safe='')}?ref={quote(branch, safe='')}"
+        )
+        response = await api.get(content_url)
+        data = response.json()
+
+        if isinstance(data, list):
+            # Multiple entries of different types exist at this path
+            if not (file := next((f for f in data if f["type"] == "file"), None)):
+                raise TypeError("Not a file")
+            data = file
+
+        if data["type"] != "file":
+            raise TypeError("Not a file")
+
+        return data["content"], data["size"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            content, size = await self.read_file(
+                credentials,
+                input_data.repo_url,
+                input_data.file_path,
+                input_data.branch,
+            )
+            yield "raw_content", content
+            yield "text_content", base64.b64decode(content).decode("utf-8")
+            yield "size", size
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubReadFolderBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        folder_path: str = SchemaField(
+            description="Path to the folder in the repository",
+            placeholder="path/to/folder",
+        )
+        branch: str = SchemaField(
+            description="Branch name to read from (defaults to main)",
+            placeholder="branch_name",
+            default="main",
+        )
+
+    class Output(BlockSchemaOutput):
+        class DirEntry(TypedDict):
+            name: str
+            path: str
+
+        class FileEntry(TypedDict):
+            name: str
+            path: str
+            size: int
+
+        file: FileEntry = SchemaField(description="Files in the folder")
+        dir: DirEntry = SchemaField(description="Directories in the folder")
+        error: str = SchemaField(
+            description="Error message if reading the folder failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="1355f863-2db3-4d75-9fba-f91e8a8ca400",
+            description="This block reads the content of a specified folder from a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubReadFolderBlock.Input,
+            output_schema=GithubReadFolderBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "folder_path": "path/to/folder",
+                "branch": "main",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                (
+                    "file",
+                    {
+                        "name": "file1.txt",
+                        "path": "path/to/folder/file1.txt",
+                        "size": 1337,
+                    },
+                ),
+                ("dir", {"name": "dir2", "path": "path/to/folder/dir2"}),
+            ],
+            test_mock={
+                "read_folder": lambda *args, **kwargs: (
+                    [
+                        {
+                            "name": "file1.txt",
+                            "path": "path/to/folder/file1.txt",
+                            "size": 1337,
+                        }
+                    ],
+                    [{"name": "dir2", "path": "path/to/folder/dir2"}],
+                )
+            },
+        )
+
+    @staticmethod
+    async def read_folder(
+        credentials: GithubCredentials, repo_url: str, folder_path: str, branch: str
+    ) -> tuple[list[Output.FileEntry], list[Output.DirEntry]]:
+        api = get_api(credentials)
+        contents_url = (
+            repo_url
+            + f"/contents/{quote(folder_path, safe='/')}?ref={quote(branch, safe='')}"
+        )
+        response = await api.get(contents_url)
+        data = response.json()
+
+        if not isinstance(data, list):
+            raise TypeError("Not a folder")
+
+        files: list[GithubReadFolderBlock.Output.FileEntry] = [
+            GithubReadFolderBlock.Output.FileEntry(
+                name=entry["name"],
+                path=entry["path"],
+                size=entry["size"],
+            )
+            for entry in data
+            if entry["type"] == "file"
+        ]
+
+        dirs: list[GithubReadFolderBlock.Output.DirEntry] = [
+            GithubReadFolderBlock.Output.DirEntry(
+                name=entry["name"],
+                path=entry["path"],
+            )
+            for entry in data
+            if entry["type"] == "dir"
+        ]
+
+        return files, dirs
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            files, dirs = await self.read_folder(
+                credentials,
+                input_data.repo_url,
+                input_data.folder_path.lstrip("/"),
+                input_data.branch,
+            )
+            for file in files:
+                yield "file", file
+            for dir in dirs:
+                yield "dir", dir
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubCreateFileBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        file_path: str = SchemaField(
+            description="Path where the file should be created",
+            placeholder="path/to/file.txt",
+        )
+        content: str = SchemaField(
+            description="Content to write to the file",
+            placeholder="File content here",
+        )
+        branch: str = SchemaField(
+            description="Branch where the file should be created",
+            default="main",
+        )
+        commit_message: str = SchemaField(
+            description="Message for the commit",
+            default="Create new file",
+        )
+
+    class Output(BlockSchemaOutput):
+        url: str = SchemaField(description="URL of the created file")
+        sha: str = SchemaField(description="SHA of the commit")
+        error: str = SchemaField(
+            description="Error message if the file creation failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="8fd132ac-b917-428a-8159-d62893e8a3fe",
+            description="This block creates a new file in a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubCreateFileBlock.Input,
+            output_schema=GithubCreateFileBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "file_path": "test/file.txt",
+                "content": "Test content",
+                "branch": "main",
+                "commit_message": "Create test file",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("url", "https://github.com/owner/repo/blob/main/test/file.txt"),
+                ("sha", "abc123"),
+            ],
+            test_mock={
+                "create_file": lambda *args, **kwargs: (
+                    "https://github.com/owner/repo/blob/main/test/file.txt",
+                    "abc123",
+                )
+            },
+        )
+
+    @staticmethod
+    async def create_file(
+        credentials: GithubCredentials,
+        repo_url: str,
+        file_path: str,
+        content: str,
+        branch: str,
+        commit_message: str,
+    ) -> tuple[str, str]:
+        api = get_api(credentials)
+        contents_url = repo_url + f"/contents/{quote(file_path, safe='/')}"
+        content_base64 = base64.b64encode(content.encode()).decode()
+        data = {
+            "message": commit_message,
+            "content": content_base64,
+            "branch": branch,
+        }
+        response = await api.put(contents_url, json=data)
+        data = response.json()
+        return data["content"]["html_url"], data["commit"]["sha"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            url, sha = await self.create_file(
+                credentials,
+                input_data.repo_url,
+                input_data.file_path,
+                input_data.content,
+                input_data.branch,
+                input_data.commit_message,
+            )
+            yield "url", url
+            yield "sha", sha
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubUpdateFileBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        file_path: str = SchemaField(
+            description="Path to the file to update",
+            placeholder="path/to/file.txt",
+        )
+        content: str = SchemaField(
+            description="New content for the file",
+            placeholder="Updated content here",
+        )
+        branch: str = SchemaField(
+            description="Branch containing the file",
+            default="main",
+        )
+        commit_message: str = SchemaField(
+            description="Message for the commit",
+            default="Update file",
+        )
+
+    class Output(BlockSchemaOutput):
+        url: str = SchemaField(description="URL of the updated file")
+        sha: str = SchemaField(description="SHA of the commit")
+
+    def __init__(self):
+        super().__init__(
+            id="30be12a4-57cb-4aa4-baf5-fcc68d136076",
+            description="This block updates an existing file in a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubUpdateFileBlock.Input,
+            output_schema=GithubUpdateFileBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "file_path": "test/file.txt",
+                "content": "Updated content",
+                "branch": "main",
+                "commit_message": "Update test file",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("url", "https://github.com/owner/repo/blob/main/test/file.txt"),
+                ("sha", "def456"),
+            ],
+            test_mock={
+                "update_file": lambda *args, **kwargs: (
+                    "https://github.com/owner/repo/blob/main/test/file.txt",
+                    "def456",
+                )
+            },
+        )
+
+    @staticmethod
+    async def update_file(
+        credentials: GithubCredentials,
+        repo_url: str,
+        file_path: str,
+        content: str,
+        branch: str,
+        commit_message: str,
+    ) -> tuple[str, str]:
+        api = get_api(credentials)
+        contents_url = repo_url + f"/contents/{quote(file_path, safe='/')}"
+        params = {"ref": branch}
+        response = await api.get(contents_url, params=params)
+        data = response.json()
+
+        # Convert new content to base64
+        content_base64 = base64.b64encode(content.encode()).decode()
+        data = {
+            "message": commit_message,
+            "content": content_base64,
+            "sha": data["sha"],
+            "branch": branch,
+        }
+        response = await api.put(contents_url, json=data)
+        data = response.json()
+        return data["content"]["html_url"], data["commit"]["sha"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            url, sha = await self.update_file(
+                credentials,
+                input_data.repo_url,
+                input_data.file_path,
+                input_data.content,
+                input_data.branch,
+                input_data.commit_message,
+            )
+            yield "url", url
+            yield "sha", sha
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubSearchCodeBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        query: str = SchemaField(
+            description="Search query (GitHub code search syntax)",
+            placeholder="className language:python",
+        )
+        repo: str = SchemaField(
+            description="Restrict search to a repository (owner/repo format, optional)",
+            default="",
+            placeholder="owner/repo",
+        )
+        per_page: int = SchemaField(
+            description="Number of results to return (max 100)",
+            default=30,
+            ge=1,
+            le=100,
+        )
+
+    class Output(BlockSchemaOutput):
+        class SearchResult(TypedDict):
+            name: str
+            path: str
+            repository: str
+            url: str
+            score: float
+
+        result: SearchResult = SchemaField(
+            title="Result", description="A code search result"
+        )
+        results: list[SearchResult] = SchemaField(
+            description="List of code search results"
+        )
+        total_count: int = SchemaField(description="Total number of matching results")
+        error: str = SchemaField(description="Error message if search failed")
+
+    def __init__(self):
+        super().__init__(
+            id="47f94891-a2b1-4f1c-b5f2-573c043f721e",
+            description="This block searches for code in GitHub repositories.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubSearchCodeBlock.Input,
+            output_schema=GithubSearchCodeBlock.Output,
+            test_input={
+                "query": "addClass",
+                "repo": "owner/repo",
+                "per_page": 30,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("total_count", 1),
+                (
+                    "results",
+                    [
+                        {
+                            "name": "file.py",
+                            "path": "src/file.py",
+                            "repository": "owner/repo",
+                            "url": "https://github.com/owner/repo/blob/main/src/file.py",
+                            "score": 1.0,
+                        }
+                    ],
+                ),
+                (
+                    "result",
+                    {
+                        "name": "file.py",
+                        "path": "src/file.py",
+                        "repository": "owner/repo",
+                        "url": "https://github.com/owner/repo/blob/main/src/file.py",
+                        "score": 1.0,
+                    },
+                ),
+            ],
+            test_mock={
+                "search_code": lambda *args, **kwargs: (
+                    1,
+                    [
+                        {
+                            "name": "file.py",
+                            "path": "src/file.py",
+                            "repository": "owner/repo",
+                            "url": "https://github.com/owner/repo/blob/main/src/file.py",
+                            "score": 1.0,
+                        }
+                    ],
+                )
+            },
+        )
+
+    @staticmethod
+    async def search_code(
+        credentials: GithubCredentials,
+        query: str,
+        repo: str,
+        per_page: int,
+    ) -> tuple[int, list[Output.SearchResult]]:
+        api = get_api(credentials, convert_urls=False)
+        full_query = f"{query} repo:{repo}" if repo else query
+        params = {"q": full_query, "per_page": str(per_page)}
+        response = await api.get("https://api.github.com/search/code", params=params)
+        data = response.json()
+        results: list[GithubSearchCodeBlock.Output.SearchResult] = [
+            GithubSearchCodeBlock.Output.SearchResult(
+                name=item["name"],
+                path=item["path"],
+                repository=item["repository"]["full_name"],
+                url=item["html_url"],
+                score=item["score"],
+            )
+            for item in data["items"]
+        ]
+        return data["total_count"], results
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            total_count, results = await self.search_code(
+                credentials,
+                input_data.query,
+                input_data.repo,
+                input_data.per_page,
+            )
+            yield "total_count", total_count
+            yield "results", results
+            for result in results:
+                yield "result", result
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubGetRepositoryTreeBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        branch: str = SchemaField(
+            description="Branch name to get the tree from",
+            default="main",
+        )
+        recursive: bool = SchemaField(
+            description="Whether to recursively list the entire tree",
+            default=True,
+        )
+
+    class Output(BlockSchemaOutput):
+        class TreeEntry(TypedDict):
+            path: str
+            type: str
+            size: int
+            sha: str
+
+        entry: TreeEntry = SchemaField(
+            title="Tree Entry", description="A file or directory in the tree"
+        )
+        entries: list[TreeEntry] = SchemaField(
+            description="List of all files and directories in the tree"
+        )
+        truncated: bool = SchemaField(
+            description="Whether the tree was truncated due to size"
+        )
+        error: str = SchemaField(description="Error message if getting tree failed")
+
+    def __init__(self):
+        super().__init__(
+            id="89c5c0ec-172e-4001-a32c-bdfe4d0c9e81",
+            description="This block lists the entire file tree of a GitHub repository recursively.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubGetRepositoryTreeBlock.Input,
+            output_schema=GithubGetRepositoryTreeBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "branch": "main",
+                "recursive": True,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("truncated", False),
+                (
+                    "entries",
+                    [
+                        {
+                            "path": "src/main.py",
+                            "type": "blob",
+                            "size": 1234,
+                            "sha": "abc123",
+                        }
+                    ],
+                ),
+                (
+                    "entry",
+                    {
+                        "path": "src/main.py",
+                        "type": "blob",
+                        "size": 1234,
+                        "sha": "abc123",
+                    },
+                ),
+            ],
+            test_mock={
+                "get_tree": lambda *args, **kwargs: (
+                    False,
+                    [
+                        {
+                            "path": "src/main.py",
+                            "type": "blob",
+                            "size": 1234,
+                            "sha": "abc123",
+                        }
+                    ],
+                )
+            },
+        )
+
+    @staticmethod
+    async def get_tree(
+        credentials: GithubCredentials,
+        repo_url: str,
+        branch: str,
+        recursive: bool,
+    ) -> tuple[bool, list[Output.TreeEntry]]:
+        api = get_api(credentials)
+        tree_url = repo_url + f"/git/trees/{quote(branch, safe='')}"
+        params = {"recursive": "1"} if recursive else {}
+        response = await api.get(tree_url, params=params)
+        data = response.json()
+        entries: list[GithubGetRepositoryTreeBlock.Output.TreeEntry] = [
+            GithubGetRepositoryTreeBlock.Output.TreeEntry(
+                path=item["path"],
+                type=item["type"],
+                size=item.get("size", 0),
+                sha=item["sha"],
+            )
+            for item in data["tree"]
+        ]
+        return data.get("truncated", False), entries
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            truncated, entries = await self.get_tree(
+                credentials,
+                input_data.repo_url,
+                input_data.branch,
+                input_data.recursive,
+            )
+            yield "truncated", truncated
+            yield "entries", entries
+            for entry in entries:
+                yield "entry", entry
+        except Exception as e:
+            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/github/test_github_blocks.py
+++ b/autogpt_platform/backend/backend/blocks/github/test_github_blocks.py
@@ -0,0 +1,120 @@
+import inspect
+
+import pytest
+
+from backend.blocks.github._auth import TEST_CREDENTIALS, TEST_CREDENTIALS_INPUT
+from backend.blocks.github.commits import FileOperation, GithubMultiFileCommitBlock
+from backend.blocks.github.pull_requests import (
+    GithubMergePullRequestBlock,
+    prepare_pr_api_url,
+)
+from backend.util.exceptions import BlockExecutionError
+
+# ── prepare_pr_api_url tests ──
+
+
+class TestPreparePrApiUrl:
+    def test_https_scheme_preserved(self):
+        result = prepare_pr_api_url("https://github.com/owner/repo/pull/42", "merge")
+        assert result == "https://github.com/owner/repo/pulls/42/merge"
+
+    def test_http_scheme_preserved(self):
+        result = prepare_pr_api_url("http://github.com/owner/repo/pull/1", "files")
+        assert result == "http://github.com/owner/repo/pulls/1/files"
+
+    def test_no_scheme_defaults_to_https(self):
+        result = prepare_pr_api_url("github.com/owner/repo/pull/5", "merge")
+        assert result == "https://github.com/owner/repo/pulls/5/merge"
+
+    def test_reviewers_path(self):
+        result = prepare_pr_api_url(
+            "https://github.com/owner/repo/pull/99", "requested_reviewers"
+        )
+        assert result == "https://github.com/owner/repo/pulls/99/requested_reviewers"
+
+    def test_invalid_url_returned_as_is(self):
+        url = "https://example.com/not-a-pr"
+        assert prepare_pr_api_url(url, "merge") == url
+
+    def test_empty_string(self):
+        assert prepare_pr_api_url("", "merge") == ""
+
+
+# ── Error-path block tests ──
+# When a block's run() yields ("error", msg), _execute() converts it to a
+# BlockExecutionError. We call block.execute() directly (not execute_block_test,
+# which returns early on empty test_output).
+
+
+def _mock_block(block, mocks: dict):
+    """Apply mocks to a block's static methods, wrapping sync mocks as async."""
+    for name, mock_fn in mocks.items():
+        original = getattr(block, name)
+        if inspect.iscoroutinefunction(original):
+
+            async def async_mock(*args, _fn=mock_fn, **kwargs):
+                return _fn(*args, **kwargs)
+
+            setattr(block, name, async_mock)
+        else:
+            setattr(block, name, mock_fn)
+
+
+def _raise(exc: Exception):
+    """Helper that returns a callable which raises the given exception."""
+
+    def _raiser(*args, **kwargs):
+        raise exc
+
+    return _raiser
+
+
+@pytest.mark.asyncio
+async def test_merge_pr_error_path():
+    block = GithubMergePullRequestBlock()
+    _mock_block(block, {"merge_pr": _raise(RuntimeError("PR not mergeable"))})
+    input_data = {
+        "pr_url": "https://github.com/owner/repo/pull/1",
+        "merge_method": "squash",
+        "commit_title": "",
+        "commit_message": "",
+        "credentials": TEST_CREDENTIALS_INPUT,
+    }
+    with pytest.raises(BlockExecutionError, match="PR not mergeable"):
+        async for _ in block.execute(input_data, credentials=TEST_CREDENTIALS):
+            pass
+
+
+@pytest.mark.asyncio
+async def test_multi_file_commit_error_path():
+    block = GithubMultiFileCommitBlock()
+    _mock_block(block, {"multi_file_commit": _raise(RuntimeError("ref update failed"))})
+    input_data = {
+        "repo_url": "https://github.com/owner/repo",
+        "branch": "feature",
+        "commit_message": "test",
+        "files": [{"path": "a.py", "content": "x", "operation": "upsert"}],
+        "credentials": TEST_CREDENTIALS_INPUT,
+    }
+    with pytest.raises(BlockExecutionError, match="ref update failed"):
+        async for _ in block.execute(input_data, credentials=TEST_CREDENTIALS):
+            pass
+
+
+# ── FileOperation enum tests ──
+
+
+class TestFileOperation:
+    def test_upsert_value(self):
+        assert FileOperation.UPSERT == "upsert"
+
+    def test_delete_value(self):
+        assert FileOperation.DELETE == "delete"
+
+    def test_invalid_value_raises(self):
+        with pytest.raises(ValueError):
+            FileOperation("create")
+
+    def test_invalid_value_raises_typo(self):
+        with pytest.raises(ValueError):
+            FileOperation("upser")
--- a/autogpt_platform/backend/backend/blocks/google/gmail.py
+++ b/autogpt_platform/backend/backend/blocks/google/gmail.py
@@ -241,8 +241,8 @@ class GmailBase(Block, ABC):
                    h.ignore_links = False
                    h.ignore_images = True
                    return h.handle(html_content)
-                except ImportError:
-                    # Fallback: return raw HTML if html2text is not available
+                except Exception:
+                    # Keep extraction resilient if html2text is unavailable or fails.
                    return html_content

        # Handle content stored as attachment
--- a/autogpt_platform/backend/backend/blocks/helpers/review.py
+++ b/autogpt_platform/backend/backend/blocks/helpers/review.py
@@ -67,6 +67,7 @@ class HITLReviewHelper:
        graph_version: int,
        block_name: str = "Block",
        editable: bool = False,
+        is_graph_execution: bool = True,
    ) -> Optional[ReviewResult]:
        """
        Handle a review request for a block that requires human review.
@@ -143,10 +144,11 @@ class HITLReviewHelper:
            logger.info(
                f"Block {block_name} pausing execution for node {node_exec_id} - awaiting human review"
            )
-            await HITLReviewHelper.update_node_execution_status(
-                exec_id=node_exec_id,
-                status=ExecutionStatus.REVIEW,
-            )
+            if is_graph_execution:
+                await HITLReviewHelper.update_node_execution_status(
+                    exec_id=node_exec_id,
+                    status=ExecutionStatus.REVIEW,
+                )
            return None  # Signal that execution should pause

        # Mark review as processed if not already done
@@ -168,6 +170,7 @@ class HITLReviewHelper:
        graph_version: int,
        block_name: str = "Block",
        editable: bool = False,
+        is_graph_execution: bool = True,
    ) -> Optional[ReviewDecision]:
        """
        Handle a review request and return the decision in a single call.
@@ -197,6 +200,7 @@ class HITLReviewHelper:
            graph_version=graph_version,
            block_name=block_name,
            editable=editable,
+            is_graph_execution=is_graph_execution,
        )

        if review_result is None:
--- a/autogpt_platform/backend/backend/blocks/jina/search.py
+++ b/autogpt_platform/backend/backend/blocks/jina/search.py
@@ -17,7 +17,7 @@ from backend.blocks.jina._auth import (
 from backend.blocks.search import GetRequest
 from backend.data.model import SchemaField
 from backend.util.exceptions import BlockExecutionError
-from backend.util.request import HTTPClientError, HTTPServerError, validate_url
+from backend.util.request import HTTPClientError, HTTPServerError, validate_url_host


 class SearchTheWebBlock(Block, GetRequest):
@@ -112,7 +112,7 @@ class ExtractWebsiteContentBlock(Block, GetRequest):
    ) -> BlockOutput:
        if input_data.raw_content:
            try:
-                parsed_url, _, _ = await validate_url(input_data.url, [])
+                parsed_url, _, _ = await validate_url_host(input_data.url)
                url = parsed_url.geturl()
            except ValueError as e:
                yield "error", f"Invalid URL: {e}"
--- a/autogpt_platform/backend/backend/blocks/llm.py
+++ b/autogpt_platform/backend/backend/blocks/llm.py
@@ -33,9 +33,19 @@ from backend.integrations.providers import ProviderName
 from backend.util import json
 from backend.util.clients import OPENROUTER_BASE_URL
 from backend.util.logging import TruncatedLogger
+from backend.util.openai_responses import (
+    convert_tools_to_responses_format,
+    extract_responses_content,
+    extract_responses_reasoning,
+    extract_responses_tool_calls,
+    extract_responses_usage,
+)
 from backend.util.prompt import compress_context, estimate_token_count
+from backend.util.request import validate_url_host
+from backend.util.settings import Settings
 from backend.util.text import TextFormatter

+settings = Settings()
 logger = TruncatedLogger(logging.getLogger(__name__), "[LLM-Block]")
 fmt = TextFormatter(autoescape=False)

@@ -108,7 +118,6 @@ class LlmModel(str, Enum, metaclass=LlmModelMeta):
    GPT4O_MINI = "gpt-4o-mini"
    GPT4O = "gpt-4o"
    GPT4_TURBO = "gpt-4-turbo"
-    GPT3_5_TURBO = "gpt-3.5-turbo"
    # Anthropic models
    CLAUDE_4_1_OPUS = "claude-opus-4-1-20250805"
    CLAUDE_4_OPUS = "claude-opus-4-20250514"
@@ -137,19 +146,31 @@ class LlmModel(str, Enum, metaclass=LlmModelMeta):
    # OpenRouter models
    OPENAI_GPT_OSS_120B = "openai/gpt-oss-120b"
    OPENAI_GPT_OSS_20B = "openai/gpt-oss-20b"
-    GEMINI_2_5_PRO = "google/gemini-2.5-pro-preview-03-25"
-    GEMINI_3_PRO_PREVIEW = "google/gemini-3-pro-preview"
+    GEMINI_2_5_PRO_PREVIEW = "google/gemini-2.5-pro-preview-03-25"
+    GEMINI_2_5_PRO = "google/gemini-2.5-pro"
+    GEMINI_3_1_PRO_PREVIEW = "google/gemini-3.1-pro-preview"
+    GEMINI_3_FLASH_PREVIEW = "google/gemini-3-flash-preview"
    GEMINI_2_5_FLASH = "google/gemini-2.5-flash"
    GEMINI_2_0_FLASH = "google/gemini-2.0-flash-001"
+    GEMINI_3_1_FLASH_LITE_PREVIEW = "google/gemini-3.1-flash-lite-preview"
    GEMINI_2_5_FLASH_LITE_PREVIEW = "google/gemini-2.5-flash-lite-preview-06-17"
    GEMINI_2_0_FLASH_LITE = "google/gemini-2.0-flash-lite-001"
    MISTRAL_NEMO = "mistralai/mistral-nemo"
+    MISTRAL_LARGE_3 = "mistralai/mistral-large-2512"
+    MISTRAL_MEDIUM_3_1 = "mistralai/mistral-medium-3.1"
+    MISTRAL_SMALL_3_2 = "mistralai/mistral-small-3.2-24b-instruct"
+    CODESTRAL = "mistralai/codestral-2508"
    COHERE_COMMAND_R_08_2024 = "cohere/command-r-08-2024"
    COHERE_COMMAND_R_PLUS_08_2024 = "cohere/command-r-plus-08-2024"
+    COHERE_COMMAND_A_03_2025 = "cohere/command-a-03-2025"
+    COHERE_COMMAND_A_TRANSLATE_08_2025 = "cohere/command-a-translate-08-2025"
+    COHERE_COMMAND_A_REASONING_08_2025 = "cohere/command-a-reasoning-08-2025"
+    COHERE_COMMAND_A_VISION_07_2025 = "cohere/command-a-vision-07-2025"
    DEEPSEEK_CHAT = "deepseek/deepseek-chat"  # Actually: DeepSeek V3
    DEEPSEEK_R1_0528 = "deepseek/deepseek-r1-0528"
    PERPLEXITY_SONAR = "perplexity/sonar"
    PERPLEXITY_SONAR_PRO = "perplexity/sonar-pro"
+    PERPLEXITY_SONAR_REASONING_PRO = "perplexity/sonar-reasoning-pro"
    PERPLEXITY_SONAR_DEEP_RESEARCH = "perplexity/sonar-deep-research"
    NOUSRESEARCH_HERMES_3_LLAMA_3_1_405B = "nousresearch/hermes-3-llama-3.1-405b"
    NOUSRESEARCH_HERMES_3_LLAMA_3_1_70B = "nousresearch/hermes-3-llama-3.1-70b"
@@ -157,9 +178,11 @@ class LlmModel(str, Enum, metaclass=LlmModelMeta):
    AMAZON_NOVA_MICRO_V1 = "amazon/nova-micro-v1"
    AMAZON_NOVA_PRO_V1 = "amazon/nova-pro-v1"
    MICROSOFT_WIZARDLM_2_8X22B = "microsoft/wizardlm-2-8x22b"
+    MICROSOFT_PHI_4 = "microsoft/phi-4"
    GRYPHE_MYTHOMAX_L2_13B = "gryphe/mythomax-l2-13b"
    META_LLAMA_4_SCOUT = "meta-llama/llama-4-scout"
    META_LLAMA_4_MAVERICK = "meta-llama/llama-4-maverick"
+    GROK_3 = "x-ai/grok-3"
    GROK_4 = "x-ai/grok-4"
    GROK_4_FAST = "x-ai/grok-4-fast"
    GROK_4_1_FAST = "x-ai/grok-4.1-fast"
@@ -260,9 +283,6 @@ MODEL_METADATA = {
    LlmModel.GPT4_TURBO: ModelMetadata(
        "openai", 128000, 4096, "GPT-4 Turbo", "OpenAI", "OpenAI", 3
    ),  # gpt-4-turbo-2024-04-09
-    LlmModel.GPT3_5_TURBO: ModelMetadata(
-        "openai", 16385, 4096, "GPT-3.5 Turbo", "OpenAI", "OpenAI", 1
-    ),  # gpt-3.5-turbo-0125
    # https://docs.anthropic.com/en/docs/about-claude/models
    LlmModel.CLAUDE_4_1_OPUS: ModelMetadata(
        "anthropic", 200000, 32000, "Claude Opus 4.1", "Anthropic", "Anthropic", 3
@@ -337,17 +357,41 @@ MODEL_METADATA = {
        "ollama", 32768, None, "Dolphin Mistral Latest", "Ollama", "Mistral AI", 1
    ),
    # https://openrouter.ai/models
-    LlmModel.GEMINI_2_5_PRO: ModelMetadata(
+    LlmModel.GEMINI_2_5_PRO_PREVIEW: ModelMetadata(
        "open_router",
-        1050000,
-        8192,
+        1048576,
+        65536,
        "Gemini 2.5 Pro Preview 03.25",
        "OpenRouter",
        "Google",
        2,
    ),
-    LlmModel.GEMINI_3_PRO_PREVIEW: ModelMetadata(
-        "open_router", 1048576, 65535, "Gemini 3 Pro Preview", "OpenRouter", "Google", 2
+    LlmModel.GEMINI_2_5_PRO: ModelMetadata(
+        "open_router",
+        1048576,
+        65536,
+        "Gemini 2.5 Pro",
+        "OpenRouter",
+        "Google",
+        2,
+    ),
+    LlmModel.GEMINI_3_1_PRO_PREVIEW: ModelMetadata(
+        "open_router",
+        1048576,
+        65536,
+        "Gemini 3.1 Pro Preview",
+        "OpenRouter",
+        "Google",
+        2,
+    ),
+    LlmModel.GEMINI_3_FLASH_PREVIEW: ModelMetadata(
+        "open_router",
+        1048576,
+        65536,
+        "Gemini 3 Flash Preview",
+        "OpenRouter",
+        "Google",
+        1,
    ),
    LlmModel.GEMINI_2_5_FLASH: ModelMetadata(
        "open_router", 1048576, 65535, "Gemini 2.5 Flash", "OpenRouter", "Google", 1
@@ -355,6 +399,15 @@ MODEL_METADATA = {
    LlmModel.GEMINI_2_0_FLASH: ModelMetadata(
        "open_router", 1048576, 8192, "Gemini 2.0 Flash 001", "OpenRouter", "Google", 1
    ),
+    LlmModel.GEMINI_3_1_FLASH_LITE_PREVIEW: ModelMetadata(
+        "open_router",
+        1048576,
+        65536,
+        "Gemini 3.1 Flash Lite Preview",
+        "OpenRouter",
+        "Google",
+        1,
+    ),
    LlmModel.GEMINI_2_5_FLASH_LITE_PREVIEW: ModelMetadata(
        "open_router",
        1048576,
@@ -376,12 +429,78 @@ MODEL_METADATA = {
    LlmModel.MISTRAL_NEMO: ModelMetadata(
        "open_router", 128000, 4096, "Mistral Nemo", "OpenRouter", "Mistral AI", 1
    ),
+    LlmModel.MISTRAL_LARGE_3: ModelMetadata(
+        "open_router",
+        262144,
+        None,
+        "Mistral Large 3 2512",
+        "OpenRouter",
+        "Mistral AI",
+        2,
+    ),
+    LlmModel.MISTRAL_MEDIUM_3_1: ModelMetadata(
+        "open_router",
+        131072,
+        None,
+        "Mistral Medium 3.1",
+        "OpenRouter",
+        "Mistral AI",
+        2,
+    ),
+    LlmModel.MISTRAL_SMALL_3_2: ModelMetadata(
+        "open_router",
+        131072,
+        131072,
+        "Mistral Small 3.2 24B",
+        "OpenRouter",
+        "Mistral AI",
+        1,
+    ),
+    LlmModel.CODESTRAL: ModelMetadata(
+        "open_router",
+        256000,
+        None,
+        "Codestral 2508",
+        "OpenRouter",
+        "Mistral AI",
+        1,
+    ),
    LlmModel.COHERE_COMMAND_R_08_2024: ModelMetadata(
        "open_router", 128000, 4096, "Command R 08.2024", "OpenRouter", "Cohere", 1
    ),
    LlmModel.COHERE_COMMAND_R_PLUS_08_2024: ModelMetadata(
        "open_router", 128000, 4096, "Command R Plus 08.2024", "OpenRouter", "Cohere", 2
    ),
+    LlmModel.COHERE_COMMAND_A_03_2025: ModelMetadata(
+        "open_router", 256000, 8192, "Command A 03.2025", "OpenRouter", "Cohere", 2
+    ),
+    LlmModel.COHERE_COMMAND_A_TRANSLATE_08_2025: ModelMetadata(
+        "open_router",
+        128000,
+        8192,
+        "Command A Translate 08.2025",
+        "OpenRouter",
+        "Cohere",
+        2,
+    ),
+    LlmModel.COHERE_COMMAND_A_REASONING_08_2025: ModelMetadata(
+        "open_router",
+        256000,
+        32768,
+        "Command A Reasoning 08.2025",
+        "OpenRouter",
+        "Cohere",
+        3,
+    ),
+    LlmModel.COHERE_COMMAND_A_VISION_07_2025: ModelMetadata(
+        "open_router",
+        128000,
+        8192,
+        "Command A Vision 07.2025",
+        "OpenRouter",
+        "Cohere",
+        2,
+    ),
    LlmModel.DEEPSEEK_CHAT: ModelMetadata(
        "open_router", 64000, 2048, "DeepSeek Chat", "OpenRouter", "DeepSeek", 1
    ),
@@ -394,6 +513,15 @@ MODEL_METADATA = {
    LlmModel.PERPLEXITY_SONAR_PRO: ModelMetadata(
        "open_router", 200000, 8000, "Sonar Pro", "OpenRouter", "Perplexity", 2
    ),
+    LlmModel.PERPLEXITY_SONAR_REASONING_PRO: ModelMetadata(
+        "open_router",
+        128000,
+        8000,
+        "Sonar Reasoning Pro",
+        "OpenRouter",
+        "Perplexity",
+        2,
+    ),
    LlmModel.PERPLEXITY_SONAR_DEEP_RESEARCH: ModelMetadata(
        "open_router",
        128000,
@@ -439,6 +567,9 @@ MODEL_METADATA = {
    LlmModel.MICROSOFT_WIZARDLM_2_8X22B: ModelMetadata(
        "open_router", 65536, 4096, "WizardLM 2 8x22B", "OpenRouter", "Microsoft", 1
    ),
+    LlmModel.MICROSOFT_PHI_4: ModelMetadata(
+        "open_router", 16384, 16384, "Phi-4", "OpenRouter", "Microsoft", 1
+    ),
    LlmModel.GRYPHE_MYTHOMAX_L2_13B: ModelMetadata(
        "open_router", 4096, 4096, "MythoMax L2 13B", "OpenRouter", "Gryphe", 1
    ),
@@ -448,6 +579,15 @@ MODEL_METADATA = {
    LlmModel.META_LLAMA_4_MAVERICK: ModelMetadata(
        "open_router", 1048576, 1000000, "Llama 4 Maverick", "OpenRouter", "Meta", 1
    ),
+    LlmModel.GROK_3: ModelMetadata(
+        "open_router",
+        131072,
+        131072,
+        "Grok 3",
+        "OpenRouter",
+        "xAI",
+        2,
+    ),
    LlmModel.GROK_4: ModelMetadata(
        "open_router", 256000, 256000, "Grok 4", "OpenRouter", "xAI", 3
    ),
@@ -664,36 +804,53 @@ async def llm_call(
    max_tokens = max(min(available_tokens, model_max_output, user_max), 1)

    if provider == "openai":
-        tools_param = tools if tools else openai.NOT_GIVEN
        oai_client = openai.AsyncOpenAI(api_key=credentials.api_key.get_secret_value())
-        response_format = None

-        parallel_tool_calls = get_parallel_tool_calls_param(
-            llm_model, parallel_tool_calls
-        )
+        tools_param = convert_tools_to_responses_format(tools) if tools else openai.omit

+        text_config = openai.omit
        if force_json_output:
-            response_format = {"type": "json_object"}
+            text_config = {"format": {"type": "json_object"}}  # type: ignore

-        response = await oai_client.chat.completions.create(
+        response = await oai_client.responses.create(
            model=llm_model.value,
-            messages=prompt,  # type: ignore
-            response_format=response_format,  # type: ignore
-            max_completion_tokens=max_tokens,
-            tools=tools_param,  # type: ignore
-            parallel_tool_calls=parallel_tool_calls,
+            input=prompt,  # type: ignore[arg-type]
+            tools=tools_param,  # type: ignore[arg-type]
+            max_output_tokens=max_tokens,
+            parallel_tool_calls=get_parallel_tool_calls_param(
+                llm_model, parallel_tool_calls
+            ),
+            text=text_config,  # type: ignore[arg-type]
+            store=False,
        )

-        tool_calls = extract_openai_tool_calls(response)
-        reasoning = extract_openai_reasoning(response)
+        raw_tool_calls = extract_responses_tool_calls(response)
+        tool_calls = (
+            [
+                ToolContentBlock(
+                    id=tc["id"],
+                    type=tc["type"],
+                    function=ToolCall(
+                        name=tc["function"]["name"],
+                        arguments=tc["function"]["arguments"],
+                    ),
+                )
+                for tc in raw_tool_calls
+            ]
+            if raw_tool_calls
+            else None
+        )
+        reasoning = extract_responses_reasoning(response)
+        content = extract_responses_content(response)
+        prompt_tokens, completion_tokens = extract_responses_usage(response)

        return LLMResponse(
-            raw_response=response.choices[0].message,
+            raw_response=response,
            prompt=prompt,
-            response=response.choices[0].message.content or "",
+            response=content,
            tool_calls=tool_calls,
-            prompt_tokens=response.usage.prompt_tokens if response.usage else 0,
-            completion_tokens=response.usage.completion_tokens if response.usage else 0,
+            prompt_tokens=prompt_tokens,
+            completion_tokens=completion_tokens,
            reasoning=reasoning,
        )
    elif provider == "anthropic":
@@ -805,6 +962,11 @@ async def llm_call(
        if tools:
            raise ValueError("Ollama does not support tools.")

