feat(copilot): support prompt-in-URL for shareable prompt links (#12406 )

Requested by @torantula Add support for shareable AutoPilot URLs that contain a prompt in the URL hash fragment, inspired by [Lovable's implementation](https://docs.lovable.dev/integrations/build-with-url). **URL format:** - `/copilot#prompt=URL-encoded-text` — pre-fills the input for the user to review before sending - `/copilot?autosubmit=true#prompt=...` — auto-creates a session and sends the prompt immediately **Example:** ``` https://platform.agpt.co/copilot#prompt=Create%20a%20todo%20app https://platform.agpt.co/copilot?autosubmit=true#prompt=Create%20a%20todo%20app ``` **Key design decisions:** - Uses URL fragment (`#`) instead of query params — fragments never hit the server, so prompts stay client-side only (better for privacy, no backend URL length limits) - URL is cleaned via `history.replaceState` immediately after extraction to prevent re-triggering on navigation/reload - Leverages existing `pendingMessage` + `createSession()` flow for auto-submit — no new backend APIs needed - For populate-only mode, passes `initialPrompt` down through component tree to pre-fill the chat input **Files changed:** - `useCopilotPage.ts` — URL hash extraction logic + `initialPrompt` state - `CopilotPage.tsx` — passes `initialPrompt` to `ChatContainer` - `ChatContainer.tsx` — passes `initialPrompt` to `EmptySession` - `EmptySession.tsx` — passes `initialPrompt` to `ChatInput` - `ChatInput.tsx` / `useChatInput.ts` — accepts `initialValue` to pre-fill the textarea Fixes SECRT-2119 --- Co-authored-by: Toran Bruce Richards (@Torantulino) <toran@agpt.co>
fix(backend): agent generator sets invalid model on PerplexityBlocks (#12391 )
2026-03-17 03:00:27 -04:00 · 2026-03-13 23:54:54 +07:00 · 2026-03-12 18:54:18 +00:00 · 2026-03-12 14:03:24 +00:00 · 2026-03-12 13:51:15 +00:00 · 2026-03-12 11:56:30 +00:00
127 changed files with 6379 additions and 1577 deletions
--- a/autogpt_platform/backend/backend/api/features/chat/routes.py
+++ b/autogpt_platform/backend/backend/api/features/chat/routes.py
@@ -53,6 +53,7 @@ from backend.copilot.tools.models import (
    UnderstandingUpdatedResponse,
 )
 from backend.copilot.tracking import track_user_message
+from backend.data.redis_client import get_redis_async
 from backend.data.workspace import get_or_create_workspace
 from backend.util.exceptions import NotFoundError

@@ -127,6 +128,7 @@ class SessionSummaryResponse(BaseModel):
    created_at: str
    updated_at: str
    title: str | None = None
+    is_processing: bool


 class ListSessionsResponse(BaseModel):
@@ -185,6 +187,28 @@ async def list_sessions(
    """
    sessions, total_count = await get_user_sessions(user_id, limit, offset)

+    # Batch-check Redis for active stream status on each session
+    processing_set: set[str] = set()
+    if sessions:
+        try:
+            redis = await get_redis_async()
+            pipe = redis.pipeline(transaction=False)
+            for session in sessions:
+                pipe.hget(
+                    f"{config.session_meta_prefix}{session.session_id}",
+                    "status",
+                )
+            statuses = await pipe.execute()
+            processing_set = {
+                session.session_id
+                for session, st in zip(sessions, statuses)
+                if st == "running"
+            }
+        except Exception:
+            logger.warning(
+                "Failed to fetch processing status from Redis; " "defaulting to empty"
+            )
+
    return ListSessionsResponse(
        sessions=[
            SessionSummaryResponse(
@@ -192,6 +216,7 @@ async def list_sessions(
                created_at=session.started_at.isoformat(),
                updated_at=session.updated_at.isoformat(),
                title=session.title,
+                is_processing=session.session_id in processing_set,
            )
            for session in sessions
        ],
--- a/autogpt_platform/backend/backend/api/features/executions/review/review_routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/executions/review/review_routes_test.py
@@ -638,7 +638,7 @@ async def test_process_review_action_auto_approve_creates_auto_approval_records(

    # Mock get_node_executions to return node_id mapping
    mock_get_node_executions = mocker.patch(
-        "backend.data.execution.get_node_executions"
+        "backend.api.features.executions.review.routes.get_node_executions"
    )
    mock_node_exec = mocker.Mock(spec=NodeExecutionResult)
    mock_node_exec.node_exec_id = "test_node_123"
@@ -936,7 +936,7 @@ async def test_process_review_action_auto_approve_only_applies_to_approved_revie

    # Mock get_node_executions to return node_id mapping
    mock_get_node_executions = mocker.patch(
-        "backend.data.execution.get_node_executions"
+        "backend.api.features.executions.review.routes.get_node_executions"
    )
    mock_node_exec = mocker.Mock(spec=NodeExecutionResult)
    mock_node_exec.node_exec_id = "node_exec_approved"
@@ -1148,7 +1148,7 @@ async def test_process_review_action_per_review_auto_approve_granularity(

    # Mock get_node_executions to return batch node data
    mock_get_node_executions = mocker.patch(
-        "backend.data.execution.get_node_executions"
+        "backend.api.features.executions.review.routes.get_node_executions"
    )
    # Create mock node executions for each review
    mock_node_execs = []
--- a/autogpt_platform/backend/backend/api/features/executions/review/routes.py
+++ b/autogpt_platform/backend/backend/api/features/executions/review/routes.py
@@ -6,10 +6,15 @@ import autogpt_libs.auth as autogpt_auth_lib
 from fastapi import APIRouter, HTTPException, Query, Security, status
 from prisma.enums import ReviewStatus

+from backend.copilot.constants import (
+    is_copilot_synthetic_id,
+    parse_node_id_from_exec_id,
+)
 from backend.data.execution import (
    ExecutionContext,
    ExecutionStatus,
    get_graph_execution_meta,
+    get_node_executions,
 )
 from backend.data.graph import get_graph_settings
 from backend.data.human_review import (
@@ -36,6 +41,38 @@ router = APIRouter(
 )


+async def _resolve_node_ids(
+    node_exec_ids: list[str],
+    graph_exec_id: str,
+    is_copilot: bool,
+) -> dict[str, str]:
+    """Resolve node_exec_id -> node_id for auto-approval records.
+
+    CoPilot synthetic IDs encode node_id in the format "{node_id}:{random}".
+    Graph executions look up node_id from NodeExecution records.
+    """
+    if not node_exec_ids:
+        return {}
+
+    if is_copilot:
+        return {neid: parse_node_id_from_exec_id(neid) for neid in node_exec_ids}
+
+    node_execs = await get_node_executions(
+        graph_exec_id=graph_exec_id, include_exec_data=False
+    )
+    node_exec_map = {ne.node_exec_id: ne.node_id for ne in node_execs}
+
+    result = {}
+    for neid in node_exec_ids:
+        if neid in node_exec_map:
+            result[neid] = node_exec_map[neid]
+        else:
+            logger.error(
+                f"Failed to resolve node_id for {neid}: Node execution not found."
+            )
+    return result
+
+
@router.get(
    "/pending",
    summary="Get Pending Reviews",
@@ -110,14 +147,16 @@ async def list_pending_reviews_for_execution(
    """

    # Verify user owns the graph execution before returning reviews
-    graph_exec = await get_graph_execution_meta(
-        user_id=user_id, execution_id=graph_exec_id
-    )
-    if not graph_exec:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"Graph execution #{graph_exec_id} not found",
+    # (CoPilot synthetic IDs don't have graph execution records)
+    if not is_copilot_synthetic_id(graph_exec_id):
+        graph_exec = await get_graph_execution_meta(
+            user_id=user_id, execution_id=graph_exec_id
        )
+        if not graph_exec:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Graph execution #{graph_exec_id} not found",
+            )

    return await get_pending_reviews_for_execution(graph_exec_id, user_id)

@@ -160,30 +199,26 @@ async def process_review_action(
        )

    graph_exec_id = next(iter(graph_exec_ids))
+    is_copilot = is_copilot_synthetic_id(graph_exec_id)

-    # Validate execution status before processing reviews
-    graph_exec_meta = await get_graph_execution_meta(
-        user_id=user_id, execution_id=graph_exec_id
-    )
-
-    if not graph_exec_meta:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"Graph execution #{graph_exec_id} not found",
-        )
-
-    # Only allow processing reviews if execution is paused for review
-    # or incomplete (partial execution with some reviews already processed)
-    if graph_exec_meta.status not in (
-        ExecutionStatus.REVIEW,
-        ExecutionStatus.INCOMPLETE,
-    ):
-        raise HTTPException(
-            status_code=status.HTTP_409_CONFLICT,
-            detail=f"Cannot process reviews while execution status is {graph_exec_meta.status}. "
-            f"Reviews can only be processed when execution is paused (REVIEW status). "
-            f"Current status: {graph_exec_meta.status}",
+    # Validate execution status for graph executions (skip for CoPilot synthetic IDs)
+    if not is_copilot:
+        graph_exec_meta = await get_graph_execution_meta(
+            user_id=user_id, execution_id=graph_exec_id
        )
+        if not graph_exec_meta:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Graph execution #{graph_exec_id} not found",
+            )
+        if graph_exec_meta.status not in (
+            ExecutionStatus.REVIEW,
+            ExecutionStatus.INCOMPLETE,
+        ):
+            raise HTTPException(
+                status_code=status.HTTP_409_CONFLICT,
+                detail=f"Cannot process reviews while execution status is {graph_exec_meta.status}",
+            )

    # Build review decisions map and track which reviews requested auto-approval
    # Auto-approved reviews use original data (no modifications allowed)
@@ -236,7 +271,7 @@ async def process_review_action(
            )
            return (node_id, False)

-    # Collect node_exec_ids that need auto-approval
+    # Collect node_exec_ids that need auto-approval and resolve their node_ids
    node_exec_ids_needing_auto_approval = [
        node_exec_id
        for node_exec_id, review_result in updated_reviews.items()
@@ -244,29 +279,16 @@ async def process_review_action(
        and auto_approve_requests.get(node_exec_id, False)
    ]