+        # Validate user-provided Ollama host to prevent SSRF etc.
+        await validate_url_host(
+            ollama_host, trusted_hostnames=[settings.config.ollama_host]
+        )
+
        client = ollama.AsyncClient(host=ollama_host)
        sys_messages = [p["content"] for p in prompt if p["role"] == "system"]
        usr_messages = [p["content"] for p in prompt if p["role"] != "system"]
--- a/autogpt_platform/backend/backend/blocks/perplexity.py
+++ b/autogpt_platform/backend/backend/blocks/perplexity.py
@@ -4,7 +4,7 @@ from enum import Enum
 from typing import Any, Literal

 import openai
-from pydantic import SecretStr
+from pydantic import SecretStr, field_validator

 from backend.blocks._base import (
    Block,
@@ -13,6 +13,7 @@ from backend.blocks._base import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
+from backend.data.block import BlockInput
 from backend.data.model import (
    APIKeyCredentials,
    CredentialsField,
@@ -35,6 +36,20 @@ class PerplexityModel(str, Enum):
    SONAR_DEEP_RESEARCH = "perplexity/sonar-deep-research"


+def _sanitize_perplexity_model(value: Any) -> PerplexityModel:
+    """Return a valid PerplexityModel, falling back to SONAR for invalid values."""
+    if isinstance(value, PerplexityModel):
+        return value
+    try:
+        return PerplexityModel(value)
+    except ValueError:
+        logger.warning(
+            f"Invalid PerplexityModel '{value}', "
+            f"falling back to {PerplexityModel.SONAR.value}"
+        )
+        return PerplexityModel.SONAR
+
+
 PerplexityCredentials = CredentialsMetaInput[
    Literal[ProviderName.OPEN_ROUTER], Literal["api_key"]
 ]
@@ -73,6 +88,25 @@ class PerplexityBlock(Block):
            advanced=False,
        )
        credentials: PerplexityCredentials = PerplexityCredentialsField()
+
+        @field_validator("model", mode="before")
+        @classmethod
+        def fallback_invalid_model(cls, v: Any) -> PerplexityModel:
+            """Fall back to SONAR if the model value is not a valid
+            PerplexityModel (e.g. an OpenAI model ID set by the agent
+            generator)."""
+            return _sanitize_perplexity_model(v)
+
+        @classmethod
+        def validate_data(cls, data: BlockInput) -> str | None:
+            """Sanitize the model field before JSON schema validation so that
+            invalid values are replaced with the default instead of raising a
+            BlockInputError."""
+            model_value = data.get("model")
+            if model_value is not None:
+                data["model"] = _sanitize_perplexity_model(model_value).value
+            return super().validate_data(data)
+
        system_prompt: str = SchemaField(
            title="System Prompt",
            default="",
--- a/autogpt_platform/backend/backend/blocks/reddit.py
+++ b/autogpt_platform/backend/backend/blocks/reddit.py
@@ -2232,6 +2232,7 @@ class DeleteRedditPostBlock(Block):
                ("post_id", "abc123"),
            ],
            test_mock={"delete_post": lambda creds, post_id: True},
+            is_sensitive_action=True,
        )

    @staticmethod
@@ -2290,6 +2291,7 @@ class DeleteRedditCommentBlock(Block):
                ("comment_id", "xyz789"),
            ],
            test_mock={"delete_comment": lambda creds, comment_id: True},
+            is_sensitive_action=True,
        )

    @staticmethod
--- a/autogpt_platform/backend/backend/blocks/slant3d/order.py
+++ b/autogpt_platform/backend/backend/blocks/slant3d/order.py
@@ -72,6 +72,7 @@ class Slant3DCreateOrderBlock(Slant3DBlockBase):
                "_make_request": lambda *args, **kwargs: {"orderId": "314144241"},
                "_convert_to_color": lambda *args, **kwargs: "black",
            },
+            is_sensitive_action=True,
        )

    async def run(
--- a/autogpt_platform/backend/backend/blocks/test/test_llm.py
+++ b/autogpt_platform/backend/backend/blocks/test/test_llm.py
@@ -13,18 +13,17 @@ class TestLLMStatsTracking:
        """Test that llm_call returns proper token counts in LLMResponse."""
        import backend.blocks.llm as llm

-        # Mock the OpenAI client
+        # Mock the OpenAI Responses API response
        mock_response = MagicMock()
-        mock_response.choices = [
-            MagicMock(message=MagicMock(content="Test response", tool_calls=None))
-        ]
-        mock_response.usage = MagicMock(prompt_tokens=10, completion_tokens=20)
+        mock_response.output_text = "Test response"
+        mock_response.output = []
+        mock_response.usage = MagicMock(input_tokens=10, output_tokens=20)

        # Test with mocked OpenAI response
        with patch("openai.AsyncOpenAI") as mock_openai:
            mock_client = AsyncMock()
            mock_openai.return_value = mock_client
-            mock_client.chat.completions.create = AsyncMock(return_value=mock_response)
+            mock_client.responses.create = AsyncMock(return_value=mock_response)

            response = await llm.llm_call(
                credentials=llm.TEST_CREDENTIALS,
@@ -271,30 +270,17 @@ class TestLLMStatsTracking:
            mock_response = MagicMock()
            # Return different responses for chunk summary vs final summary
            if call_count == 1:
-                mock_response.choices = [
-                    MagicMock(
-                        message=MagicMock(
-                            content='<json_output id="test123456">{"summary": "Test chunk summary"}</json_output>',
-                            tool_calls=None,
-                        )
-                    )
-                ]
+                mock_response.output_text = '<json_output id="test123456">{"summary": "Test chunk summary"}</json_output>'
            else:
-                mock_response.choices = [
-                    MagicMock(
-                        message=MagicMock(
-                            content='<json_output id="test123456">{"final_summary": "Test final summary"}</json_output>',
-                            tool_calls=None,
-                        )
-                    )
-                ]
-            mock_response.usage = MagicMock(prompt_tokens=50, completion_tokens=30)
+                mock_response.output_text = '<json_output id="test123456">{"final_summary": "Test final summary"}</json_output>'
+            mock_response.output = []
+            mock_response.usage = MagicMock(input_tokens=50, output_tokens=30)
            return mock_response

        with patch("openai.AsyncOpenAI") as mock_openai:
            mock_client = AsyncMock()
            mock_openai.return_value = mock_client
-            mock_client.chat.completions.create = mock_create
+            mock_client.responses.create = mock_create

            # Test with very short text (should only need 1 chunk + 1 final summary)
            input_data = llm.AITextSummarizerBlock.Input(
--- a/autogpt_platform/backend/backend/blocks/test/test_perplexity.py
+++ b/autogpt_platform/backend/backend/blocks/test/test_perplexity.py
@@ -0,0 +1,81 @@
+"""Unit tests for PerplexityBlock model fallback behavior."""
+
+import pytest
+
+from backend.blocks.perplexity import (
+    TEST_CREDENTIALS_INPUT,
+    PerplexityBlock,
+    PerplexityModel,
+)
+
+
+def _make_input(**overrides) -> dict:
+    defaults = {
+        "prompt": "test query",
+        "credentials": TEST_CREDENTIALS_INPUT,
+    }
+    defaults.update(overrides)
+    return defaults
+
+
+class TestPerplexityModelFallback:
+    """Tests for fallback_invalid_model field_validator."""
+
+    def test_invalid_model_falls_back_to_sonar(self):
+        inp = PerplexityBlock.Input(**_make_input(model="gpt-5.2-2025-12-11"))
+        assert inp.model == PerplexityModel.SONAR
+
+    def test_another_invalid_model_falls_back_to_sonar(self):
+        inp = PerplexityBlock.Input(**_make_input(model="gpt-4o"))
+        assert inp.model == PerplexityModel.SONAR
+
+    def test_valid_model_string_is_kept(self):
+        inp = PerplexityBlock.Input(**_make_input(model="perplexity/sonar-pro"))
+        assert inp.model == PerplexityModel.SONAR_PRO
+
+    def test_valid_enum_value_is_kept(self):
+        inp = PerplexityBlock.Input(
+            **_make_input(model=PerplexityModel.SONAR_DEEP_RESEARCH)
+        )
+        assert inp.model == PerplexityModel.SONAR_DEEP_RESEARCH
+
+    def test_default_model_when_omitted(self):
+        inp = PerplexityBlock.Input(**_make_input())
+        assert inp.model == PerplexityModel.SONAR
+
+    @pytest.mark.parametrize(
+        "model_value",
+        [
+            "perplexity/sonar",
+            "perplexity/sonar-pro",
+            "perplexity/sonar-deep-research",
+        ],
+    )
+    def test_all_valid_models_accepted(self, model_value: str):
+        inp = PerplexityBlock.Input(**_make_input(model=model_value))
+        assert inp.model.value == model_value
+
+
+class TestPerplexityValidateData:
+    """Tests for validate_data which runs during block execution (before
+    Pydantic instantiation). Invalid models must be sanitized here so
+    JSON schema validation does not reject them."""
+
+    def test_invalid_model_sanitized_before_schema_validation(self):
+        data = _make_input(model="gpt-5.2-2025-12-11")
+        error = PerplexityBlock.Input.validate_data(data)
+        assert error is None
+        assert data["model"] == PerplexityModel.SONAR.value
+
+    def test_valid_model_unchanged_by_validate_data(self):
+        data = _make_input(model="perplexity/sonar-pro")
+        error = PerplexityBlock.Input.validate_data(data)
+        assert error is None
+        assert data["model"] == "perplexity/sonar-pro"
+
+    def test_missing_model_uses_default(self):
+        data = _make_input()  # no model key
+        error = PerplexityBlock.Input.validate_data(data)
+        assert error is None
+        inp = PerplexityBlock.Input(**data)
+        assert inp.model == PerplexityModel.SONAR
--- a/autogpt_platform/backend/backend/copilot/config.py
+++ b/autogpt_platform/backend/backend/copilot/config.py
@@ -115,7 +115,7 @@ class ChatConfig(BaseSettings):
        description="E2B sandbox template to use for copilot sessions.",
    )
    e2b_sandbox_timeout: int = Field(
-        default=10800,  # 3 hours — wall-clock timeout, not idle; explicit pause is primary
+        default=300,  # 5 min safety net — explicit per-turn pause is the primary mechanism
        description="E2B sandbox running-time timeout (seconds). "
        "E2B timeout is wall-clock (not idle). Explicit per-turn pause is the primary "
        "mechanism; this is the safety net.",
--- a/autogpt_platform/backend/backend/copilot/constants.py
+++ b/autogpt_platform/backend/backend/copilot/constants.py
@@ -6,6 +6,32 @@
 COPILOT_ERROR_PREFIX = "[__COPILOT_ERROR_f7a1__]"  # Renders as ErrorCard
 COPILOT_SYSTEM_PREFIX = "[__COPILOT_SYSTEM_e3b0__]"  # Renders as system info message

+# Prefix for all synthetic IDs generated by CoPilot block execution.
+# Used to distinguish CoPilot-generated records from real graph execution records
+# in PendingHumanReview and other tables.
+COPILOT_SYNTHETIC_ID_PREFIX = "copilot-"
+
+# Sub-prefixes for session-scoped and node-scoped synthetic IDs.
+COPILOT_SESSION_PREFIX = f"{COPILOT_SYNTHETIC_ID_PREFIX}session-"
+COPILOT_NODE_PREFIX = f"{COPILOT_SYNTHETIC_ID_PREFIX}node-"
+
+# Separator used in synthetic node_exec_id to encode node_id.
+# Format: "{node_id}:{random_hex}" — extract node_id via rsplit(":", 1)[0]
+COPILOT_NODE_EXEC_ID_SEPARATOR = ":"
+
 # Compaction notice messages shown to users.
 COMPACTION_DONE_MSG = "Earlier messages were summarized to fit within context limits."
 COMPACTION_TOOL_NAME = "context_compaction"
+
+
+def is_copilot_synthetic_id(id_value: str) -> bool:
+    """Check if an ID is a CoPilot synthetic ID (not from a real graph execution)."""
+    return id_value.startswith(COPILOT_SYNTHETIC_ID_PREFIX)
+
+
+def parse_node_id_from_exec_id(node_exec_id: str) -> str:
+    """Extract node_id from a synthetic node_exec_id.
+
+    Format: "{node_id}:{random_hex}" → returns "{node_id}".
+    """
+    return node_exec_id.rsplit(COPILOT_NODE_EXEC_ID_SEPARATOR, 1)[0]
--- a/autogpt_platform/backend/backend/copilot/prompting.py
+++ b/autogpt_platform/backend/backend/copilot/prompting.py
@@ -52,6 +52,11 @@ Examples:
 You can embed a reference inside any string argument, or use it as the entire
 value.  Multiple references in one argument are all expanded.

+**Type coercion**: The platform automatically coerces expanded string values
+to match the block's expected input types.  For example, if a block expects
+`list[list[str]]` and you pass a string containing a JSON array (e.g. from
+an @@agptfile: expansion), the string will be parsed into the correct type.
+

 ### Sub-agent tasks
 - When using the Task tool, NEVER set `run_in_background` to true.
--- a/autogpt_platform/backend/backend/copilot/sdk/compaction.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/compaction.py
@@ -11,7 +11,7 @@ persistence, and the ``CompactionTracker`` state machine.
 import asyncio
 import logging
 import uuid
-from collections.abc import Callable
+from dataclasses import dataclass, field

 from ..constants import COMPACTION_DONE_MSG, COMPACTION_TOOL_NAME
 from ..model import ChatMessage, ChatSession
@@ -27,6 +27,19 @@ from ..response_model import (
 logger = logging.getLogger(__name__)


+@dataclass
+class CompactionResult:
+    """Result of emit_end_if_ready — bundles events with compaction metadata.
+
+    Eliminates the need for separate ``compaction_just_ended`` checks,
+    preventing TOCTOU races between the emit call and the flag read.
+    """
+
+    events: list[StreamBaseResponse] = field(default_factory=list)
+    just_ended: bool = False
+    transcript_path: str = ""
+
+
 # ---------------------------------------------------------------------------
 # Event builders (private — use CompactionTracker or compaction_events)
 # ---------------------------------------------------------------------------
@@ -177,11 +190,22 @@ class CompactionTracker:
        self._start_emitted = False
        self._done = False
        self._tool_call_id = ""
+        self._transcript_path: str = ""

-    @property
-    def on_compact(self) -> Callable[[], None]:
-        """Callback for the PreCompact hook."""
-        return self._compact_start.set
+    def on_compact(self, transcript_path: str = "") -> None:
+        """Callback for the PreCompact hook. Stores transcript_path."""
+        if (
+            self._transcript_path
+            and transcript_path
+            and self._transcript_path != transcript_path
+        ):
+            logger.warning(
+                "[Compaction] Overwriting transcript_path %s -> %s",
+                self._transcript_path,
+                transcript_path,
+            )
+        self._transcript_path = transcript_path
+        self._compact_start.set()

    # ------------------------------------------------------------------
    # Pre-query compaction
@@ -201,6 +225,7 @@ class CompactionTracker:
        self._done = False
        self._start_emitted = False
        self._tool_call_id = ""
+        self._transcript_path = ""

    def emit_start_if_ready(self) -> list[StreamBaseResponse]:
        """If the PreCompact hook fired, emit start events (spinning tool)."""
@@ -211,15 +236,20 @@ class CompactionTracker:
            return _start_events(self._tool_call_id)
        return []

-    async def emit_end_if_ready(self, session: ChatSession) -> list[StreamBaseResponse]:
-        """If compaction is in progress, emit end events and persist."""
+    async def emit_end_if_ready(self, session: ChatSession) -> CompactionResult:
+        """If compaction is in progress, emit end events and persist.
+
+        Returns a ``CompactionResult`` with ``just_ended=True`` and the
+        captured ``transcript_path`` when a compaction cycle completes.
+        This avoids a separate flag check (TOCTOU-safe).
+        """
        # Yield so pending hook tasks can set compact_start
        await asyncio.sleep(0)

        if self._done:
-            return []
+            return CompactionResult()
        if not self._start_emitted and not self._compact_start.is_set():
-            return []
+            return CompactionResult()

        if self._start_emitted:
            # Close the open spinner
@@ -232,8 +262,12 @@ class CompactionTracker:
                COMPACTION_DONE_MSG, tool_call_id=persist_id
            )

+        transcript_path = self._transcript_path
        self._compact_start.clear()
        self._start_emitted = False
        self._done = True
+        self._transcript_path = ""
        _persist(session, persist_id, COMPACTION_DONE_MSG)
-        return done_events
+        return CompactionResult(
+            events=done_events, just_ended=True, transcript_path=transcript_path
+        )
--- a/autogpt_platform/backend/backend/copilot/sdk/compaction_test.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/compaction_test.py
@@ -195,10 +195,11 @@ class TestCompactionTracker:
        session = _make_session()
        tracker.on_compact()
        tracker.emit_start_if_ready()
-        evts = await tracker.emit_end_if_ready(session)
-        assert len(evts) == 2
-        assert isinstance(evts[0], StreamToolOutputAvailable)
-        assert isinstance(evts[1], StreamFinishStep)
+        result = await tracker.emit_end_if_ready(session)
+        assert result.just_ended is True
+        assert len(result.events) == 2
+        assert isinstance(result.events[0], StreamToolOutputAvailable)
+        assert isinstance(result.events[1], StreamFinishStep)
        # Should persist
        assert len(session.messages) == 2

@@ -210,28 +211,32 @@ class TestCompactionTracker:
        session = _make_session()
        tracker.on_compact()
        # Don't call emit_start_if_ready
-        evts = await tracker.emit_end_if_ready(session)
-        assert len(evts) == 5  # Full self-contained event
-        assert isinstance(evts[0], StreamStartStep)
+        result = await tracker.emit_end_if_ready(session)
+        assert result.just_ended is True
+        assert len(result.events) == 5  # Full self-contained event
+        assert isinstance(result.events[0], StreamStartStep)
        assert len(session.messages) == 2

    @pytest.mark.asyncio
-    async def test_emit_end_no_op_when_done(self):
+    async def test_emit_end_no_op_when_no_new_compaction(self):
        tracker = CompactionTracker()
        session = _make_session()
        tracker.on_compact()
        tracker.emit_start_if_ready()
-        await tracker.emit_end_if_ready(session)
-        # Second call should be no-op
-        evts = await tracker.emit_end_if_ready(session)
-        assert evts == []
+        result1 = await tracker.emit_end_if_ready(session)
+        assert result1.just_ended is True
+        # Second call should be no-op (no new on_compact)
+        result2 = await tracker.emit_end_if_ready(session)
+        assert result2.just_ended is False
+        assert result2.events == []

    @pytest.mark.asyncio
    async def test_emit_end_no_op_when_nothing_happened(self):
        tracker = CompactionTracker()
        session = _make_session()
-        evts = await tracker.emit_end_if_ready(session)
-        assert evts == []
+        result = await tracker.emit_end_if_ready(session)
+        assert result.just_ended is False
+        assert result.events == []

    def test_emit_pre_query(self):
        tracker = CompactionTracker()
@@ -246,20 +251,29 @@ class TestCompactionTracker:
        tracker._done = True
        tracker._start_emitted = True
        tracker._tool_call_id = "old"
+        tracker._transcript_path = "/some/path"
        tracker.reset_for_query()
        assert tracker._done is False
        assert tracker._start_emitted is False
        assert tracker._tool_call_id == ""
+        assert tracker._transcript_path == ""

    @pytest.mark.asyncio
-    async def test_pre_query_blocks_sdk_compaction(self):
-        """After pre-query compaction, SDK compaction events are suppressed."""
+    async def test_pre_query_blocks_sdk_compaction_until_reset(self):
+        """After pre-query compaction, SDK compaction is blocked until
+        reset_for_query is called."""
        tracker = CompactionTracker()
        session = _make_session()
        tracker.emit_pre_query(session)
        tracker.on_compact()
+        # _done is True so emit_start_if_ready is blocked
        evts = tracker.emit_start_if_ready()
-        assert evts == []  # _done blocks it
+        assert evts == []
+        # Reset clears _done, allowing subsequent compaction
+        tracker.reset_for_query()
+        tracker.on_compact()
+        evts = tracker.emit_start_if_ready()
+        assert len(evts) == 3

    @pytest.mark.asyncio
    async def test_reset_allows_new_compaction(self):
@@ -279,9 +293,9 @@ class TestCompactionTracker:
        session = _make_session()
        tracker.on_compact()
        start_evts = tracker.emit_start_if_ready()
-        end_evts = await tracker.emit_end_if_ready(session)
+        result = await tracker.emit_end_if_ready(session)
        start_evt = start_evts[1]
-        end_evt = end_evts[0]
+        end_evt = result.events[0]
        assert isinstance(start_evt, StreamToolInputStart)
        assert isinstance(end_evt, StreamToolOutputAvailable)
        assert start_evt.toolCallId == end_evt.toolCallId
@@ -289,3 +303,105 @@ class TestCompactionTracker:
        tool_calls = session.messages[0].tool_calls
        assert tool_calls is not None
        assert tool_calls[0]["id"] == start_evt.toolCallId
+
+    @pytest.mark.asyncio
+    async def test_multiple_compactions_within_query(self):
+        """Two mid-stream compactions within a single query both trigger."""
+        tracker = CompactionTracker()
+        session = _make_session()
+
+        # First compaction cycle
+        tracker.on_compact("/path/1")
+        tracker.emit_start_if_ready()
+        result1 = await tracker.emit_end_if_ready(session)
+        assert result1.just_ended is True
+        assert len(result1.events) == 2
+        assert result1.transcript_path == "/path/1"
+
+        # Second compaction cycle (should NOT be blocked — _done resets
+        # because emit_end_if_ready sets it True, but the next on_compact
+        # + emit_start_if_ready checks !_done which IS True now.
+        # So we need reset_for_query between queries, but within a single
+        # query multiple compactions work because _done blocks emit_start
+        # until the next message arrives, at which point emit_end detects it)
+        #
+        # Actually: _done=True blocks emit_start_if_ready, so we need
+        # the stream loop to reset. In practice service.py doesn't call
+        # reset between compactions within the same query — let's verify
+        # the actual behavior.
+        tracker.on_compact("/path/2")
+        # _done is True from first compaction, so start is blocked
+        start_evts = tracker.emit_start_if_ready()
+        assert start_evts == []
+        # But emit_end returns no-op because _done is True
+        result2 = await tracker.emit_end_if_ready(session)
+        assert result2.just_ended is False
+
+    @pytest.mark.asyncio
+    async def test_multiple_compactions_with_intervening_message(self):
+        """Multiple compactions work when the stream loop processes messages between them.
+
+        In the real service.py flow:
+        1. PreCompact fires → on_compact()
+        2. emit_start shows spinner
+        3. Next message arrives → emit_end completes compaction (_done=True)
+        4. Stream continues processing messages...
+        5. If a second PreCompact fires, _done=True blocks emit_start
+        6. But the next message triggers emit_end, which sees _done=True → no-op
+        7. The stream loop needs to detect this and handle accordingly
+
+        The actual flow for multiple compactions within a query requires
+        _done to be cleared between them. The service.py code uses
+        CompactionResult.just_ended to trigger replace_entries, and _done
+        stays True until reset_for_query.
+        """
+        tracker = CompactionTracker()
+        session = _make_session()
+
+        # First compaction
+        tracker.on_compact("/path/1")
+        tracker.emit_start_if_ready()
+        result1 = await tracker.emit_end_if_ready(session)
+        assert result1.just_ended is True
+        assert result1.transcript_path == "/path/1"
+
+        # Simulate reset between queries
+        tracker.reset_for_query()
+
+        # Second compaction in new query
+        tracker.on_compact("/path/2")
+        start_evts = tracker.emit_start_if_ready()
+        assert len(start_evts) == 3
+        result2 = await tracker.emit_end_if_ready(session)
+        assert result2.just_ended is True
+        assert result2.transcript_path == "/path/2"
+
+    def test_on_compact_stores_transcript_path(self):
+        tracker = CompactionTracker()
+        tracker.on_compact("/some/path.jsonl")
+        assert tracker._transcript_path == "/some/path.jsonl"
+
+    @pytest.mark.asyncio
+    async def test_emit_end_returns_transcript_path(self):
+        """CompactionResult includes the transcript_path from on_compact."""
+        tracker = CompactionTracker()
+        session = _make_session()
+        tracker.on_compact("/my/session.jsonl")
+        tracker.emit_start_if_ready()
+        result = await tracker.emit_end_if_ready(session)
+        assert result.just_ended is True
+        assert result.transcript_path == "/my/session.jsonl"
+        # transcript_path is cleared after emit_end
+        assert tracker._transcript_path == ""
+
+    @pytest.mark.asyncio
+    async def test_emit_end_clears_transcript_path(self):
+        """After emit_end, _transcript_path is reset so it doesn't leak to
+        subsequent non-compaction emit_end calls."""
+        tracker = CompactionTracker()
+        session = _make_session()
+        tracker.on_compact("/first/path.jsonl")
+        tracker.emit_start_if_ready()
+        await tracker.emit_end_if_ready(session)
+        # After compaction, _transcript_path is cleared
+        assert tracker._transcript_path == ""
--- a/autogpt_platform/backend/backend/copilot/sdk/e2e_compaction_test.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/e2e_compaction_test.py
@@ -0,0 +1,531 @@
+"""End-to-end compaction flow test.
+
+Simulates the full service.py compaction lifecycle using real-format
+JSONL session files — no SDK subprocess needed. Exercises:
+
+  1. TranscriptBuilder loads a "downloaded" transcript
+  2. User query appended, assistant response streamed
+  3. PreCompact hook fires → CompactionTracker.on_compact()
+  4. Next message → emit_start_if_ready() yields spinner events
+  5. Message after that → emit_end_if_ready() returns CompactionResult
+  6. read_compacted_entries() reads the CLI session file
+  7. TranscriptBuilder.replace_entries() syncs state
+  8. More messages appended post-compaction
+  9. to_jsonl() exports full state for upload
+  10. Fresh builder loads the export — roundtrip verified
+"""
+
+import asyncio
+
+from backend.copilot.model import ChatSession
+from backend.copilot.response_model import (
+    StreamFinishStep,
+    StreamStartStep,
+    StreamToolInputAvailable,
+    StreamToolInputStart,
+    StreamToolOutputAvailable,
+)
+from backend.copilot.sdk.compaction import CompactionTracker
+from backend.copilot.sdk.transcript import (
+    read_compacted_entries,
+    strip_progress_entries,
+)
+from backend.copilot.sdk.transcript_builder import TranscriptBuilder
+from backend.util import json
+
+
+def _make_jsonl(*entries: dict) -> str:
+    return "\n".join(json.dumps(e) for e in entries) + "\n"
+
+
+def _run(coro):
+    """Run an async coroutine synchronously."""
+    return asyncio.run(coro)
+
+
+# ---------------------------------------------------------------------------
+# Fixtures: realistic CLI session file content
+# ---------------------------------------------------------------------------
+
+# Pre-compaction conversation
+USER_1 = {
+    "type": "user",
+    "uuid": "u1",
+    "message": {"role": "user", "content": "What files are in this project?"},
+}
+ASST_1_THINKING = {
+    "type": "assistant",
+    "uuid": "a1-think",
+    "parentUuid": "u1",
+    "message": {
+        "role": "assistant",
+        "id": "msg_sdk_aaa",
+        "type": "message",
+        "content": [{"type": "thinking", "thinking": "Let me look at the files..."}],
+        "stop_reason": None,
+        "stop_sequence": None,
+    },
+}
+ASST_1_TOOL = {
+    "type": "assistant",
+    "uuid": "a1-tool",
+    "parentUuid": "u1",
+    "message": {
+        "role": "assistant",
+        "id": "msg_sdk_aaa",
+        "type": "message",
+        "content": [
+            {
+                "type": "tool_use",
+                "id": "tu1",
+                "name": "Bash",
+                "input": {"command": "ls"},
+            }
+        ],
+        "stop_reason": "tool_use",
+        "stop_sequence": None,
+    },
+}
+TOOL_RESULT_1 = {
+    "type": "user",
+    "uuid": "tr1",
+    "parentUuid": "a1-tool",
+    "message": {
+        "role": "user",
+        "content": [
+            {
+                "type": "tool_result",
+                "tool_use_id": "tu1",
+                "content": "file1.py\nfile2.py",
+            }
+        ],
+    },
+}
+ASST_1_TEXT = {
+    "type": "assistant",
+    "uuid": "a1-text",
+    "parentUuid": "tr1",
+    "message": {
+        "role": "assistant",
+        "id": "msg_sdk_bbb",
+        "type": "message",
+        "content": [{"type": "text", "text": "I found file1.py and file2.py."}],
+        "stop_reason": "end_turn",
+        "stop_sequence": None,
+    },
+}
+# Progress entries (should be stripped during upload)
+PROGRESS_1 = {
+    "type": "progress",
+    "uuid": "prog1",
+    "parentUuid": "a1-tool",
+    "data": {"type": "bash_progress", "stdout": "running ls..."},
+}
+# Second user message
+USER_2 = {
+    "type": "user",
+    "uuid": "u2",
+    "parentUuid": "a1-text",
+    "message": {"role": "user", "content": "Show me file1.py"},
+}
+ASST_2 = {
+    "type": "assistant",
+    "uuid": "a2",
+    "parentUuid": "u2",
+    "message": {
+        "role": "assistant",
+        "id": "msg_sdk_ccc",
+        "type": "message",
+        "content": [{"type": "text", "text": "Here is file1.py content..."}],
+        "stop_reason": "end_turn",
+        "stop_sequence": None,
+    },
+}
+
+# --- Compaction summary (written by CLI after context compaction) ---
+COMPACT_SUMMARY = {
+    "type": "summary",
+    "uuid": "cs1",
+    "isCompactSummary": True,
+    "message": {
+        "role": "user",
+        "content": (
+            "Summary: User asked about project files. Found file1.py and file2.py. "
+            "User then asked to see file1.py."
+        ),
+    },
+}
+
+# Post-compaction assistant response
+POST_COMPACT_ASST = {
+    "type": "assistant",
+    "uuid": "a3",
+    "parentUuid": "cs1",
+    "message": {
+        "role": "assistant",
+        "id": "msg_sdk_ddd",
+        "type": "message",
+        "content": [{"type": "text", "text": "Here is the content of file1.py..."}],
+        "stop_reason": "end_turn",
+        "stop_sequence": None,
+    },
+}
+
+# Post-compaction user follow-up
+USER_3 = {
+    "type": "user",
+    "uuid": "u3",
+    "parentUuid": "a3",
+    "message": {"role": "user", "content": "Now show file2.py"},
+}
+ASST_3 = {
+    "type": "assistant",
+    "uuid": "a4",
+    "parentUuid": "u3",
+    "message": {
+        "role": "assistant",
+        "id": "msg_sdk_eee",
+        "type": "message",
+        "content": [{"type": "text", "text": "Here is file2.py..."}],
+        "stop_reason": "end_turn",
+        "stop_sequence": None,
+    },
+}
+
+
+# ---------------------------------------------------------------------------
+# E2E test
+# ---------------------------------------------------------------------------
+
+
+class TestCompactionE2E:
+    def _write_session_file(self, session_dir, entries):
+        """Write a CLI session JSONL file."""
+        path = session_dir / "session.jsonl"
+        path.write_text(_make_jsonl(*entries))
+        return path
+
+    def test_full_compaction_lifecycle(self, tmp_path, monkeypatch):
+        """Simulate the complete service.py compaction flow.
+
+        Timeline:
+        1. Previous turn uploaded transcript with [USER_1, ASST_1, USER_2, ASST_2]
+        2. Current turn: download → load_previous
+        3. User sends "Now show file2.py" → append_user
+        4. SDK starts streaming response
+        5. Mid-stream: PreCompact hook fires (context too large)
+        6. CLI writes compaction summary to session file
+        7. Next SDK message → emit_start (spinner)
+        8. Following message → emit_end (CompactionResult)
+        9. read_compacted_entries reads the session file
+        10. replace_entries syncs TranscriptBuilder
+        11. More assistant messages appended
+        12. Export → upload → next turn downloads it
+        """
+        # --- Setup CLI projects directory ---
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        # --- Step 1-2: Load "downloaded" transcript from previous turn ---
+        previous_transcript = _make_jsonl(
+            USER_1,
+            ASST_1_THINKING,
+            ASST_1_TOOL,
+            TOOL_RESULT_1,
+            ASST_1_TEXT,
+            USER_2,
+            ASST_2,
+        )
+        builder = TranscriptBuilder()
+        builder.load_previous(previous_transcript)
+        assert builder.entry_count == 7
+
+        # --- Step 3: User sends new query ---
+        builder.append_user("Now show file2.py")
+        assert builder.entry_count == 8
+
+        # --- Step 4: SDK starts streaming ---
+        builder.append_assistant(
+            [{"type": "thinking", "thinking": "Let me read file2.py..."}],
+            model="claude-sonnet-4-20250514",
+        )
+        assert builder.entry_count == 9
+
+        # --- Step 5-6: PreCompact fires, CLI writes session file ---
+        session_file = self._write_session_file(
+            session_dir,
+            [
+                USER_1,
+                ASST_1_THINKING,
+                ASST_1_TOOL,
+                PROGRESS_1,
+                TOOL_RESULT_1,
+                ASST_1_TEXT,
+                USER_2,
+                ASST_2,
+                COMPACT_SUMMARY,
+                POST_COMPACT_ASST,
+                USER_3,
+                ASST_3,
+            ],
+        )
+
+        # --- Step 7: CompactionTracker receives PreCompact hook ---
+        tracker = CompactionTracker()
+        session = ChatSession.new(user_id="test-user")
+        tracker.on_compact(str(session_file))
+
+        # --- Step 8: Next SDK message arrives → emit_start ---
+        start_events = tracker.emit_start_if_ready()
+        assert len(start_events) == 3
+        assert isinstance(start_events[0], StreamStartStep)
+        assert isinstance(start_events[1], StreamToolInputStart)
+        assert isinstance(start_events[2], StreamToolInputAvailable)
+
+        # Verify tool_call_id is set
+        tool_call_id = start_events[1].toolCallId
+        assert tool_call_id.startswith("compaction-")
+
+        # --- Step 9: Following message → emit_end ---
+        result = _run(tracker.emit_end_if_ready(session))
+        assert result.just_ended is True
+        assert result.transcript_path == str(session_file)
+        assert len(result.events) == 2
+        assert isinstance(result.events[0], StreamToolOutputAvailable)
+        assert isinstance(result.events[1], StreamFinishStep)
+        # Verify same tool_call_id
+        assert result.events[0].toolCallId == tool_call_id
+
+        # Session should have compaction messages persisted
+        assert len(session.messages) == 2
+        assert session.messages[0].role == "assistant"
+        assert session.messages[1].role == "tool"
+
+        # --- Step 10: read_compacted_entries + replace_entries ---
+        compacted = read_compacted_entries(str(session_file))
+        assert compacted is not None
+        # Should have: COMPACT_SUMMARY + POST_COMPACT_ASST + USER_3 + ASST_3
+        assert len(compacted) == 4
+        assert compacted[0]["uuid"] == "cs1"
+        assert compacted[0]["isCompactSummary"] is True
+
+        # Replace builder state with compacted entries
+        old_count = builder.entry_count
+        builder.replace_entries(compacted)
+        assert builder.entry_count == 4  # Only compacted entries
+        assert builder.entry_count < old_count  # Compaction reduced entries
+
+        # --- Step 11: More assistant messages after compaction ---
+        builder.append_assistant(
+            [{"type": "text", "text": "Here is file2.py:\n\ndef hello():\n    pass"}],
+            model="claude-sonnet-4-20250514",
+            stop_reason="end_turn",
+        )
+        assert builder.entry_count == 5
+
+        # --- Step 12: Export for upload ---
+        output = builder.to_jsonl()
+        assert output  # Not empty
+        output_entries = [json.loads(line) for line in output.strip().split("\n")]
+        assert len(output_entries) == 5
+
+        # Verify structure:
+        # [COMPACT_SUMMARY, POST_COMPACT_ASST, USER_3, ASST_3, new_assistant]
+        assert output_entries[0]["type"] == "summary"
+        assert output_entries[0].get("isCompactSummary") is True
+        assert output_entries[0]["uuid"] == "cs1"
+        assert output_entries[1]["uuid"] == "a3"
+        assert output_entries[2]["uuid"] == "u3"
+        assert output_entries[3]["uuid"] == "a4"
+        assert output_entries[4]["type"] == "assistant"
+
+        # Verify parent chain is intact
+        assert output_entries[1]["parentUuid"] == "cs1"  # a3 → cs1
+        assert output_entries[2]["parentUuid"] == "a3"  # u3 → a3
+        assert output_entries[3]["parentUuid"] == "u3"  # a4 → u3
+        assert output_entries[4]["parentUuid"] == "a4"  # new → a4
+
+        # --- Step 13: Roundtrip — next turn loads this export ---
+        builder2 = TranscriptBuilder()
+        builder2.load_previous(output)
+        assert builder2.entry_count == 5
+
+        # isCompactSummary survives roundtrip
+        output2 = builder2.to_jsonl()
+        first_entry = json.loads(output2.strip().split("\n")[0])
+        assert first_entry.get("isCompactSummary") is True
+
+        # Can append more messages
+        builder2.append_user("What about file3.py?")
+        assert builder2.entry_count == 6
+        final_output = builder2.to_jsonl()
+        last_entry = json.loads(final_output.strip().split("\n")[-1])
+        assert last_entry["type"] == "user"
+        # Parented to the last entry from previous turn
+        assert last_entry["parentUuid"] == output_entries[-1]["uuid"]
+
+    def test_double_compaction_within_session(self, tmp_path, monkeypatch):
+        """Two compactions in the same session (across reset_for_query)."""
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        tracker = CompactionTracker()
+        session = ChatSession.new(user_id="test")
+        builder = TranscriptBuilder()
+
+        # --- First query with compaction ---
+        builder.append_user("first question")
+        builder.append_assistant([{"type": "text", "text": "first answer"}])
+
+        # Write session file for first compaction
+        first_summary = {
+            "type": "summary",
+            "uuid": "cs-first",
+            "isCompactSummary": True,
+            "message": {"role": "user", "content": "First compaction summary"},
+        }
+        first_post = {
+            "type": "assistant",
+            "uuid": "a-first",
+            "parentUuid": "cs-first",
+            "message": {"role": "assistant", "content": "first post-compact"},
+        }
+        file1 = session_dir / "session1.jsonl"
+        file1.write_text(_make_jsonl(first_summary, first_post))
+
+        tracker.on_compact(str(file1))
+        tracker.emit_start_if_ready()
+        result1 = _run(tracker.emit_end_if_ready(session))
+        assert result1.just_ended is True
+
+        compacted1 = read_compacted_entries(str(file1))
+        assert compacted1 is not None
+        builder.replace_entries(compacted1)
+        assert builder.entry_count == 2
+
+        # --- Reset for second query ---
+        tracker.reset_for_query()
+
+        # --- Second query with compaction ---
+        builder.append_user("second question")
+        builder.append_assistant([{"type": "text", "text": "second answer"}])
+
+        second_summary = {
+            "type": "summary",
+            "uuid": "cs-second",
+            "isCompactSummary": True,
+            "message": {"role": "user", "content": "Second compaction summary"},
+        }
+        second_post = {
+            "type": "assistant",
+            "uuid": "a-second",
+            "parentUuid": "cs-second",
+            "message": {"role": "assistant", "content": "second post-compact"},
+        }
+        file2 = session_dir / "session2.jsonl"
+        file2.write_text(_make_jsonl(second_summary, second_post))
+
+        tracker.on_compact(str(file2))
+        tracker.emit_start_if_ready()
+        result2 = _run(tracker.emit_end_if_ready(session))
+        assert result2.just_ended is True
+
+        compacted2 = read_compacted_entries(str(file2))
+        assert compacted2 is not None
+        builder.replace_entries(compacted2)
+        assert builder.entry_count == 2  # Only second compaction entries
+
+        # Export and verify
+        output = builder.to_jsonl()
+        entries = [json.loads(line) for line in output.strip().split("\n")]
+        assert entries[0]["uuid"] == "cs-second"
+        assert entries[0].get("isCompactSummary") is True
+
+    def test_strip_progress_then_load_then_compact_roundtrip(
+        self, tmp_path, monkeypatch
+    ):
+        """Full pipeline: strip → load → compact → replace → export → reload.
+
+        This tests the exact sequence that happens across two turns:
+        Turn 1: SDK produces transcript with progress entries
+        Upload: strip_progress_entries removes progress, upload to cloud
+        Turn 2: Download → load_previous → compaction fires → replace → export
+        Turn 3: Download the Turn 2 export → load_previous (roundtrip)
+        """
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        # --- Turn 1: SDK produces raw transcript ---
+        raw_content = _make_jsonl(
+            USER_1,
+            ASST_1_THINKING,
+            ASST_1_TOOL,
+            PROGRESS_1,
+            TOOL_RESULT_1,
+            ASST_1_TEXT,
+            USER_2,
+            ASST_2,
+        )
+
+        # Strip progress for upload
+        stripped = strip_progress_entries(raw_content)
+        stripped_entries = [
+            json.loads(line) for line in stripped.strip().split("\n") if line.strip()
+        ]
+        # Progress should be gone
+        assert not any(e.get("type") == "progress" for e in stripped_entries)
+        assert len(stripped_entries) == 7  # 8 - 1 progress
+
+        # --- Turn 2: Download stripped, load, compaction happens ---
+        builder = TranscriptBuilder()
+        builder.load_previous(stripped)
+        assert builder.entry_count == 7
+
+        builder.append_user("Now show file2.py")
+        builder.append_assistant(
+            [{"type": "text", "text": "Reading file2.py..."}],
+            model="claude-sonnet-4-20250514",
+        )
+
+        # CLI writes session file with compaction
+        session_file = self._write_session_file(
+            session_dir,
+            [
+                USER_1,
+                ASST_1_TOOL,
+                TOOL_RESULT_1,
+                ASST_1_TEXT,
+                USER_2,
+                ASST_2,
+                COMPACT_SUMMARY,
+                POST_COMPACT_ASST,
+            ],
+        )
+
+        compacted = read_compacted_entries(str(session_file))
+        assert compacted is not None
+        builder.replace_entries(compacted)
+
+        # Append post-compaction message
+        builder.append_user("Thanks!")
+        output = builder.to_jsonl()
+
+        # --- Turn 3: Fresh load of Turn 2 export ---
+        builder3 = TranscriptBuilder()
+        builder3.load_previous(output)
+        # Should have: compact_summary + post_compact_asst + "Thanks!"
+        assert builder3.entry_count == 3
+
+        # Compact summary survived the full pipeline
+        first = json.loads(builder3.to_jsonl().strip().split("\n")[0])
+        assert first.get("isCompactSummary") is True
+        assert first["type"] == "summary"
--- a/autogpt_platform/backend/backend/copilot/sdk/mcp_tool_guide.md
+++ b/autogpt_platform/backend/backend/copilot/sdk/mcp_tool_guide.md
@@ -20,9 +20,40 @@ Use these URLs directly without asking the user:
 | Cloudflare | `https://mcp.cloudflare.com/mcp` |
 | Atlassian / Jira | `https://mcp.atlassian.com/mcp` |

-For other services, search the MCP registry at https://registry.modelcontextprotocol.io/.
+For other services, search the MCP registry API:
+```http
+GET https://registry.modelcontextprotocol.io/v0/servers?q=<search_term>
+```
+Each result includes a `remotes` array with the exact server URL to use.
+
+### Important: Check blocks first
+
+Before using `run_mcp_tool`, always check if the platform already has blocks for the service
+using `find_block`. The platform has hundreds of built-in blocks (Google Sheets, Google Docs,
+Google Calendar, Gmail, etc.) that work without MCP setup.
+
+Only use `run_mcp_tool` when:
+- The service is in the known hosted MCP servers list above, OR
+- You searched `find_block` first and found no matching blocks
+
+**Never guess or construct MCP server URLs.** Only use URLs from the known servers list above
+or from the `remotes[].url` field in MCP registry search results.

 ### Authentication

 If the server requires credentials, a `SetupRequirementsResponse` is returned with an OAuth
 login prompt. Once the user completes the flow and confirms, retry the same call immediately.
+
+### Communication style
+
+Avoid technical jargon like "MCP server", "OAuth", or "credentials" when talking to the user.
+Use plain, friendly language instead:
+
+| Instead of… | Say… |
+|---|---|
+| "Let me connect to Sentry's MCP server and discover what tools are available." | "I can connect to Sentry and help identify important issues." |
+| "Let me connect to Sentry's MCP server now." | "Next, I'll connect to Sentry." |
+| "The MCP server at mcp.sentry.dev requires authentication. Please connect your credentials to continue." | "To continue, sign in to Sentry and approve access." |
+| "Sentry's MCP server needs OAuth authentication. You should see a prompt to connect your Sentry account…" | "You should see a prompt to sign in to Sentry. Once connected, I can help surface critical issues right away." |
+
+Use **"connect to [Service]"** or **"sign in to [Service]"** — never "MCP server", "OAuth", or "credentials".
--- a/autogpt_platform/backend/backend/copilot/sdk/security_hooks.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/security_hooks.py
@@ -127,7 +127,7 @@ def create_security_hooks(
    user_id: str | None,
    sdk_cwd: str | None = None,
    max_subtasks: int = 3,
-    on_compact: Callable[[], None] | None = None,
+    on_compact: Callable[[str], None] | None = None,
 ) -> dict[str, Any]:
    """Create the security hooks configuration for Claude Agent SDK.

@@ -142,6 +142,7 @@ def create_security_hooks(
        sdk_cwd: SDK working directory for workspace-scoped tool validation
        max_subtasks: Maximum concurrent Task (sub-agent) spawns allowed per session
        on_compact: Callback invoked when SDK starts compacting context.
+            Receives the transcript_path from the hook input.

    Returns:
        Hooks configuration dict for ClaudeAgentOptions
@@ -301,11 +302,21 @@ def create_security_hooks(
            """
            _ = context, tool_use_id
            trigger = input_data.get("trigger", "auto")
+            # Sanitize untrusted input before logging to prevent log injection
+            transcript_path = (
+                str(input_data.get("transcript_path", ""))
+                .replace("\n", "")
+                .replace("\r", "")
+            )
            logger.info(
-                f"[SDK] Context compaction triggered: {trigger}, user={user_id}"
+                "[SDK] Context compaction triggered: %s, user=%s, "
+                "transcript_path=%s",
+                trigger,
+                user_id,
+                transcript_path,
            )
            if on_compact is not None:
-                on_compact()
+                on_compact(transcript_path)
            return cast(SyncHookJSONOutput, {})

        hooks: dict[str, Any] = {
--- a/autogpt_platform/backend/backend/copilot/sdk/service.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/service.py
@@ -77,6 +77,7 @@ from .tool_adapter import (
 from .transcript import (
    cleanup_cli_project_dir,
    download_transcript,
+    read_compacted_entries,
    upload_transcript,
    validate_transcript,
    write_transcript_to_tempfile,
@@ -1045,6 +1046,7 @@ async def stream_chat_completion_sdk(
                            exc_info=True,
                        )
                        ended_with_stream_error = True
+
                        yield StreamError(
                            errorText=f"SDK stream error: {stream_err}",
                            code="sdk_stream_error",
@@ -1129,9 +1131,26 @@ async def stream_chat_completion_sdk(
                                sdk_msg.result or "(no error message provided)",
                            )

-                    # Emit compaction end if SDK finished compacting
-                    for ev in await compaction.emit_end_if_ready(session):
+                    # Emit compaction end if SDK finished compacting.
+                    # When compaction ends, sync TranscriptBuilder with the
+                    # CLI's active context so they stay identical.
+                    compact_result = await compaction.emit_end_if_ready(session)
+                    for ev in compact_result.events:
                        yield ev
+                    # After replace_entries, skip append_assistant for this
+                    # sdk_msg — the CLI session file already contains it,
+                    # so appending again would create a duplicate.
+                    entries_replaced = False
+                    if compact_result.just_ended:
+                        compacted = await asyncio.to_thread(
+                            read_compacted_entries,
+                            compact_result.transcript_path,
+                        )
+                        if compacted is not None:
+                            transcript_builder.replace_entries(
+                                compacted, log_prefix=log_prefix
+                            )
+                            entries_replaced = True

                    for response in adapter.convert_message(sdk_msg):
                        if isinstance(response, StreamStart):
@@ -1218,10 +1237,11 @@ async def stream_chat_completion_sdk(
                                    tool_call_id=response.toolCallId,
                                )
                            )
-                            transcript_builder.append_tool_result(
-                                tool_use_id=response.toolCallId,
-                                content=content,
-                            )
+                            if not entries_replaced:
+                                transcript_builder.append_tool_result(
+                                    tool_use_id=response.toolCallId,
+                                    content=content,
+                                )
                            has_tool_results = True

                        elif isinstance(response, StreamFinish):
@@ -1231,7 +1251,9 @@ async def stream_chat_completion_sdk(
                    # any stashed tool results from the previous turn are
                    # recorded first, preserving the required API order:
                    # assistant(tool_use) → tool_result → assistant(text).
-                    if isinstance(sdk_msg, AssistantMessage):
+                    # Skip if replace_entries just ran — the CLI session
+                    # file already contains this message.
+                    if isinstance(sdk_msg, AssistantMessage) and not entries_replaced:
                        transcript_builder.append_assistant(
                            content_blocks=_format_sdk_content_blocks(sdk_msg.content),
                            model=sdk_msg.model,
@@ -1422,13 +1444,13 @@ async def stream_chat_completion_sdk(
            task.add_done_callback(_background_tasks.discard)

        # --- Upload transcript for next-turn --resume ---
-        # This MUST run in finally so the transcript is uploaded even when
-        # the streaming loop raises an exception.
-        # The transcript represents the COMPLETE active context (atomic).
+        # TranscriptBuilder is the single source of truth.  It mirrors the
+        # CLI's active context: on compaction, replace_entries() syncs it
+        # with the compacted session file.  No CLI file read needed here.
        if config.claude_agent_use_resume and user_id and session is not None:
            try:
-                # Build complete transcript from captured SDK messages
                transcript_content = transcript_builder.to_jsonl()
+                entry_count = transcript_builder.entry_count

                if not transcript_content:
                    logger.warning(
@@ -1438,18 +1460,15 @@ async def stream_chat_completion_sdk(
                    logger.warning(
                        "%s Transcript invalid, skipping upload (entries=%d)",
                        log_prefix,
-                        transcript_builder.entry_count,
+                        entry_count,
                    )
                else:
                    logger.info(
-                        "%s Uploading complete transcript (entries=%d, bytes=%d)",
+                        "%s Uploading transcript (entries=%d, bytes=%d)",
                        log_prefix,
-                        transcript_builder.entry_count,
+                        entry_count,
                        len(transcript_content),
                    )
-                    # Shield upload from cancellation - let it complete even if
-                    # the finally block is interrupted. No timeout to avoid race
-                    # conditions where backgrounded uploads overwrite newer transcripts.
                    await asyncio.shield(
                        upload_transcript(
                            user_id=user_id,
--- a/autogpt_platform/backend/backend/copilot/sdk/transcript.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/transcript.py
@@ -13,8 +13,10 @@ filesystem for self-hosted) — no DB column needed.
 import logging
 import os
 import re
+import shutil
 import time
 from dataclasses import dataclass
+from pathlib import Path

 from backend.util import json

@@ -82,7 +84,11 @@ def strip_progress_entries(content: str) -> str:
        parent = entry.get("parentUuid", "")
        if uid:
            uuid_to_parent[uid] = parent
-        if entry.get("type", "") in STRIPPABLE_TYPES and uid:
+        if (
+            entry.get("type", "") in STRIPPABLE_TYPES
+            and uid
+            and not entry.get("isCompactSummary")
+        ):
            stripped_uuids.add(uid)

    # Second pass: keep non-stripped entries, reparenting where needed.
@@ -106,7 +112,9 @@ def strip_progress_entries(content: str) -> str:
        if not isinstance(entry, dict):
            result_lines.append(line)
            continue
-        if entry.get("type", "") in STRIPPABLE_TYPES:
+        if entry.get("type", "") in STRIPPABLE_TYPES and not entry.get(
+            "isCompactSummary"
+        ):
            continue
        uid = entry.get("uuid", "")
        if uid in reparented:
@@ -137,6 +145,155 @@ def _sanitize_id(raw_id: str, max_len: int = 36) -> str:
 _SAFE_CWD_PREFIX = os.path.realpath("/tmp/copilot-")


+def _projects_base() -> str:
+    """Return the resolved path to the CLI's projects directory."""
+    config_dir = os.environ.get("CLAUDE_CONFIG_DIR") or os.path.expanduser("~/.claude")
+    return os.path.realpath(os.path.join(config_dir, "projects"))
+
+
+def _cli_project_dir(sdk_cwd: str) -> str | None:
+    """Return the CLI's project directory for a given working directory.
+
+    Returns ``None`` if the path would escape the projects base.
+    """
+    cwd_encoded = re.sub(r"[^a-zA-Z0-9]", "-", os.path.realpath(sdk_cwd))
+    projects_base = _projects_base()
+    project_dir = os.path.realpath(os.path.join(projects_base, cwd_encoded))
+
+    if not project_dir.startswith(projects_base + os.sep):
+        logger.warning(
+            "[Transcript] Project dir escaped projects base: %s", project_dir
+        )
+        return None
+    return project_dir
+
+
+def _safe_glob_jsonl(project_dir: str) -> list[Path]:
+    """Glob ``*.jsonl`` files, filtering out symlinks that escape the directory."""
+    try:
+        resolved_base = Path(project_dir).resolve()
+    except OSError as e:
+        logger.warning("[Transcript] Failed to resolve project dir: %s", e)
+        return []
+
+    result: list[Path] = []
+    for candidate in Path(project_dir).glob("*.jsonl"):
+        try:
+            resolved = candidate.resolve()
+            if resolved.is_relative_to(resolved_base):
+                result.append(resolved)
+        except (OSError, RuntimeError) as e:
+            logger.debug(
+                "[Transcript] Skipping invalid CLI session candidate %s: %s",
+                candidate,
+                e,
+            )
+    return result
+
+
+def read_compacted_entries(transcript_path: str) -> list[dict] | None:
+    """Read compacted entries from the CLI session file after compaction.
+
+    Parses the JSONL file line-by-line, finds the ``isCompactSummary: true``
+    entry, and returns it plus all entries after it.
+
+    The CLI writes the compaction summary BEFORE sending the next message,
+    so the file is guaranteed to be flushed by the time we read it.
+
+    Returns a list of parsed dicts, or ``None`` if the file cannot be read
+    or no compaction summary is found.
+    """
+    if not transcript_path:
+        return None
+
+    projects_base = _projects_base()
+    real_path = os.path.realpath(transcript_path)
+    if not real_path.startswith(projects_base + os.sep):
+        logger.warning(
+            "[Transcript] transcript_path outside projects base: %s", transcript_path
+        )
+        return None
+
+    try:
+        content = Path(real_path).read_text()
+    except OSError as e:
+        logger.warning(
+            "[Transcript] Failed to read session file %s: %s", transcript_path, e
+        )
+        return None
+
+    lines = content.strip().split("\n")
+    compact_idx: int | None = None
+
+    for idx, line in enumerate(lines):
+        if not line.strip():
+            continue
+        entry = json.loads(line, fallback=None)
+        if not isinstance(entry, dict):
+            continue
+        if entry.get("isCompactSummary"):
+            compact_idx = idx  # don't break — find the LAST summary
+
+    if compact_idx is None:
+        logger.debug("[Transcript] No compaction summary found in %s", transcript_path)
+        return None
+
+    entries: list[dict] = []
+    for line in lines[compact_idx:]:
+        if not line.strip():
+            continue
+        entry = json.loads(line, fallback=None)
+        if isinstance(entry, dict):
+            entries.append(entry)
+
+    logger.info(
+        "[Transcript] Read %d compacted entries from %s (summary at line %d)",
+        len(entries),
+        transcript_path,
+        compact_idx + 1,
+    )
+    return entries
+
+
+def read_cli_session_file(sdk_cwd: str) -> str | None:
+    """Read the CLI's own session file, which reflects any compaction.
+
+    The CLI writes its session transcript to
+    ``~/.claude/projects/<encoded_cwd>/<session_id>.jsonl``.
+    Since each SDK turn uses a unique ``sdk_cwd``, there should be
+    exactly one ``.jsonl`` file in that directory.
+
+    Returns the file content, or ``None`` if not found.
+    """
+    project_dir = _cli_project_dir(sdk_cwd)
+    if not project_dir or not os.path.isdir(project_dir):
+        return None
+
+    jsonl_files = _safe_glob_jsonl(project_dir)
+    if not jsonl_files:
+        logger.debug("[Transcript] No CLI session file found in %s", project_dir)
+        return None
+
+    # Pick the most recently modified file (should be only one per turn).
+    try:
+        session_file = max(jsonl_files, key=lambda p: p.stat().st_mtime)
+    except OSError as e:
+        logger.warning("[Transcript] Failed to inspect CLI session files: %s", e)
+        return None
+
+    try:
+        content = session_file.read_text()
+        logger.info(
+            "[Transcript] Read CLI session file: %s (%d bytes)",
+            session_file,
+            len(content),
+        )
+        return content
+    except OSError as e:
+        logger.warning("[Transcript] Failed to read CLI session file: %s", e)
+        return None
+
+
 def cleanup_cli_project_dir(sdk_cwd: str) -> None:
    """Remove the CLI's project directory for a specific working directory.

@@ -144,25 +301,15 @@ def cleanup_cli_project_dir(sdk_cwd: str) -> None:
    Each SDK turn uses a unique ``sdk_cwd``, so the project directory is
    safe to remove entirely after the transcript has been uploaded.
    """
-    import shutil
-
-    # Encode cwd the same way CLI does (replaces non-alphanumeric with -)
-    cwd_encoded = re.sub(r"[^a-zA-Z0-9]", "-", os.path.realpath(sdk_cwd))
-    config_dir = os.environ.get("CLAUDE_CONFIG_DIR") or os.path.expanduser("~/.claude")
-    projects_base = os.path.realpath(os.path.join(config_dir, "projects"))
-    project_dir = os.path.realpath(os.path.join(projects_base, cwd_encoded))
-
-    if not project_dir.startswith(projects_base + os.sep):
-        logger.warning(
-            f"[Transcript] Cleanup path escaped projects base: {project_dir}"
-        )
+    project_dir = _cli_project_dir(sdk_cwd)
+    if not project_dir:
        return

    if os.path.isdir(project_dir):
        shutil.rmtree(project_dir, ignore_errors=True)
-        logger.debug(f"[Transcript] Cleaned up CLI project dir: {project_dir}")
+        logger.debug("[Transcript] Cleaned up CLI project dir: %s", project_dir)
    else:
-        logger.debug(f"[Transcript] Project dir not found: {project_dir}")
+        logger.debug("[Transcript] Project dir not found: %s", project_dir)


 def write_transcript_to_tempfile(
@@ -259,24 +406,27 @@ def _meta_storage_path_parts(user_id: str, session_id: str) -> tuple[str, str, s
    )


-def _build_storage_path(user_id: str, session_id: str, backend: object) -> str:
-    """Build the full storage path string that ``retrieve()`` expects.
-
-    ``store()`` returns a path like ``gcs://bucket/workspaces/...`` or
-    ``local://workspace_id/file_id/filename``.  Since we use deterministic
-    arguments we can reconstruct the same path for download/delete without
-    having stored the return value.
-    """
+def _build_path_from_parts(parts: tuple[str, str, str], backend: object) -> str:
+    """Build a full storage path from (workspace_id, file_id, filename) parts."""
    from backend.util.workspace_storage import GCSWorkspaceStorage

-    wid, fid, fname = _storage_path_parts(user_id, session_id)
-
+    wid, fid, fname = parts
    if isinstance(backend, GCSWorkspaceStorage):
        blob = f"workspaces/{wid}/{fid}/{fname}"
        return f"gcs://{backend.bucket_name}/{blob}"
-    else:
-        # LocalWorkspaceStorage returns local://{relative_path}
-        return f"local://{wid}/{fid}/{fname}"
+    return f"local://{wid}/{fid}/{fname}"
+
+
+def _build_storage_path(user_id: str, session_id: str, backend: object) -> str:
+    """Build the full storage path string that ``retrieve()`` expects."""
+    return _build_path_from_parts(_storage_path_parts(user_id, session_id), backend)
+
+
+def _build_meta_storage_path(user_id: str, session_id: str, backend: object) -> str:
+    """Build the full storage path for the companion .meta.json file."""
+    return _build_path_from_parts(
+        _meta_storage_path_parts(user_id, session_id), backend
+    )


 async def upload_transcript(
@@ -381,15 +531,7 @@ async def download_transcript(
    message_count = 0
    uploaded_at = 0.0
    try:
-        from backend.util.workspace_storage import GCSWorkspaceStorage
-
-        mwid, mfid, mfname = _meta_storage_path_parts(user_id, session_id)
-        if isinstance(storage, GCSWorkspaceStorage):
-            blob = f"workspaces/{mwid}/{mfid}/{mfname}"
-            meta_path = f"gcs://{storage.bucket_name}/{blob}"
-        else:
-            meta_path = f"local://{mwid}/{mfid}/{mfname}"
-
+        meta_path = _build_meta_storage_path(user_id, session_id, storage)
        meta_data = await storage.retrieve(meta_path)
        meta = json.loads(meta_data.decode("utf-8"), fallback={})
        message_count = meta.get("message_count", 0)
@@ -406,7 +548,11 @@ async def download_transcript(


 async def delete_transcript(user_id: str, session_id: str) -> None:
-    """Delete transcript from bucket storage (e.g. after resume failure)."""
+    """Delete transcript and its metadata from bucket storage.
+
+    Removes both the ``.jsonl`` transcript and the companion ``.meta.json``
+    so stale ``message_count`` watermarks cannot corrupt gap-fill logic.
+    """
    from backend.util.workspace_storage import get_workspace_storage

    storage = await get_workspace_storage()
@@ -414,6 +560,14 @@ async def delete_transcript(user_id: str, session_id: str) -> None:

    try:
        await storage.delete(path)
-        logger.info(f"[Transcript] Deleted transcript for session {session_id}")
+        logger.info("[Transcript] Deleted transcript for session %s", session_id)
    except Exception as e:
-        logger.warning(f"[Transcript] Failed to delete transcript: {e}")
+        logger.warning("[Transcript] Failed to delete transcript: %s", e)
+
+    # Also delete the companion .meta.json to avoid orphaned metadata.
+    try:
+        meta_path = _build_meta_storage_path(user_id, session_id, storage)
+        await storage.delete(meta_path)
+        logger.info("[Transcript] Deleted metadata for session %s", session_id)
+    except Exception as e:
+        logger.warning("[Transcript] Failed to delete metadata: %s", e)
--- a/autogpt_platform/backend/backend/copilot/sdk/transcript_builder.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/transcript_builder.py
@@ -30,6 +30,7 @@ class TranscriptEntry(BaseModel):
    type: str
    uuid: str
    parentUuid: str | None
+    isCompactSummary: bool | None = None
    message: dict[str, Any]


@@ -53,6 +54,24 @@ class TranscriptBuilder:
            return self._entries[-1].message.get("id", "")
        return ""

+    @staticmethod
+    def _parse_entry(data: dict) -> TranscriptEntry | None:
+        """Parse a single transcript entry, filtering strippable types.
+
+        Returns ``None`` for entries that should be skipped (strippable types
+        that are not compaction summaries).
+        """
+        entry_type = data.get("type", "")
+        if entry_type in STRIPPABLE_TYPES and not data.get("isCompactSummary"):
+            return None
+        return TranscriptEntry(
+            type=entry_type,
+            uuid=data.get("uuid") or str(uuid4()),
+            parentUuid=data.get("parentUuid"),
+            isCompactSummary=data.get("isCompactSummary") or None,
+            message=data.get("message", {}),
+        )
+
    def load_previous(self, content: str, log_prefix: str = "[Transcript]") -> None:
        """Load complete previous transcript.

@@ -78,18 +97,9 @@ class TranscriptBuilder:
                )
                continue

-            # Load all non-strippable entries (user/assistant/system/etc.)
-            # Skip only STRIPPABLE_TYPES to match strip_progress_entries() behavior
-            entry_type = data.get("type", "")
-            if entry_type in STRIPPABLE_TYPES:
+            entry = self._parse_entry(data)
+            if entry is None:
                continue
-
-            entry = TranscriptEntry(
-                type=data["type"],
-                uuid=data.get("uuid") or str(uuid4()),
-                parentUuid=data.get("parentUuid"),
-                message=data.get("message", {}),
-            )
            self._entries.append(entry)
            self._last_uuid = entry.uuid

@@ -162,6 +172,43 @@ class TranscriptBuilder:
        )
        self._last_uuid = msg_uuid

+    def replace_entries(
+        self, compacted_entries: list[dict], log_prefix: str = "[Transcript]"
+    ) -> None:
+        """Replace all entries with compacted entries from the CLI session file.
+
+        Called after mid-stream compaction so TranscriptBuilder mirrors the
+        CLI's active context (compaction summary + post-compaction entries).
+
+        Builds the new list first and validates it's non-empty before swapping,
+        so corrupt input cannot wipe the conversation history.
+        """
+        new_entries: list[TranscriptEntry] = []
+        for data in compacted_entries:
+            entry = self._parse_entry(data)
+            if entry is not None:
+                new_entries.append(entry)
+
+        if not new_entries:
+            logger.warning(
+                "%s replace_entries produced 0 entries from %d inputs, keeping old (%d entries)",
+                log_prefix,
+                len(compacted_entries),
+                len(self._entries),
+            )
+            return
+
+        old_count = len(self._entries)
+        self._entries = new_entries
+        self._last_uuid = new_entries[-1].uuid
+
+        logger.info(
+            "%s TranscriptBuilder compacted: %d entries -> %d entries",
+            log_prefix,
+            old_count,
+            len(self._entries),
+        )
+
    def to_jsonl(self) -> str:
        """Export complete context as JSONL.

--- a/autogpt_platform/backend/backend/copilot/sdk/transcript_test.py
+++ b/autogpt_platform/backend/backend/copilot/sdk/transcript_test.py
@@ -1,15 +1,23 @@
 """Unit tests for JSONL transcript management utilities."""

 import os
+from unittest.mock import AsyncMock, patch
+
+import pytest

 from backend.util import json

 from .transcript import (
    STRIPPABLE_TYPES,
+    _cli_project_dir,
+    delete_transcript,
+    read_cli_session_file,
+    read_compacted_entries,
    strip_progress_entries,
    validate_transcript,
    write_transcript_to_tempfile,
 )
+from .transcript_builder import TranscriptBuilder


 def _make_jsonl(*entries: dict) -> str:
@@ -282,3 +290,610 @@ class TestStripProgressEntries:
        lines = result.strip().split("\n")
        asst_entry = json.loads(lines[-1])
        assert asst_entry["parentUuid"] == "u1"  # reparented
+
+
+# --- read_cli_session_file ---
+
+
+class TestReadCliSessionFile:
+    def test_no_matching_files_returns_none(self, tmp_path, monkeypatch):
+        """read_cli_session_file returns None when no .jsonl files exist."""
+        # Create a project dir with no jsonl files
+        project_dir = tmp_path / "projects" / "encoded-cwd"
+        project_dir.mkdir(parents=True)
+        monkeypatch.setattr(
+            "backend.copilot.sdk.transcript._cli_project_dir",
+            lambda sdk_cwd: str(project_dir),
+        )
+        assert read_cli_session_file("/fake/cwd") is None
+
+    def test_one_jsonl_file_returns_content(self, tmp_path, monkeypatch):
+        """read_cli_session_file returns the content of a single .jsonl file."""
+        project_dir = tmp_path / "projects" / "encoded-cwd"
+        project_dir.mkdir(parents=True)
+        jsonl_file = project_dir / "session.jsonl"
+        jsonl_file.write_text("line1\nline2\n")
+        monkeypatch.setattr(
+            "backend.copilot.sdk.transcript._cli_project_dir",
+            lambda sdk_cwd: str(project_dir),
+        )
+        result = read_cli_session_file("/fake/cwd")
+        assert result == "line1\nline2\n"
+
+    def test_symlink_escaping_project_dir_is_skipped(self, tmp_path, monkeypatch):
+        """read_cli_session_file skips symlinks that escape the project dir."""
+        project_dir = tmp_path / "projects" / "encoded-cwd"
+        project_dir.mkdir(parents=True)
+
+        # Create a file outside the project dir
+        outside = tmp_path / "outside"
+        outside.mkdir()
+        outside_file = outside / "evil.jsonl"
+        outside_file.write_text("should not be read\n")
+
+        # Symlink from inside project_dir to outside file
+        symlink = project_dir / "evil.jsonl"
+        symlink.symlink_to(outside_file)
+
+        monkeypatch.setattr(
+            "backend.copilot.sdk.transcript._cli_project_dir",
+            lambda sdk_cwd: str(project_dir),
+        )
+        # The symlink target resolves outside project_dir, so it should be skipped
+        result = read_cli_session_file("/fake/cwd")
+        assert result is None
+
+
+# --- _cli_project_dir ---
+
+
+class TestCliProjectDir:
+    def test_returns_none_for_path_traversal(self, tmp_path, monkeypatch):
+        """_cli_project_dir returns None when the project dir symlink escapes projects base."""
+        config_dir = tmp_path / "config"
+        config_dir.mkdir()
+        projects_dir = config_dir / "projects"
+        projects_dir.mkdir()
+
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        # Create a symlink inside projects/ that points outside of it.
+        # _cli_project_dir encodes the cwd as all-alnum-hyphens, so use a
+        # cwd whose encoded form matches the symlink name we create.
+        evil_target = tmp_path / "escaped"
+        evil_target.mkdir()
+
+        # The encoded form of "/evil/cwd" is "-evil-cwd"
+        symlink_path = projects_dir / "-evil-cwd"
+        symlink_path.symlink_to(evil_target)
+
+        result = _cli_project_dir("/evil/cwd")
+        assert result is None
+
+
+# --- delete_transcript ---
+
+
+class TestDeleteTranscript:
+    @pytest.mark.asyncio
+    async def test_deletes_both_jsonl_and_meta(self):
+        """delete_transcript removes both the .jsonl and .meta.json files."""
+        mock_storage = AsyncMock()
+        mock_storage.delete = AsyncMock()
+
+        with patch(
+            "backend.util.workspace_storage.get_workspace_storage",
+            new_callable=AsyncMock,
+            return_value=mock_storage,
+        ):
+            await delete_transcript("user-123", "session-456")
+
+        assert mock_storage.delete.call_count == 2
+        paths = [call.args[0] for call in mock_storage.delete.call_args_list]
+        assert any(p.endswith(".jsonl") for p in paths)
+        assert any(p.endswith(".meta.json") for p in paths)
+
+    @pytest.mark.asyncio
+    async def test_continues_on_jsonl_delete_failure(self):
+        """If .jsonl delete fails, .meta.json delete is still attempted."""
+        mock_storage = AsyncMock()
+        mock_storage.delete = AsyncMock(
+            side_effect=[Exception("jsonl delete failed"), None]
+        )
+
+        with patch(
+            "backend.util.workspace_storage.get_workspace_storage",
+            new_callable=AsyncMock,
+            return_value=mock_storage,
+        ):
+            # Should not raise
+            await delete_transcript("user-123", "session-456")
+
+        assert mock_storage.delete.call_count == 2
+
+    @pytest.mark.asyncio
+    async def test_handles_meta_delete_failure(self):
+        """If .meta.json delete fails, no exception propagates."""
+        mock_storage = AsyncMock()
+        mock_storage.delete = AsyncMock(
+            side_effect=[None, Exception("meta delete failed")]
+        )
+
+        with patch(
+            "backend.util.workspace_storage.get_workspace_storage",
+            new_callable=AsyncMock,
+            return_value=mock_storage,
+        ):
+            # Should not raise
+            await delete_transcript("user-123", "session-456")
+
+
+# --- read_compacted_entries ---
+
+
+COMPACT_SUMMARY = {
+    "type": "summary",
+    "uuid": "cs1",
+    "isCompactSummary": True,
+    "message": {"role": "assistant", "content": "compacted context"},
+}
+POST_COMPACT_ASST = {
+    "type": "assistant",
+    "uuid": "a2",
+    "parentUuid": "cs1",
+    "message": {"role": "assistant", "content": "response after compaction"},
+}
+
+
+class TestReadCompactedEntries:
+    def test_returns_summary_and_entries_after(self, tmp_path, monkeypatch):
+        """File with isCompactSummary entry returns summary + entries after."""
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        pre_compact = {"type": "user", "uuid": "u1", "message": {"role": "user"}}
+        path = session_dir / "session.jsonl"
+        path.write_text(_make_jsonl(pre_compact, COMPACT_SUMMARY, POST_COMPACT_ASST))
+
+        result = read_compacted_entries(str(path))
+        assert result is not None
+        assert len(result) == 2
+        assert result[0]["isCompactSummary"] is True
+        assert result[1]["uuid"] == "a2"
+
+    def test_no_compact_summary_returns_none(self, tmp_path, monkeypatch):
+        """File without isCompactSummary returns None."""
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        path = session_dir / "session.jsonl"
+        path.write_text(_make_jsonl(USER_MSG, ASST_MSG))
+
+        result = read_compacted_entries(str(path))
+        assert result is None
+
+    def test_file_not_found_returns_none(self, tmp_path, monkeypatch):
+        """Non-existent file returns None."""
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        projects_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        result = read_compacted_entries(str(projects_dir / "missing.jsonl"))
+        assert result is None
+
+    def test_empty_path_returns_none(self):
+        """Empty string path returns None."""
+        result = read_compacted_entries("")
+        assert result is None
+
+    def test_malformed_json_lines_skipped(self, tmp_path, monkeypatch):
+        """Malformed JSON lines are skipped gracefully."""
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        path = session_dir / "session.jsonl"
+        content = "not valid json\n" + json.dumps(COMPACT_SUMMARY) + "\n"
+        content += "also bad\n" + json.dumps(POST_COMPACT_ASST) + "\n"
+        path.write_text(content)
+
+        result = read_compacted_entries(str(path))
+        assert result is not None
+        assert len(result) == 2  # summary + post-compact assistant
+
+    def test_multiple_compact_summaries_uses_last(self, tmp_path, monkeypatch):
+        """When multiple isCompactSummary entries exist, uses the last one
+        (most recent compaction)."""
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        second_summary = {
+            "type": "summary",
+            "uuid": "cs2",
+            "isCompactSummary": True,
+            "message": {"role": "assistant", "content": "second summary"},
+        }
+        path = session_dir / "session.jsonl"
+        path.write_text(_make_jsonl(COMPACT_SUMMARY, POST_COMPACT_ASST, second_summary))
+
+        result = read_compacted_entries(str(path))
+        assert result is not None
+        # Last summary found, so only cs2 returned
+        assert len(result) == 1
+        assert result[0]["uuid"] == "cs2"
+
+    def test_path_outside_projects_base_returns_none(self, tmp_path, monkeypatch):
+        """Transcript path outside the projects directory is rejected."""
+        config_dir = tmp_path / "config"
+        (config_dir / "projects").mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        evil_file = tmp_path / "evil.jsonl"
+        evil_file.write_text(_make_jsonl(COMPACT_SUMMARY))
+
+        result = read_compacted_entries(str(evil_file))
+        assert result is None
+
+
+# --- TranscriptBuilder.replace_entries ---
+
+
+class TestTranscriptBuilderReplaceEntries:
+    def test_replaces_existing_entries(self):
+        """replace_entries replaces all entries with compacted ones."""
+        builder = TranscriptBuilder()
+        builder.append_user("hello")
+        builder.append_assistant([{"type": "text", "text": "world"}])
+        assert builder.entry_count == 2
+
+        compacted = [
+            {
+                "type": "user",
+                "uuid": "cs1",
+                "isCompactSummary": True,
+                "message": {"role": "user", "content": "compacted summary"},
+            },
+            {
+                "type": "assistant",
+                "uuid": "a1",
+                "parentUuid": "cs1",
+                "message": {"role": "assistant", "content": "response"},
+            },
+        ]
+        builder.replace_entries(compacted)
+        assert builder.entry_count == 2
+        output = builder.to_jsonl()
+        entries = [json.loads(line) for line in output.strip().split("\n")]
+        assert entries[0]["uuid"] == "cs1"
+        assert entries[1]["uuid"] == "a1"
+
+    def test_filters_strippable_types(self):
+        """Strippable types are filtered out during replace."""
+        builder = TranscriptBuilder()
+        compacted = [
+            {
+                "type": "user",
+                "uuid": "cs1",
+                "message": {"role": "user", "content": "compacted summary"},
+            },
+            {"type": "progress", "uuid": "p1", "message": {}},
+            {"type": "summary", "uuid": "s1", "message": {}},
+            {
+                "type": "assistant",
+                "uuid": "a1",
+                "parentUuid": "cs1",
+                "message": {"role": "assistant", "content": "hi"},
+            },
+        ]
+        builder.replace_entries(compacted)
+        assert builder.entry_count == 2  # progress and summary were filtered
+
+    def test_maintains_last_uuid_chain(self):
+        """After replace, _last_uuid is the last entry's uuid."""
+        builder = TranscriptBuilder()
+        compacted = [
+            {
+                "type": "user",
+                "uuid": "cs1",
+                "message": {"role": "user", "content": "compacted summary"},
+            },
+            {
+                "type": "assistant",
+                "uuid": "a1",
+                "parentUuid": "cs1",
+                "message": {"role": "assistant", "content": "hi"},
+            },
+        ]
+        builder.replace_entries(compacted)
+        # Appending a new user message should chain to a1
+        builder.append_user("next question")
+        output = builder.to_jsonl()
+        entries = [json.loads(line) for line in output.strip().split("\n")]
+        assert entries[-1]["parentUuid"] == "a1"
+
+    def test_empty_entries_list_keeps_existing(self):
+        """Replacing with empty list keeps existing entries (safety check)."""
+        builder = TranscriptBuilder()
+        builder.append_user("hello")
+        builder.replace_entries([])
+        # Empty input is treated as corrupt — existing entries preserved
+        assert builder.entry_count == 1
+        assert not builder.is_empty
+
+
+# --- TranscriptBuilder.load_previous with compacted content ---
+
+
+class TestTranscriptBuilderLoadPreviousCompacted:
+    def test_preserves_compact_summary_entry(self):
+        """load_previous preserves isCompactSummary entries even though
+        their type is 'summary' (which is in STRIPPABLE_TYPES)."""
+        compacted_content = _make_jsonl(COMPACT_SUMMARY, POST_COMPACT_ASST)
+        builder = TranscriptBuilder()
+        builder.load_previous(compacted_content)
+        assert builder.entry_count == 2
+        output = builder.to_jsonl()
+        entries = [json.loads(line) for line in output.strip().split("\n")]
+        assert entries[0]["type"] == "summary"
+        assert entries[0]["uuid"] == "cs1"
+        assert entries[1]["uuid"] == "a2"
+
+    def test_strips_regular_summary_entries(self):
+        """Regular summary entries (without isCompactSummary) are still stripped."""
+        regular_summary = {"type": "summary", "uuid": "s1", "message": {"content": "x"}}
+        content = _make_jsonl(regular_summary, POST_COMPACT_ASST)
+        builder = TranscriptBuilder()
+        builder.load_previous(content)
+        assert builder.entry_count == 1  # Only the assistant entry
+
+
+# --- End-to-end compaction flow (simulates service.py) ---
+
+
+class TestCompactionFlowIntegration:
+    """Simulate the full compaction flow as it happens in service.py:
+
+    1. TranscriptBuilder loads a previous transcript (download)
+    2. New messages are appended (user query + assistant response)
+    3. CompactionTracker fires (PreCompact hook → emit_start → emit_end)
+    4. read_compacted_entries reads the CLI session file
+    5. TranscriptBuilder.replace_entries syncs with CLI state
+    6. Final to_jsonl() produces the correct output (upload)
+    """
+
+    def test_full_compaction_roundtrip(self, tmp_path, monkeypatch):
+        """Full roundtrip: load → append → compact → replace → export."""
+        # Setup: create a CLI session file with pre-compact + compaction entries
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        # Simulate a transcript with old messages, then a compaction summary
+        old_user = {
+            "type": "user",
+            "uuid": "u1",
+            "message": {"role": "user", "content": "old question"},
+        }
+        old_asst = {
+            "type": "assistant",
+            "uuid": "a1",
+            "parentUuid": "u1",
+            "message": {"role": "assistant", "content": "old answer"},
+        }
+        compact_summary = {
+            "type": "summary",
+            "uuid": "cs1",
+            "isCompactSummary": True,
+            "message": {"role": "user", "content": "compacted summary of conversation"},
+        }
+        post_compact_asst = {
+            "type": "assistant",
+            "uuid": "a2",
+            "parentUuid": "cs1",
+            "message": {"role": "assistant", "content": "response after compaction"},
+        }
+        session_file = session_dir / "session.jsonl"
+        session_file.write_text(
+            _make_jsonl(old_user, old_asst, compact_summary, post_compact_asst)
+        )
+
+        # Step 1: TranscriptBuilder loads previous transcript (simulates download)
+        # The previous transcript would have the OLD entries (pre-compaction)
+        previous_transcript = _make_jsonl(old_user, old_asst)
+        builder = TranscriptBuilder()
+        builder.load_previous(previous_transcript)
+        assert builder.entry_count == 2
+
+        # Step 2: New messages appended during the current query
+        builder.append_user("new question")
+        builder.append_assistant([{"type": "text", "text": "new answer"}])
+        assert builder.entry_count == 4
+
+        # Step 3: read_compacted_entries reads the CLI session file
+        compacted = read_compacted_entries(str(session_file))
+        assert compacted is not None
+        assert len(compacted) == 2  # compact_summary + post_compact_asst
+        assert compacted[0]["isCompactSummary"] is True
+
+        # Step 4: replace_entries syncs builder with CLI state
+        builder.replace_entries(compacted)
+        assert builder.entry_count == 2  # Only compacted entries now
+
+        # Step 5: Append post-compaction messages (continuing the stream)
+        builder.append_user("follow-up question")
+        assert builder.entry_count == 3
+
+        # Step 6: Export and verify
+        output = builder.to_jsonl()
+        entries = [json.loads(line) for line in output.strip().split("\n")]
+        assert len(entries) == 3
+        # First entry is the compaction summary
+        assert entries[0]["type"] == "summary"
+        assert entries[0]["uuid"] == "cs1"
+        # Second is the post-compact assistant
+        assert entries[1]["uuid"] == "a2"
+        # Third is our follow-up, parented to the last compacted entry
+        assert entries[2]["type"] == "user"
+        assert entries[2]["parentUuid"] == "a2"
+
+    def test_compaction_preserves_chain_across_multiple_compactions(
+        self, tmp_path, monkeypatch
+    ):
+        """Two compactions: first compacts old history, second compacts the first."""
+        config_dir = tmp_path / "config"
+        projects_dir = config_dir / "projects"
+        session_dir = projects_dir / "proj"
+        session_dir.mkdir(parents=True)
+        monkeypatch.setenv("CLAUDE_CONFIG_DIR", str(config_dir))
+
+        # First compaction
+        first_summary = {
+            "type": "summary",
+            "uuid": "cs1",
+            "isCompactSummary": True,
+            "message": {"role": "user", "content": "first summary"},
+        }
+        mid_asst = {
+            "type": "assistant",
+            "uuid": "a1",
+            "parentUuid": "cs1",
+            "message": {"role": "assistant", "content": "mid response"},
+        }
+        # Second compaction (compacts the first summary + mid_asst)
+        second_summary = {
+            "type": "summary",
+            "uuid": "cs2",
+            "isCompactSummary": True,
+            "message": {"role": "user", "content": "second summary"},
+        }
+        final_asst = {
+            "type": "assistant",
+            "uuid": "a2",
+            "parentUuid": "cs2",
+            "message": {"role": "assistant", "content": "final response"},
+        }
+
+        session_file = session_dir / "session.jsonl"
+        session_file.write_text(
+            _make_jsonl(first_summary, mid_asst, second_summary, final_asst)
+        )
+
+        # read_compacted_entries should find the LAST summary
+        compacted = read_compacted_entries(str(session_file))
+        assert compacted is not None
+        assert len(compacted) == 2  # second_summary + final_asst
+        assert compacted[0]["uuid"] == "cs2"
+
+        # Apply to builder
+        builder = TranscriptBuilder()
+        builder.append_user("old stuff")
+        builder.append_assistant([{"type": "text", "text": "old response"}])
+        builder.replace_entries(compacted)
+        assert builder.entry_count == 2
+
+        # New message chains correctly
+        builder.append_user("after second compaction")
+        output = builder.to_jsonl()
+        entries = [json.loads(line) for line in output.strip().split("\n")]
+        assert entries[-1]["parentUuid"] == "a2"
+
+    def test_strip_progress_preserves_compact_summaries(self):
+        """strip_progress_entries doesn't strip isCompactSummary entries
+        even though their type is 'summary' (in STRIPPABLE_TYPES)."""
+        compact_summary = {
+            "type": "summary",
+            "uuid": "cs1",
+            "isCompactSummary": True,
+            "message": {"role": "user", "content": "compacted"},
+        }
+        regular_summary = {"type": "summary", "uuid": "s1", "message": {"content": "x"}}
+        progress = {"type": "progress", "uuid": "p1", "data": {"stdout": "..."}}
+        user = {
+            "type": "user",
+            "uuid": "u1",
+            "message": {"role": "user", "content": "hi"},
+        }
+
+        content = _make_jsonl(compact_summary, regular_summary, progress, user)
+        stripped = strip_progress_entries(content)
+        stripped_entries = [
+            json.loads(line) for line in stripped.strip().split("\n") if line.strip()
+        ]
+
+        uuids = [e.get("uuid") for e in stripped_entries]
+        # compact_summary kept, regular_summary stripped, progress stripped, user kept
+        assert "cs1" in uuids  # compact summary preserved
+        assert "s1" not in uuids  # regular summary stripped
+        assert "p1" not in uuids  # progress stripped
+        assert "u1" in uuids  # user kept
+
+    def test_builder_load_then_replace_then_export_roundtrip(self):
+        """Load a compacted transcript, replace with new compaction, export.
+        Simulates two consecutive turns with compaction each time."""
+        # Turn 1: load compacted transcript
+        compact1 = {
+            "type": "summary",
+            "uuid": "cs1",
+            "isCompactSummary": True,
+            "message": {"role": "user", "content": "summary v1"},
+        }
+        asst1 = {
+            "type": "assistant",
+            "uuid": "a1",
+            "parentUuid": "cs1",
+            "message": {"role": "assistant", "content": "response 1"},
+        }
+        builder = TranscriptBuilder()
+        builder.load_previous(_make_jsonl(compact1, asst1))
+        assert builder.entry_count == 2
+
+        # Turn 1: append new messages
+        builder.append_user("question")
+        builder.append_assistant([{"type": "text", "text": "answer"}])
+        assert builder.entry_count == 4
+
+        # Turn 1: compaction fires — replace with new compacted state
+        compact2 = {
+            "type": "summary",
+            "uuid": "cs2",
+            "isCompactSummary": True,
+            "message": {"role": "user", "content": "summary v2"},
+        }
+        asst2 = {
+            "type": "assistant",
+            "uuid": "a2",
+            "parentUuid": "cs2",
+            "message": {"role": "assistant", "content": "continuing"},
+        }
+        builder.replace_entries([compact2, asst2])
+        assert builder.entry_count == 2
+
+        # Export (this goes to cloud storage for next turn's download)
+        output = builder.to_jsonl()
+        lines = [json.loads(line) for line in output.strip().split("\n")]
+        assert lines[0]["uuid"] == "cs2"
+        assert lines[0]["type"] == "summary"
+        assert lines[1]["uuid"] == "a2"
+
+        # Turn 2: fresh builder loads the exported transcript
+        builder2 = TranscriptBuilder()
+        builder2.load_previous(output)
+        assert builder2.entry_count == 2
+        builder2.append_user("turn 2 question")
+        output2 = builder2.to_jsonl()
+        lines2 = [json.loads(line) for line in output2.strip().split("\n")]
+        assert lines2[-1]["parentUuid"] == "a2"
--- a/autogpt_platform/backend/backend/copilot/stream_registry.py
+++ b/autogpt_platform/backend/backend/copilot/stream_registry.py
@@ -23,6 +23,11 @@ from typing import Any, Literal