-    # Batch-fetch node executions to get node_ids
+    node_id_map = await _resolve_node_ids(
+        node_exec_ids_needing_auto_approval, graph_exec_id, is_copilot
+    )
+
+    # Deduplicate by node_id — one auto-approval per node
    nodes_needing_auto_approval: dict[str, Any] = {}
-    if node_exec_ids_needing_auto_approval:
-        from backend.data.execution import get_node_executions
-
-        node_execs = await get_node_executions(
-            graph_exec_id=graph_exec_id, include_exec_data=False
-        )
-        node_exec_map = {node_exec.node_exec_id: node_exec for node_exec in node_execs}
-
-        for node_exec_id in node_exec_ids_needing_auto_approval:
-            node_exec = node_exec_map.get(node_exec_id)
-            if node_exec:
-                review_result = updated_reviews[node_exec_id]
-                # Use the first approved review for this node (deduplicate by node_id)
-                if node_exec.node_id not in nodes_needing_auto_approval:
-                    nodes_needing_auto_approval[node_exec.node_id] = review_result
-            else:
-                logger.error(
-                    f"Failed to create auto-approval record for {node_exec_id}: "
-                    f"Node execution not found. This may indicate a race condition "
-                    f"or data inconsistency."
-                )
+    for node_exec_id in node_exec_ids_needing_auto_approval:
+        node_id = node_id_map.get(node_exec_id)
+        if node_id and node_id not in nodes_needing_auto_approval:
+            nodes_needing_auto_approval[node_id] = updated_reviews[node_exec_id]

    # Execute all auto-approval creations in parallel (deduplicated by node_id)
    auto_approval_results = await asyncio.gather(
@@ -281,13 +303,11 @@ async def process_review_action(
    auto_approval_failed_count = 0
    for result in auto_approval_results:
        if isinstance(result, Exception):
-            # Unexpected exception during auto-approval creation
            auto_approval_failed_count += 1
            logger.error(
                f"Unexpected exception during auto-approval creation: {result}"
            )
        elif isinstance(result, tuple) and len(result) == 2 and not result[1]:
-            # Auto-approval creation failed (returned False)
            auto_approval_failed_count += 1

    # Count results
@@ -302,22 +322,20 @@ async def process_review_action(
        if review.status == ReviewStatus.REJECTED
    )

-    # Resume execution only if ALL pending reviews for this execution have been processed
-    if updated_reviews:
+    # Resume graph execution only for real graph executions (not CoPilot)
+    # CoPilot sessions are resumed by the LLM retrying run_block with review_id
+    if not is_copilot and updated_reviews:
        still_has_pending = await has_pending_reviews_for_graph_exec(graph_exec_id)

        if not still_has_pending:
-            # Get the graph_id from any processed review
            first_review = next(iter(updated_reviews.values()))

            try:
-                # Fetch user and settings to build complete execution context
                user = await get_user_by_id(user_id)
                settings = await get_graph_settings(
                    user_id=user_id, graph_id=first_review.graph_id
                )

-                # Preserve user's timezone preference when resuming execution
                user_timezone = (
                    user.timezone if user.timezone != USER_TIMEZONE_NOT_SET else "UTC"
                )
--- a/autogpt_platform/backend/backend/api/features/library/model.py
+++ b/autogpt_platform/backend/backend/api/features/library/model.py
@@ -165,7 +165,6 @@ class LibraryAgent(pydantic.BaseModel):
    id: str
    graph_id: str
    graph_version: int
-    owner_user_id: str

    image_url: str | None

@@ -206,7 +205,9 @@ class LibraryAgent(pydantic.BaseModel):
        default_factory=list,
        description="List of recent executions with status, score, and summary",
    )
-    can_access_graph: bool
+    can_access_graph: bool = pydantic.Field(
+        description="Indicates whether the same user owns the corresponding graph"
+    )
    is_latest_version: bool
    is_favorite: bool
    folder_id: str | None = None
@@ -324,7 +325,6 @@ class LibraryAgent(pydantic.BaseModel):
            id=agent.id,
            graph_id=agent.agentGraphId,
            graph_version=agent.agentGraphVersion,
-            owner_user_id=agent.userId,
            image_url=agent.imageUrl,
            creator_name=creator_name,
            creator_image_url=creator_image_url,
--- a/autogpt_platform/backend/backend/api/features/library/routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/library/routes_test.py
@@ -42,7 +42,6 @@ async def test_get_library_agents_success(
                id="test-agent-1",
                graph_id="test-agent-1",
                graph_version=1,
-                owner_user_id=test_user_id,
                name="Test Agent 1",
                description="Test Description 1",
                image_url=None,
@@ -67,7 +66,6 @@ async def test_get_library_agents_success(
                id="test-agent-2",
                graph_id="test-agent-2",
                graph_version=1,
-                owner_user_id=test_user_id,
                name="Test Agent 2",
                description="Test Description 2",
                image_url=None,
@@ -131,7 +129,6 @@ async def test_get_favorite_library_agents_success(
                id="test-agent-1",
                graph_id="test-agent-1",
                graph_version=1,
-                owner_user_id=test_user_id,
                name="Favorite Agent 1",
                description="Test Favorite Description 1",
                image_url=None,
@@ -184,7 +181,6 @@ def test_add_agent_to_library_success(
        id="test-library-agent-id",
        graph_id="test-agent-1",
        graph_version=1,
-        owner_user_id=test_user_id,
        name="Test Agent 1",
        description="Test Description 1",
        image_url=None,
--- a/autogpt_platform/backend/backend/api/features/mcp/routes.py
+++ b/autogpt_platform/backend/backend/api/features/mcp/routes.py
@@ -24,7 +24,7 @@ from backend.blocks.mcp.oauth import MCPOAuthHandler
 from backend.data.model import OAuth2Credentials
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.providers import ProviderName
-from backend.util.request import HTTPClientError, Requests, validate_url
+from backend.util.request import HTTPClientError, Requests, validate_url_host
 from backend.util.settings import Settings

 logger = logging.getLogger(__name__)
@@ -80,7 +80,7 @@ async def discover_tools(
    """
    # Validate URL to prevent SSRF — blocks loopback and private IP ranges.
    try:
-        await validate_url(request.server_url, trusted_origins=[])
+        await validate_url_host(request.server_url)
    except ValueError as e:
        raise fastapi.HTTPException(status_code=400, detail=f"Invalid server URL: {e}")

@@ -167,7 +167,7 @@ async def mcp_oauth_login(
    """
    # Validate URL to prevent SSRF — blocks loopback and private IP ranges.
    try:
-        await validate_url(request.server_url, trusted_origins=[])
+        await validate_url_host(request.server_url)
    except ValueError as e:
        raise fastapi.HTTPException(status_code=400, detail=f"Invalid server URL: {e}")

@@ -187,7 +187,7 @@ async def mcp_oauth_login(

        # Validate the auth server URL from metadata to prevent SSRF.
        try:
-            await validate_url(auth_server_url, trusted_origins=[])
+            await validate_url_host(auth_server_url)
        except ValueError as e:
            raise fastapi.HTTPException(
                status_code=400,
@@ -234,7 +234,7 @@ async def mcp_oauth_login(
    if registration_endpoint:
        # Validate the registration endpoint to prevent SSRF via metadata.
        try:
-            await validate_url(registration_endpoint, trusted_origins=[])
+            await validate_url_host(registration_endpoint)
        except ValueError:
            pass  # Skip registration, fall back to default client_id
        else:
@@ -429,7 +429,7 @@ async def mcp_store_token(

    # Validate URL to prevent SSRF — blocks loopback and private IP ranges.
    try:
-        await validate_url(request.server_url, trusted_origins=[])
+        await validate_url_host(request.server_url)
    except ValueError as e:
        raise fastapi.HTTPException(status_code=400, detail=f"Invalid server URL: {e}")

--- a/autogpt_platform/backend/backend/api/features/mcp/test_routes.py
+++ b/autogpt_platform/backend/backend/api/features/mcp/test_routes.py
@@ -32,9 +32,9 @@ async def client():

@pytest.fixture(autouse=True)
 def _bypass_ssrf_validation():
-    """Bypass validate_url in all route tests (test URLs don't resolve)."""
+    """Bypass validate_url_host in all route tests (test URLs don't resolve)."""
    with patch(
-        "backend.api.features.mcp.routes.validate_url",
+        "backend.api.features.mcp.routes.validate_url_host",
        new_callable=AsyncMock,
    ):
        yield
@@ -521,12 +521,12 @@ class TestStoreToken:


 class TestSSRFValidation:
-    """Verify that validate_url is enforced on all endpoints."""
+    """Verify that validate_url_host is enforced on all endpoints."""

    @pytest.mark.asyncio(loop_scope="session")
    async def test_discover_tools_ssrf_blocked(self, client):
        with patch(
-            "backend.api.features.mcp.routes.validate_url",
+            "backend.api.features.mcp.routes.validate_url_host",
            new_callable=AsyncMock,
            side_effect=ValueError("blocked loopback"),
        ):
@@ -541,7 +541,7 @@ class TestSSRFValidation:
    @pytest.mark.asyncio(loop_scope="session")
    async def test_oauth_login_ssrf_blocked(self, client):
        with patch(
-            "backend.api.features.mcp.routes.validate_url",
+            "backend.api.features.mcp.routes.validate_url_host",
            new_callable=AsyncMock,
            side_effect=ValueError("blocked private IP"),
        ):
@@ -556,7 +556,7 @@ class TestSSRFValidation:
    @pytest.mark.asyncio(loop_scope="session")
    async def test_store_token_ssrf_blocked(self, client):
        with patch(
-            "backend.api.features.mcp.routes.validate_url",
+            "backend.api.features.mcp.routes.validate_url_host",
            new_callable=AsyncMock,
            side_effect=ValueError("blocked loopback"),
        ):
--- a/autogpt_platform/backend/backend/api/model.py
+++ b/autogpt_platform/backend/backend/api/model.py
@@ -94,3 +94,8 @@ class NotificationPayload(pydantic.BaseModel):