 import orjson

+from backend.api.model import CopilotCompletionPayload
+from backend.data.notification_bus import (
+    AsyncRedisNotificationEventBus,
+    NotificationEvent,
+)
 from backend.data.redis_client import get_redis_async

 from .config import ChatConfig
@@ -38,6 +43,7 @@ from .response_model import (

 logger = logging.getLogger(__name__)
 config = ChatConfig()
+_notification_bus = AsyncRedisNotificationEventBus()

 # Track background tasks for this pod (just the asyncio.Task reference, not subscribers)
 _local_sessions: dict[str, asyncio.Task] = {}
@@ -745,6 +751,29 @@ async def mark_session_completed(

    # Clean up local session reference if exists
    _local_sessions.pop(session_id, None)
+
+    # Publish copilot completion notification via WebSocket
+    if meta:
+        parsed = _parse_session_meta(meta, session_id)
+        if parsed.user_id:
+            try:
+                await _notification_bus.publish(
+                    NotificationEvent(
+                        user_id=parsed.user_id,
+                        payload=CopilotCompletionPayload(
+                            type="copilot_completion",
+                            event="session_completed",
+                            session_id=session_id,
+                            status=status,
+                        ),
+                    )
+                )
+            except Exception as e:
+                logger.warning(
+                    f"Failed to publish copilot completion notification "
+                    f"for session {session_id}: {e}"
+                )
+
    return True


--- a/autogpt_platform/backend/backend/copilot/tools/init.py
+++ b/autogpt_platform/backend/backend/copilot/tools/init.py
@@ -12,6 +12,7 @@ from .agent_browser import BrowserActTool, BrowserNavigateTool, BrowserScreensho
 from .agent_output import AgentOutputTool
 from .base import BaseTool
 from .bash_exec import BashExecTool
+from .continue_run_block import ContinueRunBlockTool
 from .create_agent import CreateAgentTool
 from .customize_agent import CustomizeAgentTool
 from .edit_agent import EditAgentTool
@@ -68,6 +69,7 @@ TOOL_REGISTRY: dict[str, BaseTool] = {
    "move_agents_to_folder": MoveAgentsToFolderTool(),
    "run_agent": RunAgentTool(),
    "run_block": RunBlockTool(),
+    "continue_run_block": ContinueRunBlockTool(),
    "run_mcp_tool": RunMCPToolTool(),
    "get_mcp_guide": GetMCPGuideTool(),
    "view_agent_output": AgentOutputTool(),
--- a/autogpt_platform/backend/backend/copilot/tools/agent_browser.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_browser.py
@@ -33,7 +33,7 @@ import tempfile
 from typing import Any

 from backend.copilot.model import ChatSession
-from backend.util.request import validate_url
+from backend.util.request import validate_url_host

 from .base import BaseTool
 from .models import (
@@ -235,7 +235,7 @@ async def _restore_browser_state(
        if url:
            # Validate the saved URL to prevent SSRF via stored redirect targets.
            try:
-                await validate_url(url, trusted_origins=[])
+                await validate_url_host(url)
            except ValueError:
                logger.warning(
                    "[browser] State restore: blocked SSRF URL %s", url[:200]
@@ -473,7 +473,7 @@ class BrowserNavigateTool(BaseTool):
            )

        try:
-            await validate_url(url, trusted_origins=[])
+            await validate_url_host(url)
        except ValueError as e:
            return ErrorResponse(
                message=str(e),
--- a/autogpt_platform/backend/backend/copilot/tools/agent_browser_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_browser_test.py
@@ -68,17 +68,18 @@ def _run_result(rc: int = 0, stdout: str = "", stderr: str = "") -> tuple:


 # ---------------------------------------------------------------------------
-# SSRF protection via shared validate_url (backend.util.request)
+# SSRF protection via shared validate_url_host (backend.util.request)
 # ---------------------------------------------------------------------------

-# Patch target: validate_url is imported directly into agent_browser's module scope.
-_VALIDATE_URL = "backend.copilot.tools.agent_browser.validate_url"
+# Patch target: validate_url_host is imported directly into agent_browser's
+# module scope.
+_VALIDATE_URL = "backend.copilot.tools.agent_browser.validate_url_host"


 class TestSsrfViaValidateUrl:
-    """Verify that browser_navigate uses validate_url for SSRF protection.
+    """Verify that browser_navigate uses validate_url_host for SSRF protection.

-    We mock validate_url itself (not the low-level socket) so these tests
+    We mock validate_url_host itself (not the low-level socket) so these tests
    exercise the integration point, not the internals of request.py
    (which has its own thorough test suite in request_test.py).
    """
@@ -89,7 +90,7 @@ class TestSsrfViaValidateUrl:

    @pytest.mark.asyncio
    async def test_blocked_ip_returns_blocked_url_error(self):
-        """validate_url raises ValueError → tool returns blocked_url ErrorResponse."""
+        """validate_url_host raises ValueError → tool returns blocked_url ErrorResponse."""
        with patch(_VALIDATE_URL, new_callable=AsyncMock) as mock_validate:
            mock_validate.side_effect = ValueError(
                "Access to blocked IP 10.0.0.1 is not allowed."
@@ -124,8 +125,8 @@ class TestSsrfViaValidateUrl:
        assert result.error == "blocked_url"

    @pytest.mark.asyncio
-    async def test_validate_url_called_with_empty_trusted_origins(self):
-        """Confirms no trusted-origins bypass is granted — all URLs are validated."""
+    async def test_validate_url_host_called_without_trusted_hostnames(self):
+        """Confirms no trusted-hostnames bypass is granted — all URLs are validated."""
        with patch(_VALIDATE_URL, new_callable=AsyncMock) as mock_validate:
            mock_validate.return_value = (object(), False, ["1.2.3.4"])
            with patch(
@@ -143,7 +144,7 @@ class TestSsrfViaValidateUrl:
                        session=self.session,
                        url="https://example.com",
                    )
-        mock_validate.assert_called_once_with("https://example.com", trusted_origins=[])
+        mock_validate.assert_called_once_with("https://example.com")


 # ---------------------------------------------------------------------------
--- a/autogpt_platform/backend/backend/copilot/tools/agent_generator/fixer.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_generator/fixer.py
@@ -829,8 +829,12 @@ class AgentFixer:

        For nodes whose block has category "AI", this function ensures that the
        input_default has a "model" parameter set to one of the allowed models.
-        If missing or set to an unsupported value, it is replaced with
-        default_model.
+        If missing or set to an unsupported value, it is replaced with the
+        appropriate default.
+
+        Blocks that define their own ``enum`` constraint on the ``model`` field
+        in their inputSchema (e.g. PerplexityBlock) are validated against that
+        enum instead of the generic allowed set.

        Args:
            agent: The agent dictionary to fix
@@ -840,7 +844,7 @@ class AgentFixer:
        Returns:
            The fixed agent dictionary
        """
-        allowed_models = {"gpt-4o", "claude-opus-4-6"}
+        generic_allowed_models = {"gpt-4o", "claude-opus-4-6"}

        # Create a mapping of block_id to block for quick lookup
        block_map = {block.get("id"): block for block in blocks}
@@ -868,20 +872,36 @@ class AgentFixer:
                input_default = node.get("input_default", {})
                current_model = input_default.get("model")

+                # Determine allowed models and default from the block's schema.
+                # Blocks with a block-specific enum on the model field (e.g.
+                # PerplexityBlock) use their own enum values; others use the
+                # generic set.
+                model_schema = (
+                    block.get("inputSchema", {}).get("properties", {}).get("model", {})
+                )
+                block_model_enum = model_schema.get("enum")
+
+                if block_model_enum:
+                    allowed_models = set(block_model_enum)
+                    fallback_model = model_schema.get("default", block_model_enum[0])
+                else:
+                    allowed_models = generic_allowed_models
+                    fallback_model = default_model
+
                if current_model not in allowed_models:
                    block_name = block.get("name", "Unknown AI Block")
                    if current_model is None:
                        self.add_fix_log(
-                            f"Added model parameter '{default_model}' to AI "
+                            f"Added model parameter '{fallback_model}' to AI "
                            f"block node {node_id} ({block_name})"
                        )
                    else:
                        self.add_fix_log(
                            f"Replaced unsupported model '{current_model}' "
-                            f"with '{default_model}' on AI block node "
+                            f"with '{fallback_model}' on AI block node "
                            f"{node_id} ({block_name})"
                        )
-                    input_default["model"] = default_model
+                    input_default["model"] = fallback_model
                    node["input_default"] = input_default
                    fixed_count += 1

--- a/autogpt_platform/backend/backend/copilot/tools/agent_generator/fixer_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_generator/fixer_test.py
@@ -475,6 +475,111 @@ class TestFixAiModelParameter:

        assert result["nodes"][0]["input_default"]["model"] == "claude-opus-4-6"

+    def test_block_specific_enum_uses_block_default(self):
+        """Blocks with their own model enum (e.g. PerplexityBlock) should use
+        the block's allowed models and default, not the generic ones."""
+        fixer = AgentFixer()
+        block_id = generate_uuid()
+        node = _make_node(
+            node_id="n1",
+            block_id=block_id,
+            input_default={"model": "gpt-5.2-2025-12-11"},
+        )
+        agent = _make_agent(nodes=[node])
+
+        blocks = [
+            {
+                "id": block_id,
+                "name": "PerplexityBlock",
+                "categories": [{"category": "AI"}],
+                "inputSchema": {
+                    "properties": {
+                        "model": {
+                            "type": "string",
+                            "enum": [
+                                "perplexity/sonar",
+                                "perplexity/sonar-pro",
+                                "perplexity/sonar-deep-research",
+                            ],
+                            "default": "perplexity/sonar",
+                        }
+                    },
+                },
+            }
+        ]
+
+        result = fixer.fix_ai_model_parameter(agent, blocks)
+
+        assert result["nodes"][0]["input_default"]["model"] == "perplexity/sonar"
+
+    def test_block_specific_enum_valid_model_unchanged(self):
+        """A valid block-specific model should not be replaced."""
+        fixer = AgentFixer()
+        block_id = generate_uuid()
+        node = _make_node(
+            node_id="n1",
+            block_id=block_id,
+            input_default={"model": "perplexity/sonar-pro"},
+        )
+        agent = _make_agent(nodes=[node])
+
+        blocks = [
+            {
+                "id": block_id,
+                "name": "PerplexityBlock",
+                "categories": [{"category": "AI"}],
+                "inputSchema": {
+                    "properties": {
+                        "model": {
+                            "type": "string",
+                            "enum": [
+                                "perplexity/sonar",
+                                "perplexity/sonar-pro",
+                                "perplexity/sonar-deep-research",
+                            ],
+                            "default": "perplexity/sonar",
+                        }
+                    },
+                },
+            }
+        ]
+
+        result = fixer.fix_ai_model_parameter(agent, blocks)
+
+        assert result["nodes"][0]["input_default"]["model"] == "perplexity/sonar-pro"
+
+    def test_block_specific_enum_missing_model_gets_block_default(self):
+        """Missing model on a block with enum should use the block's default."""
+        fixer = AgentFixer()
+        block_id = generate_uuid()
+        node = _make_node(node_id="n1", block_id=block_id, input_default={})
+        agent = _make_agent(nodes=[node])
+
+        blocks = [
+            {
+                "id": block_id,
+                "name": "PerplexityBlock",
+                "categories": [{"category": "AI"}],
+                "inputSchema": {
+                    "properties": {
+                        "model": {
+                            "type": "string",
+                            "enum": [
+                                "perplexity/sonar",
+                                "perplexity/sonar-pro",
+                                "perplexity/sonar-deep-research",
+                            ],
+                            "default": "perplexity/sonar",
+                        }
+                    },
+                },
+            }
+        ]
+
+        result = fixer.fix_ai_model_parameter(agent, blocks)
+
+        assert result["nodes"][0]["input_default"]["model"] == "perplexity/sonar"
+

 class TestFixAgentExecutorBlocks:
    """Tests for fix_agent_executor_blocks."""
--- a/autogpt_platform/backend/backend/copilot/tools/agent_generator/validator.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_generator/validator.py
@@ -935,5 +935,5 @@ class AgentValidator:
            for i, error in enumerate(self.errors, 1):
                error_message += f"{i}. {error}\n"

-            logger.error(f"Agent validation failed: {error_message}")
+            logger.warning(f"Agent validation failed: {error_message}")
            return False, error_message
--- a/autogpt_platform/backend/backend/copilot/tools/continue_run_block.py
+++ b/autogpt_platform/backend/backend/copilot/tools/continue_run_block.py
@@ -0,0 +1,157 @@
+"""Tool for continuing block execution after human review approval."""
+
+import logging
+from typing import Any
+
+from prisma.enums import ReviewStatus
+
+from backend.blocks import get_block
+from backend.copilot.constants import (
+    COPILOT_NODE_PREFIX,
+    COPILOT_SESSION_PREFIX,
+    parse_node_id_from_exec_id,
+)
+from backend.copilot.model import ChatSession
+from backend.data.db_accessors import review_db
+
+from .base import BaseTool
+from .helpers import execute_block, resolve_block_credentials
+from .models import ErrorResponse, ToolResponseBase
+
+logger = logging.getLogger(__name__)
+
+
+class ContinueRunBlockTool(BaseTool):
+    """Tool for continuing a block execution after human review approval."""
+
+    @property
+    def name(self) -> str:
+        return "continue_run_block"
+
+    @property
+    def description(self) -> str:
+        return (
+            "Continue executing a block after human review approval. "
+            "Use this after a run_block call returned review_required. "
+            "Pass the review_id from the review_required response. "
+            "The block will execute with the original pre-approved input data."
+        )
+
+    @property
+    def parameters(self) -> dict[str, Any]:
+        return {
+            "type": "object",
+            "properties": {
+                "review_id": {
+                    "type": "string",
+                    "description": (
+                        "The review_id from a previous review_required response. "
+                        "This resumes execution with the pre-approved input data."
+                    ),
+                },
+            },
+            "required": ["review_id"],
+        }
+
+    @property
+    def requires_auth(self) -> bool:
+        return True
+
+    async def _execute(
+        self,
+        user_id: str | None,
+        session: ChatSession,
+        **kwargs,
+    ) -> ToolResponseBase:
+        review_id = (
+            kwargs.get("review_id", "").strip() if kwargs.get("review_id") else ""
+        )
+        session_id = session.session_id
+
+        if not review_id:
+            return ErrorResponse(
+                message="Please provide a review_id", session_id=session_id
+            )
+
+        if not user_id:
+            return ErrorResponse(
+                message="Authentication required", session_id=session_id
+            )
+
+        # Look up and validate the review record via adapter
+        reviews = await review_db().get_reviews_by_node_exec_ids([review_id], user_id)
+        review = reviews.get(review_id)
+
+        if not review:
+            return ErrorResponse(
+                message=(
+                    f"Review '{review_id}' not found or already executed. "
+                    "It may have been consumed by a previous continue_run_block call."
+                ),
+                session_id=session_id,
+            )
+
+        # Validate the review belongs to this session
+        expected_graph_exec_id = f"{COPILOT_SESSION_PREFIX}{session_id}"
+        if review.graph_exec_id != expected_graph_exec_id:
+            return ErrorResponse(
+                message="Review does not belong to this session.",
+                session_id=session_id,
+            )
+
+        if review.status == ReviewStatus.WAITING:
+            return ErrorResponse(
+                message="Review has not been approved yet. "
+                "Please wait for the user to approve the review first.",
+                session_id=session_id,
+            )
+
+        if review.status == ReviewStatus.REJECTED:
+            return ErrorResponse(
+                message="Review was rejected. The block will not execute.",
+                session_id=session_id,
+            )
+
+        # Extract block_id from review_id: copilot-node-{block_id}:{random_hex}
+        block_id = parse_node_id_from_exec_id(review_id).removeprefix(
+            COPILOT_NODE_PREFIX
+        )
+        block = get_block(block_id)
+        if not block:
+            return ErrorResponse(
+                message=f"Block '{block_id}' not found", session_id=session_id
+            )
+
+        input_data: dict[str, Any] = (
+            review.payload if isinstance(review.payload, dict) else {}
+        )
+
+        logger.info(
+            f"Continuing block {block.name} ({block_id}) for user {user_id} "
+            f"with review_id={review_id}"
+        )
+
+        matched_creds, missing_creds = await resolve_block_credentials(
+            user_id, block, input_data
+        )
+        if missing_creds:
+            return ErrorResponse(
+                message=f"Block '{block.name}' requires credentials that are not configured.",
+                session_id=session_id,
+            )
+
+        result = await execute_block(
+            block=block,
+            block_id=block_id,
+            input_data=input_data,
+            user_id=user_id,
+            session_id=session_id,
+            node_exec_id=review_id,
+            matched_credentials=matched_creds,
+        )
+
+        # Delete review record after successful execution (one-time use)
+        if result.type != "error":
+            await review_db().delete_review_by_node_exec_id(review_id, user_id)
+
+        return result
--- a/autogpt_platform/backend/backend/copilot/tools/continue_run_block_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/continue_run_block_test.py
@@ -0,0 +1,186 @@
+"""Tests for ContinueRunBlockTool."""
+
+from unittest.mock import AsyncMock, MagicMock, patch
+
+import pytest
+from prisma.enums import ReviewStatus
+
+from ._test_data import make_session
+from .continue_run_block import ContinueRunBlockTool
+from .models import BlockOutputResponse, ErrorResponse
+
+_TEST_USER_ID = "test-user-continue"
+
+
+def _make_review_model(
+    node_exec_id: str,
+    status: ReviewStatus = ReviewStatus.APPROVED,
+    payload: dict | None = None,
+    graph_exec_id: str = "",
+):
+    """Create a mock PendingHumanReviewModel."""
+    mock = MagicMock()
+    mock.node_exec_id = node_exec_id
+    mock.status = status
+    mock.payload = payload or {"text": "hello"}
+    mock.graph_exec_id = graph_exec_id
+    return mock
+
+
+class TestContinueRunBlock:
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_missing_review_id_returns_error(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+
+        response = await tool._execute(
+            user_id=_TEST_USER_ID,
+            session=session,
+            review_id="",
+        )
+
+        assert isinstance(response, ErrorResponse)
+        assert "review_id" in response.message
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_review_not_found_returns_error(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+
+        mock_db = MagicMock()
+        mock_db.get_reviews_by_node_exec_ids = AsyncMock(return_value={})
+
+        with patch(
+            "backend.copilot.tools.continue_run_block.review_db",
+            return_value=mock_db,
+        ):
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                review_id="copilot-node-some-block:abc12345",
+            )
+
+        assert isinstance(response, ErrorResponse)
+        assert "not found" in response.message
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_waiting_review_returns_error(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+        review_id = "copilot-node-some-block:abc12345"
+        graph_exec_id = f"copilot-session-{session.session_id}"
+        review = _make_review_model(
+            review_id, status=ReviewStatus.WAITING, graph_exec_id=graph_exec_id
+        )
+
+        mock_db = MagicMock()
+        mock_db.get_reviews_by_node_exec_ids = AsyncMock(
+            return_value={review_id: review}
+        )
+
+        with patch(
+            "backend.copilot.tools.continue_run_block.review_db",
+            return_value=mock_db,
+        ):
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                review_id=review_id,
+            )
+
+        assert isinstance(response, ErrorResponse)
+        assert "not been approved" in response.message
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_rejected_review_returns_error(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+        review_id = "copilot-node-some-block:abc12345"
+        graph_exec_id = f"copilot-session-{session.session_id}"
+        review = _make_review_model(
+            review_id, status=ReviewStatus.REJECTED, graph_exec_id=graph_exec_id
+        )
+
+        mock_db = MagicMock()
+        mock_db.get_reviews_by_node_exec_ids = AsyncMock(
+            return_value={review_id: review}
+        )
+
+        with patch(
+            "backend.copilot.tools.continue_run_block.review_db",
+            return_value=mock_db,
+        ):
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                review_id=review_id,
+            )
+
+        assert isinstance(response, ErrorResponse)
+        assert "rejected" in response.message.lower()
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_approved_review_executes_block(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+        review_id = "copilot-node-delete-branch-id:abc12345"
+        graph_exec_id = f"copilot-session-{session.session_id}"
+        input_data = {"repo_url": "https://github.com/test/repo", "branch": "main"}
+        review = _make_review_model(
+            review_id,
+            status=ReviewStatus.APPROVED,
+            payload=input_data,
+            graph_exec_id=graph_exec_id,
+        )
+
+        mock_block = MagicMock()
+        mock_block.name = "Delete Branch"
+
+        async def mock_execute(data, **kwargs):
+            yield "result", "Branch deleted"
+
+        mock_block.execute = mock_execute
+        mock_block.input_schema.get_credentials_fields_info.return_value = []
+
+        mock_workspace_db = MagicMock()
+        mock_workspace_db.get_or_create_workspace = AsyncMock(
+            return_value=MagicMock(id="test-workspace-id")
+        )
+
+        mock_db = MagicMock()
+        mock_db.get_reviews_by_node_exec_ids = AsyncMock(
+            return_value={review_id: review}
+        )
+        mock_db.delete_review_by_node_exec_id = AsyncMock(return_value=1)
+
+        with (
+            patch(
+                "backend.copilot.tools.continue_run_block.review_db",
+                return_value=mock_db,
+            ),
+            patch(
+                "backend.copilot.tools.continue_run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.workspace_db",
+                return_value=mock_workspace_db,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+        ):
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                review_id=review_id,
+            )
+
+        assert isinstance(response, BlockOutputResponse)
+        assert response.success is True
+        assert response.block_name == "Delete Branch"
+        # Verify review was deleted (one-time use)
+        mock_db.delete_review_by_node_exec_id.assert_called_once_with(
+            review_id, _TEST_USER_ID
+        )
--- a/autogpt_platform/backend/backend/copilot/tools/e2b_sandbox.py
+++ b/autogpt_platform/backend/backend/copilot/tools/e2b_sandbox.py
@@ -21,9 +21,11 @@ Lifecycle
 Cost control
 ------------
 Sandboxes are created with a configurable ``on_timeout`` lifecycle action
-(default: ``"pause"``).  The explicit per-turn ``pause_sandbox()`` call is the
-primary mechanism; the lifecycle setting is a safety net.  Paused sandboxes are
-free.
+(default: ``"pause"``) and ``auto_resume`` (default: ``True``).  The explicit
+per-turn ``pause_sandbox()`` call is the primary mechanism; the lifecycle
+timeout is a safety net (default: 5 min).  ``auto_resume`` ensures that paused
+sandboxes wake transparently on SDK activity, making the aggressive safety-net
+timeout safe.  Paused sandboxes are free.

 The sandbox_id is stored in Redis.  The same key doubles as a creation lock:
 a ``"creating"`` sentinel value is written with a short TTL while a new sandbox
@@ -40,6 +42,7 @@ import logging
 from typing import Any, Awaitable, Callable, Literal

 from e2b import AsyncSandbox
+from e2b.sandbox.sandbox_api import SandboxLifecycle

 from backend.data.redis_client import get_redis_async

@@ -116,9 +119,10 @@ async def get_or_create_sandbox(
    removes the need for a separate lock key.

    *timeout* controls how long the e2b sandbox may run continuously before
-    the ``on_timeout`` lifecycle rule fires (default: 3 h).
+    the ``on_timeout`` lifecycle rule fires (default: 5 min).
    *on_timeout* controls what happens on timeout: ``"pause"`` (default, free)
-    or ``"kill"``.
+    or ``"kill"``.  When ``"pause"``, ``auto_resume`` is enabled so paused
+    sandboxes wake transparently on SDK activity.
    """
    redis = await get_redis_async()
    key = _sandbox_key(session_id)
@@ -156,11 +160,15 @@ async def get_or_create_sandbox(

        # We hold the slot — create the sandbox.
        try:
+            lifecycle = SandboxLifecycle(
+                on_timeout=on_timeout,
+                auto_resume=on_timeout == "pause",
+            )
            sandbox = await AsyncSandbox.create(
                template=template,
                api_key=api_key,
                timeout=timeout,
-                lifecycle={"on_timeout": on_timeout},
+                lifecycle=lifecycle,
            )
            try:
                await _set_stored_sandbox_id(session_id, sandbox.sandbox_id)
--- a/autogpt_platform/backend/backend/copilot/tools/e2b_sandbox_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/e2b_sandbox_test.py
@@ -157,14 +157,17 @@ class TestGetOrCreateSandbox:

        assert result is new_sb
        mock_cls.create.assert_awaited_once()
-        # Verify lifecycle param is set
+        # Verify lifecycle: pause + auto_resume enabled
        _, kwargs = mock_cls.create.call_args
-        assert kwargs.get("lifecycle") == {"on_timeout": "pause"}
+        assert kwargs.get("lifecycle") == {
+            "on_timeout": "pause",
+            "auto_resume": True,
+        }
        # sandbox_id should be saved to Redis
        redis.set.assert_awaited()

    def test_create_with_on_timeout_kill(self):
-        """on_timeout='kill' is passed through to AsyncSandbox.create."""
+        """on_timeout='kill' disables auto_resume automatically."""
        new_sb = _mock_sandbox("sb-new")
        redis = _mock_redis(set_nx_result=True, stored_sandbox_id=None)
        with (
@@ -179,7 +182,10 @@ class TestGetOrCreateSandbox:
            )

        _, kwargs = mock_cls.create.call_args
-        assert kwargs.get("lifecycle") == {"on_timeout": "kill"}
+        assert kwargs.get("lifecycle") == {
+            "on_timeout": "kill",
+            "auto_resume": False,
+        }

    def test_create_failure_releases_slot(self):
        """If sandbox creation fails, the Redis creation slot is deleted."""
--- a/autogpt_platform/backend/backend/copilot/tools/helpers.py
+++ b/autogpt_platform/backend/backend/copilot/tools/helpers.py
@@ -1,7 +1,25 @@
 """Shared helpers for chat tools."""