 class OnboardingNotificationPayload(NotificationPayload):
    step: OnboardingStep | None
+
+
+class CopilotCompletionPayload(NotificationPayload):
+    session_id: str
+    status: Literal["completed", "failed"]
--- a/autogpt_platform/backend/backend/blocks/_base.py
+++ b/autogpt_platform/backend/backend/blocks/_base.py
@@ -624,6 +624,7 @@ class Block(ABC, Generic[BlockSchemaInputType, BlockSchemaOutputType]):
        graph_id: str,
        graph_version: int,
        execution_context: "ExecutionContext",
+        is_graph_execution: bool = True,
        **kwargs,
    ) -> tuple[bool, BlockInput]:
        """
@@ -652,6 +653,7 @@ class Block(ABC, Generic[BlockSchemaInputType, BlockSchemaOutputType]):
            graph_version=graph_version,
            block_name=self.name,
            editable=True,
+            is_graph_execution=is_graph_execution,
        )

        if decision is None:
--- a/autogpt_platform/backend/backend/blocks/basic.py
+++ b/autogpt_platform/backend/backend/blocks/basic.py
@@ -126,7 +126,7 @@ class PrintToConsoleBlock(Block):
            output_schema=PrintToConsoleBlock.Output,
            test_input={"text": "Hello, World!"},
            is_sensitive_action=True,
-            disabled=True,  # Disabled per Nick Tindle's request (OPEN-3000)
+            disabled=True,
            test_output=[
                ("output", "Hello, World!"),
                ("status", "printed"),
--- a/autogpt_platform/backend/backend/blocks/email_block.py
+++ b/autogpt_platform/backend/backend/blocks/email_block.py
@@ -96,6 +96,7 @@ class SendEmailBlock(Block):
            test_credentials=TEST_CREDENTIALS,
            test_output=[("status", "Email sent successfully")],
            test_mock={"send_email": lambda *args, **kwargs: "Email sent successfully"},
+            is_sensitive_action=True,
        )

    @staticmethod
--- a/autogpt_platform/backend/backend/blocks/github/_utils.py
+++ b/autogpt_platform/backend/backend/blocks/github/_utils.py
@@ -0,0 +1,3 @@
+def github_repo_path(repo_url: str) -> str:
+    """Extract 'owner/repo' from a GitHub repository URL."""
+    return repo_url.replace("https://github.com/", "")
--- a/autogpt_platform/backend/backend/blocks/github/commits.py
+++ b/autogpt_platform/backend/backend/blocks/github/commits.py
@@ -0,0 +1,374 @@
+import asyncio
+from enum import StrEnum
+from urllib.parse import quote
+
+from typing_extensions import TypedDict
+
+from backend.blocks._base import (
+    Block,
+    BlockCategory,
+    BlockOutput,
+    BlockSchemaInput,
+    BlockSchemaOutput,
+)
+from backend.data.model import SchemaField
+
+from ._api import get_api
+from ._auth import (
+    TEST_CREDENTIALS,
+    TEST_CREDENTIALS_INPUT,
+    GithubCredentials,
+    GithubCredentialsField,
+    GithubCredentialsInput,
+)
+from ._utils import github_repo_path
+
+
+class GithubListCommitsBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        branch: str = SchemaField(
+            description="Branch name to list commits from",
+            default="main",
+        )
+        per_page: int = SchemaField(
+            description="Number of commits to return (max 100)",
+            default=30,
+            ge=1,
+            le=100,
+        )
+        page: int = SchemaField(
+            description="Page number for pagination",
+            default=1,
+            ge=1,
+        )
+
+    class Output(BlockSchemaOutput):
+        class CommitItem(TypedDict):
+            sha: str
+            message: str
+            author: str
+            date: str
+            url: str
+
+        commit: CommitItem = SchemaField(
+            title="Commit", description="A commit with its details"
+        )
+        commits: list[CommitItem] = SchemaField(
+            description="List of commits with their details"
+        )
+        error: str = SchemaField(description="Error message if listing commits failed")
+
+    def __init__(self):
+        super().__init__(
+            id="8b13f579-d8b6-4dc2-a140-f770428805de",
+            description="This block lists commits on a branch in a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubListCommitsBlock.Input,
+            output_schema=GithubListCommitsBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "branch": "main",
+                "per_page": 30,
+                "page": 1,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                (
+                    "commits",
+                    [
+                        {
+                            "sha": "abc123",
+                            "message": "Initial commit",
+                            "author": "octocat",
+                            "date": "2024-01-01T00:00:00Z",
+                            "url": "https://github.com/owner/repo/commit/abc123",
+                        }
+                    ],
+                ),
+                (
+                    "commit",
+                    {
+                        "sha": "abc123",
+                        "message": "Initial commit",
+                        "author": "octocat",
+                        "date": "2024-01-01T00:00:00Z",
+                        "url": "https://github.com/owner/repo/commit/abc123",
+                    },
+                ),
+            ],
+            test_mock={
+                "list_commits": lambda *args, **kwargs: [
+                    {
+                        "sha": "abc123",
+                        "message": "Initial commit",
+                        "author": "octocat",
+                        "date": "2024-01-01T00:00:00Z",
+                        "url": "https://github.com/owner/repo/commit/abc123",
+                    }
+                ]
+            },
+        )
+
+    @staticmethod
+    async def list_commits(
+        credentials: GithubCredentials,
+        repo_url: str,
+        branch: str,
+        per_page: int,
+        page: int,
+    ) -> list[Output.CommitItem]:
+        api = get_api(credentials)
+        commits_url = repo_url + "/commits"
+        params = {"sha": branch, "per_page": str(per_page), "page": str(page)}
+        response = await api.get(commits_url, params=params)
+        data = response.json()
+        repo_path = github_repo_path(repo_url)
+        return [
+            GithubListCommitsBlock.Output.CommitItem(
+                sha=c["sha"],
+                message=c["commit"]["message"],
+                author=(c["commit"].get("author") or {}).get("name", "Unknown"),
+                date=(c["commit"].get("author") or {}).get("date", ""),
+                url=f"https://github.com/{repo_path}/commit/{c['sha']}",
+            )
+            for c in data
+        ]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            commits = await self.list_commits(
+                credentials,
+                input_data.repo_url,
+                input_data.branch,
+                input_data.per_page,
+                input_data.page,
+            )
+            yield "commits", commits
+            for commit in commits:
+                yield "commit", commit
+        except Exception as e:
+            yield "error", str(e)
+
+
+class FileOperation(StrEnum):
+    """File operations for GithubMultiFileCommitBlock.
+
+    UPSERT creates or overwrites a file (the Git Trees API does not distinguish
+    between creation and update — the blob is placed at the given path regardless
+    of whether a file already exists there).
+
+    DELETE removes a file from the tree.
+    """
+
+    UPSERT = "upsert"
+    DELETE = "delete"
+
+
+class FileOperationInput(TypedDict):
+    path: str
+    content: str
+    operation: FileOperation
+
+
+class GithubMultiFileCommitBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        branch: str = SchemaField(
+            description="Branch to commit to",
+            placeholder="feature-branch",
+        )
+        commit_message: str = SchemaField(
+            description="Commit message",
+            placeholder="Add new feature",
+        )
+        files: list[FileOperationInput] = SchemaField(
+            description=(
+                "List of file operations. Each item has: "
+                "'path' (file path), 'content' (file content, ignored for delete), "
+                "'operation' (upsert/delete)"
+            ),
+        )
+
+    class Output(BlockSchemaOutput):
+        sha: str = SchemaField(description="SHA of the new commit")
+        url: str = SchemaField(description="URL of the new commit")
+        error: str = SchemaField(description="Error message if the commit failed")
+
+    def __init__(self):
+        super().__init__(
+            id="389eee51-a95e-4230-9bed-92167a327802",
+            description=(
+                "This block creates a single commit with multiple file "
+                "upsert/delete operations using the Git Trees API."
+            ),
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubMultiFileCommitBlock.Input,
+            output_schema=GithubMultiFileCommitBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "branch": "feature",
+                "commit_message": "Add files",
+                "files": [
+                    {
+                        "path": "src/new.py",
+                        "content": "print('hello')",
+                        "operation": "upsert",
+                    },
+                    {
+                        "path": "src/old.py",
+                        "content": "",
+                        "operation": "delete",
+                    },
+                ],
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("sha", "newcommitsha"),
+                ("url", "https://github.com/owner/repo/commit/newcommitsha"),
+            ],
+            test_mock={
+                "multi_file_commit": lambda *args, **kwargs: (
+                    "newcommitsha",
+                    "https://github.com/owner/repo/commit/newcommitsha",
+                )
+            },
+        )
+
+    @staticmethod
+    async def multi_file_commit(
+        credentials: GithubCredentials,
+        repo_url: str,
+        branch: str,
+        commit_message: str,
+        files: list[FileOperationInput],
+    ) -> tuple[str, str]:
+        api = get_api(credentials)
+        safe_branch = quote(branch, safe="")
+
+        # 1. Get the latest commit SHA for the branch
+        ref_url = repo_url + f"/git/refs/heads/{safe_branch}"
+        response = await api.get(ref_url)
+        ref_data = response.json()
+        latest_commit_sha = ref_data["object"]["sha"]
+
+        # 2. Get the tree SHA of the latest commit
+        commit_url = repo_url + f"/git/commits/{latest_commit_sha}"
+        response = await api.get(commit_url)
+        commit_data = response.json()
+        base_tree_sha = commit_data["tree"]["sha"]
+
+        # 3. Build tree entries for each file operation (blobs created concurrently)
+        async def _create_blob(content: str) -> str:
+            blob_url = repo_url + "/git/blobs"
+            blob_response = await api.post(
+                blob_url,
+                json={"content": content, "encoding": "utf-8"},
+            )
+            return blob_response.json()["sha"]
+
+        tree_entries: list[dict] = []
+        upsert_files = []
+        for file_op in files:
+            path = file_op["path"]
+            operation = FileOperation(file_op.get("operation", "upsert"))
+
+            if operation == FileOperation.DELETE:
+                tree_entries.append(
+                    {
+                        "path": path,
+                        "mode": "100644",
+                        "type": "blob",
+                        "sha": None,  # null SHA = delete
+                    }
+                )
+            else:
+                upsert_files.append((path, file_op.get("content", "")))
+
+        # Create all blobs concurrently
+        if upsert_files:
+            blob_shas = await asyncio.gather(
+                *[_create_blob(content) for _, content in upsert_files]
+            )
+            for (path, _), blob_sha in zip(upsert_files, blob_shas):
+                tree_entries.append(
+                    {
+                        "path": path,
+                        "mode": "100644",
+                        "type": "blob",
+                        "sha": blob_sha,
+                    }
+                )
+
+        # 4. Create a new tree
+        tree_url = repo_url + "/git/trees"
+        tree_response = await api.post(
+            tree_url,
+            json={"base_tree": base_tree_sha, "tree": tree_entries},
+        )
+        new_tree_sha = tree_response.json()["sha"]
+
+        # 5. Create a new commit
+        new_commit_url = repo_url + "/git/commits"
+        commit_response = await api.post(
+            new_commit_url,
+            json={
+                "message": commit_message,
+                "tree": new_tree_sha,
+                "parents": [latest_commit_sha],
+            },
+        )
+        new_commit_sha = commit_response.json()["sha"]
+
+        # 6. Update the branch reference
+        try:
+            await api.patch(
+                ref_url,
+                json={"sha": new_commit_sha},
+            )
+        except Exception as e:
+            raise RuntimeError(
+                f"Commit {new_commit_sha} was created but failed to update "
+                f"ref heads/{branch}: {e}. "
+                f"You can recover by manually updating the branch to {new_commit_sha}."
+            ) from e
+
+        repo_path = github_repo_path(repo_url)
+        commit_web_url = f"https://github.com/{repo_path}/commit/{new_commit_sha}"
+        return new_commit_sha, commit_web_url
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            sha, url = await self.multi_file_commit(
+                credentials,
+                input_data.repo_url,
+                input_data.branch,
+                input_data.commit_message,
+                input_data.files,
+            )
+            yield "sha", sha
+            yield "url", url
+        except Exception as e:
+            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/github/pull_requests.py
+++ b/autogpt_platform/backend/backend/blocks/github/pull_requests.py
@@ -1,4 +1,5 @@
 import re
+from typing import Literal