+import logging
+from collections import defaultdict
 from typing import Any

+from pydantic_core import PydanticUndefined
+
+from backend.blocks._base import AnyBlockSchema
+from backend.copilot.constants import COPILOT_NODE_PREFIX, COPILOT_SESSION_PREFIX
+from backend.data.db_accessors import workspace_db
+from backend.data.execution import ExecutionContext
+from backend.data.model import CredentialsFieldInfo, CredentialsMetaInput
+from backend.integrations.creds_manager import IntegrationCredentialsManager
+from backend.util.exceptions import BlockError
+from backend.util.type import coerce_inputs_to_schema
+
+from .models import BlockOutputResponse, ErrorResponse, ToolResponseBase
+from .utils import match_credentials_to_requirements
+
+logger = logging.getLogger(__name__)
+

 def get_inputs_from_schema(
    input_schema: dict[str, Any],
@@ -27,3 +45,162 @@ def get_inputs_from_schema(
        for name, schema in properties.items()
        if name not in exclude
    ]
+
+
+async def execute_block(
+    *,
+    block: AnyBlockSchema,
+    block_id: str,
+    input_data: dict[str, Any],
+    user_id: str,
+    session_id: str,
+    node_exec_id: str,
+    matched_credentials: dict[str, CredentialsMetaInput],
+    sensitive_action_safe_mode: bool = False,
+) -> ToolResponseBase:
+    """Execute a block with full context setup, credential injection, and error handling.
+
+    This is the shared execution path used by both ``run_block`` (after review
+    check) and ``continue_run_block`` (after approval).
+
+    Returns:
+        BlockOutputResponse on success, ErrorResponse on failure.
+    """
+    try:
+        workspace = await workspace_db().get_or_create_workspace(user_id)
+
+        synthetic_graph_id = f"{COPILOT_SESSION_PREFIX}{session_id}"
+        synthetic_node_id = f"{COPILOT_NODE_PREFIX}{block_id}"
+
+        execution_context = ExecutionContext(
+            user_id=user_id,
+            graph_id=synthetic_graph_id,
+            graph_exec_id=synthetic_graph_id,
+            graph_version=1,
+            node_id=synthetic_node_id,
+            node_exec_id=node_exec_id,
+            workspace_id=workspace.id,
+            session_id=session_id,
+            sensitive_action_safe_mode=sensitive_action_safe_mode,
+        )
+
+        exec_kwargs: dict[str, Any] = {
+            "user_id": user_id,
+            "execution_context": execution_context,
+            "workspace_id": workspace.id,
+            "graph_exec_id": synthetic_graph_id,
+            "node_exec_id": node_exec_id,
+            "node_id": synthetic_node_id,
+            "graph_version": 1,
+            "graph_id": synthetic_graph_id,
+        }
+
+        # Inject credentials
+        creds_manager = IntegrationCredentialsManager()
+        for field_name, cred_meta in matched_credentials.items():
+            if field_name not in input_data:
+                input_data[field_name] = cred_meta.model_dump()
+
+            actual_credentials = await creds_manager.get(
+                user_id, cred_meta.id, lock=False
+            )
+            if actual_credentials:
+                exec_kwargs[field_name] = actual_credentials
+            else:
+                return ErrorResponse(
+                    message=f"Failed to retrieve credentials for {field_name}",
+                    session_id=session_id,
+                )
+
+        # Coerce non-matching data types to the expected input schema.
+        coerce_inputs_to_schema(input_data, block.input_schema)
+
+        # Execute the block and collect outputs
+        outputs: dict[str, list[Any]] = defaultdict(list)
+        async for output_name, output_data in block.execute(
+            input_data,
+            **exec_kwargs,
+        ):
+            outputs[output_name].append(output_data)
+
+        return BlockOutputResponse(
+            message=f"Block '{block.name}' executed successfully",
+            block_id=block_id,
+            block_name=block.name,
+            outputs=dict(outputs),
+            success=True,
+            session_id=session_id,
+        )
+
+    except BlockError as e:
+        logger.warning(f"Block execution failed: {e}")
+        return ErrorResponse(
+            message=f"Block execution failed: {e}",
+            error=str(e),
+            session_id=session_id,
+        )
+    except Exception as e:
+        logger.error(f"Unexpected error executing block: {e}", exc_info=True)
+        return ErrorResponse(
+            message=f"Failed to execute block: {str(e)}",
+            error=str(e),
+            session_id=session_id,
+        )
+
+
+async def resolve_block_credentials(
+    user_id: str,
+    block: AnyBlockSchema,
+    input_data: dict[str, Any] | None = None,
+) -> tuple[dict[str, CredentialsMetaInput], list[CredentialsMetaInput]]:
+    """Resolve credentials for a block by matching user's available credentials.
+
+    Handles discriminated credentials (e.g. provider selection based on model).
+
+    Returns:
+        (matched_credentials, missing_credentials)
+    """
+    input_data = input_data or {}
+    requirements = _resolve_discriminated_credentials(block, input_data)
+
+    if not requirements:
+        return {}, []
+
+    return await match_credentials_to_requirements(user_id, requirements)
+
+
+def _resolve_discriminated_credentials(
+    block: AnyBlockSchema,
+    input_data: dict[str, Any],
+) -> dict[str, CredentialsFieldInfo]:
+    """Resolve credential requirements, applying discriminator logic where needed."""
+    credentials_fields_info = block.input_schema.get_credentials_fields_info()
+    if not credentials_fields_info:
+        return {}
+
+    resolved: dict[str, CredentialsFieldInfo] = {}
+
+    for field_name, field_info in credentials_fields_info.items():
+        effective_field_info = field_info
+
+        if field_info.discriminator and field_info.discriminator_mapping:
+            discriminator_value = input_data.get(field_info.discriminator)
+            if discriminator_value is None:
+                field = block.input_schema.model_fields.get(field_info.discriminator)
+                if field and field.default is not PydanticUndefined:
+                    discriminator_value = field.default
+
+            if (
+                discriminator_value
+                and discriminator_value in field_info.discriminator_mapping
+            ):
+                effective_field_info = field_info.discriminate(discriminator_value)
+                effective_field_info.discriminator_values.add(discriminator_value)
+                logger.debug(
+                    f"Discriminated provider for {field_name}: "
+                    f"{discriminator_value} -> {effective_field_info.provider}"
+                )
+
+        resolved[field_name] = effective_field_info
+
+    return resolved
--- a/autogpt_platform/backend/backend/copilot/tools/helpers_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/helpers_test.py
@@ -0,0 +1,333 @@
+"""Tests for execute_block type coercion in helpers.py.
+
+Verifies that execute_block() coerces string input values to match the block's
+expected input types, mirroring the executor's validate_exec() logic.
+This is critical for @@agptfile: expansion, where file content is always a string
+but the block may expect structured types (e.g. list[list[str]]).
+"""
+
+from typing import Any
+from unittest.mock import AsyncMock, MagicMock, patch
+
+import pytest
+
+from backend.copilot.tools.helpers import execute_block
+from backend.copilot.tools.models import BlockOutputResponse
+
+
+def _make_block_schema(annotations: dict[str, Any]) -> MagicMock:
+    """Create a mock input_schema with model_fields matching the given annotations."""
+    schema = MagicMock()
+    # coerce_inputs_to_schema uses model_fields (Pydantic v2 API)
+    model_fields = {}
+    for name, ann in annotations.items():
+        field = MagicMock()
+        field.annotation = ann
+        model_fields[name] = field
+    schema.model_fields = model_fields
+    return schema
+
+
+def _make_block(
+    block_id: str,
+    name: str,
+    annotations: dict[str, Any],
+    outputs: dict[str, list[Any]] | None = None,
+) -> MagicMock:
+    """Create a mock block with typed annotations and a simple execute method."""
+    block = MagicMock()
+    block.id = block_id
+    block.name = name
+    block.input_schema = _make_block_schema(annotations)
+
+    captured_inputs: dict[str, Any] = {}
+
+    async def mock_execute(input_data: dict, **_kwargs: Any):
+        captured_inputs.update(input_data)
+        for output_name, values in (outputs or {"result": ["ok"]}).items():
+            for v in values:
+                yield output_name, v
+
+    block.execute = mock_execute
+    block._captured_inputs = captured_inputs
+    return block
+
+
+_TEST_SESSION_ID = "test-session-coerce"
+_TEST_USER_ID = "test-user-coerce"
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_coerce_json_string_to_nested_list():
+    """JSON string → list[list[str]] (Google Sheets CSV import case)."""
+    block = _make_block(
+        "sheets-write",
+        "Google Sheets Write",
+        {"values": list[list[str]], "spreadsheet_id": str},
+    )
+
+    mock_workspace_db = MagicMock()
+    mock_workspace_db.get_or_create_workspace = AsyncMock(
+        return_value=MagicMock(id="ws-1")
+    )
+
+    with patch(
+        "backend.copilot.tools.helpers.workspace_db",
+        return_value=mock_workspace_db,
+    ):
+        response = await execute_block(
+            block=block,
+            block_id="sheets-write",
+            input_data={
+                "values": '[["Name","Score"],["Alice","90"],["Bob","85"]]',
+                "spreadsheet_id": "abc123",
+            },
+            user_id=_TEST_USER_ID,
+            session_id=_TEST_SESSION_ID,
+            node_exec_id="exec-1",
+            matched_credentials={},
+        )
+
+    assert isinstance(response, BlockOutputResponse)
+    assert response.success is True
+    # Verify the input was coerced from string to list[list[str]]
+    assert block._captured_inputs["values"] == [
+        ["Name", "Score"],
+        ["Alice", "90"],
+        ["Bob", "85"],
+    ]
+    assert isinstance(block._captured_inputs["values"], list)
+    assert isinstance(block._captured_inputs["values"][0], list)
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_coerce_json_string_to_list():
+    """JSON string → list[str]."""
+    block = _make_block(
+        "list-block",
+        "List Block",
+        {"items": list[str]},
+    )
+
+    mock_workspace_db = MagicMock()
+    mock_workspace_db.get_or_create_workspace = AsyncMock(
+        return_value=MagicMock(id="ws-1")
+    )
+
+    with patch(
+        "backend.copilot.tools.helpers.workspace_db",
+        return_value=mock_workspace_db,
+    ):
+        response = await execute_block(
+            block=block,
+            block_id="list-block",
+            input_data={"items": '["a","b","c"]'},
+            user_id=_TEST_USER_ID,
+            session_id=_TEST_SESSION_ID,
+            node_exec_id="exec-2",
+            matched_credentials={},
+        )
+
+    assert isinstance(response, BlockOutputResponse)
+    assert block._captured_inputs["items"] == ["a", "b", "c"]
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_coerce_json_string_to_dict():
+    """JSON string → dict[str, str]."""
+    block = _make_block(
+        "dict-block",
+        "Dict Block",
+        {"config": dict[str, str]},
+    )
+
+    mock_workspace_db = MagicMock()
+    mock_workspace_db.get_or_create_workspace = AsyncMock(
+        return_value=MagicMock(id="ws-1")
+    )
+
+    with patch(
+        "backend.copilot.tools.helpers.workspace_db",
+        return_value=mock_workspace_db,
+    ):
+        response = await execute_block(
+            block=block,
+            block_id="dict-block",
+            input_data={"config": '{"key": "value", "foo": "bar"}'},
+            user_id=_TEST_USER_ID,
+            session_id=_TEST_SESSION_ID,
+            node_exec_id="exec-3",
+            matched_credentials={},
+        )
+
+    assert isinstance(response, BlockOutputResponse)
+    assert block._captured_inputs["config"] == {"key": "value", "foo": "bar"}
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_no_coercion_when_type_matches():
+    """Already-correct types pass through without coercion."""
+    block = _make_block(
+        "pass-through",
+        "Pass Through",
+        {"values": list[list[str]], "name": str},
+    )
+
+    original_values = [["a", "b"], ["c", "d"]]
+    mock_workspace_db = MagicMock()
+    mock_workspace_db.get_or_create_workspace = AsyncMock(
+        return_value=MagicMock(id="ws-1")
+    )
+
+    with patch(
+        "backend.copilot.tools.helpers.workspace_db",
+        return_value=mock_workspace_db,
+    ):
+        response = await execute_block(
+            block=block,
+            block_id="pass-through",
+            input_data={"values": original_values, "name": "test"},
+            user_id=_TEST_USER_ID,
+            session_id=_TEST_SESSION_ID,
+            node_exec_id="exec-4",
+            matched_credentials={},
+        )
+
+    assert isinstance(response, BlockOutputResponse)
+    assert block._captured_inputs["values"] == original_values
+    assert block._captured_inputs["name"] == "test"
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_coerce_string_to_int():
+    """String number → int."""
+    block = _make_block(
+        "int-block",
+        "Int Block",
+        {"count": int},
+    )
+
+    mock_workspace_db = MagicMock()
+    mock_workspace_db.get_or_create_workspace = AsyncMock(
+        return_value=MagicMock(id="ws-1")
+    )
+
+    with patch(
+        "backend.copilot.tools.helpers.workspace_db",
+        return_value=mock_workspace_db,
+    ):
+        response = await execute_block(
+            block=block,
+            block_id="int-block",
+            input_data={"count": "42"},
+            user_id=_TEST_USER_ID,
+            session_id=_TEST_SESSION_ID,
+            node_exec_id="exec-5",
+            matched_credentials={},
+        )
+
+    assert isinstance(response, BlockOutputResponse)
+    assert block._captured_inputs["count"] == 42
+    assert isinstance(block._captured_inputs["count"], int)
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_coerce_skips_none_values():
+    """None values are not coerced (they may be optional fields)."""
+    block = _make_block(
+        "optional-block",
+        "Optional Block",
+        {"data": list[str], "label": str},
+    )
+
+    mock_workspace_db = MagicMock()
+    mock_workspace_db.get_or_create_workspace = AsyncMock(
+        return_value=MagicMock(id="ws-1")
+    )
+
+    with patch(
+        "backend.copilot.tools.helpers.workspace_db",
+        return_value=mock_workspace_db,
+    ):
+        response = await execute_block(
+            block=block,
+            block_id="optional-block",
+            input_data={"label": "test"},
+            user_id=_TEST_USER_ID,
+            session_id=_TEST_SESSION_ID,
+            node_exec_id="exec-6",
+            matched_credentials={},
+        )
+
+    assert isinstance(response, BlockOutputResponse)
+    # 'data' was not provided, so it should not appear in captured inputs
+    assert "data" not in block._captured_inputs
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_coerce_union_type_preserves_valid_member():
+    """Union-typed fields should not be coerced when the value matches a member."""
+    block = _make_block(
+        "union-block",
+        "Union Block",
+        {"content": str | list[str]},
+    )
+
+    mock_workspace_db = MagicMock()
+    mock_workspace_db.get_or_create_workspace = AsyncMock(
+        return_value=MagicMock(id="ws-1")
+    )
+
+    with patch(
+        "backend.copilot.tools.helpers.workspace_db",
+        return_value=mock_workspace_db,
+    ):
+        response = await execute_block(
+            block=block,
+            block_id="union-block",
+            input_data={"content": ["a", "b"]},
+            user_id=_TEST_USER_ID,
+            session_id=_TEST_SESSION_ID,
+            node_exec_id="exec-7",
+            matched_credentials={},
+        )
+
+    assert isinstance(response, BlockOutputResponse)
+    # list[str] should NOT be stringified to '["a", "b"]'
+    assert block._captured_inputs["content"] == ["a", "b"]
+    assert isinstance(block._captured_inputs["content"], list)
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_coerce_inner_elements_of_generic():
+    """Inner elements of generic containers are recursively coerced."""
+    block = _make_block(
+        "inner-coerce",
+        "Inner Coerce",
+        {"values": list[str]},
+    )
+
+    mock_workspace_db = MagicMock()
+    mock_workspace_db.get_or_create_workspace = AsyncMock(
+        return_value=MagicMock(id="ws-1")
+    )
+
+    with patch(
+        "backend.copilot.tools.helpers.workspace_db",
+        return_value=mock_workspace_db,
+    ):
+        response = await execute_block(
+            block=block,
+            block_id="inner-coerce",
+            # Inner elements are ints, but target is list[str]
+            input_data={"values": [1, 2, 3]},
+            user_id=_TEST_USER_ID,
+            session_id=_TEST_SESSION_ID,
+            node_exec_id="exec-8",
+            matched_credentials={},
+        )
+
+    assert isinstance(response, BlockOutputResponse)
+    # Inner elements should be coerced from int to str
+    assert block._captured_inputs["values"] == ["1", "2", "3"]
+    assert all(isinstance(v, str) for v in block._captured_inputs["values"])
--- a/autogpt_platform/backend/backend/copilot/tools/models.py
+++ b/autogpt_platform/backend/backend/copilot/tools/models.py
@@ -39,6 +39,7 @@ class ResponseType(str, Enum):
    BLOCK_LIST = "block_list"
    BLOCK_DETAILS = "block_details"
    BLOCK_OUTPUT = "block_output"
+    REVIEW_REQUIRED = "review_required"

    # MCP
    MCP_GUIDE = "mcp_guide"
@@ -458,6 +459,21 @@ class BlockOutputResponse(ToolResponseBase):
    success: bool = True


+class ReviewRequiredResponse(ToolResponseBase):
+    """Response when a block requires human review before execution."""
+
+    type: ResponseType = ResponseType.REVIEW_REQUIRED
+    block_id: str
+    block_name: str
+    review_id: str = Field(description="The review ID for tracking approval status")
+    graph_exec_id: str = Field(
+        description="The graph execution ID for fetching review status"
+    )
+    input_data: dict[str, Any] = Field(
+        description="The input data that requires review"
+    )
+
+
 class WebFetchResponse(ToolResponseBase):
    """Response for web_fetch tool."""

--- a/autogpt_platform/backend/backend/copilot/tools/run_agent.py
+++ b/autogpt_platform/backend/backend/copilot/tools/run_agent.py
@@ -534,7 +534,9 @@ class RunAgentTool(BaseTool):
                return ExecutionStartedResponse(
                    message=(
                        f"Agent '{library_agent.name}' is awaiting human review. "
-                        f"Check at {library_agent_link}."
+                        f"The user can approve or reject inline. After approval, "
+                        f"the execution resumes automatically. Use view_agent_output "
+                        f"with execution_id='{execution.id}' to check the result."
                    ),
                    session_id=session_id,
                    execution_id=execution.id,
--- a/autogpt_platform/backend/backend/copilot/tools/run_block.py
+++ b/autogpt_platform/backend/backend/copilot/tools/run_block.py
@@ -2,38 +2,34 @@

 import logging
 import uuid
-from collections import defaultdict
 from typing import Any

-from pydantic_core import PydanticUndefined
-
 from backend.blocks import BlockType, get_block
 from backend.blocks._base import AnyBlockSchema
+from backend.copilot.constants import (
+    COPILOT_NODE_EXEC_ID_SEPARATOR,
+    COPILOT_NODE_PREFIX,
+    COPILOT_SESSION_PREFIX,
+)
 from backend.copilot.model import ChatSession
-from backend.data.db_accessors import workspace_db
+from backend.data.db_accessors import review_db
 from backend.data.execution import ExecutionContext
-from backend.data.model import CredentialsFieldInfo, CredentialsMetaInput
-from backend.integrations.creds_manager import IntegrationCredentialsManager
-from backend.util.exceptions import BlockError

 from .base import BaseTool
 from .find_block import COPILOT_EXCLUDED_BLOCK_IDS, COPILOT_EXCLUDED_BLOCK_TYPES
-from .helpers import get_inputs_from_schema
+from .helpers import execute_block, get_inputs_from_schema, resolve_block_credentials
 from .models import (
    BlockDetails,
    BlockDetailsResponse,
-    BlockOutputResponse,
    ErrorResponse,
    InputValidationErrorResponse,
+    ReviewRequiredResponse,
    SetupInfo,
    SetupRequirementsResponse,
    ToolResponseBase,
    UserReadiness,
 )
-from .utils import (
-    build_missing_credentials_from_field_info,
-    match_credentials_to_requirements,
-)
+from .utils import build_missing_credentials_from_field_info

 logger = logging.getLogger(__name__)

@@ -52,7 +48,9 @@ class RunBlockTool(BaseTool):
            "IMPORTANT: You MUST call find_block first to get the block's 'id' - "
            "do NOT guess or make up block IDs. "
            "On first attempt (without input_data), returns detailed schema showing "
-            "required inputs and outputs. Then call again with proper input_data to execute."
+            "required inputs and outputs. Then call again with proper input_data to execute. "
+            "If a block requires human review, use continue_run_block with the "
+            "review_id after the user approves."
        )

    @property
@@ -166,11 +164,10 @@ class RunBlockTool(BaseTool):

        logger.info(f"Executing block {block.name} ({block_id}) for user {user_id}")

-        creds_manager = IntegrationCredentialsManager()
        (
            matched_credentials,
            missing_credentials,
-        ) = await self._resolve_block_credentials(user_id, block, input_data)
+        ) = await resolve_block_credentials(user_id, block, input_data)

        # Get block schemas for details/validation
        try:
@@ -279,169 +276,97 @@ class RunBlockTool(BaseTool):
                user_authenticated=True,
            )

-        try:
-            # Get or create user's workspace for CoPilot file operations
-            workspace = await workspace_db().get_or_create_workspace(user_id)
+        # Generate synthetic IDs for CoPilot context.
+        # Encode node_id in node_exec_id so it can be extracted later
+        # (e.g. for auto-approve, where we need node_id but have no NodeExecution row).
+        synthetic_graph_id = f"{COPILOT_SESSION_PREFIX}{session.session_id}"
+        synthetic_node_id = f"{COPILOT_NODE_PREFIX}{block_id}"

-            # Generate synthetic IDs for CoPilot context
-            # Each chat session is treated as its own agent with one continuous run
-            # This means:
-            # - graph_id (agent) = session (memories scoped to session when limit_to_agent=True)
-            # - graph_exec_id (run) = session (memories scoped to session when limit_to_run=True)
-            # - node_exec_id = unique per block execution
-            synthetic_graph_id = f"copilot-session-{session.session_id}"
-            synthetic_graph_exec_id = f"copilot-session-{session.session_id}"
-            synthetic_node_id = f"copilot-node-{block_id}"
-            synthetic_node_exec_id = (
-                f"copilot-{session.session_id}-{uuid.uuid4().hex[:8]}"
-            )
-
-            # Create unified execution context with all required fields
-            execution_context = ExecutionContext(
-                # Execution identity
-                user_id=user_id,
-                graph_id=synthetic_graph_id,
-                graph_exec_id=synthetic_graph_exec_id,
-                graph_version=1,  # Versions are 1-indexed
-                node_id=synthetic_node_id,
-                node_exec_id=synthetic_node_exec_id,
-                # Workspace with session scoping
-                workspace_id=workspace.id,
-                session_id=session.session_id,
-            )
-
-            # Prepare kwargs for block execution
-            # Keep individual kwargs for backwards compatibility with existing blocks
-            exec_kwargs: dict[str, Any] = {
-                "user_id": user_id,
-                "execution_context": execution_context,
-                # Legacy: individual kwargs for blocks not yet using execution_context
-                "workspace_id": workspace.id,
-                "graph_exec_id": synthetic_graph_exec_id,
-                "node_exec_id": synthetic_node_exec_id,
-                "node_id": synthetic_node_id,
-                "graph_version": 1,  # Versions are 1-indexed
-                "graph_id": synthetic_graph_id,
-            }
-
-            for field_name, cred_meta in matched_credentials.items():
-                # Inject metadata into input_data (for validation)
-                if field_name not in input_data:
-                    input_data[field_name] = cred_meta.model_dump()
-
-                # Fetch actual credentials and pass as kwargs (for execution)
-                actual_credentials = await creds_manager.get(
-                    user_id, cred_meta.id, lock=False
-                )
-                if actual_credentials:
-                    exec_kwargs[field_name] = actual_credentials
-                else:
-                    return ErrorResponse(
-                        message=f"Failed to retrieve credentials for {field_name}",
-                        session_id=session_id,
-                    )
-
-            # Execute the block and collect outputs
-            outputs: dict[str, list[Any]] = defaultdict(list)
-            async for output_name, output_data in block.execute(
-                input_data,
-                **exec_kwargs,
-            ):
-                outputs[output_name].append(output_data)
-
-            return BlockOutputResponse(
-                message=f"Block '{block.name}' executed successfully",
+        # Check for an existing WAITING review for this block with the same input.
+        # If the LLM retries run_block with identical input, we reuse the existing
+        # review instead of creating duplicates. Different inputs = new execution.
+        existing_reviews = await review_db().get_pending_reviews_for_execution(
+            synthetic_graph_id, user_id
+        )
+        existing_review = next(
+            (
+                r
+                for r in existing_reviews
+                if r.node_id == synthetic_node_id
+                and r.status.value == "WAITING"
+                and r.payload == input_data
+            ),
+            None,
+        )
+        if existing_review:
+            return ReviewRequiredResponse(
+                message=(
+                    f"Block '{block.name}' requires human review. "
+                    f"After the user approves, call continue_run_block with "
+                    f"review_id='{existing_review.node_exec_id}' to execute."
+                ),
+                session_id=session_id,
                block_id=block_id,
                block_name=block.name,
-                outputs=dict(outputs),
-                success=True,
-                session_id=session_id,
+                review_id=existing_review.node_exec_id,
+                graph_exec_id=synthetic_graph_id,
+                input_data=input_data,
            )

-        except BlockError as e:
-            logger.warning(f"Block execution failed: {e}")
-            return ErrorResponse(
-                message=f"Block execution failed: {e}",
-                error=str(e),
-                session_id=session_id,
-            )
-        except Exception as e:
-            logger.error(f"Unexpected error executing block: {e}", exc_info=True)
-            return ErrorResponse(
-                message=f"Failed to execute block: {str(e)}",
-                error=str(e),
+        synthetic_node_exec_id = (
+            f"{synthetic_node_id}{COPILOT_NODE_EXEC_ID_SEPARATOR}"
+            f"{uuid.uuid4().hex[:8]}"
+        )
+
+        # Check for HITL review before execution.
+        # This creates the review record in the DB for CoPilot flows.
+        review_context = ExecutionContext(
+            user_id=user_id,
+            graph_id=synthetic_graph_id,
+            graph_exec_id=synthetic_graph_id,
+            graph_version=1,
+            node_id=synthetic_node_id,
+            node_exec_id=synthetic_node_exec_id,
+            sensitive_action_safe_mode=True,
+        )
+        should_pause, input_data = await block.is_block_exec_need_review(
+            input_data,
+            user_id=user_id,
+            node_id=synthetic_node_id,
+            node_exec_id=synthetic_node_exec_id,
+            graph_exec_id=synthetic_graph_id,
+            graph_id=synthetic_graph_id,
+            graph_version=1,
+            execution_context=review_context,
+            is_graph_execution=False,
+        )
+        if should_pause:
+            return ReviewRequiredResponse(
+                message=(
+                    f"Block '{block.name}' requires human review. "
+                    f"After the user approves, call continue_run_block with "
+                    f"review_id='{synthetic_node_exec_id}' to execute."
+                ),
                session_id=session_id,
+                block_id=block_id,
+                block_name=block.name,
+                review_id=synthetic_node_exec_id,
+                graph_exec_id=synthetic_graph_id,
+                input_data=input_data,
            )

-    async def _resolve_block_credentials(
-        self,
-        user_id: str,
-        block: AnyBlockSchema,
-        input_data: dict[str, Any] | None = None,
-    ) -> tuple[dict[str, CredentialsMetaInput], list[CredentialsMetaInput]]:
-        """
-        Resolve credentials for a block by matching user's available credentials.
-
-        Args:
-            user_id: User ID
-            block: Block to resolve credentials for
-            input_data: Input data for the block (used to determine provider via discriminator)
-
-        Returns:
-            tuple of (matched_credentials, missing_credentials) - matched credentials
-            are used for block execution, missing ones indicate setup requirements.
-        """
-        input_data = input_data or {}
-        requirements = self._resolve_discriminated_credentials(block, input_data)
-
-        if not requirements:
-            return {}, []
-
-        return await match_credentials_to_requirements(user_id, requirements)
+        return await execute_block(
+            block=block,
+            block_id=block_id,
+            input_data=input_data,
+            user_id=user_id,
+            session_id=session_id,
+            node_exec_id=synthetic_node_exec_id,
+            matched_credentials=matched_credentials,
+        )

    def _get_inputs_list(self, block: AnyBlockSchema) -> list[dict[str, Any]]:
        """Extract non-credential inputs from block schema."""
        schema = block.input_schema.jsonschema()
        credentials_fields = set(block.input_schema.get_credentials_fields().keys())
        return get_inputs_from_schema(schema, exclude_fields=credentials_fields)
-
-    def _resolve_discriminated_credentials(
-        self,
-        block: AnyBlockSchema,
-        input_data: dict[str, Any],
-    ) -> dict[str, CredentialsFieldInfo]:
-        """Resolve credential requirements, applying discriminator logic where needed."""
-        credentials_fields_info = block.input_schema.get_credentials_fields_info()
-        if not credentials_fields_info:
-            return {}
-
-        resolved: dict[str, CredentialsFieldInfo] = {}
-
-        for field_name, field_info in credentials_fields_info.items():
-            effective_field_info = field_info
-
-            if field_info.discriminator and field_info.discriminator_mapping:
-                discriminator_value = input_data.get(field_info.discriminator)
-                if discriminator_value is None:
-                    field = block.input_schema.model_fields.get(
-                        field_info.discriminator
-                    )
-                    if field and field.default is not PydanticUndefined:
-                        discriminator_value = field.default
-
-                if (
-                    discriminator_value
-                    and discriminator_value in field_info.discriminator_mapping
-                ):
-                    effective_field_info = field_info.discriminate(discriminator_value)
-                    # For host-scoped credentials, add the discriminator value
-                    # (e.g., URL) so _credential_is_for_host can match it
-                    effective_field_info.discriminator_values.add(discriminator_value)
-                    logger.debug(
-                        f"Discriminated provider for {field_name}: "
-                        f"{discriminator_value} -> {effective_field_info.provider}"
-                    )
-
-            resolved[field_name] = effective_field_info
-
-        return resolved
--- a/autogpt_platform/backend/backend/copilot/tools/run_block_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/run_block_test.py
@@ -12,6 +12,7 @@ from .models import (
    BlockOutputResponse,
    ErrorResponse,
    InputValidationErrorResponse,
+    ReviewRequiredResponse,
 )
 from .run_block import RunBlockTool

@@ -27,9 +28,16 @@ def make_mock_block(
    mock.name = name
    mock.block_type = block_type
    mock.disabled = disabled
+    mock.is_sensitive_action = False
    mock.input_schema = MagicMock()
    mock.input_schema.jsonschema.return_value = {"properties": {}, "required": []}
-    mock.input_schema.get_credentials_fields_info.return_value = []
+    mock.input_schema.get_credentials_fields_info.return_value = {}
+    mock.input_schema.get_credentials_fields.return_value = {}
+
+    async def _no_review(input_data, **kwargs):
+        return False, input_data
+
+    mock.is_block_exec_need_review = _no_review
    return mock


@@ -46,6 +54,7 @@ def make_mock_block_with_schema(
    mock.name = name
    mock.block_type = BlockType.STANDARD
    mock.disabled = False
+    mock.is_sensitive_action = False
    mock.description = f"Test block: {name}"

    input_schema = {
@@ -63,6 +72,12 @@ def make_mock_block_with_schema(
    mock.output_schema = MagicMock()
    mock.output_schema.jsonschema.return_value = output_schema

+    # Default: no review needed, pass through input_data unchanged
+    async def _no_review(input_data, **kwargs):
+        return False, input_data
+
+    mock.is_block_exec_need_review = _no_review
+
    return mock


@@ -126,9 +141,15 @@ class TestRunBlockFiltering:
            "standard-id", "HTTP Request", BlockType.STANDARD
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=standard_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=standard_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()
            response = await tool._execute(
@@ -154,12 +175,7 @@ class TestRunBlockInputValidation:

    @pytest.mark.asyncio(loop_scope="session")
    async def test_unknown_input_fields_are_rejected(self):
-        """run_block rejects unknown input fields instead of silently ignoring them.
-
-        Scenario: The AI Text Generator block has a field called 'model' (for LLM model
-        selection), but the LLM calling the tool guesses wrong and sends 'LLM_Model'
-        instead. The block should reject the request and return the valid schema.
-        """
+        """run_block rejects unknown input fields instead of silently ignoring them."""
        session = make_session(user_id=_TEST_USER_ID)

        mock_block = make_mock_block_with_schema(
@@ -182,27 +198,31 @@ class TestRunBlockInputValidation:
            output_properties={"response": {"type": "string"}},
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=mock_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()
-
-            # Provide 'prompt' (correct) but 'LLM_Model' instead of 'model' (wrong key)
            response = await tool._execute(
                user_id=_TEST_USER_ID,
                session=session,
                block_id="ai-text-gen-id",
                input_data={
                    "prompt": "Write a haiku about coding",
-                    "LLM_Model": "claude-opus-4-6",  # WRONG KEY - should be 'model'
+                    "LLM_Model": "claude-opus-4-6",
                },
            )

        assert isinstance(response, InputValidationErrorResponse)
        assert "LLM_Model" in response.unrecognized_fields
        assert "Block was not executed" in response.message
-        assert "inputs" in response.model_dump()  # valid schema included
+        assert "inputs" in response.model_dump()

    @pytest.mark.asyncio(loop_scope="session")
    async def test_multiple_wrong_keys_are_all_reported(self):
@@ -221,21 +241,26 @@ class TestRunBlockInputValidation:
            required_fields=["prompt"],
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=mock_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()
-
            response = await tool._execute(
                user_id=_TEST_USER_ID,
                session=session,
                block_id="ai-text-gen-id",
                input_data={
-                    "prompt": "Hello",  # correct
-                    "llm_model": "claude-opus-4-6",  # WRONG - should be 'model'
-                    "system_prompt": "Be helpful",  # WRONG - should be 'sys_prompt'
-                    "retries": 5,  # WRONG - should be 'retry'
+                    "prompt": "Hello",
+                    "llm_model": "claude-opus-4-6",
+                    "system_prompt": "Be helpful",
+                    "retries": 5,
                },
            )

@@ -262,23 +287,26 @@ class TestRunBlockInputValidation:
            required_fields=["prompt"],
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=mock_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()
-
-            # 'prompt' is missing AND 'LLM_Model' is an unknown field
            response = await tool._execute(
                user_id=_TEST_USER_ID,
                session=session,
                block_id="ai-text-gen-id",
                input_data={
-                    "LLM_Model": "claude-opus-4-6",  # wrong key, and 'prompt' is missing
+                    "LLM_Model": "claude-opus-4-6",
                },
            )

-        # Unknown fields are caught first
        assert isinstance(response, InputValidationErrorResponse)
        assert "LLM_Model" in response.unrecognized_fields

@@ -313,7 +341,11 @@ class TestRunBlockInputValidation:
                return_value=mock_block,
            ),
            patch(
-                "backend.copilot.tools.run_block.workspace_db",
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+            patch(
+                "backend.copilot.tools.helpers.workspace_db",
                return_value=mock_workspace_db,
            ),
        ):
@@ -325,7 +357,7 @@ class TestRunBlockInputValidation:
                block_id="ai-text-gen-id",
                input_data={
                    "prompt": "Write a haiku",
-                    "model": "gpt-4o-mini",  # correct field name
+                    "model": "gpt-4o-mini",
                },
            )

@@ -347,20 +379,191 @@ class TestRunBlockInputValidation:
            required_fields=["prompt"],
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=mock_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()

-            # Only provide valid optional field, missing required 'prompt'
            response = await tool._execute(
                user_id=_TEST_USER_ID,
                session=session,
                block_id="ai-text-gen-id",
                input_data={
-                    "model": "gpt-4o-mini",  # valid but optional
+                    "model": "gpt-4o-mini",
                },
            )

        assert isinstance(response, BlockDetailsResponse)
+
+
+class TestRunBlockSensitiveAction:
+    """Tests for sensitive action HITL review in RunBlockTool.
+
+    run_block calls is_block_exec_need_review() explicitly before execution.
+    When review is needed (should_pause=True), ReviewRequiredResponse is returned.
+    """
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_sensitive_block_paused_returns_review_required(self):
+        """When is_block_exec_need_review returns should_pause=True, ReviewRequiredResponse is returned."""
+        session = make_session(user_id=_TEST_USER_ID)
+
+        input_data = {
+            "repo_url": "https://github.com/test/repo",
+            "branch": "feature-branch",
+        }
+        mock_block = make_mock_block_with_schema(
+            block_id="delete-branch-id",
+            name="Delete Branch",
+            input_properties={
+                "repo_url": {"type": "string"},
+                "branch": {"type": "string"},
+            },
+            required_fields=["repo_url", "branch"],
+        )
+        mock_block.is_sensitive_action = True
+        mock_block.is_block_exec_need_review = AsyncMock(
+            return_value=(True, input_data)
+        )
+
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+        ):
+            tool = RunBlockTool()
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                block_id="delete-branch-id",
+                input_data=input_data,
+            )
+
+        assert isinstance(response, ReviewRequiredResponse)
+        assert "requires human review" in response.message
+        assert "continue_run_block" in response.message
+        assert response.block_name == "Delete Branch"
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_sensitive_block_executes_after_approval(self):
+        """After approval (should_pause=False), sensitive blocks execute and return outputs."""
+        session = make_session(user_id=_TEST_USER_ID)
+
+        input_data = {
+            "repo_url": "https://github.com/test/repo",
+            "branch": "feature-branch",
+        }
+        mock_block = make_mock_block_with_schema(
+            block_id="delete-branch-id",
+            name="Delete Branch",
+            input_properties={
+                "repo_url": {"type": "string"},
+                "branch": {"type": "string"},
+            },
+            required_fields=["repo_url", "branch"],
+        )
+        mock_block.is_sensitive_action = True
+        mock_block.is_block_exec_need_review = AsyncMock(
+            return_value=(False, input_data)
+        )
+
+        async def mock_execute(input_data, **kwargs):
+            yield "result", "Branch deleted successfully"
+
+        mock_block.execute = mock_execute
+
+        mock_workspace_db = MagicMock()
+        mock_workspace_db.get_or_create_workspace = AsyncMock(
+            return_value=MagicMock(id="test-workspace-id")
+        )
+
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+            patch(
+                "backend.copilot.tools.helpers.workspace_db",
+                return_value=mock_workspace_db,
+            ),
+        ):
+            tool = RunBlockTool()
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                block_id="delete-branch-id",
+                input_data=input_data,
+            )
+
+        assert isinstance(response, BlockOutputResponse)
+        assert response.success is True
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_non_sensitive_block_executes_normally(self):
+        """Non-sensitive blocks skip review and execute directly."""
+        session = make_session(user_id=_TEST_USER_ID)
+
+        input_data = {"url": "https://example.com"}
+        mock_block = make_mock_block_with_schema(
+            block_id="http-request-id",
+            name="HTTP Request",
+            input_properties={
+                "url": {"type": "string"},
+            },
+            required_fields=["url"],
+        )
+        mock_block.is_sensitive_action = False
+        mock_block.is_block_exec_need_review = AsyncMock(
+            return_value=(False, input_data)
+        )
+
+        async def mock_execute(input_data, **kwargs):
+            yield "response", {"status": 200}
+
+        mock_block.execute = mock_execute
+
+        mock_workspace_db = MagicMock()
+        mock_workspace_db.get_or_create_workspace = AsyncMock(
+            return_value=MagicMock(id="test-workspace-id")
+        )
+
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+            patch(
+                "backend.copilot.tools.helpers.workspace_db",
+                return_value=mock_workspace_db,
+            ),
+        ):
+            tool = RunBlockTool()
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                block_id="http-request-id",
+                input_data=input_data,
+            )
+
+        assert isinstance(response, BlockOutputResponse)
+        assert response.success is True
--- a/autogpt_platform/backend/backend/copilot/tools/run_mcp_tool.py
+++ b/autogpt_platform/backend/backend/copilot/tools/run_mcp_tool.py
@@ -14,7 +14,7 @@ from backend.blocks.mcp.helpers import (
 )
 from backend.copilot.model import ChatSession
 from backend.copilot.tools.utils import build_missing_credentials_from_field_info
-from backend.util.request import HTTPClientError, validate_url
+from backend.util.request import HTTPClientError, validate_url_host

 from .base import BaseTool
 from .models import (
@@ -34,6 +34,11 @@ logger = logging.getLogger(__name__)
 _AUTH_STATUS_CODES = {401, 403}


+def _service_name(host: str) -> str:
+    """Strip the 'mcp.' prefix from an MCP hostname: 'mcp.sentry.dev' → 'sentry.dev'"""
+    return host[4:] if host.startswith("mcp.") else host
+
+
 class RunMCPToolTool(BaseTool):
    """
    Tool for discovering and executing tools on any MCP server.
@@ -144,7 +149,7 @@ class RunMCPToolTool(BaseTool):

        # Validate URL to prevent SSRF — blocks loopback and private IP ranges
        try:
-            await validate_url(server_url, trusted_origins=[])
+            await validate_url_host(server_url)
        except ValueError as e:
            msg = str(e)
            if "Unable to resolve" in msg or "No IP addresses" in msg:
@@ -179,10 +184,12 @@ class RunMCPToolTool(BaseTool):
            if e.status_code in _AUTH_STATUS_CODES and not creds:
                # Server requires auth and user has no stored credentials
                return self._build_setup_requirements(server_url, session_id)
-            logger.warning("MCP HTTP error for %s: %s", server_host(server_url), e)
+            host = server_host(server_url)
+            logger.warning("MCP HTTP error for %s: status=%s", host, e.status_code)
            return ErrorResponse(
-                message=f"MCP server returned HTTP {e.status_code}: {e}",
+                message=(f"MCP request to {host} failed with HTTP {e.status_code}."),
                session_id=session_id,
+                error=f"HTTP {e.status_code}: {str(e)[:300]}",
            )

        except MCPClientError as e:
@@ -303,8 +310,8 @@ class RunMCPToolTool(BaseTool):
            )
            return ErrorResponse(
                message=(
-                    f"The MCP server at {server_host(server_url)} requires authentication, "
-                    "but no credential configuration was found."
+                    f"Unable to connect to {_service_name(server_host(server_url))} "
+                    "— no credentials configured."
                ),
                session_id=session_id,
            )
@@ -312,15 +319,13 @@ class RunMCPToolTool(BaseTool):
        missing_creds_list = list(missing_creds_dict.values())

        host = server_host(server_url)
+        service = _service_name(host)
        return SetupRequirementsResponse(
-            message=(
-                f"The MCP server at {host} requires authentication. "
-                "Please connect your credentials to continue."
-            ),
+            message=(f"To continue, sign in to {service} and approve access."),
            session_id=session_id,
            setup_info=SetupInfo(
                agent_id=server_url,
-                agent_name=f"MCP: {host}",
+                agent_name=service,
                user_readiness=UserReadiness(
                    has_all_credentials=False,
                    missing_credentials=missing_creds_dict,
--- a/autogpt_platform/backend/backend/copilot/tools/test_run_block_details.py
+++ b/autogpt_platform/backend/backend/copilot/tools/test_run_block_details.py
@@ -65,9 +65,8 @@ async def test_run_block_returns_details_when_no_input_provided():
        return_value=http_block,
    ):
        # Mock credentials check to return no missing credentials
-        with patch.object(
-            RunBlockTool,
-            "_resolve_block_credentials",
+        with patch(
+            "backend.copilot.tools.run_block.resolve_block_credentials",
            new_callable=AsyncMock,
            return_value=({}, []),  # (matched_credentials, missing_credentials)
        ):
@@ -123,9 +122,8 @@ async def test_run_block_returns_details_when_only_credentials_provided():
        "backend.copilot.tools.run_block.get_block",
        return_value=mock,
    ):
-        with patch.object(
-            RunBlockTool,
-            "_resolve_block_credentials",
+        with patch(
+            "backend.copilot.tools.run_block.resolve_block_credentials",
            new_callable=AsyncMock,
            return_value=(
                {
--- a/autogpt_platform/backend/backend/copilot/tools/test_run_mcp_tool.py
+++ b/autogpt_platform/backend/backend/copilot/tools/test_run_mcp_tool.py
@@ -100,7 +100,7 @@ async def test_ssrf_blocked_url_returns_error():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url",
+        "backend.copilot.tools.run_mcp_tool.validate_url_host",
        new_callable=AsyncMock,
        side_effect=ValueError("blocked loopback"),
    ):
@@ -138,7 +138,7 @@ async def test_non_dict_tool_arguments_returns_error():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url",
+        "backend.copilot.tools.run_mcp_tool.validate_url_host",
        new_callable=AsyncMock,
    ):
        with patch(
@@ -171,7 +171,7 @@ async def test_discover_tools_returns_discovered_response():
    mock_tools = _make_tool_list("fetch", "search")

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -208,7 +208,7 @@ async def test_discover_tools_with_credentials():
    mock_tools = _make_tool_list("push_notification")

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -249,7 +249,7 @@ async def test_execute_tool_returns_output_response():
    text_result = "# Example Domain\nThis domain is for examples."

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -285,7 +285,7 @@ async def test_execute_tool_parses_json_result():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -320,7 +320,7 @@ async def test_execute_tool_image_content():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -359,7 +359,7 @@ async def test_execute_tool_resource_content():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -399,7 +399,7 @@ async def test_execute_tool_multi_item_content():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -437,7 +437,7 @@ async def test_execute_tool_empty_content_returns_none():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -470,7 +470,7 @@ async def test_execute_tool_returns_error_on_tool_failure():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -512,7 +512,7 @@ async def test_auth_required_without_creds_returns_setup_requirements():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -555,7 +555,7 @@ async def test_auth_error_with_existing_creds_returns_error():
    mock_creds.access_token = SecretStr("stale-token")

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -580,6 +580,49 @@ async def test_auth_error_with_existing_creds_returns_error():
    assert "403" in response.message


+@pytest.mark.asyncio(loop_scope="session")
+async def test_http_error_returns_clean_message_with_collapsible_detail():
+    """Non-auth HTTP errors return a clean message with raw detail in the `error` field."""
+    from backend.util.request import HTTPClientError
+
+    tool = RunMCPToolTool()
+    session = make_session(_USER_ID)
+
+    with patch(
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
+    ):
+        with patch(
+            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
+            new_callable=AsyncMock,
+            return_value=None,
+        ):
+            mock_client = AsyncMock()
+            mock_client.initialize = AsyncMock(
+                side_effect=HTTPClientError(
+                    "<!doctype html><html><body>Not Found</body></html>",
+                    status_code=404,
+                )
+            )
+            with patch(
+                "backend.copilot.tools.run_mcp_tool.MCPClient",
+                return_value=mock_client,
+            ):
+                response = await tool._execute(
+                    user_id=_USER_ID,
+                    session=session,
+                    server_url=_SERVER_URL,
+                )
+
+    assert isinstance(response, ErrorResponse)
+    assert "404" in response.message
+    # Raw HTML body must NOT leak into the user-facing message
+    assert "<!doctype" not in response.message
+    # Raw detail (including original body) goes in the collapsible `error` field
+    assert response.error is not None
+    assert "404" in response.error
+    assert "<!doctype" in response.error.lower()
+
+
@pytest.mark.asyncio(loop_scope="session")
 async def test_mcp_client_error_returns_error_response():
    """MCPClientError (protocol-level) maps to a clean ErrorResponse."""
@@ -589,7 +632,7 @@ async def test_mcp_client_error_returns_error_response():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -621,7 +664,7 @@ async def test_unexpected_exception_returns_generic_error():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -719,7 +762,7 @@ async def test_credential_lookup_normalizes_trailing_slash():
    url_with_slash = "https://mcp.example.com/mcp/"

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -756,4 +799,4 @@ async def test_build_setup_requirements_returns_setup_response():
    )
    assert isinstance(result, SetupRequirementsResponse)
    assert result.setup_info.agent_id == _SERVER_URL
-    assert "authentication" in result.message.lower()
+    assert "sign in" in result.message.lower()
--- a/autogpt_platform/backend/backend/data/block_cost_config.py
+++ b/autogpt_platform/backend/backend/data/block_cost_config.py
@@ -76,7 +76,6 @@ MODEL_COST: dict[LlmModel, int] = {
    LlmModel.GPT4O_MINI: 1,
    LlmModel.GPT4O: 3,
    LlmModel.GPT4_TURBO: 10,
-    LlmModel.GPT3_5_TURBO: 1,
    LlmModel.CLAUDE_4_1_OPUS: 21,
    LlmModel.CLAUDE_4_OPUS: 21,
    LlmModel.CLAUDE_4_SONNET: 5,
@@ -100,19 +99,31 @@ MODEL_COST: dict[LlmModel, int] = {
    LlmModel.OLLAMA_DOLPHIN: 1,
    LlmModel.OPENAI_GPT_OSS_120B: 1,
    LlmModel.OPENAI_GPT_OSS_20B: 1,
+    LlmModel.GEMINI_2_5_PRO_PREVIEW: 4,
    LlmModel.GEMINI_2_5_PRO: 4,
-    LlmModel.GEMINI_3_PRO_PREVIEW: 5,
+    LlmModel.GEMINI_3_1_PRO_PREVIEW: 5,
+    LlmModel.GEMINI_3_FLASH_PREVIEW: 2,
    LlmModel.GEMINI_2_5_FLASH: 1,
    LlmModel.GEMINI_2_0_FLASH: 1,
+    LlmModel.GEMINI_3_1_FLASH_LITE_PREVIEW: 1,
    LlmModel.GEMINI_2_5_FLASH_LITE_PREVIEW: 1,
    LlmModel.GEMINI_2_0_FLASH_LITE: 1,
    LlmModel.MISTRAL_NEMO: 1,
+    LlmModel.MISTRAL_LARGE_3: 2,
+    LlmModel.MISTRAL_MEDIUM_3_1: 2,
+    LlmModel.MISTRAL_SMALL_3_2: 1,
+    LlmModel.CODESTRAL: 1,
    LlmModel.COHERE_COMMAND_R_08_2024: 1,
    LlmModel.COHERE_COMMAND_R_PLUS_08_2024: 3,
+    LlmModel.COHERE_COMMAND_A_03_2025: 3,
+    LlmModel.COHERE_COMMAND_A_TRANSLATE_08_2025: 3,
+    LlmModel.COHERE_COMMAND_A_REASONING_08_2025: 6,
+    LlmModel.COHERE_COMMAND_A_VISION_07_2025: 3,
    LlmModel.DEEPSEEK_CHAT: 2,
    LlmModel.DEEPSEEK_R1_0528: 1,
    LlmModel.PERPLEXITY_SONAR: 1,
    LlmModel.PERPLEXITY_SONAR_PRO: 5,
+    LlmModel.PERPLEXITY_SONAR_REASONING_PRO: 5,
    LlmModel.PERPLEXITY_SONAR_DEEP_RESEARCH: 10,
    LlmModel.NOUSRESEARCH_HERMES_3_LLAMA_3_1_405B: 1,
    LlmModel.NOUSRESEARCH_HERMES_3_LLAMA_3_1_70B: 1,
@@ -120,6 +131,7 @@ MODEL_COST: dict[LlmModel, int] = {
    LlmModel.AMAZON_NOVA_MICRO_V1: 1,
    LlmModel.AMAZON_NOVA_PRO_V1: 1,
    LlmModel.MICROSOFT_WIZARDLM_2_8X22B: 1,
+    LlmModel.MICROSOFT_PHI_4: 1,
    LlmModel.GRYPHE_MYTHOMAX_L2_13B: 1,
    LlmModel.META_LLAMA_4_SCOUT: 1,
    LlmModel.META_LLAMA_4_MAVERICK: 1,
@@ -127,6 +139,7 @@ MODEL_COST: dict[LlmModel, int] = {
    LlmModel.LLAMA_API_LLAMA4_MAVERICK: 1,
    LlmModel.LLAMA_API_LLAMA3_3_8B: 1,
    LlmModel.LLAMA_API_LLAMA3_3_70B: 1,
+    LlmModel.GROK_3: 3,
    LlmModel.GROK_4: 9,
    LlmModel.GROK_4_FAST: 1,
    LlmModel.GROK_4_1_FAST: 1,
--- a/autogpt_platform/backend/backend/data/db_accessors.py
+++ b/autogpt_platform/backend/backend/data/db_accessors.py
@@ -116,3 +116,16 @@ def workspace_db():
        workspace_db = get_database_manager_async_client()

    return workspace_db
+
+
+def review_db():
+    if db.is_connected():
+        from backend.data import human_review as _review_db
+
+        review_db = _review_db
+    else:
+        from backend.util.clients import get_database_manager_async_client
+
+        review_db = get_database_manager_async_client()
+
+    return review_db
--- a/autogpt_platform/backend/backend/data/db_manager.py
+++ b/autogpt_platform/backend/backend/data/db_manager.py
@@ -79,7 +79,10 @@ from backend.data.graph import (
 from backend.data.human_review import (
    cancel_pending_reviews_for_execution,
    check_approval,
+    delete_review_by_node_exec_id,
    get_or_create_human_review,
+    get_pending_reviews_for_execution,
+    get_reviews_by_node_exec_ids,
    has_pending_reviews_for_graph_exec,
    update_review_processed_status,
 )
@@ -246,7 +249,10 @@ class DatabaseManager(AppService):
    # ============ Human In The Loop ============ #
    cancel_pending_reviews_for_execution = _(cancel_pending_reviews_for_execution)
    check_approval = _(check_approval)
+    delete_review_by_node_exec_id = _(delete_review_by_node_exec_id)
    get_or_create_human_review = _(get_or_create_human_review)
+    get_pending_reviews_for_execution = _(get_pending_reviews_for_execution)
+    get_reviews_by_node_exec_ids = _(get_reviews_by_node_exec_ids)
    has_pending_reviews_for_graph_exec = _(has_pending_reviews_for_graph_exec)
    update_review_processed_status = _(update_review_processed_status)

@@ -433,7 +439,10 @@ class DatabaseManagerAsyncClient(AppServiceClient):
    # ============ Human In The Loop ============ #
    cancel_pending_reviews_for_execution = d.cancel_pending_reviews_for_execution
    check_approval = d.check_approval
+    delete_review_by_node_exec_id = d.delete_review_by_node_exec_id
    get_or_create_human_review = d.get_or_create_human_review
+    get_pending_reviews_for_execution = d.get_pending_reviews_for_execution
+    get_reviews_by_node_exec_ids = d.get_reviews_by_node_exec_ids
    update_review_processed_status = d.update_review_processed_status

    # ============ User Comms ============ #
--- a/autogpt_platform/backend/backend/data/human_review.py
+++ b/autogpt_platform/backend/backend/data/human_review.py
@@ -17,6 +17,10 @@ from backend.api.features.executions.review.model import (
    PendingHumanReviewModel,
    SafeJsonData,
 )
+from backend.copilot.constants import (
+    is_copilot_synthetic_id,
+    parse_node_id_from_exec_id,
+)
 from backend.data.execution import get_graph_execution_meta
 from backend.util.json import SafeJson

@@ -123,11 +127,13 @@ async def create_auto_approval_record(
    Raises:
        ValueError: If the graph execution doesn't belong to the user
    """
-    # Validate that the graph execution belongs to this user (defense in depth)
-    graph_exec = await get_graph_execution_meta(
+    # Validate ownership: if a graph execution record exists, it must belong
+    # to this user. Non-graph executions (e.g. CoPilot) won't have a record.
+    if not is_copilot_synthetic_id(
+        graph_exec_id
+    ) and not await get_graph_execution_meta(
        user_id=user_id, execution_id=graph_exec_id
-    )
-    if not graph_exec:
+    ):
        raise ValueError(
            f"Graph execution {graph_exec_id} not found or doesn't belong to user {user_id}"
        )
@@ -265,7 +271,7 @@ async def get_pending_review_by_node_exec_id(

 async def get_reviews_by_node_exec_ids(
    node_exec_ids: list[str], user_id: str
-) -> dict[str, "PendingHumanReviewModel"]:
+) -> dict[str, PendingHumanReviewModel]:
    """
    Get multiple reviews by their node execution IDs regardless of status.

@@ -292,21 +298,26 @@ async def get_reviews_by_node_exec_ids(
    if not reviews:
        return {}

-    # Batch fetch all node executions to avoid N+1 queries
-    node_exec_ids_to_fetch = [review.nodeExecId for review in reviews]
-    node_execs = await AgentNodeExecution.prisma().find_many(
-        where={"id": {"in": node_exec_ids_to_fetch}},
-        include={"Node": True},
-    )
-
-    # Create mapping from node_exec_id to node_id
-    node_exec_id_to_node_id = {
-        node_exec.id: node_exec.agentNodeId for node_exec in node_execs
+    # Split into synthetic (CoPilot) and real IDs for different resolution paths
+    synthetic_ids = {
+        r.nodeExecId for r in reviews if is_copilot_synthetic_id(r.nodeExecId)
    }
+    real_ids = [r.nodeExecId for r in reviews if r.nodeExecId not in synthetic_ids]
+
+    # Batch fetch real node executions to avoid N+1 queries
+    node_exec_id_to_node_id: dict[str, str] = {}
+    if real_ids:
+        node_execs = await AgentNodeExecution.prisma().find_many(
+            where={"id": {"in": real_ids}},
+        )
+        node_exec_id_to_node_id = {ne.id: ne.agentNodeId for ne in node_execs}

    result = {}
    for review in reviews:
-        node_id = node_exec_id_to_node_id.get(review.nodeExecId, review.nodeExecId)
+        if review.nodeExecId in synthetic_ids:
+            node_id = parse_node_id_from_exec_id(review.nodeExecId)
+        else:
+            node_id = node_exec_id_to_node_id.get(review.nodeExecId, review.nodeExecId)
        result[review.nodeExecId] = PendingHumanReviewModel.from_db(
            review, node_id=node_id
        )
@@ -331,6 +342,19 @@ async def has_pending_reviews_for_graph_exec(graph_exec_id: str) -> bool:
    return count > 0


+async def _resolve_node_id(node_exec_id: str, get_node_execution) -> str:
+    """Resolve node_id from a node_exec_id.
+
+    For CoPilot synthetic IDs (e.g. copilot-node-block-id:abc12345),
+    extract the node_id portion (copilot-node-block-id).
+    For real graph executions, look up the NodeExecution record.
+    """
+    if is_copilot_synthetic_id(node_exec_id):
+        return parse_node_id_from_exec_id(node_exec_id)
+    node_exec = await get_node_execution(node_exec_id)
+    return node_exec.node_id if node_exec else node_exec_id
+
+
 async def get_pending_reviews_for_user(
    user_id: str, page: int = 1, page_size: int = 25
 ) -> list["PendingHumanReviewModel"]:
@@ -361,8 +385,7 @@ async def get_pending_reviews_for_user(
    # Fetch node_id for each review from NodeExecution
    result = []
    for review in reviews:
-        node_exec = await get_node_execution(review.nodeExecId)
-        node_id = node_exec.node_id if node_exec else review.nodeExecId
+        node_id = await _resolve_node_id(review.nodeExecId, get_node_execution)
        result.append(PendingHumanReviewModel.from_db(review, node_id=node_id))

    return result
@@ -370,7 +393,7 @@ async def get_pending_reviews_for_user(

 async def get_pending_reviews_for_execution(
    graph_exec_id: str, user_id: str
-) -> list["PendingHumanReviewModel"]:
+) -> list[PendingHumanReviewModel]:
    """
    Get all pending reviews for a specific graph execution.

@@ -396,8 +419,7 @@ async def get_pending_reviews_for_execution(
    # Fetch node_id for each review from NodeExecution
    result = []
    for review in reviews:
-        node_exec = await get_node_execution(review.nodeExecId)
-        node_id = node_exec.node_id if node_exec else review.nodeExecId
+        node_id = await _resolve_node_id(review.nodeExecId, get_node_execution)
        result.append(PendingHumanReviewModel.from_db(review, node_id=node_id))

    return result
@@ -509,8 +531,12 @@ async def process_all_reviews_for_execution(

    result = {}
    for review in all_result_reviews:
-        node_exec = await get_node_execution(review.nodeExecId)
-        node_id = node_exec.node_id if node_exec else review.nodeExecId
+        if is_copilot_synthetic_id(review.nodeExecId):
+            # CoPilot synthetic node_exec_ids encode node_id as "{node_id}:{random}"
+            node_id = parse_node_id_from_exec_id(review.nodeExecId)
+        else:
+            node_exec = await get_node_execution(review.nodeExecId)
+            node_id = node_exec.node_id if node_exec else review.nodeExecId
        result[review.nodeExecId] = PendingHumanReviewModel.from_db(
            review, node_id=node_id
        )
@@ -564,3 +590,21 @@ async def cancel_pending_reviews_for_execution(graph_exec_id: str, user_id: str)
        },
    )
    return result
+
+
+async def delete_review_by_node_exec_id(node_exec_id: str, user_id: str) -> int:
+    """Delete a review record by node execution ID after it has been consumed.
+
+    Used by CoPilot's continue_run_block to clean up one-time-use review records
+    after successful execution.
+
+    Args:
+        node_exec_id: The node execution ID of the review to delete
+        user_id: User ID for authorization
+
+    Returns:
+        Number of records deleted
+    """
+    return await PendingHumanReview.prisma().delete_many(
+        where={"nodeExecId": node_exec_id, "userId": user_id}
+    )
--- a/autogpt_platform/backend/backend/data/invited_user.py
+++ b/autogpt_platform/backend/backend/data/invited_user.py
@@ -0,0 +1,750 @@
+import asyncio
+import csv
+import io
+import logging
+import os
+import re
+import socket
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from typing import Any, Literal, Optional
+from uuid import uuid4
+
+import prisma.enums
+import prisma.models
+import prisma.types
+from prisma.errors import UniqueViolationError
+from pydantic import BaseModel, EmailStr, TypeAdapter, ValidationError
+
+from backend.data.db import transaction
+from backend.data.model import User
+from backend.data.redis_client import get_redis_async
+from backend.data.tally import get_business_understanding_input_from_tally, mask_email
+from backend.data.understanding import (
+    BusinessUnderstandingInput,
+    merge_business_understanding_data,
+)
+from backend.data.user import get_user_by_email, get_user_by_id
+from backend.executor.cluster_lock import AsyncClusterLock
+from backend.util.exceptions import (
+    NotAuthorizedError,
+    NotFoundError,
+    PreconditionFailed,
+)
+from backend.util.json import SafeJson
+from backend.util.settings import Settings
+
+logger = logging.getLogger(__name__)
+_settings = Settings()
+
+_WORKER_ID = f"{socket.gethostname()}:{os.getpid()}"
+
+_tally_seed_tasks: dict[str, asyncio.Task] = {}
+_TALLY_STALE_SECONDS = 300
+_MAX_TALLY_ERROR_LENGTH = 200
+_email_adapter = TypeAdapter(EmailStr)
+
+MAX_BULK_INVITE_FILE_BYTES = 1024 * 1024
+MAX_BULK_INVITE_ROWS = 500
+
+
+class InvitedUserRecord(BaseModel):
+    id: str
+    email: str
+    status: prisma.enums.InvitedUserStatus
+    auth_user_id: Optional[str] = None
+    name: Optional[str] = None
+    tally_understanding: Optional[dict[str, Any]] = None
+    tally_status: prisma.enums.TallyComputationStatus
+    tally_computed_at: Optional[datetime] = None
+    tally_error: Optional[str] = None
+    created_at: datetime
+    updated_at: datetime
+
+    @classmethod
+    def from_db(cls, invited_user: "prisma.models.InvitedUser") -> "InvitedUserRecord":
+        payload = (
+            invited_user.tallyUnderstanding
+            if isinstance(invited_user.tallyUnderstanding, dict)
+            else None
+        )
+        return cls(
+            id=invited_user.id,
+            email=invited_user.email,
+            status=invited_user.status,
+            auth_user_id=invited_user.authUserId,
+            name=invited_user.name,
+            tally_understanding=payload,
+            tally_status=invited_user.tallyStatus,
+            tally_computed_at=invited_user.tallyComputedAt,
+            tally_error=invited_user.tallyError,
+            created_at=invited_user.createdAt,
+            updated_at=invited_user.updatedAt,
+        )
+
+
+class BulkInvitedUserRowResult(BaseModel):
+    row_number: int
+    email: Optional[str] = None
+    name: Optional[str] = None
+    status: Literal["CREATED", "SKIPPED", "ERROR"]
+    message: str
+    invited_user: Optional[InvitedUserRecord] = None
+
+
+class BulkInvitedUsersResult(BaseModel):
+    created_count: int
+    skipped_count: int
+    error_count: int
+    results: list[BulkInvitedUserRowResult]
+
+
+@dataclass(frozen=True)
+class _ParsedInviteRow:
+    row_number: int
+    email: str
+    name: Optional[str]
+
+
+def normalize_email(email: str) -> str:
+    return email.strip().lower()
+
+
+def _normalize_name(name: Optional[str]) -> Optional[str]:
+    if name is None:
+        return None
+    normalized = name.strip()
+    return normalized or None
+
+
+def _default_profile_name(email: str, preferred_name: Optional[str]) -> str:
+    if preferred_name:
+        return preferred_name
+    local_part = email.split("@", 1)[0].strip()
+    return local_part or "user"
+
+
+def _sanitize_username_base(email: str) -> str:
+    local_part = email.split("@", 1)[0].lower()
+    sanitized = re.sub(r"[^a-z0-9-]", "", local_part)
+    sanitized = sanitized.strip("-")
+    return sanitized[:40] or "user"
+
+
+async def _generate_unique_profile_username(email: str, tx) -> str:
+    base = _sanitize_username_base(email)
+
+    for _ in range(2):
+        candidate = f"{base}-{uuid4().hex[:6]}"
+        existing = await prisma.models.Profile.prisma(tx).find_unique(
+            where={"username": candidate}
+        )
+        if existing is None:
+            return candidate
+
+    raise RuntimeError(f"Unable to generate unique username for {email}")
+
+
+async def _ensure_default_profile(
+    user_id: str,
+    email: str,
+    preferred_name: Optional[str],
+    tx,
+) -> None:
+    existing_profile = await prisma.models.Profile.prisma(tx).find_unique(
+        where={"userId": user_id}
+    )
+    if existing_profile is not None:
+        return
+
+    username = await _generate_unique_profile_username(email, tx)
+    await prisma.models.Profile.prisma(tx).create(
+        data=prisma.types.ProfileCreateInput(
+            userId=user_id,
+            name=_default_profile_name(email, preferred_name),
+            username=username,
+            description="I'm new here",
+            links=[],
+            avatarUrl="",
+        )
+    )
+
+
+async def _ensure_default_onboarding(user_id: str, tx) -> None:
+    await prisma.models.UserOnboarding.prisma(tx).upsert(
+        where={"userId": user_id},
+        data={
+            "create": prisma.types.UserOnboardingCreateInput(userId=user_id),
+            "update": {},
+        },
+    )
+
+
+async def _apply_tally_understanding(
+    user_id: str,
+    invited_user: "prisma.models.InvitedUser",
+    tx,
+) -> None:
+    if not isinstance(invited_user.tallyUnderstanding, dict):
+        return
+
+    try:
+        input_data = BusinessUnderstandingInput.model_validate(
+            invited_user.tallyUnderstanding
+        )
+    except Exception:
+        logger.warning(
+            "Malformed tallyUnderstanding for invited user %s; skipping",
+            invited_user.id,
+            exc_info=True,
+        )
+        return
+
+    payload = merge_business_understanding_data({}, input_data)
+    await prisma.models.CoPilotUnderstanding.prisma(tx).upsert(
+        where={"userId": user_id},
+        data={
+            "create": {"userId": user_id, "data": SafeJson(payload)},
+            "update": {"data": SafeJson(payload)},
+        },
+    )
+
+
+async def list_invited_users(
+    page: int = 1,
+    page_size: int = 50,
+) -> tuple[list[InvitedUserRecord], int]:
+    total = await prisma.models.InvitedUser.prisma().count()
+    invited_users = await prisma.models.InvitedUser.prisma().find_many(
+        order={"createdAt": "desc"},
+        skip=(page - 1) * page_size,
+        take=page_size,
+    )
+    return [InvitedUserRecord.from_db(iu) for iu in invited_users], total
+
+
+async def create_invited_user(
+    email: str, name: Optional[str] = None
+) -> InvitedUserRecord:
+    normalized_email = normalize_email(email)
+    normalized_name = _normalize_name(name)
+
+    existing_user = await prisma.models.User.prisma().find_unique(
+        where={"email": normalized_email}
+    )
+    if existing_user is not None:
+        raise PreconditionFailed("An active user with this email already exists")
+
+    existing_invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"email": normalized_email}
+    )
+    if existing_invited_user is not None:
+        raise PreconditionFailed("An invited user with this email already exists")
+
+    try:
+        invited_user = await prisma.models.InvitedUser.prisma().create(
+            data={
+                "email": normalized_email,
+                "name": normalized_name,
+                "status": prisma.enums.InvitedUserStatus.INVITED,
+                "tallyStatus": prisma.enums.TallyComputationStatus.PENDING,
+            }
+        )
+    except UniqueViolationError:
+        raise PreconditionFailed("An invited user with this email already exists")
+    schedule_invited_user_tally_precompute(invited_user.id)
+    return InvitedUserRecord.from_db(invited_user)
+
+
+async def revoke_invited_user(invited_user_id: str) -> InvitedUserRecord:
+    invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"id": invited_user_id}
+    )
+    if invited_user is None:
+        raise NotFoundError(f"Invited user {invited_user_id} not found")
+
+    if invited_user.status == prisma.enums.InvitedUserStatus.CLAIMED:
+        raise PreconditionFailed("Claimed invited users cannot be revoked")
+
+    if invited_user.status == prisma.enums.InvitedUserStatus.REVOKED:
+        return InvitedUserRecord.from_db(invited_user)
+
+    revoked_user = await prisma.models.InvitedUser.prisma().update(
+        where={"id": invited_user_id},
+        data={"status": prisma.enums.InvitedUserStatus.REVOKED},
+    )
+    if revoked_user is None:
+        raise NotFoundError(f"Invited user {invited_user_id} not found")
+    return InvitedUserRecord.from_db(revoked_user)
+
+
+async def retry_invited_user_tally(invited_user_id: str) -> InvitedUserRecord:
+    invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"id": invited_user_id}
+    )
+    if invited_user is None:
+        raise NotFoundError(f"Invited user {invited_user_id} not found")
+
+    if invited_user.status == prisma.enums.InvitedUserStatus.REVOKED:
+        raise PreconditionFailed("Revoked invited users cannot retry Tally seeding")
+
+    refreshed_user = await prisma.models.InvitedUser.prisma().update(
+        where={"id": invited_user_id},
+        data={
+            "tallyUnderstanding": None,
+            "tallyStatus": prisma.enums.TallyComputationStatus.PENDING,
+            "tallyComputedAt": None,
+            "tallyError": None,
+        },
+    )
+    if refreshed_user is None:
+        raise NotFoundError(f"Invited user {invited_user_id} not found")
+    schedule_invited_user_tally_precompute(invited_user_id)
+    return InvitedUserRecord.from_db(refreshed_user)
+
+
+def _decode_bulk_invite_file(content: bytes) -> str:
+    if len(content) > MAX_BULK_INVITE_FILE_BYTES:
+        raise ValueError("Invite file exceeds the maximum size of 1 MB")
+
+    try:
+        return content.decode("utf-8-sig")
+    except UnicodeDecodeError as exc:
+        raise ValueError("Invite file must be UTF-8 encoded") from exc
+
+
+def _parse_bulk_invite_csv(text: str) -> list[_ParsedInviteRow]:
+    indexed_rows: list[tuple[int, list[str]]] = []
+
+    for row_number, row in enumerate(csv.reader(io.StringIO(text)), start=1):
+        normalized_row = [cell.strip() for cell in row]
+        if any(normalized_row):
+            indexed_rows.append((row_number, normalized_row))
+
+    if not indexed_rows:
+        return []
+
+    header = [cell.lower() for cell in indexed_rows[0][1]]
+    has_header = "email" in header
+    email_index = header.index("email") if has_header else 0
+    name_index: Optional[int] = (
+        header.index("name")
+        if has_header and "name" in header
+        else (1 if not has_header else None)
+    )
+    data_rows = indexed_rows[1:] if has_header else indexed_rows
+
+    parsed_rows: list[_ParsedInviteRow] = []
+    for row_number, row in data_rows:
+        if len(parsed_rows) >= MAX_BULK_INVITE_ROWS:
+            break
+        email = row[email_index].strip() if len(row) > email_index else ""
+        name = (
+            row[name_index].strip()
+            if name_index is not None and len(row) > name_index
+            else ""
+        )
+        parsed_rows.append(
+            _ParsedInviteRow(
+                row_number=row_number,
+                email=email,
+                name=name or None,
+            )
+        )
+
+    return parsed_rows
+
+
+def _parse_bulk_invite_text(text: str) -> list[_ParsedInviteRow]:
+    parsed_rows: list[_ParsedInviteRow] = []
+
+    for row_number, raw_line in enumerate(text.splitlines(), start=1):
+        if len(parsed_rows) >= MAX_BULK_INVITE_ROWS:
+            break
+        line = raw_line.strip()
+        if not line or line.startswith("#"):
+            continue
+
+        parsed_rows.append(
+            _ParsedInviteRow(
+                row_number=row_number,
+                email=line,
+                name=None,
+            )
+        )
+
+    return parsed_rows
+
+
+def _parse_bulk_invite_file(
+    filename: Optional[str],
+    content: bytes,
+) -> list[_ParsedInviteRow]:
+    text = _decode_bulk_invite_file(content)
+    file_name = filename.lower() if filename else ""
+    parsed_rows = (
+        _parse_bulk_invite_csv(text)
+        if file_name.endswith(".csv")
+        else _parse_bulk_invite_text(text)
+    )
+
+    if not parsed_rows:
+        raise ValueError("Invite file did not contain any emails")
+
+    return parsed_rows
+
+
+async def bulk_create_invited_users_from_file(
+    filename: Optional[str],
+    content: bytes,
+) -> BulkInvitedUsersResult:
+    parsed_rows = _parse_bulk_invite_file(filename, content)
+
+    created_count = 0
+    skipped_count = 0
+    error_count = 0
+    results: list[BulkInvitedUserRowResult] = []
+    seen_emails: set[str] = set()
+
+    for row in parsed_rows:
+        row_name = _normalize_name(row.name)
+
+        try:
+            validated_email = _email_adapter.validate_python(row.email)
+        except ValidationError:
+            error_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=row.email or None,
+                    name=row_name,
+                    status="ERROR",
+                    message="Invalid email address",
+                )
+            )
+            continue
+
+        normalized_email = normalize_email(str(validated_email))
+        if normalized_email in seen_emails:
+            skipped_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=normalized_email,
+                    name=row_name,
+                    status="SKIPPED",
+                    message="Duplicate email in upload file",
+                )
+            )
+            continue
+
+        seen_emails.add(normalized_email)
+
+        try:
+            invited_user = await create_invited_user(normalized_email, row_name)
+        except PreconditionFailed as exc:
+            skipped_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=normalized_email,
+                    name=row_name,
+                    status="SKIPPED",
+                    message=str(exc),
+                )
+            )
+        except Exception:
+            masked = mask_email(normalized_email)
+            logger.exception(
+                "Failed to create bulk invite for row %s (%s)",
+                row.row_number,
+                masked,
+            )
+            error_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=normalized_email,
+                    name=row_name,
+                    status="ERROR",
+                    message="Unexpected error creating invite",
+                )
+            )
+        else:
+            created_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=normalized_email,
+                    name=row_name,
+                    status="CREATED",
+                    message="Invite created",
+                    invited_user=invited_user,
+                )
+            )
+
+    return BulkInvitedUsersResult(
+        created_count=created_count,
+        skipped_count=skipped_count,
+        error_count=error_count,
+        results=results,
+    )
+
+
+async def _compute_invited_user_tally_seed(invited_user_id: str) -> None:
+    invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"id": invited_user_id}
+    )
+    if invited_user is None:
+        return
+
+    if invited_user.status == prisma.enums.InvitedUserStatus.REVOKED:
+        return
+
+    try:
+        r = await get_redis_async()
+    except Exception:
+        r = None
+
+    lock: AsyncClusterLock | None = None
+
+    if r is not None:
+        lock = AsyncClusterLock(
+            redis=r,
+            key=f"tally_seed:{invited_user_id}",
+            owner_id=_WORKER_ID,
+            timeout=_TALLY_STALE_SECONDS,
+        )
+        current_owner = await lock.try_acquire()
+
+        if current_owner is None:
+            logger.warn("Redis unvailable for tally lock - skipping tally enrichement")
+            return
+        elif current_owner != _WORKER_ID:
+            logger.debug(
+                "Tally seed for %s already locked by %s, skipping",
+                invited_user_id,
+                current_owner,
+            )
+            return
+    if (
+        invited_user.tallyStatus == prisma.enums.TallyComputationStatus.RUNNING
+        and invited_user.updatedAt is not None
+    ):
+        age = (datetime.now(timezone.utc) - invited_user.updatedAt).total_seconds()
+        if age < _TALLY_STALE_SECONDS:
+            logger.debug(
+                "Tally task for %s still RUNNING (age=%ds), skipping",
+                invited_user_id,
+                int(age),
+            )
+            return
+        logger.info(
+            "Tally task for %s is stale (age=%ds), re-running",
+            invited_user_id,
+            int(age),
+        )
+
+    await prisma.models.InvitedUser.prisma().update(
+        where={"id": invited_user_id},
+        data={
+            "tallyStatus": prisma.enums.TallyComputationStatus.RUNNING,
+            "tallyError": None,
+        },
+    )
+
+    try:
+        input_data = await get_business_understanding_input_from_tally(
+            invited_user.email,
+            require_api_key=True,
+        )
+        payload = (
+            SafeJson(input_data.model_dump(exclude_none=True))
+            if input_data is not None
+            else None
+        )
+        await prisma.models.InvitedUser.prisma().update(
+            where={"id": invited_user_id},
+            data={
+                "tallyUnderstanding": payload,
+                "tallyStatus": prisma.enums.TallyComputationStatus.READY,
+                "tallyComputedAt": datetime.now(timezone.utc),
+                "tallyError": None,
+            },
+        )
+    except Exception as exc:
+        logger.exception(
+            "Failed to compute Tally understanding for invited user %s",
+            invited_user_id,
+        )
+        sanitized_error = re.sub(
+            r"https?://\S+", "<url>", f"{type(exc).__name__}: {exc}"
+        )[:_MAX_TALLY_ERROR_LENGTH]
+        await prisma.models.InvitedUser.prisma().update(
+            where={"id": invited_user_id},
+            data={
+                "tallyStatus": prisma.enums.TallyComputationStatus.FAILED,
+                "tallyError": sanitized_error,
+            },
+        )
+
+
+def schedule_invited_user_tally_precompute(invited_user_id: str) -> None:
+    existing = _tally_seed_tasks.get(invited_user_id)
+    if existing is not None and not existing.done():
+        logger.debug("Tally task already running for %s, skipping", invited_user_id)
+        return
+
+    task = asyncio.create_task(_compute_invited_user_tally_seed(invited_user_id))
+    _tally_seed_tasks[invited_user_id] = task
+
+    def _on_done(t: asyncio.Task, _id: str = invited_user_id) -> None:
+        if _tally_seed_tasks.get(_id) is t:
+            del _tally_seed_tasks[_id]
+
+    task.add_done_callback(_on_done)
+
+
+async def _open_signup_create_user(
+    auth_user_id: str,
+    normalized_email: str,
+    metadata_name: Optional[str],
+) -> User:
+    """Create a user without requiring an invite (open signup mode)."""
+    preferred_name = _normalize_name(metadata_name)
+    try:
+        async with transaction() as tx:
+            user = await prisma.models.User.prisma(tx).create(
+                data=prisma.types.UserCreateInput(
+                    id=auth_user_id,
+                    email=normalized_email,
+                    name=preferred_name,
+                )
+            )
+            await _ensure_default_profile(
+                auth_user_id, normalized_email, preferred_name, tx
+            )
+            await _ensure_default_onboarding(auth_user_id, tx)
+    except UniqueViolationError:
+        existing = await prisma.models.User.prisma().find_unique(
+            where={"id": auth_user_id}
+        )
+        if existing is not None:
+            return User.from_db(existing)
+        raise
+
+    return User.from_db(user)
+
+
+# TODO: We need to change this functions logic before going live
+async def get_or_activate_user(user_data: dict) -> User:
+    auth_user_id = user_data.get("sub")
+    if not auth_user_id:
+        raise NotAuthorizedError("User ID not found in token")
+
+    auth_email = user_data.get("email")
+    if not auth_email:
+        raise NotAuthorizedError("Email not found in token")
+
+    normalized_email = normalize_email(auth_email)
+    user_metadata = user_data.get("user_metadata")
+    metadata_name = (
+        user_metadata.get("name") if isinstance(user_metadata, dict) else None
+    )
+
+    existing_user = None
+    try:
+        existing_user = await get_user_by_id(auth_user_id)
+    except ValueError:
+        existing_user = None
+    except Exception:
+        logger.exception("Error on get user by id during tally enrichment process")
+        raise
+
+    if existing_user is not None:
+        return existing_user
+
+    if not _settings.config.enable_invite_gate or normalized_email.endswith("@agpt.co"):
+        return await _open_signup_create_user(
+            auth_user_id, normalized_email, metadata_name
+        )
+
+    invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"email": normalized_email}
+    )
+    if invited_user is None:
+        raise NotAuthorizedError("Your email is not allowed to access the platform")
+
+    if invited_user.status != prisma.enums.InvitedUserStatus.INVITED:
+        raise NotAuthorizedError("Your invitation is no longer active")
+
+    try:
+        async with transaction() as tx:
+            current_user = await prisma.models.User.prisma(tx).find_unique(
+                where={"id": auth_user_id}
+            )
+            if current_user is not None:
+                return User.from_db(current_user)
+
+            current_invited_user = await prisma.models.InvitedUser.prisma(
+                tx
+            ).find_unique(where={"email": normalized_email})
+            if current_invited_user is None:
+                raise NotAuthorizedError(
+                    "Your email is not allowed to access the platform"
+                )
+
+            if current_invited_user.status != prisma.enums.InvitedUserStatus.INVITED:
+                raise NotAuthorizedError("Your invitation is no longer active")
+
+            if current_invited_user.authUserId not in (None, auth_user_id):
+                raise NotAuthorizedError("Your invitation has already been claimed")
+
+            preferred_name = current_invited_user.name or _normalize_name(metadata_name)
+            await prisma.models.User.prisma(tx).create(
+                data=prisma.types.UserCreateInput(
+                    id=auth_user_id,
+                    email=normalized_email,
+                    name=preferred_name,
+                )
+            )
+
+            await prisma.models.InvitedUser.prisma(tx).update(
+                where={"id": current_invited_user.id},
+                data={
+                    "status": prisma.enums.InvitedUserStatus.CLAIMED,
+                    "authUserId": auth_user_id,
+                },
+            )
+
+            await _ensure_default_profile(
+                auth_user_id,
+                normalized_email,
+                preferred_name,
+                tx,
+            )
+            await _ensure_default_onboarding(auth_user_id, tx)
+            await _apply_tally_understanding(auth_user_id, current_invited_user, tx)
+    except UniqueViolationError:
+        logger.info("Concurrent activation for user %s; re-fetching", auth_user_id)
+        already_created = await prisma.models.User.prisma().find_unique(
+            where={"id": auth_user_id}
+        )
+        if already_created is not None:
+            return User.from_db(already_created)
+        raise RuntimeError(
+            f"UniqueViolationError during activation but user {auth_user_id} not found"
+        )
+
+    get_user_by_id.cache_delete(auth_user_id)
+    get_user_by_email.cache_delete(normalized_email)
+
+    activated_user = await prisma.models.User.prisma().find_unique(
+        where={"id": auth_user_id}
+    )
+    if activated_user is None:
+        raise RuntimeError(
+            f"Activated user {auth_user_id} was not found after creation"
+        )
+
+    return User.from_db(activated_user)
--- a/autogpt_platform/backend/backend/data/invited_user_test.py
+++ b/autogpt_platform/backend/backend/data/invited_user_test.py
@@ -0,0 +1,335 @@
+from contextlib import asynccontextmanager
+from datetime import datetime, timezone
+from types import SimpleNamespace
+from typing import cast
+from unittest.mock import AsyncMock, Mock
+
+import prisma.enums
+import prisma.models
+import pytest
+import pytest_mock
+
+from backend.util.exceptions import NotAuthorizedError, PreconditionFailed
+
+from .invited_user import (
+    InvitedUserRecord,
+    bulk_create_invited_users_from_file,
+    create_invited_user,
+    get_or_activate_user,
+    retry_invited_user_tally,
+)
+
+
+def _invited_user_db_record(
+    *,
+    status: prisma.enums.InvitedUserStatus = prisma.enums.InvitedUserStatus.INVITED,
+    tally_understanding: dict | None = None,
+):
+    now = datetime.now(timezone.utc)
+    return SimpleNamespace(
+        id="invite-1",
+        email="invited@example.com",
+        status=status,
+        authUserId=None,
+        name="Invited User",
+        tallyUnderstanding=tally_understanding,
+        tallyStatus=prisma.enums.TallyComputationStatus.PENDING,
+        tallyComputedAt=None,
+        tallyError=None,
+        createdAt=now,
+        updatedAt=now,
+    )
+
+
+def _invited_user_record(
+    *,
+    status: prisma.enums.InvitedUserStatus = prisma.enums.InvitedUserStatus.INVITED,
+    tally_understanding: dict | None = None,
+):
+    return InvitedUserRecord.from_db(
+        cast(
+            prisma.models.InvitedUser,
+            _invited_user_db_record(
+                status=status,
+                tally_understanding=tally_understanding,
+            ),
+        )
+    )
+
+
+def _user_db_record():
+    now = datetime.now(timezone.utc)
+    return SimpleNamespace(
+        id="auth-user-1",
+        email="invited@example.com",
+        emailVerified=True,
+        name="Invited User",
+        createdAt=now,
+        updatedAt=now,
+        metadata={},
+        integrations="",
+        stripeCustomerId=None,
+        topUpConfig=None,
+        maxEmailsPerDay=3,
+        notifyOnAgentRun=True,
+        notifyOnZeroBalance=True,
+        notifyOnLowBalance=True,
+        notifyOnBlockExecutionFailed=True,
+        notifyOnContinuousAgentError=True,
+        notifyOnDailySummary=True,
+        notifyOnWeeklySummary=True,
+        notifyOnMonthlySummary=True,
+        notifyOnAgentApproved=True,
+        notifyOnAgentRejected=True,
+        timezone="not-set",
+    )
+
+
+@pytest.mark.asyncio
+async def test_create_invited_user_rejects_existing_active_user(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    user_repo = Mock()
+    user_repo.find_unique = AsyncMock(return_value=_user_db_record())
+    invited_user_repo = Mock()
+    invited_user_repo.find_unique = AsyncMock()
+
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.User.prisma", return_value=user_repo
+    )
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        return_value=invited_user_repo,
+    )
+
+    with pytest.raises(PreconditionFailed):
+        await create_invited_user("Invited@example.com")
+
+
+@pytest.mark.asyncio
+async def test_create_invited_user_schedules_tally_seed(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    user_repo = Mock()
+    user_repo.find_unique = AsyncMock(return_value=None)
+    invited_user_repo = Mock()
+    invited_user_repo.find_unique = AsyncMock(return_value=None)
+    invited_user_repo.create = AsyncMock(return_value=_invited_user_db_record())
+    schedule = mocker.patch(
+        "backend.data.invited_user.schedule_invited_user_tally_precompute"
+    )
+
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.User.prisma", return_value=user_repo
+    )
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        return_value=invited_user_repo,
+    )
+
+    invited_user = await create_invited_user("Invited@example.com", "Invited User")
+
+    assert invited_user.email == "invited@example.com"
+    invited_user_repo.create.assert_awaited_once()
+    schedule.assert_called_once_with("invite-1")
+
+
+@pytest.mark.asyncio
+async def test_retry_invited_user_tally_resets_state_and_schedules(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    invited_user_repo = Mock()
+    invited_user_repo.find_unique = AsyncMock(return_value=_invited_user_db_record())
+    invited_user_repo.update = AsyncMock(return_value=_invited_user_db_record())
+    schedule = mocker.patch(
+        "backend.data.invited_user.schedule_invited_user_tally_precompute"
+    )
+
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        return_value=invited_user_repo,
+    )
+
+    invited_user = await retry_invited_user_tally("invite-1")
+
+    assert invited_user.id == "invite-1"
+    invited_user_repo.update.assert_awaited_once()
+    schedule.assert_called_once_with("invite-1")
+
+
+@pytest.mark.asyncio
+async def test_get_or_activate_user_requires_invite(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    invited_user_repo = Mock()
+    invited_user_repo.find_unique = AsyncMock(return_value=None)
+
+    mock_get_user_by_id = AsyncMock(side_effect=ValueError("User not found"))
+    mock_get_user_by_id.cache_delete = Mock()
+    mocker.patch(
+        "backend.data.invited_user.get_user_by_id",
+        mock_get_user_by_id,
+    )
+    mocker.patch(
+        "backend.data.invited_user._settings.config.enable_invite_gate",
+        True,
+    )
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        return_value=invited_user_repo,
+    )
+
+    with pytest.raises(NotAuthorizedError):
+        await get_or_activate_user(
+            {"sub": "auth-user-1", "email": "invited@example.com"}
+        )
+
+
+@pytest.mark.asyncio
+async def test_get_or_activate_user_creates_user_from_invite(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    tx = object()
+    invited_user = _invited_user_db_record(
+        tally_understanding={"user_name": "Invited User", "industry": "Automation"}
+    )
+    created_user = _user_db_record()
+
+    outside_user_repo = Mock()
+    # Only called once at post-transaction verification (line 741);
+    # get_user_by_id (line 657) uses prisma.user.find_unique, not this mock.
+    outside_user_repo.find_unique = AsyncMock(return_value=created_user)
+
+    inside_user_repo = Mock()
+    inside_user_repo.find_unique = AsyncMock(return_value=None)
+    inside_user_repo.create = AsyncMock(return_value=created_user)
+
+    outside_invited_repo = Mock()
+    outside_invited_repo.find_unique = AsyncMock(return_value=invited_user)
+
+    inside_invited_repo = Mock()
+    inside_invited_repo.find_unique = AsyncMock(return_value=invited_user)
+    inside_invited_repo.update = AsyncMock(return_value=invited_user)
+
+    def user_prisma(client=None):
+        return inside_user_repo if client is tx else outside_user_repo
+
+    def invited_user_prisma(client=None):
+        return inside_invited_repo if client is tx else outside_invited_repo
+
+    @asynccontextmanager
+    async def fake_transaction():
+        yield tx
+
+    # Mock get_user_by_id since it uses prisma.user.find_unique (global client),
+    # not prisma.models.User.prisma().find_unique which we mock above.
+    mock_get_user_by_id = AsyncMock(side_effect=ValueError("User not found"))
+    mock_get_user_by_id.cache_delete = Mock()
+    mocker.patch(
+        "backend.data.invited_user.get_user_by_id",
+        mock_get_user_by_id,
+    )
+    mock_get_user_by_email = AsyncMock()
+    mock_get_user_by_email.cache_delete = Mock()
+    mocker.patch(
+        "backend.data.invited_user.get_user_by_email",
+        mock_get_user_by_email,
+    )
+    ensure_profile = mocker.patch(
+        "backend.data.invited_user._ensure_default_profile",
+        AsyncMock(),
+    )
+    ensure_onboarding = mocker.patch(
+        "backend.data.invited_user._ensure_default_onboarding",
+        AsyncMock(),
+    )
+    apply_tally = mocker.patch(
+        "backend.data.invited_user._apply_tally_understanding",
+        AsyncMock(),
+    )
+    mocker.patch("backend.data.invited_user.transaction", fake_transaction)
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.User.prisma", side_effect=user_prisma
+    )
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        side_effect=invited_user_prisma,
+    )
+
+    user = await get_or_activate_user(
+        {
+            "sub": "auth-user-1",
+            "email": "Invited@example.com",
+            "user_metadata": {"name": "Invited User"},
+        }
+    )
+
+    assert user.id == "auth-user-1"
+    inside_user_repo.create.assert_awaited_once()
+    inside_invited_repo.update.assert_awaited_once()
+    ensure_profile.assert_awaited_once()
+    ensure_onboarding.assert_awaited_once_with("auth-user-1", tx)
+    apply_tally.assert_awaited_once_with("auth-user-1", invited_user, tx)
+
+
+@pytest.mark.asyncio
+async def test_bulk_create_invited_users_from_text_file(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    create_invited = mocker.patch(
+        "backend.data.invited_user.create_invited_user",
+        AsyncMock(
+            side_effect=[
+                _invited_user_record(),
+                _invited_user_record(),
+            ]
+        ),
+    )
+
+    result = await bulk_create_invited_users_from_file(
+        "invites.txt",
+        b"Invited@example.com\nsecond@example.com\n",
+    )
+
+    assert result.created_count == 2
+    assert result.skipped_count == 0
+    assert result.error_count == 0
+    assert [row.status for row in result.results] == ["CREATED", "CREATED"]
+    assert create_invited.await_count == 2
+
+
+@pytest.mark.asyncio
+async def test_bulk_create_invited_users_handles_csv_duplicates_and_invalid_rows(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    create_invited = mocker.patch(
+        "backend.data.invited_user.create_invited_user",
+        AsyncMock(
+            side_effect=[
+                _invited_user_record(),
+                PreconditionFailed("An invited user with this email already exists"),
+            ]
+        ),
+    )
+
+    result = await bulk_create_invited_users_from_file(
+        "invites.csv",
+        (
+            "email,name\n"
+            "valid@example.com,Valid User\n"
+            "not-an-email,Bad Row\n"
+            "valid@example.com,Duplicate In File\n"
+            "existing@example.com,Existing User\n"
+        ).encode("utf-8"),
+    )
+
+    assert result.created_count == 1
+    assert result.skipped_count == 2
+    assert result.error_count == 1
+    assert [row.status for row in result.results] == [
+        "CREATED",
+        "ERROR",
+        "SKIPPED",
+        "SKIPPED",
+    ]
+    assert create_invited.await_count == 2
--- a/autogpt_platform/backend/backend/data/notification_bus.py
+++ b/autogpt_platform/backend/backend/data/notification_bus.py
@@ -8,6 +8,8 @@ from backend.api.model import NotificationPayload
 from backend.data.event_bus import AsyncRedisEventBus
 from backend.util.settings import Settings