 from typing_extensions import TypedDict

@@ -20,6 +21,8 @@ from ._auth import (
    GithubCredentialsInput,
 )

+MergeMethod = Literal["merge", "squash", "rebase"]
+

 class GithubListPullRequestsBlock(Block):
    class Input(BlockSchemaInput):
@@ -558,12 +561,109 @@ class GithubListPRReviewersBlock(Block):
            yield "reviewer", reviewer


+class GithubMergePullRequestBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        pr_url: str = SchemaField(
+            description="URL of the GitHub pull request",
+            placeholder="https://github.com/owner/repo/pull/1",
+        )
+        merge_method: MergeMethod = SchemaField(
+            description="Merge method to use: merge, squash, or rebase",
+            default="merge",
+        )
+        commit_title: str = SchemaField(
+            description="Title for the merge commit (optional, used for merge and squash)",
+            default="",
+        )
+        commit_message: str = SchemaField(
+            description="Message for the merge commit (optional, used for merge and squash)",
+            default="",
+        )
+
+    class Output(BlockSchemaOutput):
+        sha: str = SchemaField(description="SHA of the merge commit")
+        merged: bool = SchemaField(description="Whether the PR was merged")
+        message: str = SchemaField(description="Merge status message")
+        error: str = SchemaField(description="Error message if the merge failed")
+
+    def __init__(self):
+        super().__init__(
+            id="77456c22-33d8-4fd4-9eef-50b46a35bb48",
+            description="This block merges a pull request using merge, squash, or rebase.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubMergePullRequestBlock.Input,
+            output_schema=GithubMergePullRequestBlock.Output,
+            test_input={
+                "pr_url": "https://github.com/owner/repo/pull/1",
+                "merge_method": "squash",
+                "commit_title": "",
+                "commit_message": "",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("sha", "abc123"),
+                ("merged", True),
+                ("message", "Pull Request successfully merged"),
+            ],
+            test_mock={
+                "merge_pr": lambda *args, **kwargs: (
+                    "abc123",
+                    True,
+                    "Pull Request successfully merged",
+                )
+            },
+            is_sensitive_action=True,
+        )
+
+    @staticmethod
+    async def merge_pr(
+        credentials: GithubCredentials,
+        pr_url: str,
+        merge_method: MergeMethod,
+        commit_title: str,
+        commit_message: str,
+    ) -> tuple[str, bool, str]:
+        api = get_api(credentials)
+        merge_url = prepare_pr_api_url(pr_url=pr_url, path="merge")
+        data: dict[str, str] = {"merge_method": merge_method}
+        if commit_title:
+            data["commit_title"] = commit_title
+        if commit_message:
+            data["commit_message"] = commit_message
+        response = await api.put(merge_url, json=data)
+        result = response.json()
+        return result["sha"], result["merged"], result["message"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            sha, merged, message = await self.merge_pr(
+                credentials,
+                input_data.pr_url,
+                input_data.merge_method,
+                input_data.commit_title,
+                input_data.commit_message,
+            )
+            yield "sha", sha
+            yield "merged", merged
+            yield "message", message
+        except Exception as e:
+            yield "error", str(e)
+
+
 def prepare_pr_api_url(pr_url: str, path: str) -> str:
    # Pattern to capture the base repository URL and the pull request number
-    pattern = r"^(?:https?://)?([^/]+/[^/]+/[^/]+)/pull/(\d+)"
+    pattern = r"^(?:(https?)://)?([^/]+/[^/]+/[^/]+)/pull/(\d+)"
    match = re.match(pattern, pr_url)
    if not match:
        return pr_url

-    base_url, pr_number = match.groups()
-    return f"{base_url}/pulls/{pr_number}/{path}"
+    scheme, base_url, pr_number = match.groups()
+    return f"{scheme or 'https'}://{base_url}/pulls/{pr_number}/{path}"
--- a/autogpt_platform/backend/backend/blocks/github/repo.py
+++ b/autogpt_platform/backend/backend/blocks/github/repo.py
@@ -1,5 +1,3 @@
-import base64
-
 from typing_extensions import TypedDict

 from backend.blocks._base import (
@@ -19,6 +17,7 @@ from ._auth import (
    GithubCredentialsField,
    GithubCredentialsInput,
 )
+from ._utils import github_repo_path


 class GithubListTagsBlock(Block):
@@ -89,7 +88,7 @@ class GithubListTagsBlock(Block):
        tags_url = repo_url + "/tags"
        response = await api.get(tags_url)
        data = response.json()
-        repo_path = repo_url.replace("https://github.com/", "")
+        repo_path = github_repo_path(repo_url)
        tags: list[GithubListTagsBlock.Output.TagItem] = [
            {
                "name": tag["name"],
@@ -115,101 +114,6 @@ class GithubListTagsBlock(Block):
            yield "tag", tag


-class GithubListBranchesBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-
-    class Output(BlockSchemaOutput):
-        class BranchItem(TypedDict):
-            name: str
-            url: str
-
-        branch: BranchItem = SchemaField(
-            title="Branch",
-            description="Branches with their name and file tree browser URL",
-        )
-        branches: list[BranchItem] = SchemaField(
-            description="List of branches with their name and file tree browser URL"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="74243e49-2bec-4916-8bf4-db43d44aead5",
-            description="This block lists all branches for a specified GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubListBranchesBlock.Input,
-            output_schema=GithubListBranchesBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                (
-                    "branches",
-                    [
-                        {
-                            "name": "main",
-                            "url": "https://github.com/owner/repo/tree/main",
-                        }
-                    ],
-                ),
-                (
-                    "branch",
-                    {
-                        "name": "main",
-                        "url": "https://github.com/owner/repo/tree/main",
-                    },
-                ),
-            ],
-            test_mock={
-                "list_branches": lambda *args, **kwargs: [
-                    {
-                        "name": "main",
-                        "url": "https://github.com/owner/repo/tree/main",
-                    }
-                ]
-            },
-        )
-
-    @staticmethod
-    async def list_branches(
-        credentials: GithubCredentials, repo_url: str
-    ) -> list[Output.BranchItem]:
-        api = get_api(credentials)
-        branches_url = repo_url + "/branches"
-        response = await api.get(branches_url)
-        data = response.json()
-        repo_path = repo_url.replace("https://github.com/", "")
-        branches: list[GithubListBranchesBlock.Output.BranchItem] = [
-            {
-                "name": branch["name"],
-                "url": f"https://github.com/{repo_path}/tree/{branch['name']}",
-            }
-            for branch in data
-        ]
-        return branches
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        branches = await self.list_branches(
-            credentials,
-            input_data.repo_url,
-        )
-        yield "branches", branches
-        for branch in branches:
-            yield "branch", branch
-
-
 class GithubListDiscussionsBlock(Block):
    class Input(BlockSchemaInput):
        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
@@ -283,7 +187,7 @@ class GithubListDiscussionsBlock(Block):
    ) -> list[Output.DiscussionItem]:
        api = get_api(credentials)
        # GitHub GraphQL API endpoint is different; we'll use api.post with custom URL
-        repo_path = repo_url.replace("https://github.com/", "")
+        repo_path = github_repo_path(repo_url)
        owner, repo = repo_path.split("/")
        query = """
        query($owner: String!, $repo: String!, $num: Int!) {
@@ -416,564 +320,6 @@ class GithubListReleasesBlock(Block):
            yield "release", release