+_settings = Settings()
+

 class NotificationEvent(BaseModel):
    """Generic notification event destined for websocket delivery."""
@@ -26,7 +28,7 @@ class AsyncRedisNotificationEventBus(AsyncRedisEventBus[NotificationEvent]):

    @property
    def event_bus_name(self) -> str:
-        return Settings().config.notification_event_bus_name
+        return _settings.config.notification_event_bus_name

    async def publish(self, event: NotificationEvent) -> None:
        await self.publish_event(event, event.user_id)
--- a/autogpt_platform/backend/backend/data/tally.py
+++ b/autogpt_platform/backend/backend/data/tally.py
@@ -41,7 +41,7 @@ _MAX_PAGES = 100
 _LLM_TIMEOUT = 30


-def _mask_email(email: str) -> str:
+def mask_email(email: str) -> str:
    """Mask an email for safe logging: 'alice@example.com' -> 'a***e@example.com'."""
    try:
        local, domain = email.rsplit("@", 1)
@@ -196,8 +196,7 @@ async def _refresh_cache(form_id: str) -> tuple[dict, list]:

    Returns (email_index, questions).
    """
-    settings = Settings()
-    client = _make_tally_client(settings.secrets.tally_api_key)
+    client = _make_tally_client(_settings.secrets.tally_api_key)

    redis = await get_redis_async()
    last_fetch_key = _LAST_FETCH_KEY.format(form_id=form_id)
@@ -332,6 +331,9 @@ Fields:
 - current_software (list of strings): software/tools currently used
 - existing_automation (list of strings): existing automations
 - additional_notes (string): any additional context
+- suggested_prompts (list of 5 strings): short action prompts (each under 20 words) that would help \
+this person get started with automating their work. Should be specific to their industry, role, and \
+pain points; actionable and conversational in tone; focused on automation opportunities.

 Form data:
 """
@@ -339,21 +341,21 @@ Form data:
 _EXTRACTION_SUFFIX = "\n\nReturn ONLY valid JSON."


-async def extract_business_understanding(
+async def extract_business_understanding_from_tally(
    formatted_text: str,
 ) -> BusinessUnderstandingInput:
-    """Use an LLM to extract structured business understanding from form text.
+    """
+    Use an LLM to extract structured business understanding from form text.

    Raises on timeout or unparseable response so the caller can handle it.
    """
-    settings = Settings()
-    api_key = settings.secrets.open_router_api_key
+    api_key = _settings.secrets.open_router_api_key
    client = AsyncOpenAI(api_key=api_key, base_url=OPENROUTER_BASE_URL)

    try:
        response = await asyncio.wait_for(
            client.chat.completions.create(
-                model="openai/gpt-4o-mini",
+                model=_settings.config.tally_extraction_llm_model,
                messages=[
                    {
                        "role": "user",
@@ -378,9 +380,57 @@ async def extract_business_understanding(

    # Filter out null values before constructing
    cleaned = {k: v for k, v in data.items() if v is not None}
+
+    # Validate suggested_prompts: filter >20 words, keep top 3
+    raw_prompts = cleaned.get("suggested_prompts", [])
+    if isinstance(raw_prompts, list):
+        valid = [
+            p.strip()
+            for p in raw_prompts
+            if isinstance(p, str) and len(p.strip().split()) <= 20
+        ]
+        # This will keep up to 3 suggestions
+        short_prompts = valid[:3] if valid else None
+        if short_prompts:
+            cleaned["suggested_prompts"] = short_prompts
+        else:
+            # We dont want to add a None value suggested_prompts field
+            cleaned.pop("suggested_prompts", None)
+    else:
+        # suggested_prompts must be a list - removing it as its not here
+        cleaned.pop("suggested_prompts", None)
+
    return BusinessUnderstandingInput(**cleaned)


+async def get_business_understanding_input_from_tally(
+    email: str,
+    *,
+    require_api_key: bool = False,
+) -> Optional[BusinessUnderstandingInput]:
+    if not _settings.secrets.tally_api_key:
+        if require_api_key:
+            raise RuntimeError("Tally API key is not configured")
+        logger.debug("Tally: no API key configured, skipping")
+        return None
+
+    masked = mask_email(email)
+    result = await find_submission_by_email(TALLY_FORM_ID, email)
+    if result is None:
+        logger.debug(f"Tally: no submission found for {masked}")
+        return None
+
+    submission, questions = result
+    logger.info(f"Tally: found submission for {masked}, extracting understanding")
+
+    formatted = format_submission_for_llm(submission, questions)
+    if not formatted.strip():
+        logger.warning("Tally: formatted submission was empty, skipping")
+        return None
+
+    return await extract_business_understanding_from_tally(formatted)
+
+
 async def populate_understanding_from_tally(user_id: str, email: str) -> None:
    """Main orchestrator: check Tally for a matching submission and populate understanding.

@@ -395,30 +445,10 @@ async def populate_understanding_from_tally(user_id: str, email: str) -> None:
            )
            return

-        # Check API key is configured
-        settings = Settings()
-        if not settings.secrets.tally_api_key:
-            logger.debug("Tally: no API key configured, skipping")
+        understanding_input = await get_business_understanding_input_from_tally(email)
+        if understanding_input is None:
            return

-        # Look up submission by email
-        masked = _mask_email(email)
-        result = await find_submission_by_email(TALLY_FORM_ID, email)
-        if result is None:
-            logger.debug(f"Tally: no submission found for {masked}")
-            return
-
-        submission, questions = result
-        logger.info(f"Tally: found submission for {masked}, extracting understanding")
-
-        # Format and extract
-        formatted = format_submission_for_llm(submission, questions)
-        if not formatted.strip():
-            logger.warning("Tally: formatted submission was empty, skipping")
-            return
-
-        understanding_input = await extract_business_understanding(formatted)
-
        # Upsert into database
        await upsert_business_understanding(user_id, understanding_input)
        logger.info(f"Tally: successfully populated understanding for user {user_id}")
--- a/autogpt_platform/backend/backend/data/tally_test.py
+++ b/autogpt_platform/backend/backend/data/tally_test.py
@@ -12,11 +12,11 @@ from backend.data.tally import (
    _build_email_index,
    _format_answer,
    _make_tally_client,
-    _mask_email,
    _refresh_cache,
-    extract_business_understanding,
+    extract_business_understanding_from_tally,
    find_submission_by_email,
    format_submission_for_llm,
+    mask_email,
    populate_understanding_from_tally,
 )

@@ -248,7 +248,7 @@ async def test_populate_understanding_skips_no_api_key():
            new_callable=AsyncMock,
            return_value=None,
        ),
-        patch("backend.data.tally.Settings", return_value=mock_settings),
+        patch("backend.data.tally._settings", mock_settings),
        patch(
            "backend.data.tally.find_submission_by_email",
            new_callable=AsyncMock,
@@ -284,6 +284,7 @@ async def test_populate_understanding_full_flow():
        ],
    }
    mock_input = MagicMock()
+    mock_input.suggested_prompts = ["Prompt 1", "Prompt 2", "Prompt 3"]

    with (
        patch(
@@ -291,14 +292,14 @@ async def test_populate_understanding_full_flow():
            new_callable=AsyncMock,
            return_value=None,
        ),
-        patch("backend.data.tally.Settings", return_value=mock_settings),
+        patch("backend.data.tally._settings", mock_settings),
        patch(
            "backend.data.tally.find_submission_by_email",
            new_callable=AsyncMock,
            return_value=(submission, SAMPLE_QUESTIONS),
        ),
        patch(
-            "backend.data.tally.extract_business_understanding",
+            "backend.data.tally.extract_business_understanding_from_tally",
            new_callable=AsyncMock,
            return_value=mock_input,
        ) as mock_extract,
@@ -331,14 +332,14 @@ async def test_populate_understanding_handles_llm_timeout():
            new_callable=AsyncMock,
            return_value=None,
        ),
-        patch("backend.data.tally.Settings", return_value=mock_settings),
+        patch("backend.data.tally._settings", mock_settings),
        patch(
            "backend.data.tally.find_submission_by_email",
            new_callable=AsyncMock,
            return_value=(submission, SAMPLE_QUESTIONS),
        ),
        patch(
-            "backend.data.tally.extract_business_understanding",
+            "backend.data.tally.extract_business_understanding_from_tally",
            new_callable=AsyncMock,
            side_effect=asyncio.TimeoutError(),
        ),
@@ -356,13 +357,13 @@ async def test_populate_understanding_handles_llm_timeout():


 def test_mask_email():
-    assert _mask_email("alice@example.com") == "a***e@example.com"
-    assert _mask_email("ab@example.com") == "a***@example.com"
-    assert _mask_email("a@example.com") == "a***@example.com"
+    assert mask_email("alice@example.com") == "a***e@example.com"
+    assert mask_email("ab@example.com") == "a***@example.com"
+    assert mask_email("a@example.com") == "a***@example.com"


 def test_mask_email_invalid():
-    assert _mask_email("no-at-sign") == "***"
+    assert mask_email("no-at-sign") == "***"


 # ── Prompt construction (curly-brace safety) ─────────────────────────────────
@@ -393,11 +394,11 @@ def test_extraction_prompt_no_format_placeholders():
    assert single_braces == [], f"Found format placeholders: {single_braces}"


-# ── extract_business_understanding ────────────────────────────────────────────
+# ── extract_business_understanding_from_tally ────────────────────────────────────────────


@pytest.mark.asyncio
-async def test_extract_business_understanding_success():
+async def test_extract_business_understanding_from_tally_success():
    """Happy path: LLM returns valid JSON that maps to BusinessUnderstandingInput."""
    mock_choice = MagicMock()
    mock_choice.message.content = json.dumps(
@@ -406,6 +407,13 @@ async def test_extract_business_understanding_success():
            "business_name": "Acme Corp",
            "industry": "Technology",
            "pain_points": ["manual reporting"],
+            "suggested_prompts": [
+                "Automate weekly reports",
+                "Set up invoice processing",
+                "Create a customer onboarding flow",
+                "Track project deadlines automatically",
+                "Send follow-up emails after meetings",
+            ],
        }
    )
    mock_response = MagicMock()
@@ -415,16 +423,56 @@ async def test_extract_business_understanding_success():
    mock_client.chat.completions.create.return_value = mock_response

    with patch("backend.data.tally.AsyncOpenAI", return_value=mock_client):
-        result = await extract_business_understanding("Q: Name?\nA: Alice")
+        result = await extract_business_understanding_from_tally("Q: Name?\nA: Alice")

    assert result.user_name == "Alice"
    assert result.business_name == "Acme Corp"
    assert result.industry == "Technology"
    assert result.pain_points == ["manual reporting"]
+    # suggested_prompts validated and sliced to top 3
+    assert result.suggested_prompts == [
+        "Automate weekly reports",
+        "Set up invoice processing",
+        "Create a customer onboarding flow",
+    ]


@pytest.mark.asyncio
-async def test_extract_business_understanding_filters_nulls():
+async def test_extract_business_understanding_from_tally_filters_long_prompts():
+    """Prompts exceeding 20 words are excluded and only top 3 are kept."""
+    long_prompt = " ".join(["word"] * 21)
+    mock_choice = MagicMock()
+    mock_choice.message.content = json.dumps(
+        {
+            "user_name": "Alice",
+            "suggested_prompts": [
+                long_prompt,
+                "Short prompt one",
+                long_prompt,
+                "Short prompt two",
+                "Short prompt three",
+                "Short prompt four",
+            ],
+        }
+    )
+    mock_response = MagicMock()
+    mock_response.choices = [mock_choice]
+
+    mock_client = AsyncMock()
+    mock_client.chat.completions.create.return_value = mock_response
+
+    with patch("backend.data.tally.AsyncOpenAI", return_value=mock_client):
+        result = await extract_business_understanding_from_tally("Q: Name?\nA: Alice")
+
+    assert result.suggested_prompts == [
+        "Short prompt one",
+        "Short prompt two",
+        "Short prompt three",
+    ]
+
+
+@pytest.mark.asyncio
+async def test_extract_business_understanding_from_tally_filters_nulls():
    """Null values from LLM should be excluded from the result."""
    mock_choice = MagicMock()
    mock_choice.message.content = json.dumps(
@@ -437,7 +485,7 @@ async def test_extract_business_understanding_filters_nulls():
    mock_client.chat.completions.create.return_value = mock_response

    with patch("backend.data.tally.AsyncOpenAI", return_value=mock_client):
-        result = await extract_business_understanding("Q: Name?\nA: Alice")
+        result = await extract_business_understanding_from_tally("Q: Name?\nA: Alice")

    assert result.user_name == "Alice"
    assert result.business_name is None
@@ -445,7 +493,7 @@ async def test_extract_business_understanding_filters_nulls():


@pytest.mark.asyncio
-async def test_extract_business_understanding_invalid_json():
+async def test_extract_business_understanding_from_tally_invalid_json():
    """Invalid JSON from LLM should raise JSONDecodeError."""
    mock_choice = MagicMock()
    mock_choice.message.content = "not valid json {"
@@ -459,11 +507,11 @@ async def test_extract_business_understanding_invalid_json():
        patch("backend.data.tally.AsyncOpenAI", return_value=mock_client),
        pytest.raises(json.JSONDecodeError),
    ):
-        await extract_business_understanding("Q: Name?\nA: Alice")
+        await extract_business_understanding_from_tally("Q: Name?\nA: Alice")


@pytest.mark.asyncio
-async def test_extract_business_understanding_timeout():
+async def test_extract_business_understanding_from_tally_timeout():
    """LLM timeout should propagate as asyncio.TimeoutError."""
    mock_client = AsyncMock()
    mock_client.chat.completions.create.side_effect = asyncio.TimeoutError()
@@ -473,7 +521,7 @@ async def test_extract_business_understanding_timeout():
        patch("backend.data.tally._LLM_TIMEOUT", 0.001),
        pytest.raises(asyncio.TimeoutError),
    ):
-        await extract_business_understanding("Q: Name?\nA: Alice")
+        await extract_business_understanding_from_tally("Q: Name?\nA: Alice")


 # ── _refresh_cache ───────────────────────────────────────────────────────────
@@ -492,7 +540,7 @@ async def test_refresh_cache_full_fetch():
    submissions = SAMPLE_SUBMISSIONS

    with (
-        patch("backend.data.tally.Settings", return_value=mock_settings),
+        patch("backend.data.tally._settings", mock_settings),
        patch(
            "backend.data.tally.get_redis_async",
            new_callable=AsyncMock,
@@ -540,7 +588,7 @@ async def test_refresh_cache_incremental_fetch():
    new_submissions = [SAMPLE_SUBMISSIONS[0]]  # Just Alice

    with (
-        patch("backend.data.tally.Settings", return_value=mock_settings),
+        patch("backend.data.tally._settings", mock_settings),
        patch(
            "backend.data.tally.get_redis_async",
            new_callable=AsyncMock,
--- a/autogpt_platform/backend/backend/data/understanding.py
+++ b/autogpt_platform/backend/backend/data/understanding.py
@@ -86,6 +86,11 @@ class BusinessUnderstandingInput(pydantic.BaseModel):
        None, description="Any additional context"
    )

+    # Suggested prompts (UI-only, not included in system prompt)
+    suggested_prompts: Optional[list[str]] = pydantic.Field(
+        None, description="LLM-generated suggested prompts based on business context"
+    )
+

 class BusinessUnderstanding(pydantic.BaseModel):
    """Full business understanding model returned from database."""
@@ -122,6 +127,9 @@ class BusinessUnderstanding(pydantic.BaseModel):
    # Additional context
    additional_notes: Optional[str] = None

+    # Suggested prompts (UI-only, not included in system prompt)
+    suggested_prompts: list[str] = pydantic.Field(default_factory=list)
+
    @classmethod
    def from_db(cls, db_record: CoPilotUnderstanding) -> "BusinessUnderstanding":
        """Convert database record to Pydantic model."""
@@ -149,6 +157,7 @@ class BusinessUnderstanding(pydantic.BaseModel):
            current_software=_json_to_list(business.get("current_software")),
            existing_automation=_json_to_list(business.get("existing_automation")),
            additional_notes=business.get("additional_notes"),
+            suggested_prompts=_json_to_list(data.get("suggested_prompts")),
        )


@@ -166,6 +175,62 @@ def _merge_lists(existing: list | None, new: list | None) -> list | None:
    return merged


+def merge_business_understanding_data(
+    existing_data: dict[str, Any],
+    input_data: BusinessUnderstandingInput,
+) -> dict[str, Any]:
+    merged_data = dict(existing_data)
+
+    merged_business: dict[str, Any] = {}
+    if isinstance(merged_data.get("business"), dict):
+        merged_business = dict(merged_data["business"])
+
+    business_string_fields = [
+        "job_title",
+        "business_name",
+        "industry",
+        "business_size",
+        "user_role",
+        "additional_notes",
+    ]
+    business_list_fields = [
+        "key_workflows",
+        "daily_activities",
+        "pain_points",
+        "bottlenecks",
+        "manual_tasks",
+        "automation_goals",
+        "current_software",
+        "existing_automation",
+    ]
+
+    if input_data.user_name is not None:
+        merged_data["name"] = input_data.user_name
+
+    for field in business_string_fields:
+        value = getattr(input_data, field)
+        if value is not None:
+            merged_business[field] = value
+
+    for field in business_list_fields:
+        value = getattr(input_data, field)
+        if value is not None:
+            existing_list = _json_to_list(merged_business.get(field))
+            merged_list = _merge_lists(existing_list, value)
+            merged_business[field] = merged_list
+
+    merged_business["version"] = 1
+    merged_data["business"] = merged_business
+
+    # suggested_prompts lives at the top level (not under `business`) because
+    # it's a UI-only artifact consumed by the frontend, not business understanding
+    # data. The `business` sub-dict feeds the system prompt.
+    if input_data.suggested_prompts is not None:
+        merged_data["suggested_prompts"] = input_data.suggested_prompts
+
+    return merged_data
+
+
 async def _get_from_cache(user_id: str) -> Optional[BusinessUnderstanding]:
    """Get business understanding from Redis cache."""
    try:
@@ -245,63 +310,18 @@ async def upsert_business_understanding(
        where={"userId": user_id}
    )

-    # Get existing data structure or start fresh
    existing_data: dict[str, Any] = {}
    if existing and isinstance(existing.data, dict):
        existing_data = dict(existing.data)

-    existing_business: dict[str, Any] = {}
-    if isinstance(existing_data.get("business"), dict):
-        existing_business = dict(existing_data["business"])
-
-    # Business fields (stored inside business object)
-    business_string_fields = [
-        "job_title",
-        "business_name",
-        "industry",
-        "business_size",
-        "user_role",
-        "additional_notes",
-    ]
-    business_list_fields = [
-        "key_workflows",
-        "daily_activities",
-        "pain_points",
-        "bottlenecks",
-        "manual_tasks",
-        "automation_goals",
-        "current_software",
-        "existing_automation",
-    ]
-
-    # Handle top-level name field
-    if input_data.user_name is not None:
-        existing_data["name"] = input_data.user_name
-
-    # Business string fields - overwrite if provided
-    for field in business_string_fields:
-        value = getattr(input_data, field)
-        if value is not None:
-            existing_business[field] = value
-
-    # Business list fields - merge with existing
-    for field in business_list_fields:
-        value = getattr(input_data, field)
-        if value is not None:
-            existing_list = _json_to_list(existing_business.get(field))
-            merged = _merge_lists(existing_list, value)
-            existing_business[field] = merged
-
-    # Set version and nest business data
-    existing_business["version"] = 1
-    existing_data["business"] = existing_business
+    merged_data = merge_business_understanding_data(existing_data, input_data)

    # Upsert with the merged data
    record = await CoPilotUnderstanding.prisma().upsert(
        where={"userId": user_id},
        data={
-            "create": {"userId": user_id, "data": SafeJson(existing_data)},
-            "update": {"data": SafeJson(existing_data)},
+            "create": {"userId": user_id, "data": SafeJson(merged_data)},
+            "update": {"data": SafeJson(merged_data)},
        },
    )

--- a/autogpt_platform/backend/backend/data/understanding_test.py
+++ b/autogpt_platform/backend/backend/data/understanding_test.py
@@ -0,0 +1,102 @@
+"""Tests for business understanding merge and format logic."""
+
+from datetime import datetime, timezone
+from typing import Any
+
+from backend.data.understanding import (
+    BusinessUnderstanding,
+    BusinessUnderstandingInput,
+    format_understanding_for_prompt,
+    merge_business_understanding_data,
+)
+
+
+def _make_input(**kwargs: Any) -> BusinessUnderstandingInput:
+    """Create a BusinessUnderstandingInput with only the specified fields."""
+    return BusinessUnderstandingInput.model_validate(kwargs)
+
+
+# ─── merge_business_understanding_data: suggested_prompts ─────────────
+
+
+def test_merge_suggested_prompts_overwrites_existing():
+    """New suggested_prompts should fully replace existing ones (not append)."""
+    existing = {
+        "name": "Alice",
+        "business": {"industry": "Tech", "version": 1},
+        "suggested_prompts": ["Old prompt 1", "Old prompt 2"],
+    }
+    input_data = _make_input(
+        suggested_prompts=["New prompt A", "New prompt B", "New prompt C"],
+    )
+
+    result = merge_business_understanding_data(existing, input_data)
+
+    assert result["suggested_prompts"] == [
+        "New prompt A",
+        "New prompt B",
+        "New prompt C",
+    ]
+
+
+def test_merge_suggested_prompts_none_preserves_existing():
+    """When input has suggested_prompts=None, existing prompts are preserved."""
+    existing = {
+        "name": "Alice",
+        "business": {"industry": "Tech", "version": 1},
+        "suggested_prompts": ["Keep me"],
+    }
+    input_data = _make_input(industry="Finance")
+
+    result = merge_business_understanding_data(existing, input_data)
+
+    assert result["suggested_prompts"] == ["Keep me"]
+    assert result["business"]["industry"] == "Finance"
+
+
+def test_merge_suggested_prompts_added_to_empty_data():
+    """Suggested prompts are set at top level even when starting from empty data."""
+    existing: dict[str, Any] = {}
+    input_data = _make_input(suggested_prompts=["Prompt 1"])
+
+    result = merge_business_understanding_data(existing, input_data)
+
+    assert result["suggested_prompts"] == ["Prompt 1"]
+
+
+def test_merge_suggested_prompts_empty_list_overwrites():
+    """An explicit empty list should overwrite existing prompts."""
+    existing: dict[str, Any] = {
+        "suggested_prompts": ["Old prompt"],
+        "business": {"version": 1},
+    }
+    input_data = _make_input(suggested_prompts=[])
+
+    result = merge_business_understanding_data(existing, input_data)
+
+    assert result["suggested_prompts"] == []
+
+
+# ─── format_understanding_for_prompt: excludes suggested_prompts ──────
+
+
+def test_format_understanding_excludes_suggested_prompts():
+    """suggested_prompts is UI-only and must NOT appear in the system prompt."""
+    understanding = BusinessUnderstanding(
+        id="test-id",
+        user_id="user-1",
+        created_at=datetime.now(tz=timezone.utc),
+        updated_at=datetime.now(tz=timezone.utc),
+        user_name="Alice",
+        industry="Technology",
+        suggested_prompts=["Automate reports", "Set up alerts", "Track KPIs"],
+    )
+
+    formatted = format_understanding_for_prompt(understanding)
+
+    assert "Alice" in formatted
+    assert "Technology" in formatted
+    assert "suggested_prompts" not in formatted
+    assert "Automate reports" not in formatted
+    assert "Set up alerts" not in formatted
+    assert "Track KPIs" not in formatted
--- a/autogpt_platform/backend/backend/executor/utils.py
+++ b/autogpt_platform/backend/backend/executor/utils.py
@@ -46,7 +46,7 @@ from backend.util.exceptions import (
 )
 from backend.util.logging import TruncatedLogger, is_structured_logging_enabled
 from backend.util.settings import Config
-from backend.util.type import convert
+from backend.util.type import coerce_inputs_to_schema

 config = Config()
 logger = TruncatedLogger(logging.getLogger(__name__), prefix="[GraphExecutorUtil]")
@@ -213,11 +213,8 @@ def validate_exec(
    if resolve_input:
        data = merge_execution_input(data)

-    # Convert non-matching data types to the expected input schema.
-    for name, data_type in schema.__annotations__.items():
-        value = data.get(name)
-        if (value is not None) and (type(value) is not data_type):
-            data[name] = convert(value, data_type)
+    # Coerce non-matching data types to the expected input schema.
+    coerce_inputs_to_schema(data, schema)