-class GithubReadFileBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        file_path: str = SchemaField(
-            description="Path to the file in the repository",
-            placeholder="path/to/file",
-        )
-        branch: str = SchemaField(
-            description="Branch to read from",
-            placeholder="branch_name",
-            default="master",
-        )
-
-    class Output(BlockSchemaOutput):
-        text_content: str = SchemaField(
-            description="Content of the file (decoded as UTF-8 text)"
-        )
-        raw_content: str = SchemaField(
-            description="Raw base64-encoded content of the file"
-        )
-        size: int = SchemaField(description="The size of the file (in bytes)")
-
-    def __init__(self):
-        super().__init__(
-            id="87ce6c27-5752-4bbc-8e26-6da40a3dcfd3",
-            description="This block reads the content of a specified file from a GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubReadFileBlock.Input,
-            output_schema=GithubReadFileBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "file_path": "path/to/file",
-                "branch": "master",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                ("raw_content", "RmlsZSBjb250ZW50"),
-                ("text_content", "File content"),
-                ("size", 13),
-            ],
-            test_mock={"read_file": lambda *args, **kwargs: ("RmlsZSBjb250ZW50", 13)},
-        )
-
-    @staticmethod
-    async def read_file(
-        credentials: GithubCredentials, repo_url: str, file_path: str, branch: str
-    ) -> tuple[str, int]:
-        api = get_api(credentials)
-        content_url = repo_url + f"/contents/{file_path}?ref={branch}"
-        response = await api.get(content_url)
-        data = response.json()
-
-        if isinstance(data, list):
-            # Multiple entries of different types exist at this path
-            if not (file := next((f for f in data if f["type"] == "file"), None)):
-                raise TypeError("Not a file")
-            data = file
-
-        if data["type"] != "file":
-            raise TypeError("Not a file")
-
-        return data["content"], data["size"]
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        content, size = await self.read_file(
-            credentials,
-            input_data.repo_url,
-            input_data.file_path,
-            input_data.branch,
-        )
-        yield "raw_content", content
-        yield "text_content", base64.b64decode(content).decode("utf-8")
-        yield "size", size
-
-
-class GithubReadFolderBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        folder_path: str = SchemaField(
-            description="Path to the folder in the repository",
-            placeholder="path/to/folder",
-        )
-        branch: str = SchemaField(
-            description="Branch name to read from (defaults to master)",
-            placeholder="branch_name",
-            default="master",
-        )
-
-    class Output(BlockSchemaOutput):
-        class DirEntry(TypedDict):
-            name: str
-            path: str
-
-        class FileEntry(TypedDict):
-            name: str
-            path: str
-            size: int
-
-        file: FileEntry = SchemaField(description="Files in the folder")
-        dir: DirEntry = SchemaField(description="Directories in the folder")
-        error: str = SchemaField(
-            description="Error message if reading the folder failed"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="1355f863-2db3-4d75-9fba-f91e8a8ca400",
-            description="This block reads the content of a specified folder from a GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubReadFolderBlock.Input,
-            output_schema=GithubReadFolderBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "folder_path": "path/to/folder",
-                "branch": "master",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                (
-                    "file",
-                    {
-                        "name": "file1.txt",
-                        "path": "path/to/folder/file1.txt",
-                        "size": 1337,
-                    },
-                ),
-                ("dir", {"name": "dir2", "path": "path/to/folder/dir2"}),
-            ],
-            test_mock={
-                "read_folder": lambda *args, **kwargs: (
-                    [
-                        {
-                            "name": "file1.txt",
-                            "path": "path/to/folder/file1.txt",
-                            "size": 1337,
-                        }
-                    ],
-                    [{"name": "dir2", "path": "path/to/folder/dir2"}],
-                )
-            },
-        )
-
-    @staticmethod
-    async def read_folder(
-        credentials: GithubCredentials, repo_url: str, folder_path: str, branch: str
-    ) -> tuple[list[Output.FileEntry], list[Output.DirEntry]]:
-        api = get_api(credentials)
-        contents_url = repo_url + f"/contents/{folder_path}?ref={branch}"
-        response = await api.get(contents_url)
-        data = response.json()
-
-        if not isinstance(data, list):
-            raise TypeError("Not a folder")
-
-        files: list[GithubReadFolderBlock.Output.FileEntry] = [
-            GithubReadFolderBlock.Output.FileEntry(
-                name=entry["name"],
-                path=entry["path"],
-                size=entry["size"],
-            )
-            for entry in data
-            if entry["type"] == "file"
-        ]
-
-        dirs: list[GithubReadFolderBlock.Output.DirEntry] = [
-            GithubReadFolderBlock.Output.DirEntry(
-                name=entry["name"],
-                path=entry["path"],
-            )
-            for entry in data
-            if entry["type"] == "dir"
-        ]
-
-        return files, dirs
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        files, dirs = await self.read_folder(
-            credentials,
-            input_data.repo_url,
-            input_data.folder_path.lstrip("/"),
-            input_data.branch,
-        )
-        for file in files:
-            yield "file", file
-        for dir in dirs:
-            yield "dir", dir
-
-
-class GithubMakeBranchBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        new_branch: str = SchemaField(
-            description="Name of the new branch",
-            placeholder="new_branch_name",
-        )
-        source_branch: str = SchemaField(
-            description="Name of the source branch",
-            placeholder="source_branch_name",
-        )
-
-    class Output(BlockSchemaOutput):
-        status: str = SchemaField(description="Status of the branch creation operation")
-        error: str = SchemaField(
-            description="Error message if the branch creation failed"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="944cc076-95e7-4d1b-b6b6-b15d8ee5448d",
-            description="This block creates a new branch from a specified source branch.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubMakeBranchBlock.Input,
-            output_schema=GithubMakeBranchBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "new_branch": "new_branch_name",
-                "source_branch": "source_branch_name",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[("status", "Branch created successfully")],
-            test_mock={
-                "create_branch": lambda *args, **kwargs: "Branch created successfully"
-            },
-        )
-
-    @staticmethod
-    async def create_branch(
-        credentials: GithubCredentials,
-        repo_url: str,
-        new_branch: str,
-        source_branch: str,
-    ) -> str:
-        api = get_api(credentials)
-        ref_url = repo_url + f"/git/refs/heads/{source_branch}"
-        response = await api.get(ref_url)
-        data = response.json()
-        sha = data["object"]["sha"]
-
-        # Create the new branch
-        new_ref_url = repo_url + "/git/refs"
-        data = {
-            "ref": f"refs/heads/{new_branch}",
-            "sha": sha,
-        }
-        response = await api.post(new_ref_url, json=data)
-        return "Branch created successfully"
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        status = await self.create_branch(
-            credentials,
-            input_data.repo_url,
-            input_data.new_branch,
-            input_data.source_branch,
-        )
-        yield "status", status
-
-
-class GithubDeleteBranchBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        branch: str = SchemaField(
-            description="Name of the branch to delete",
-            placeholder="branch_name",
-        )
-
-    class Output(BlockSchemaOutput):
-        status: str = SchemaField(description="Status of the branch deletion operation")
-        error: str = SchemaField(
-            description="Error message if the branch deletion failed"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="0d4130f7-e0ab-4d55-adc3-0a40225e80f4",
-            description="This block deletes a specified branch.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubDeleteBranchBlock.Input,
-            output_schema=GithubDeleteBranchBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "branch": "branch_name",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[("status", "Branch deleted successfully")],
-            test_mock={
-                "delete_branch": lambda *args, **kwargs: "Branch deleted successfully"
-            },
-        )
-
-    @staticmethod
-    async def delete_branch(
-        credentials: GithubCredentials, repo_url: str, branch: str
-    ) -> str:
-        api = get_api(credentials)
-        ref_url = repo_url + f"/git/refs/heads/{branch}"
-        await api.delete(ref_url)
-        return "Branch deleted successfully"
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        status = await self.delete_branch(
-            credentials,
-            input_data.repo_url,
-            input_data.branch,
-        )
-        yield "status", status
-
-
-class GithubCreateFileBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        file_path: str = SchemaField(
-            description="Path where the file should be created",
-            placeholder="path/to/file.txt",
-        )
-        content: str = SchemaField(
-            description="Content to write to the file",
-            placeholder="File content here",
-        )
-        branch: str = SchemaField(
-            description="Branch where the file should be created",
-            default="main",
-        )
-        commit_message: str = SchemaField(
-            description="Message for the commit",
-            default="Create new file",
-        )
-
-    class Output(BlockSchemaOutput):
-        url: str = SchemaField(description="URL of the created file")
-        sha: str = SchemaField(description="SHA of the commit")
-        error: str = SchemaField(
-            description="Error message if the file creation failed"
-        )
-
-    def __init__(self):
-        super().__init__(
-            id="8fd132ac-b917-428a-8159-d62893e8a3fe",
-            description="This block creates a new file in a GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubCreateFileBlock.Input,
-            output_schema=GithubCreateFileBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "file_path": "test/file.txt",
-                "content": "Test content",
-                "branch": "main",
-                "commit_message": "Create test file",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                ("url", "https://github.com/owner/repo/blob/main/test/file.txt"),
-                ("sha", "abc123"),
-            ],
-            test_mock={
-                "create_file": lambda *args, **kwargs: (
-                    "https://github.com/owner/repo/blob/main/test/file.txt",
-                    "abc123",
-                )
-            },
-        )
-
-    @staticmethod
-    async def create_file(
-        credentials: GithubCredentials,
-        repo_url: str,
-        file_path: str,
-        content: str,
-        branch: str,
-        commit_message: str,
-    ) -> tuple[str, str]:
-        api = get_api(credentials)
-        contents_url = repo_url + f"/contents/{file_path}"
-        content_base64 = base64.b64encode(content.encode()).decode()
-        data = {
-            "message": commit_message,
-            "content": content_base64,
-            "branch": branch,
-        }
-        response = await api.put(contents_url, json=data)
-        data = response.json()
-        return data["content"]["html_url"], data["commit"]["sha"]
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        try:
-            url, sha = await self.create_file(
-                credentials,
-                input_data.repo_url,
-                input_data.file_path,
-                input_data.content,
-                input_data.branch,
-                input_data.commit_message,
-            )
-            yield "url", url
-            yield "sha", sha
-        except Exception as e:
-            yield "error", str(e)
-
-
-class GithubUpdateFileBlock(Block):
-    class Input(BlockSchemaInput):
-        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
-        repo_url: str = SchemaField(
-            description="URL of the GitHub repository",
-            placeholder="https://github.com/owner/repo",
-        )
-        file_path: str = SchemaField(
-            description="Path to the file to update",
-            placeholder="path/to/file.txt",
-        )
-        content: str = SchemaField(
-            description="New content for the file",
-            placeholder="Updated content here",
-        )
-        branch: str = SchemaField(
-            description="Branch containing the file",
-            default="main",
-        )
-        commit_message: str = SchemaField(
-            description="Message for the commit",
-            default="Update file",
-        )
-
-    class Output(BlockSchemaOutput):
-        url: str = SchemaField(description="URL of the updated file")
-        sha: str = SchemaField(description="SHA of the commit")
-
-    def __init__(self):
-        super().__init__(
-            id="30be12a4-57cb-4aa4-baf5-fcc68d136076",
-            description="This block updates an existing file in a GitHub repository.",
-            categories={BlockCategory.DEVELOPER_TOOLS},
-            input_schema=GithubUpdateFileBlock.Input,
-            output_schema=GithubUpdateFileBlock.Output,
-            test_input={
-                "repo_url": "https://github.com/owner/repo",
-                "file_path": "test/file.txt",
-                "content": "Updated content",
-                "branch": "main",
-                "commit_message": "Update test file",
-                "credentials": TEST_CREDENTIALS_INPUT,
-            },
-            test_credentials=TEST_CREDENTIALS,
-            test_output=[
-                ("url", "https://github.com/owner/repo/blob/main/test/file.txt"),
-                ("sha", "def456"),
-            ],
-            test_mock={
-                "update_file": lambda *args, **kwargs: (
-                    "https://github.com/owner/repo/blob/main/test/file.txt",
-                    "def456",
-                )
-            },
-        )
-
-    @staticmethod
-    async def update_file(
-        credentials: GithubCredentials,
-        repo_url: str,
-        file_path: str,
-        content: str,
-        branch: str,
-        commit_message: str,
-    ) -> tuple[str, str]:
-        api = get_api(credentials)
-        contents_url = repo_url + f"/contents/{file_path}"
-        params = {"ref": branch}
-        response = await api.get(contents_url, params=params)
-        data = response.json()
-
-        # Convert new content to base64
-        content_base64 = base64.b64encode(content.encode()).decode()
-        data = {
-            "message": commit_message,
-            "content": content_base64,
-            "sha": data["sha"],
-            "branch": branch,
-        }
-        response = await api.put(contents_url, json=data)
-        data = response.json()
-        return data["content"]["html_url"], data["commit"]["sha"]
-
-    async def run(
-        self,
-        input_data: Input,
-        *,
-        credentials: GithubCredentials,
-        **kwargs,
-    ) -> BlockOutput:
-        try:
-            url, sha = await self.update_file(
-                credentials,
-                input_data.repo_url,
-                input_data.file_path,
-                input_data.content,
-                input_data.branch,
-                input_data.commit_message,
-            )
-            yield "url", url
-            yield "sha", sha
-        except Exception as e:
-            yield "error", str(e)
-
-
 class GithubCreateRepositoryBlock(Block):
    class Input(BlockSchemaInput):
        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
@@ -1103,7 +449,7 @@ class GithubListStargazersBlock(Block):

    def __init__(self):
        super().__init__(
-            id="a4b9c2d1-e5f6-4g7h-8i9j-0k1l2m3n4o5p",  # Generated unique UUID
+            id="e96d01ec-b55e-4a99-8ce8-c8776dce850b",  # Generated unique UUID
            description="This block lists all users who have starred a specified GitHub repository.",
            categories={BlockCategory.DEVELOPER_TOOLS},
            input_schema=GithubListStargazersBlock.Input,
@@ -1172,3 +518,230 @@ class GithubListStargazersBlock(Block):
        yield "stargazers", stargazers
        for stargazer in stargazers:
            yield "stargazer", stargazer
+
+
+class GithubGetRepositoryInfoBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+
+    class Output(BlockSchemaOutput):
+        name: str = SchemaField(description="Repository name")
+        full_name: str = SchemaField(description="Full repository name (owner/repo)")
+        description: str = SchemaField(description="Repository description")
+        default_branch: str = SchemaField(description="Default branch name (e.g. main)")
+        private: bool = SchemaField(description="Whether the repository is private")
+        html_url: str = SchemaField(description="Web URL of the repository")
+        clone_url: str = SchemaField(description="Git clone URL")
+        stars: int = SchemaField(description="Number of stars")
+        forks: int = SchemaField(description="Number of forks")
+        open_issues: int = SchemaField(description="Number of open issues")
+        error: str = SchemaField(
+            description="Error message if fetching repo info failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="59d4f241-968a-4040-95da-348ac5c5ce27",
+            description="This block retrieves metadata about a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubGetRepositoryInfoBlock.Input,
+            output_schema=GithubGetRepositoryInfoBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("name", "repo"),
+                ("full_name", "owner/repo"),
+                ("description", "A test repo"),
+                ("default_branch", "main"),
+                ("private", False),
+                ("html_url", "https://github.com/owner/repo"),
+                ("clone_url", "https://github.com/owner/repo.git"),
+                ("stars", 42),
+                ("forks", 5),
+                ("open_issues", 3),
+            ],
+            test_mock={
+                "get_repo_info": lambda *args, **kwargs: {
+                    "name": "repo",
+                    "full_name": "owner/repo",
+                    "description": "A test repo",
+                    "default_branch": "main",
+                    "private": False,
+                    "html_url": "https://github.com/owner/repo",
+                    "clone_url": "https://github.com/owner/repo.git",
+                    "stargazers_count": 42,
+                    "forks_count": 5,
+                    "open_issues_count": 3,
+                }
+            },
+        )
+
+    @staticmethod
+    async def get_repo_info(credentials: GithubCredentials, repo_url: str) -> dict:
+        api = get_api(credentials)
+        response = await api.get(repo_url)
+        return response.json()
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            data = await self.get_repo_info(credentials, input_data.repo_url)
+            yield "name", data["name"]
+            yield "full_name", data["full_name"]
+            yield "description", data.get("description", "") or ""
+            yield "default_branch", data["default_branch"]
+            yield "private", data["private"]
+            yield "html_url", data["html_url"]
+            yield "clone_url", data["clone_url"]
+            yield "stars", data["stargazers_count"]
+            yield "forks", data["forks_count"]
+            yield "open_issues", data["open_issues_count"]
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubForkRepositoryBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository to fork",
+            placeholder="https://github.com/owner/repo",
+        )
+        organization: str = SchemaField(
+            description="Organization to fork into (leave empty to fork to your account)",
+            default="",
+        )
+
+    class Output(BlockSchemaOutput):
+        url: str = SchemaField(description="URL of the forked repository")
+        clone_url: str = SchemaField(description="Git clone URL of the fork")
+        full_name: str = SchemaField(description="Full name of the fork (owner/repo)")
+        error: str = SchemaField(description="Error message if the fork failed")
+
+    def __init__(self):
+        super().__init__(
+            id="a439f2f4-835f-4dae-ba7b-0205ffa70be6",
+            description="This block forks a GitHub repository to your account or an organization.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubForkRepositoryBlock.Input,
+            output_schema=GithubForkRepositoryBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "organization": "",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("url", "https://github.com/myuser/repo"),
+                ("clone_url", "https://github.com/myuser/repo.git"),
+                ("full_name", "myuser/repo"),
+            ],
+            test_mock={
+                "fork_repo": lambda *args, **kwargs: (
+                    "https://github.com/myuser/repo",
+                    "https://github.com/myuser/repo.git",
+                    "myuser/repo",
+                )
+            },
+        )
+
+    @staticmethod
+    async def fork_repo(
+        credentials: GithubCredentials,
+        repo_url: str,
+        organization: str,
+    ) -> tuple[str, str, str]:
+        api = get_api(credentials)
+        forks_url = repo_url + "/forks"
+        data: dict[str, str] = {}
+        if organization:
+            data["organization"] = organization
+        response = await api.post(forks_url, json=data)
+        result = response.json()
+        return result["html_url"], result["clone_url"], result["full_name"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            url, clone_url, full_name = await self.fork_repo(
+                credentials,
+                input_data.repo_url,
+                input_data.organization,
+            )
+            yield "url", url
+            yield "clone_url", clone_url
+            yield "full_name", full_name
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubStarRepositoryBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository to star",
+            placeholder="https://github.com/owner/repo",
+        )
+
+    class Output(BlockSchemaOutput):
+        status: str = SchemaField(description="Status of the star operation")
+        error: str = SchemaField(description="Error message if starring failed")
+
+    def __init__(self):
+        super().__init__(
+            id="bd700764-53e3-44dd-a969-d1854088458f",
+            description="This block stars a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubStarRepositoryBlock.Input,
+            output_schema=GithubStarRepositoryBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[("status", "Repository starred successfully")],
+            test_mock={
+                "star_repo": lambda *args, **kwargs: "Repository starred successfully"
+            },
+        )
+
+    @staticmethod
+    async def star_repo(credentials: GithubCredentials, repo_url: str) -> str:
+        api = get_api(credentials, convert_urls=False)
+        repo_path = github_repo_path(repo_url)
+        owner, repo = repo_path.split("/")
+        await api.put(
+            f"https://api.github.com/user/starred/{owner}/{repo}",
+            headers={"Content-Length": "0"},
+        )
+        return "Repository starred successfully"
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            status = await self.star_repo(credentials, input_data.repo_url)
+            yield "status", status
+        except Exception as e:
+            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/github/repo_branches.py
+++ b/autogpt_platform/backend/backend/blocks/github/repo_branches.py
@@ -0,0 +1,452 @@
+from urllib.parse import quote
+
+from typing_extensions import TypedDict
+
+from backend.blocks._base import (
+    Block,
+    BlockCategory,
+    BlockOutput,
+    BlockSchemaInput,
+    BlockSchemaOutput,
+)
+from backend.data.model import SchemaField
+
+from ._api import get_api
+from ._auth import (
+    TEST_CREDENTIALS,
+    TEST_CREDENTIALS_INPUT,
+    GithubCredentials,
+    GithubCredentialsField,
+    GithubCredentialsInput,
+)
+from ._utils import github_repo_path
+
+
+class GithubListBranchesBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        per_page: int = SchemaField(
+            description="Number of branches to return per page (max 100)",
+            default=30,
+            ge=1,
+            le=100,
+        )
+        page: int = SchemaField(
+            description="Page number for pagination",
+            default=1,
+            ge=1,
+        )
+
+    class Output(BlockSchemaOutput):
+        class BranchItem(TypedDict):
+            name: str
+            url: str
+
+        branch: BranchItem = SchemaField(
+            title="Branch",
+            description="Branches with their name and file tree browser URL",
+        )
+        branches: list[BranchItem] = SchemaField(
+            description="List of branches with their name and file tree browser URL"
+        )
+        error: str = SchemaField(description="Error message if listing branches failed")
+
+    def __init__(self):
+        super().__init__(
+            id="74243e49-2bec-4916-8bf4-db43d44aead5",
+            description="This block lists all branches for a specified GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubListBranchesBlock.Input,
+            output_schema=GithubListBranchesBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "per_page": 30,
+                "page": 1,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                (
+                    "branches",
+                    [
+                        {
+                            "name": "main",
+                            "url": "https://github.com/owner/repo/tree/main",
+                        }
+                    ],
+                ),
+                (
+                    "branch",
+                    {
+                        "name": "main",
+                        "url": "https://github.com/owner/repo/tree/main",
+                    },
+                ),
+            ],
+            test_mock={
+                "list_branches": lambda *args, **kwargs: [
+                    {
+                        "name": "main",
+                        "url": "https://github.com/owner/repo/tree/main",
+                    }
+                ]
+            },
+        )
+
+    @staticmethod
+    async def list_branches(
+        credentials: GithubCredentials, repo_url: str, per_page: int, page: int
+    ) -> list[Output.BranchItem]:
+        api = get_api(credentials)
+        branches_url = repo_url + "/branches"
+        response = await api.get(
+            branches_url, params={"per_page": str(per_page), "page": str(page)}
+        )
+        data = response.json()
+        repo_path = github_repo_path(repo_url)
+        branches: list[GithubListBranchesBlock.Output.BranchItem] = [
+            {
+                "name": branch["name"],
+                "url": f"https://github.com/{repo_path}/tree/{branch['name']}",
+            }
+            for branch in data
+        ]
+        return branches
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            branches = await self.list_branches(
+                credentials,
+                input_data.repo_url,
+                input_data.per_page,
+                input_data.page,
+            )
+            yield "branches", branches
+            for branch in branches:
+                yield "branch", branch
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubMakeBranchBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        new_branch: str = SchemaField(
+            description="Name of the new branch",
+            placeholder="new_branch_name",
+        )
+        source_branch: str = SchemaField(
+            description="Name of the source branch",
+            placeholder="source_branch_name",
+        )
+