    # Input data post-merge should contain all required fields from the schema.
    if missing_input := schema.get_missing_input(data):
--- a/autogpt_platform/backend/backend/util/openai_responses.py
+++ b/autogpt_platform/backend/backend/util/openai_responses.py
@@ -0,0 +1,150 @@
+"""Helpers for OpenAI Responses API.
+
+This module provides utilities for using OpenAI's Responses API, which is the
+default for all OpenAI models supported by the platform.
+"""
+
+from typing import Any
+
+
+def convert_tools_to_responses_format(tools: list[dict] | None) -> list[dict]:
+    """Convert Chat Completions tool format to Responses API format.
+
+    The Responses API uses internally-tagged polymorphism (flatter structure)
+    and functions are strict by default.
+
+    Chat Completions format:
+        {"type": "function", "function": {"name": "...", "parameters": {...}}}
+
+    Responses API format:
+        {"type": "function", "name": "...", "parameters": {...}}
+
+    Args:
+        tools: List of tools in Chat Completions format
+
+    Returns:
+        List of tools in Responses API format
+    """
+    if not tools:
+        return []
+
+    converted = []
+    for tool in tools:
+        if tool.get("type") == "function":
+            func = tool.get("function", {})
+            name = func.get("name")
+            if not name:
+                raise ValueError(
+                    f"Function tool is missing required 'name' field: {tool}"
+                )
+            entry: dict[str, Any] = {
+                "type": "function",
+                "name": name,
+                # Note: strict=True is default in Responses API
+            }
+            if func.get("description") is not None:
+                entry["description"] = func["description"]
+            if func.get("parameters") is not None:
+                entry["parameters"] = func["parameters"]
+            converted.append(entry)
+        else:
+            # Pass through non-function tools as-is
+            converted.append(tool)
+    return converted
+
+
+def extract_responses_tool_calls(response: Any) -> list[dict] | None:
+    """Extract tool calls from Responses API response.
+
+    The Responses API returns tool calls as separate items in the output array
+    with type="function_call".
+
+    Args:
+        response: The Responses API response object
+
+    Returns:
+        List of tool calls in a normalized format, or None if no tool calls
+    """
+    tool_calls = []
+    for item in response.output:
+        if getattr(item, "type", None) == "function_call":
+            tool_calls.append(
+                {
+                    "id": item.call_id,
+                    "type": "function",
+                    "function": {
+                        "name": item.name,
+                        "arguments": item.arguments,
+                    },
+                }
+            )
+    return tool_calls if tool_calls else None
+
+
+def extract_responses_usage(response: Any) -> tuple[int, int]:
+    """Extract token usage from Responses API response.
+
+    The Responses API uses input_tokens/output_tokens (not prompt_tokens/completion_tokens).
+
+    Args:
+        response: The Responses API response object
+
+    Returns:
+        Tuple of (input_tokens, output_tokens)
+    """
+    if not getattr(response, "usage", None):
+        return 0, 0
+
+    return (
+        getattr(response.usage, "input_tokens", 0),
+        getattr(response.usage, "output_tokens", 0),
+    )
+
+
+def extract_responses_content(response: Any) -> str:
+    """Extract text content from Responses API response.
+
+    Args:
+        response: The Responses API response object
+
+    Returns:
+        The text content from the response, or empty string if none
+    """
+    # The SDK provides a helper property
+    if hasattr(response, "output_text"):
+        return response.output_text or ""
+
+    # Fallback: manually extract from output items
+    for item in response.output:
+        if getattr(item, "type", None) == "message":
+            for content in getattr(item, "content", []):
+                if getattr(content, "type", None) == "output_text":
+                    return getattr(content, "text", "")
+    return ""
+
+
+def extract_responses_reasoning(response: Any) -> str | None:
+    """Extract reasoning content from Responses API response.
+
+    Reasoning models return their reasoning process in the response,
+    which can be useful for debugging or display.
+
+    Args:
+        response: The Responses API response object
+
+    Returns:
+        The reasoning text, or None if not present
+    """
+    for item in response.output:
+        if getattr(item, "type", None) == "reasoning":
+            # Reasoning items may have summary or content
+            summary = getattr(item, "summary", [])
+            if summary:
+                # Join summary items if present
+                texts = []
+                for s in summary:
+                    if hasattr(s, "text"):
+                        texts.append(s.text)
+                if texts:
+                    return "\n".join(texts)
+    return None
--- a/autogpt_platform/backend/backend/util/openai_responses_test.py
+++ b/autogpt_platform/backend/backend/util/openai_responses_test.py
@@ -0,0 +1,312 @@
+"""Tests for OpenAI Responses API helpers."""
+
+from unittest.mock import MagicMock
+
+from backend.util.openai_responses import (
+    convert_tools_to_responses_format,
+    extract_responses_content,
+    extract_responses_reasoning,
+    extract_responses_tool_calls,
+    extract_responses_usage,
+)
+
+
+class TestConvertToolsToResponsesFormat:
+    """Tests for the convert_tools_to_responses_format function."""
+
+    def test_empty_tools_returns_empty_list(self):
+        """Empty or None tools should return empty list."""
+        assert convert_tools_to_responses_format(None) == []
+        assert convert_tools_to_responses_format([]) == []
+
+    def test_converts_function_tool_format(self):
+        """Should convert Chat Completions function format to Responses format."""
+        chat_completions_tools = [
+            {
+                "type": "function",
+                "function": {
+                    "name": "get_weather",
+                    "description": "Get the weather in a location",
+                    "parameters": {
+                        "type": "object",
+                        "properties": {
+                            "location": {"type": "string"},
+                        },
+                        "required": ["location"],
+                    },
+                },
+            }
+        ]
+
+        result = convert_tools_to_responses_format(chat_completions_tools)
+
+        assert len(result) == 1
+        assert result[0]["type"] == "function"
+        assert result[0]["name"] == "get_weather"
+        assert result[0]["description"] == "Get the weather in a location"
+        assert result[0]["parameters"] == {
+            "type": "object",
+            "properties": {
+                "location": {"type": "string"},
+            },
+            "required": ["location"],
+        }
+        # Should not have nested "function" key
+        assert "function" not in result[0]
+
+    def test_handles_multiple_tools(self):
+        """Should handle multiple tools."""
+        chat_completions_tools = [
+            {
+                "type": "function",
+                "function": {
+                    "name": "tool_1",
+                    "description": "First tool",
+                    "parameters": {"type": "object", "properties": {}},
+                },
+            },
+            {
+                "type": "function",
+                "function": {
+                    "name": "tool_2",
+                    "description": "Second tool",
+                    "parameters": {"type": "object", "properties": {}},
+                },
+            },
+        ]
+
+        result = convert_tools_to_responses_format(chat_completions_tools)
+
+        assert len(result) == 2
+        assert result[0]["name"] == "tool_1"
+        assert result[1]["name"] == "tool_2"
+
+    def test_passes_through_non_function_tools(self):
+        """Non-function tools should be passed through as-is."""
+        tools = [{"type": "web_search", "config": {"enabled": True}}]
+
+        result = convert_tools_to_responses_format(tools)
+
+        assert result == tools
+
+    def test_omits_none_description_and_parameters(self):
+        """Should omit description and parameters when they are None."""
+        tools = [
+            {
+                "type": "function",
+                "function": {
+                    "name": "simple_tool",
+                },
+            }
+        ]
+
+        result = convert_tools_to_responses_format(tools)
+
+        assert len(result) == 1
+        assert result[0]["type"] == "function"
+        assert result[0]["name"] == "simple_tool"
+        assert "description" not in result[0]
+        assert "parameters" not in result[0]
+
+    def test_raises_on_missing_name(self):
+        """Should raise ValueError when function tool has no name."""
+        import pytest
+
+        tools = [{"type": "function", "function": {}}]
+        with pytest.raises(ValueError, match="missing required 'name' field"):
+            convert_tools_to_responses_format(tools)
+
+
+class TestExtractResponsesToolCalls:
+    """Tests for the extract_responses_tool_calls function."""
+
+    def test_extracts_function_call_items(self):
+        """Should extract function_call items from response output."""
+        item = MagicMock()
+        item.type = "function_call"
+        item.call_id = "call_123"
+        item.name = "get_weather"
+        item.arguments = '{"location": "NYC"}'
+
+        response = MagicMock()
+        response.output = [item]
+
+        result = extract_responses_tool_calls(response)
+
+        assert result == [
+            {
+                "id": "call_123",
+                "type": "function",
+                "function": {
+                    "name": "get_weather",
+                    "arguments": '{"location": "NYC"}',
+                },
+            }
+        ]
+
+    def test_returns_none_when_no_tool_calls(self):
+        """Should return None when no function_call items exist."""
+        message_item = MagicMock()
+        message_item.type = "message"
+
+        response = MagicMock()
+        response.output = [message_item]
+
+        assert extract_responses_tool_calls(response) is None
+
+    def test_returns_none_for_empty_output(self):
+        """Should return None when output is empty."""
+        response = MagicMock()
+        response.output = []
+
+        assert extract_responses_tool_calls(response) is None
+
+    def test_extracts_multiple_tool_calls(self):
+        """Should extract multiple function_call items."""
+        item1 = MagicMock()
+        item1.type = "function_call"
+        item1.call_id = "call_1"
+        item1.name = "tool_a"
+        item1.arguments = "{}"
+
+        item2 = MagicMock()
+        item2.type = "function_call"
+        item2.call_id = "call_2"
+        item2.name = "tool_b"
+        item2.arguments = '{"x": 1}'
+
+        response = MagicMock()
+        response.output = [item1, item2]
+
+        result = extract_responses_tool_calls(response)
+
+        assert result is not None
+        assert len(result) == 2
+        assert result[0]["function"]["name"] == "tool_a"
+        assert result[1]["function"]["name"] == "tool_b"
+
+
+class TestExtractResponsesUsage:
+    """Tests for the extract_responses_usage function."""
+
+    def test_extracts_token_counts(self):
+        """Should extract input_tokens and output_tokens."""
+        response = MagicMock()
+        response.usage.input_tokens = 42
+        response.usage.output_tokens = 17
+
+        result = extract_responses_usage(response)
+
+        assert result == (42, 17)
+
+    def test_returns_zeros_when_usage_is_none(self):
+        """Should return (0, 0) when usage is None."""
+        response = MagicMock()
+        response.usage = None
+
+        result = extract_responses_usage(response)
+
+        assert result == (0, 0)
+
+
+class TestExtractResponsesContent:
+    """Tests for the extract_responses_content function."""
+
+    def test_extracts_from_output_text(self):
+        """Should use output_text property when available."""
+        response = MagicMock()
+        response.output_text = "Hello world"
+
+        assert extract_responses_content(response) == "Hello world"
+
+    def test_returns_empty_string_when_output_text_is_none(self):
+        """Should return empty string when output_text is None."""
+        response = MagicMock()
+        response.output_text = None
+        response.output = []
+
+        assert extract_responses_content(response) == ""
+
+    def test_fallback_to_output_items(self):
+        """Should fall back to extracting from output items."""
+        text_content = MagicMock()
+        text_content.type = "output_text"
+        text_content.text = "Fallback content"
+
+        message_item = MagicMock()
+        message_item.type = "message"
+        message_item.content = [text_content]
+
+        response = MagicMock(spec=[])  # no output_text attribute
+        response.output = [message_item]
+
+        assert extract_responses_content(response) == "Fallback content"
+
+    def test_returns_empty_string_for_empty_output(self):
+        """Should return empty string when no content found."""
+        response = MagicMock(spec=[])  # no output_text attribute
+        response.output = []
+
+        assert extract_responses_content(response) == ""
+
+
+class TestExtractResponsesReasoning:
+    """Tests for the extract_responses_reasoning function."""
+
+    def test_extracts_reasoning_summary(self):
+        """Should extract reasoning text from summary items."""
+        summary_item = MagicMock()
+        summary_item.text = "Step 1: Think about it"
+
+        reasoning_item = MagicMock()
+        reasoning_item.type = "reasoning"
+        reasoning_item.summary = [summary_item]
+
+        response = MagicMock()
+        response.output = [reasoning_item]
+
+        assert extract_responses_reasoning(response) == "Step 1: Think about it"
+
+    def test_joins_multiple_summary_items(self):
+        """Should join multiple summary text items with newlines."""
+        s1 = MagicMock()
+        s1.text = "First thought"
+        s2 = MagicMock()
+        s2.text = "Second thought"
+
+        reasoning_item = MagicMock()
+        reasoning_item.type = "reasoning"
+        reasoning_item.summary = [s1, s2]
+
+        response = MagicMock()
+        response.output = [reasoning_item]
+
+        assert extract_responses_reasoning(response) == "First thought\nSecond thought"
+
+    def test_returns_none_when_no_reasoning(self):
+        """Should return None when no reasoning items exist."""
+        message_item = MagicMock()
+        message_item.type = "message"
+
+        response = MagicMock()
+        response.output = [message_item]
+
+        assert extract_responses_reasoning(response) is None
+
+    def test_returns_none_for_empty_output(self):
+        """Should return None when output is empty."""
+        response = MagicMock()
+        response.output = []
+
+        assert extract_responses_reasoning(response) is None
+
+    def test_returns_none_when_summary_is_empty(self):
+        """Should return None when reasoning item has empty summary."""
+        reasoning_item = MagicMock()
+        reasoning_item.type = "reasoning"
+        reasoning_item.summary = []
+
+        response = MagicMock()
+        response.output = [reasoning_item]
+
+        assert extract_responses_reasoning(response) is None
--- a/autogpt_platform/backend/backend/util/request.py
+++ b/autogpt_platform/backend/backend/util/request.py
@@ -144,76 +144,106 @@ async def _resolve_host(hostname: str) -> list[str]:
    return ip_addresses


-async def validate_url(
-    url: str, trusted_origins: list[str]
+async def validate_url_host(
+    url: str, trusted_hostnames: Optional[list[str]] = None
 ) -> tuple[URL, bool, list[str]]:
    """
-    Validates the URL to prevent SSRF attacks by ensuring it does not point
-    to a private, link-local, or otherwise blocked IP address — unless
+    Validates a (URL's) host string to prevent SSRF attacks by ensuring it does not
+    point to a private, link-local, or otherwise blocked IP address — unless
    the hostname is explicitly trusted.

+    Hosts in `trusted_hostnames` are permitted without checks.
+    All other hosts are resolved and checked against `BLOCKED_IP_NETWORKS`.
+
+    Params:
+        url: A hostname, netloc, or URL to validate.
+             If no scheme is included, `http://` is assumed.
+        trusted_hostnames: A list of hostnames that don't require validation.
+
+    Raises:
+      ValueError:
+        - if the URL has a disallowed URL scheme
+        - if the URL/host string can't be parsed
+        - if the hostname contains invalid or unsupported (non-ASCII) characters
+        - if the host resolves to a blocked IP
+
    Returns:
-        str: The validated, canonicalized, parsed URL
-        is_trusted: Boolean indicating if the hostname is in trusted_origins
-        ip_addresses: List of IP addresses for the host; empty if the host is trusted
+        1. The validated, canonicalized, parsed host/URL,
+           with hostname ASCII-safe encoding
+        2. Whether the host is trusted (based on the passed `trusted_hostnames`).
+        3. List of resolved IP addresses for the host; empty if the host is trusted.
    """
    parsed = parse_url(url)

-    # Check scheme
    if parsed.scheme not in ALLOWED_SCHEMES:
        raise ValueError(
-            f"Scheme '{parsed.scheme}' is not allowed. Only HTTP/HTTPS are supported."
+            f"URL scheme '{parsed.scheme}' is not allowed; allowed schemes: "
+            f"{', '.join(ALLOWED_SCHEMES)}"
        )

-    # Validate and IDNA encode hostname
    if not parsed.hostname:
-        raise ValueError("Invalid URL: No hostname found.")
+        raise ValueError(f"Invalid host/URL; no host in parse result: {url}")

    # IDNA encode to prevent Unicode domain attacks
    try:
        ascii_hostname = idna.encode(parsed.hostname).decode("ascii")
    except idna.IDNAError:
-        raise ValueError("Invalid hostname with unsupported characters.")
+        raise ValueError(f"Hostname '{parsed.hostname}' has unsupported characters")

-    # Check hostname characters
    if not HOSTNAME_REGEX.match(ascii_hostname):
-        raise ValueError("Hostname contains invalid characters.")
+        raise ValueError(f"Hostname '{parsed.hostname}' has unsupported characters")

-    # Check if hostname is trusted
-    is_trusted = ascii_hostname in trusted_origins
-
-    # If not trusted, validate IP addresses
-    ip_addresses: list[str] = []
-    if not is_trusted:
-        # Resolve all IP addresses for the hostname
-        ip_addresses = await _resolve_host(ascii_hostname)
-
-        # Block any IP address that belongs to a blocked range
-        for ip_str in ip_addresses:
-            if _is_ip_blocked(ip_str):
-                raise ValueError(
-                    f"Access to blocked or private IP address {ip_str} "
-                    f"for hostname {ascii_hostname} is not allowed."
-                )
-
-    # Reconstruct the netloc with IDNA-encoded hostname and preserve port
-    netloc = ascii_hostname
-    if parsed.port:
-        netloc = f"{ascii_hostname}:{parsed.port}"
-
-    return (
-        URL(
-            parsed.scheme,
-            netloc,
-            quote(parsed.path, safe="/%:@"),
-            parsed.params,
-            parsed.query,
-            parsed.fragment,
-        ),
-        is_trusted,
-        ip_addresses,
+    # Re-create parsed URL object with IDNA-encoded hostname
+    parsed = URL(
+        parsed.scheme,
+        (ascii_hostname if parsed.port is None else f"{ascii_hostname}:{parsed.port}"),
+        quote(parsed.path, safe="/%:@"),
+        parsed.params,
+        parsed.query,
+        parsed.fragment,
    )

+    is_trusted = trusted_hostnames and any(
+        matches_allowed_host(parsed, allowed)
+        for allowed in (
+            # Normalize + parse allowlist entries the same way for consistent matching
+            parse_url(w)
+            for w in trusted_hostnames
+        )
+    )
+
+    if is_trusted:
+        return parsed, True, []
+
+    # If not allowlisted, go ahead with host resolution and IP target check
+    return parsed, False, await _resolve_and_check_blocked(ascii_hostname)
+
+
+def matches_allowed_host(url: URL, allowed: URL) -> bool:
+    if url.hostname != allowed.hostname:
+        return False
+
+    # Allow any port if not explicitly specified in the allowlist
+    if allowed.port is None:
+        return True
+
+    return url.port == allowed.port
+
+
+async def _resolve_and_check_blocked(hostname: str) -> list[str]:
+    """
+    Resolves hostname to IPs and raises ValueError if any resolve to
+    a blocked network. Returns the list of resolved IP addresses.
+    """
+    ip_addresses = await _resolve_host(hostname)
+    for ip_str in ip_addresses:
+        if _is_ip_blocked(ip_str):
+            raise ValueError(
+                f"Access to blocked or private IP address {ip_str} "
+                f"for hostname {hostname} is not allowed."
+            )
+    return ip_addresses
+

 def parse_url(url: str) -> URL:
    """Canonicalizes and parses a URL string."""
@@ -352,7 +382,7 @@ class Requests:
    ):
        self.trusted_origins = []
        for url in trusted_origins or []:
-            hostname = urlparse(url).hostname
+            hostname = parse_url(url).netloc  # {host}[:{port}]
            if not hostname:
                raise ValueError(f"Invalid URL: Unable to determine hostname of {url}")
            self.trusted_origins.append(hostname)
@@ -450,7 +480,7 @@ class Requests:
            data = form

        # Validate URL and get trust status
-        parsed_url, is_trusted, ip_addresses = await validate_url(
+        parsed_url, is_trusted, ip_addresses = await validate_url_host(
            url, self.trusted_origins
        )

@@ -503,7 +533,6 @@ class Requests:
                json=json,
                **kwargs,
            ) as response:
-
                if self.raise_for_status:
                    try:
                        response.raise_for_status()
--- a/autogpt_platform/backend/backend/util/request_test.py
+++ b/autogpt_platform/backend/backend/util/request_test.py
@@ -1,7 +1,7 @@
 import pytest
 from aiohttp import web

-from backend.util.request import pin_url, validate_url
+from backend.util.request import pin_url, validate_url_host


@pytest.mark.parametrize(
@@ -60,9 +60,9 @@ async def test_validate_url_no_dns_rebinding(
 ):
    if should_raise:
        with pytest.raises(ValueError):
-            await validate_url(raw_url, trusted_origins)
+            await validate_url_host(raw_url, trusted_origins)
    else:
-        validated_url, _, _ = await validate_url(raw_url, trusted_origins)
+        validated_url, _, _ = await validate_url_host(raw_url, trusted_origins)
        assert validated_url.geturl() == expected_value


@@ -101,10 +101,10 @@ async def test_dns_rebinding_fix(
    if expect_error:
        # If any IP is blocked, we expect a ValueError
        with pytest.raises(ValueError):
-            url, _, ip_addresses = await validate_url(hostname, [])
+            url, _, ip_addresses = await validate_url_host(hostname)
            pin_url(url, ip_addresses)
    else:
-        url, _, ip_addresses = await validate_url(hostname, [])
+        url, _, ip_addresses = await validate_url_host(hostname)
        pinned_url = pin_url(url, ip_addresses).geturl()
        # The pinned_url should contain the first valid IP
        assert pinned_url.startswith("http://") or pinned_url.startswith("https://")
--- a/autogpt_platform/backend/backend/util/settings.py
+++ b/autogpt_platform/backend/backend/util/settings.py
@@ -89,6 +89,14 @@ class Config(UpdateTrackingModel["Config"], BaseSettings):
        le=500,
        description="Thread pool size for FastAPI sync operations. All sync endpoints and dependencies automatically use this pool. Higher values support more concurrent sync operations but use more memory.",
    )
+    tally_extraction_llm_model: str = Field(
+        default="openai/gpt-4o-mini",
+        description="OpenRouter model ID used for extracting business understanding from Tally form data",
+    )
+    ollama_host: str = Field(
+        default="localhost:11434",
+        description="Default Ollama host; exempted from SSRF checks.",
+    )
    pyro_host: str = Field(
        default="localhost",
        description="The default hostname of the Pyro server.",
@@ -113,6 +121,10 @@ class Config(UpdateTrackingModel["Config"], BaseSettings):
        default=True,
        description="If authentication is enabled or not",
    )
+    enable_invite_gate: bool = Field(
+        default=True,
+        description="If the invite-only signup gate is enforced",
+    )
    enable_credit: bool = Field(
        default=False,
        description="If user credit system is enabled or not",
--- a/autogpt_platform/backend/backend/util/type.py
+++ b/autogpt_platform/backend/backend/util/type.py
@@ -249,6 +249,87 @@ def convert(value: Any, target_type: Any) -> Any:
        raise ConversionError(f"Failed to convert {value} to {target_type}") from e


+def _value_satisfies_type(value: Any, target: Any) -> bool:
+    """Check whether *value* already satisfies *target*, including inner elements.
+
+    For union types this checks each member; for generic container types it
+    recursively checks that inner elements satisfy the type args (e.g. every
+    element in a ``list[str]`` is a ``str``).  Returns ``False`` when uncertain
+    so the caller falls through to :func:`convert`.
+    """
+    # typing.Any cannot be used with isinstance(); treat as always satisfied.
+    if target is Any:
+        return True
+
+    origin = get_origin(target)
+
+    if origin is Union or origin is types.UnionType:
+        non_none = [a for a in get_args(target) if a is not type(None)]
+        return any(_value_satisfies_type(value, member) for member in non_none)
+
+    # Generic container type (e.g. list[str], dict[str, int])
+    if origin is not None:
+        # Guard: origin may not be a runtime type (e.g. Literal)
+        if not isinstance(origin, type):
+            return False
+        if not isinstance(value, origin):
+            return False
+        args = get_args(target)
+        if not args:
+            return True
+        # Check inner elements satisfy the type args
+        if _is_type_or_subclass(origin, list):
+            return all(_value_satisfies_type(v, args[0]) for v in value)
+        if _is_type_or_subclass(origin, dict) and len(args) >= 2:
+            return all(
+                _value_satisfies_type(k, args[0]) and _value_satisfies_type(v, args[1])
+                for k, v in value.items()
+            )
+        if (
+            _is_type_or_subclass(origin, set) or _is_type_or_subclass(origin, frozenset)
+        ) and args:
+            return all(_value_satisfies_type(v, args[0]) for v in value)
+        if _is_type_or_subclass(origin, tuple):
+            # Homogeneous tuple[T, ...] — single type + Ellipsis
+            if len(args) == 2 and args[1] is Ellipsis:
+                return all(_value_satisfies_type(v, args[0]) for v in value)
+            # Heterogeneous tuple[T1, T2, ...] — positional types
+            if len(value) != len(args):
+                return False
+            return all(_value_satisfies_type(v, t) for v, t in zip(value, args))
+        # Unhandled generic origin — fall through to convert()
+        return False
+
+    # Simple type (e.g. str, int)
+    if isinstance(target, type):
+        return isinstance(value, target)
+
+    return False
+
+
+def coerce_inputs_to_schema(data: dict[str, Any], schema: type) -> None:
+    """Coerce *data* values in-place to match *schema*'s field types.
+
+    Uses ``model_fields`` (not ``__annotations__``) so inherited fields are
+    included.  Skips coercion when the value already satisfies the target
+    type — in particular for union-typed fields where the value matches one
+    member but differs from the annotation object itself.
+
+    This is the single authoritative coercion step shared by the executor
+    (``validate_exec``) and the CoPilot (``execute_block``).
+    """
+    for name, field_info in schema.model_fields.items():
+        value = data.get(name)
+        if value is None:
+            continue
+        target = field_info.annotation
+        if target is None:
+            continue
+        if _value_satisfies_type(value, target):
+            continue
+        data[name] = convert(value, target)
+
+
 class FormattedStringType(str):
    string_format: str

--- a/autogpt_platform/backend/backend/util/type_test.py
+++ b/autogpt_platform/backend/backend/util/type_test.py
@@ -1,6 +1,8 @@
-from typing import List, Optional
+from typing import Any, List, Literal, Optional

-from backend.util.type import convert
+from pydantic import BaseModel
+
+from backend.util.type import _value_satisfies_type, coerce_inputs_to_schema, convert


 def test_type_conversion():
@@ -46,3 +48,343 @@ def test_type_conversion():
    # Test other empty list conversions
    assert convert([], int) == 0  # len([]) = 0
    assert convert([], Optional[int]) == 0
+
+
+# ---------------------------------------------------------------------------
+# _value_satisfies_type
+# ---------------------------------------------------------------------------
+
+
+class TestValueSatisfiesType:
+    # --- simple types ---
+    def test_simple_match(self):
+        assert _value_satisfies_type("hello", str) is True
+        assert _value_satisfies_type(42, int) is True
+        assert _value_satisfies_type(3.14, float) is True
+        assert _value_satisfies_type(True, bool) is True
+
+    def test_simple_mismatch(self):
+        assert _value_satisfies_type("hello", int) is False
+        assert _value_satisfies_type(42, str) is False
+        assert _value_satisfies_type([1, 2], str) is False
+
+    # --- Any ---
+    def test_any_always_satisfied(self):
+        assert _value_satisfies_type("hello", Any) is True
+        assert _value_satisfies_type(42, Any) is True
+        assert _value_satisfies_type([1, 2], Any) is True
+        assert _value_satisfies_type(None, Any) is True
+
+    # --- Optional / Union ---
+    def test_optional_with_value(self):
+        assert _value_satisfies_type("hello", Optional[str]) is True
+        assert _value_satisfies_type(42, Optional[int]) is True
+
+    def test_optional_mismatch(self):
+        assert _value_satisfies_type(42, Optional[str]) is False
+
+    def test_union_matches_first_member(self):
+        assert _value_satisfies_type("hello", str | list[str]) is True
+
+    def test_union_matches_second_member(self):
+        assert _value_satisfies_type(["a", "b"], str | list[str]) is True
+
+    def test_union_no_match(self):
+        assert _value_satisfies_type(42, str | list[str]) is False
+
+    # --- list[T] ---
+    def test_list_str_all_match(self):
+        assert _value_satisfies_type(["a", "b", "c"], list[str]) is True
+
+    def test_list_str_inner_mismatch(self):
+        assert _value_satisfies_type([1, 2, 3], list[str]) is False
+
+    def test_list_int_all_match(self):
+        assert _value_satisfies_type([1, 2, 3], list[int]) is True
+
+    def test_list_int_inner_mismatch(self):
+        assert _value_satisfies_type(["1", "2"], list[int]) is False
+
+    def test_empty_list_satisfies_any_list_type(self):
+        assert _value_satisfies_type([], list[str]) is True
+        assert _value_satisfies_type([], list[int]) is True
+
+    def test_string_does_not_satisfy_list(self):
+        assert _value_satisfies_type("hello", list[str]) is False
+
+    # --- nested list[list[str]] ---
+    def test_nested_list_all_match(self):
+        assert _value_satisfies_type([["a", "b"], ["c"]], list[list[str]]) is True
+
+    def test_nested_list_inner_mismatch(self):
+        assert _value_satisfies_type([["a", 1], ["c"]], list[list[str]]) is False
+
+    def test_nested_list_outer_mismatch(self):
+        assert _value_satisfies_type(["a", "b"], list[list[str]]) is False
+
+    # --- dict[K, V] ---
+    def test_dict_str_int_match(self):
+        assert _value_satisfies_type({"a": 1, "b": 2}, dict[str, int]) is True
+
+    def test_dict_str_int_value_mismatch(self):
+        assert _value_satisfies_type({"a": "1", "b": "2"}, dict[str, int]) is False
+
+    def test_dict_str_int_key_mismatch(self):
+        assert _value_satisfies_type({1: 1, 2: 2}, dict[str, int]) is False
+
+    def test_empty_dict_satisfies(self):
+        assert _value_satisfies_type({}, dict[str, int]) is True
+
+    # --- set[T] / tuple[T] ---
+    def test_set_match(self):
+        assert _value_satisfies_type({1, 2, 3}, set[int]) is True
+
+    def test_set_mismatch(self):
+        assert _value_satisfies_type({"a", "b"}, set[int]) is False
+
+    def test_tuple_homogeneous_match(self):
+        assert _value_satisfies_type((1, 2, 3), tuple[int, ...]) is True
+
+    def test_tuple_homogeneous_mismatch(self):
+        assert _value_satisfies_type((1, "2", 3), tuple[int, ...]) is False
+
+    def test_tuple_heterogeneous_match(self):
+        assert _value_satisfies_type(("a", 1, True), tuple[str, int, bool]) is True
+
+    def test_tuple_heterogeneous_mismatch(self):
+        assert _value_satisfies_type(("a", "b", True), tuple[str, int, bool]) is False
+
+    def test_tuple_heterogeneous_wrong_length(self):
+        assert _value_satisfies_type(("a", 1), tuple[str, int, bool]) is False
+
+    # --- bare generics (no args) ---
+    def test_bare_list(self):
+        assert _value_satisfies_type([1, "a"], list) is True
+
+    def test_bare_dict(self):
+        assert _value_satisfies_type({"a": 1}, dict) is True
+
+    # --- union with generic inner mismatch ---
+    def test_union_list_with_wrong_inner_falls_through(self):
+        # [1, 2] doesn't satisfy list[str] (inner mismatch), and not str either
+        assert _value_satisfies_type([1, 2], str | list[str]) is False
+
+    # --- Literal (non-runtime origin) ---
+    def test_literal_does_not_crash(self):
+        """Literal origins are not runtime types — should return False, not crash."""
+        assert _value_satisfies_type("active", Literal["active", "inactive"]) is False
+
+
+# ---------------------------------------------------------------------------
+# coerce_inputs_to_schema — using real Pydantic models
+# ---------------------------------------------------------------------------
+
+
+class SampleSchema(BaseModel):
+    name: str
+    count: int
+    items: list[str]
+    config: dict[str, int] = {}
+
+
+class NestedSchema(BaseModel):
+    rows: list[list[str]]
+
+
+class UnionSchema(BaseModel):
+    content: str | list[str]
+
+
+class OptionalSchema(BaseModel):
+    label: Optional[str] = None
+    value: int = 0
+
+
+class AnyFieldSchema(BaseModel):
+    data: Any
+
+
+class TestCoerceInputsToSchema:
+    def test_string_to_int(self):
+        data: dict[str, Any] = {"name": "test", "count": "42", "items": ["a"]}
+        coerce_inputs_to_schema(data, SampleSchema)
+        assert data["count"] == 42
+        assert isinstance(data["count"], int)
+
+    def test_json_string_to_list(self):
+        data: dict[str, Any] = {"name": "test", "count": 1, "items": '["a","b","c"]'}
+        coerce_inputs_to_schema(data, SampleSchema)
+        assert data["items"] == ["a", "b", "c"]
+
+    def test_already_correct_types_unchanged(self):
+        data: dict[str, Any] = {
+            "name": "test",
+            "count": 42,
+            "items": ["a", "b"],
+            "config": {"x": 1},
+        }
+        coerce_inputs_to_schema(data, SampleSchema)
+        assert data == {
+            "name": "test",
+            "count": 42,
+            "items": ["a", "b"],
+            "config": {"x": 1},
+        }
+
+    def test_inner_element_coercion(self):
+        """list[str] with int inner elements → coerced to strings."""
+        data: dict[str, Any] = {"name": "test", "count": 1, "items": [1, 2, 3]}
+        coerce_inputs_to_schema(data, SampleSchema)
+        assert data["items"] == ["1", "2", "3"]
+
+    def test_dict_value_coercion(self):
+        """dict[str, int] with string values → coerced to ints."""
+        data: dict[str, Any] = {
+            "name": "test",
+            "count": 1,
+            "items": [],
+            "config": {"x": "10", "y": "20"},
+        }
+        coerce_inputs_to_schema(data, SampleSchema)
+        assert data["config"] == {"x": 10, "y": 20}
+
+    def test_nested_list_from_json_string(self):
+        data: dict[str, Any] = {
+            "rows": '[["Name","Score"],["Alice","90"]]',
+        }
+        coerce_inputs_to_schema(data, NestedSchema)
+        assert data["rows"] == [["Name", "Score"], ["Alice", "90"]]
+
+    def test_nested_list_already_correct(self):
+        original = [["a", "b"], ["c", "d"]]
+        data: dict[str, Any] = {"rows": original}
+        coerce_inputs_to_schema(data, NestedSchema)
+        assert data["rows"] == original
+
+    def test_union_preserves_valid_list(self):
+        """list[str] value should NOT be stringified for str | list[str]."""
+        data: dict[str, Any] = {"content": ["a", "b"]}
+        coerce_inputs_to_schema(data, UnionSchema)
+        assert data["content"] == ["a", "b"]
+        assert isinstance(data["content"], list)
+
+    def test_union_preserves_valid_string(self):
+        data: dict[str, Any] = {"content": "hello"}
+        coerce_inputs_to_schema(data, UnionSchema)
+        assert data["content"] == "hello"
+
+    def test_union_list_with_wrong_inner_gets_coerced(self):
+        """[1, 2] for str | list[str] — inner ints don't match list[str],
+        so convert() is called. convert tries str first → stringifies."""
+        data: dict[str, Any] = {"content": [1, 2]}
+        coerce_inputs_to_schema(data, UnionSchema)
+        # convert([1,2], str | list[str]) tries str first → "[1, 2]"
+        # This is convert()'s union behavior — str wins over list[str]
+        assert isinstance(data["content"], (str, list))
+
+    def test_skips_none_values(self):
+        data: dict[str, Any] = {"label": None, "value": "5"}
+        coerce_inputs_to_schema(data, OptionalSchema)
+        assert data["label"] is None
+        assert data["value"] == 5
+
+    def test_skips_missing_fields(self):
+        data: dict[str, Any] = {"value": "10"}
+        coerce_inputs_to_schema(data, OptionalSchema)
+        assert "label" not in data
+        assert data["value"] == 10
+
+    def test_any_field_skipped(self):
+        """Fields typed as Any should pass through without coercion."""
+        data: dict[str, Any] = {"data": [1, "mixed", {"nested": True}]}
+        coerce_inputs_to_schema(data, AnyFieldSchema)
+        assert data["data"] == [1, "mixed", {"nested": True}]
+
+    def test_preserves_all_convert_capabilities(self):
+        """Verify coerce_inputs_to_schema doesn't lose any convert() capability
+        that existed before the _value_satisfies_type gate was added."""
+
+        class FullSchema(BaseModel):
+            as_int: int
+            as_float: float
+            as_bool: bool
+            as_str: str
+            as_list: list[int]
+            as_dict: dict[str, str]
+
+        data: dict[str, Any] = {
+            "as_int": "42",
+            "as_float": "3.14",
+            "as_bool": "True",
+            "as_str": 123,
+            "as_list": "[1,2,3]",
+            "as_dict": '{"a": "b"}',
+        }
+        coerce_inputs_to_schema(data, FullSchema)
+        assert data["as_int"] == 42
+        assert data["as_float"] == 3.14
+        assert data["as_bool"] is True
+        assert data["as_str"] == "123"
+        assert data["as_list"] == [1, 2, 3]
+        assert data["as_dict"] == {"a": "b"}
+
+    def test_inherited_fields_are_coerced(self):
+        """model_fields includes inherited fields; __annotations__ does not.
+        This verifies that fields from a parent schema are still coerced."""
+
+        class ParentSchema(BaseModel):
+            base_count: int
+
+        class ChildSchema(ParentSchema):
+            name: str
+
+        # base_count is inherited — __annotations__ wouldn't include it
+        assert "base_count" not in ChildSchema.__annotations__
+        assert "base_count" in ChildSchema.model_fields
+
+        data: dict[str, Any] = {"base_count": "42", "name": "test"}
+        coerce_inputs_to_schema(data, ChildSchema)
+        assert data["base_count"] == 42
+        assert isinstance(data["base_count"], int)
+
+    def test_nested_pydantic_model_field(self):
+        """dict input for a Pydantic model-typed field passes through.
+        convert() doesn't construct Pydantic models — Pydantic validation
+        handles that downstream. This test documents the behavior."""
+
+        class InnerModel(BaseModel):
+            x: int
+
+        class OuterModel(BaseModel):
+            inner: InnerModel
+
+        data: dict[str, Any] = {"inner": {"x": 1}}
+        coerce_inputs_to_schema(data, OuterModel)
+        # dict stays as dict — convert() doesn't construct Pydantic models
+        assert data["inner"] == {"x": 1}
+        assert isinstance(data["inner"], dict)
+
+    def test_literal_field_passes_through(self):
+        """Literal-typed fields should not crash coercion."""
+
+        class LiteralSchema(BaseModel):
+            status: Literal["active", "inactive"]
+
+        data: dict[str, Any] = {"status": "active"}
+        coerce_inputs_to_schema(data, LiteralSchema)
+        assert data["status"] == "active"
+
+    def test_list_of_pydantic_model_field(self):
+        """list[dict] for list[PydanticModel] passes through unchanged."""
+
+        class ItemModel(BaseModel):
+            name: str
+
+        class ContainerModel(BaseModel):
+            items: list[ItemModel]
+
+        data: dict[str, Any] = {"items": [{"name": "a"}, {"name": "b"}]}
+        coerce_inputs_to_schema(data, ContainerModel)
+        # Dicts stay as dicts — Pydantic validation handles construction
+        assert data["items"] == [{"name": "a"}, {"name": "b"}]
+        assert isinstance(data["items"][0], dict)
--- a/Show More
+++ b/Show More