+    class Output(BlockSchemaOutput):
+        status: str = SchemaField(description="Status of the branch creation operation")
+        error: str = SchemaField(
+            description="Error message if the branch creation failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="944cc076-95e7-4d1b-b6b6-b15d8ee5448d",
+            description="This block creates a new branch from a specified source branch.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubMakeBranchBlock.Input,
+            output_schema=GithubMakeBranchBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "new_branch": "new_branch_name",
+                "source_branch": "source_branch_name",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[("status", "Branch created successfully")],
+            test_mock={
+                "create_branch": lambda *args, **kwargs: "Branch created successfully"
+            },
+        )
+
+    @staticmethod
+    async def create_branch(
+        credentials: GithubCredentials,
+        repo_url: str,
+        new_branch: str,
+        source_branch: str,
+    ) -> str:
+        api = get_api(credentials)
+        ref_url = repo_url + f"/git/refs/heads/{quote(source_branch, safe='')}"
+        response = await api.get(ref_url)
+        data = response.json()
+        sha = data["object"]["sha"]
+
+        # Create the new branch
+        new_ref_url = repo_url + "/git/refs"
+        data = {
+            "ref": f"refs/heads/{new_branch}",
+            "sha": sha,
+        }
+        response = await api.post(new_ref_url, json=data)
+        return "Branch created successfully"
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            status = await self.create_branch(
+                credentials,
+                input_data.repo_url,
+                input_data.new_branch,
+                input_data.source_branch,
+            )
+            yield "status", status
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubDeleteBranchBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        branch: str = SchemaField(
+            description="Name of the branch to delete",
+            placeholder="branch_name",
+        )
+
+    class Output(BlockSchemaOutput):
+        status: str = SchemaField(description="Status of the branch deletion operation")
+        error: str = SchemaField(
+            description="Error message if the branch deletion failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="0d4130f7-e0ab-4d55-adc3-0a40225e80f4",
+            description="This block deletes a specified branch.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubDeleteBranchBlock.Input,
+            output_schema=GithubDeleteBranchBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "branch": "branch_name",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[("status", "Branch deleted successfully")],
+            test_mock={
+                "delete_branch": lambda *args, **kwargs: "Branch deleted successfully"
+            },
+            is_sensitive_action=True,
+        )
+
+    @staticmethod
+    async def delete_branch(
+        credentials: GithubCredentials, repo_url: str, branch: str
+    ) -> str:
+        api = get_api(credentials)
+        ref_url = repo_url + f"/git/refs/heads/{quote(branch, safe='')}"
+        await api.delete(ref_url)
+        return "Branch deleted successfully"
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            status = await self.delete_branch(
+                credentials,
+                input_data.repo_url,
+                input_data.branch,
+            )
+            yield "status", status
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubCompareBranchesBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        base: str = SchemaField(
+            description="Base branch or commit SHA",
+            placeholder="main",
+        )
+        head: str = SchemaField(
+            description="Head branch or commit SHA to compare against base",
+            placeholder="feature-branch",
+        )
+
+    class Output(BlockSchemaOutput):
+        class FileChange(TypedDict):
+            filename: str
+            status: str
+            additions: int
+            deletions: int
+            patch: str
+
+        status: str = SchemaField(
+            description="Comparison status: ahead, behind, diverged, or identical"
+        )
+        ahead_by: int = SchemaField(
+            description="Number of commits head is ahead of base"
+        )
+        behind_by: int = SchemaField(
+            description="Number of commits head is behind base"
+        )
+        total_commits: int = SchemaField(
+            description="Total number of commits in the comparison"
+        )
+        diff: str = SchemaField(description="Unified diff of all file changes")
+        file: FileChange = SchemaField(
+            title="Changed File", description="A changed file with its diff"
+        )
+        files: list[FileChange] = SchemaField(
+            description="List of changed files with their diffs"
+        )
+        error: str = SchemaField(description="Error message if comparison failed")
+
+    def __init__(self):
+        super().__init__(
+            id="2e4faa8c-6086-4546-ba77-172d1d560186",
+            description="This block compares two branches or commits in a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubCompareBranchesBlock.Input,
+            output_schema=GithubCompareBranchesBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "base": "main",
+                "head": "feature",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("status", "ahead"),
+                ("ahead_by", 2),
+                ("behind_by", 0),
+                ("total_commits", 2),
+                ("diff", "+++ b/file.py\n+new line"),
+                (
+                    "files",
+                    [
+                        {
+                            "filename": "file.py",
+                            "status": "modified",
+                            "additions": 1,
+                            "deletions": 0,
+                            "patch": "+new line",
+                        }
+                    ],
+                ),
+                (
+                    "file",
+                    {
+                        "filename": "file.py",
+                        "status": "modified",
+                        "additions": 1,
+                        "deletions": 0,
+                        "patch": "+new line",
+                    },
+                ),
+            ],
+            test_mock={
+                "compare_branches": lambda *args, **kwargs: {
+                    "status": "ahead",
+                    "ahead_by": 2,
+                    "behind_by": 0,
+                    "total_commits": 2,
+                    "files": [
+                        {
+                            "filename": "file.py",
+                            "status": "modified",
+                            "additions": 1,
+                            "deletions": 0,
+                            "patch": "+new line",
+                        }
+                    ],
+                }
+            },
+        )
+
+    @staticmethod
+    async def compare_branches(
+        credentials: GithubCredentials,
+        repo_url: str,
+        base: str,
+        head: str,
+    ) -> dict:
+        api = get_api(credentials)
+        safe_base = quote(base, safe="")
+        safe_head = quote(head, safe="")
+        compare_url = repo_url + f"/compare/{safe_base}...{safe_head}"
+        response = await api.get(compare_url)
+        return response.json()
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            data = await self.compare_branches(
+                credentials,
+                input_data.repo_url,
+                input_data.base,
+                input_data.head,
+            )
+            yield "status", data["status"]
+            yield "ahead_by", data["ahead_by"]
+            yield "behind_by", data["behind_by"]
+            yield "total_commits", data["total_commits"]
+
+            files: list[GithubCompareBranchesBlock.Output.FileChange] = [
+                GithubCompareBranchesBlock.Output.FileChange(
+                    filename=f["filename"],
+                    status=f["status"],
+                    additions=f["additions"],
+                    deletions=f["deletions"],
+                    patch=f.get("patch", ""),
+                )
+                for f in data.get("files", [])
+            ]
+
+            # Build unified diff
+            diff_parts = []
+            for f in data.get("files", []):
+                patch = f.get("patch", "")
+                if patch:
+                    diff_parts.append(f"+++ b/{f['filename']}\n{patch}")
+            yield "diff", "\n".join(diff_parts)
+
+            yield "files", files
+            for file in files:
+                yield "file", file
+        except Exception as e:
+            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/github/repo_files.py
+++ b/autogpt_platform/backend/backend/blocks/github/repo_files.py
@@ -0,0 +1,720 @@
+import base64
+from urllib.parse import quote
+
+from typing_extensions import TypedDict
+
+from backend.blocks._base import (
+    Block,
+    BlockCategory,
+    BlockOutput,
+    BlockSchemaInput,
+    BlockSchemaOutput,
+)
+from backend.data.model import SchemaField
+
+from ._api import get_api
+from ._auth import (
+    TEST_CREDENTIALS,
+    TEST_CREDENTIALS_INPUT,
+    GithubCredentials,
+    GithubCredentialsField,
+    GithubCredentialsInput,
+)
+
+
+class GithubReadFileBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        file_path: str = SchemaField(
+            description="Path to the file in the repository",
+            placeholder="path/to/file",
+        )
+        branch: str = SchemaField(
+            description="Branch to read from",
+            placeholder="branch_name",
+            default="main",
+        )
+
+    class Output(BlockSchemaOutput):
+        text_content: str = SchemaField(
+            description="Content of the file (decoded as UTF-8 text)"
+        )
+        raw_content: str = SchemaField(
+            description="Raw base64-encoded content of the file"
+        )
+        size: int = SchemaField(description="The size of the file (in bytes)")
+        error: str = SchemaField(description="Error message if reading the file failed")
+
+    def __init__(self):
+        super().__init__(
+            id="87ce6c27-5752-4bbc-8e26-6da40a3dcfd3",
+            description="This block reads the content of a specified file from a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubReadFileBlock.Input,
+            output_schema=GithubReadFileBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "file_path": "path/to/file",
+                "branch": "main",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("raw_content", "RmlsZSBjb250ZW50"),
+                ("text_content", "File content"),
+                ("size", 13),
+            ],
+            test_mock={"read_file": lambda *args, **kwargs: ("RmlsZSBjb250ZW50", 13)},
+        )
+
+    @staticmethod
+    async def read_file(
+        credentials: GithubCredentials, repo_url: str, file_path: str, branch: str
+    ) -> tuple[str, int]:
+        api = get_api(credentials)
+        content_url = (
+            repo_url
+            + f"/contents/{quote(file_path, safe='')}?ref={quote(branch, safe='')}"
+        )
+        response = await api.get(content_url)
+        data = response.json()
+
+        if isinstance(data, list):
+            # Multiple entries of different types exist at this path
+            if not (file := next((f for f in data if f["type"] == "file"), None)):
+                raise TypeError("Not a file")
+            data = file
+
+        if data["type"] != "file":
+            raise TypeError("Not a file")
+
+        return data["content"], data["size"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            content, size = await self.read_file(
+                credentials,
+                input_data.repo_url,
+                input_data.file_path,
+                input_data.branch,
+            )
+            yield "raw_content", content
+            yield "text_content", base64.b64decode(content).decode("utf-8")
+            yield "size", size
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubReadFolderBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        folder_path: str = SchemaField(
+            description="Path to the folder in the repository",
+            placeholder="path/to/folder",
+        )
+        branch: str = SchemaField(
+            description="Branch name to read from (defaults to main)",
+            placeholder="branch_name",
+            default="main",
+        )
+
+    class Output(BlockSchemaOutput):
+        class DirEntry(TypedDict):
+            name: str
+            path: str
+
+        class FileEntry(TypedDict):
+            name: str
+            path: str
+            size: int
+
+        file: FileEntry = SchemaField(description="Files in the folder")
+        dir: DirEntry = SchemaField(description="Directories in the folder")
+        error: str = SchemaField(
+            description="Error message if reading the folder failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="1355f863-2db3-4d75-9fba-f91e8a8ca400",
+            description="This block reads the content of a specified folder from a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubReadFolderBlock.Input,
+            output_schema=GithubReadFolderBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "folder_path": "path/to/folder",
+                "branch": "main",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                (
+                    "file",
+                    {
+                        "name": "file1.txt",
+                        "path": "path/to/folder/file1.txt",
+                        "size": 1337,
+                    },
+                ),
+                ("dir", {"name": "dir2", "path": "path/to/folder/dir2"}),
+            ],
+            test_mock={
+                "read_folder": lambda *args, **kwargs: (
+                    [
+                        {
+                            "name": "file1.txt",
+                            "path": "path/to/folder/file1.txt",
+                            "size": 1337,
+                        }
+                    ],
+                    [{"name": "dir2", "path": "path/to/folder/dir2"}],
+                )
+            },
+        )
+
+    @staticmethod
+    async def read_folder(
+        credentials: GithubCredentials, repo_url: str, folder_path: str, branch: str
+    ) -> tuple[list[Output.FileEntry], list[Output.DirEntry]]:
+        api = get_api(credentials)
+        contents_url = (
+            repo_url
+            + f"/contents/{quote(folder_path, safe='/')}?ref={quote(branch, safe='')}"
+        )
+        response = await api.get(contents_url)
+        data = response.json()
+
+        if not isinstance(data, list):
+            raise TypeError("Not a folder")
+
+        files: list[GithubReadFolderBlock.Output.FileEntry] = [
+            GithubReadFolderBlock.Output.FileEntry(
+                name=entry["name"],
+                path=entry["path"],
+                size=entry["size"],
+            )
+            for entry in data
+            if entry["type"] == "file"
+        ]
+
+        dirs: list[GithubReadFolderBlock.Output.DirEntry] = [
+            GithubReadFolderBlock.Output.DirEntry(
+                name=entry["name"],
+                path=entry["path"],
+            )
+            for entry in data
+            if entry["type"] == "dir"
+        ]
+
+        return files, dirs
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            files, dirs = await self.read_folder(
+                credentials,
+                input_data.repo_url,
+                input_data.folder_path.lstrip("/"),
+                input_data.branch,
+            )
+            for file in files:
+                yield "file", file
+            for dir in dirs:
+                yield "dir", dir
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubCreateFileBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        file_path: str = SchemaField(
+            description="Path where the file should be created",
+            placeholder="path/to/file.txt",
+        )
+        content: str = SchemaField(
+            description="Content to write to the file",
+            placeholder="File content here",
+        )
+        branch: str = SchemaField(
+            description="Branch where the file should be created",
+            default="main",
+        )
+        commit_message: str = SchemaField(
+            description="Message for the commit",
+            default="Create new file",
+        )
+
+    class Output(BlockSchemaOutput):
+        url: str = SchemaField(description="URL of the created file")
+        sha: str = SchemaField(description="SHA of the commit")
+        error: str = SchemaField(
+            description="Error message if the file creation failed"
+        )
+
+    def __init__(self):
+        super().__init__(
+            id="8fd132ac-b917-428a-8159-d62893e8a3fe",
+            description="This block creates a new file in a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubCreateFileBlock.Input,
+            output_schema=GithubCreateFileBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "file_path": "test/file.txt",
+                "content": "Test content",
+                "branch": "main",
+                "commit_message": "Create test file",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("url", "https://github.com/owner/repo/blob/main/test/file.txt"),
+                ("sha", "abc123"),
+            ],
+            test_mock={
+                "create_file": lambda *args, **kwargs: (
+                    "https://github.com/owner/repo/blob/main/test/file.txt",
+                    "abc123",
+                )
+            },
+        )
+
+    @staticmethod
+    async def create_file(
+        credentials: GithubCredentials,
+        repo_url: str,
+        file_path: str,
+        content: str,
+        branch: str,
+        commit_message: str,
+    ) -> tuple[str, str]:
+        api = get_api(credentials)
+        contents_url = repo_url + f"/contents/{quote(file_path, safe='/')}"
+        content_base64 = base64.b64encode(content.encode()).decode()
+        data = {
+            "message": commit_message,
+            "content": content_base64,
+            "branch": branch,
+        }
+        response = await api.put(contents_url, json=data)
+        data = response.json()
+        return data["content"]["html_url"], data["commit"]["sha"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            url, sha = await self.create_file(
+                credentials,
+                input_data.repo_url,
+                input_data.file_path,
+                input_data.content,
+                input_data.branch,
+                input_data.commit_message,
+            )
+            yield "url", url
+            yield "sha", sha
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubUpdateFileBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        file_path: str = SchemaField(
+            description="Path to the file to update",
+            placeholder="path/to/file.txt",
+        )
+        content: str = SchemaField(
+            description="New content for the file",
+            placeholder="Updated content here",
+        )
+        branch: str = SchemaField(
+            description="Branch containing the file",
+            default="main",
+        )
+        commit_message: str = SchemaField(
+            description="Message for the commit",
+            default="Update file",
+        )
+
+    class Output(BlockSchemaOutput):
+        url: str = SchemaField(description="URL of the updated file")
+        sha: str = SchemaField(description="SHA of the commit")
+
+    def __init__(self):
+        super().__init__(
+            id="30be12a4-57cb-4aa4-baf5-fcc68d136076",
+            description="This block updates an existing file in a GitHub repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubUpdateFileBlock.Input,
+            output_schema=GithubUpdateFileBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "file_path": "test/file.txt",
+                "content": "Updated content",
+                "branch": "main",
+                "commit_message": "Update test file",
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("url", "https://github.com/owner/repo/blob/main/test/file.txt"),
+                ("sha", "def456"),
+            ],
+            test_mock={
+                "update_file": lambda *args, **kwargs: (
+                    "https://github.com/owner/repo/blob/main/test/file.txt",
+                    "def456",
+                )
+            },
+        )
+
+    @staticmethod
+    async def update_file(
+        credentials: GithubCredentials,
+        repo_url: str,
+        file_path: str,
+        content: str,
+        branch: str,
+        commit_message: str,
+    ) -> tuple[str, str]:
+        api = get_api(credentials)
+        contents_url = repo_url + f"/contents/{quote(file_path, safe='/')}"
+        params = {"ref": branch}
+        response = await api.get(contents_url, params=params)
+        data = response.json()
+
+        # Convert new content to base64
+        content_base64 = base64.b64encode(content.encode()).decode()
+        data = {
+            "message": commit_message,
+            "content": content_base64,
+            "sha": data["sha"],
+            "branch": branch,
+        }
+        response = await api.put(contents_url, json=data)
+        data = response.json()
+        return data["content"]["html_url"], data["commit"]["sha"]
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            url, sha = await self.update_file(
+                credentials,
+                input_data.repo_url,
+                input_data.file_path,
+                input_data.content,
+                input_data.branch,
+                input_data.commit_message,
+            )
+            yield "url", url
+            yield "sha", sha
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubSearchCodeBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        query: str = SchemaField(
+            description="Search query (GitHub code search syntax)",
+            placeholder="className language:python",
+        )
+        repo: str = SchemaField(
+            description="Restrict search to a repository (owner/repo format, optional)",
+            default="",
+            placeholder="owner/repo",
+        )
+        per_page: int = SchemaField(
+            description="Number of results to return (max 100)",
+            default=30,
+            ge=1,
+            le=100,
+        )
+
+    class Output(BlockSchemaOutput):
+        class SearchResult(TypedDict):
+            name: str
+            path: str
+            repository: str
+            url: str
+            score: float
+
+        result: SearchResult = SchemaField(
+            title="Result", description="A code search result"
+        )
+        results: list[SearchResult] = SchemaField(
+            description="List of code search results"
+        )
+        total_count: int = SchemaField(description="Total number of matching results")
+        error: str = SchemaField(description="Error message if search failed")
+
+    def __init__(self):
+        super().__init__(
+            id="47f94891-a2b1-4f1c-b5f2-573c043f721e",
+            description="This block searches for code in GitHub repositories.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubSearchCodeBlock.Input,
+            output_schema=GithubSearchCodeBlock.Output,
+            test_input={
+                "query": "addClass",
+                "repo": "owner/repo",
+                "per_page": 30,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("total_count", 1),
+                (
+                    "results",
+                    [
+                        {
+                            "name": "file.py",
+                            "path": "src/file.py",
+                            "repository": "owner/repo",
+                            "url": "https://github.com/owner/repo/blob/main/src/file.py",
+                            "score": 1.0,
+                        }
+                    ],
+                ),
+                (
+                    "result",
+                    {
+                        "name": "file.py",
+                        "path": "src/file.py",
+                        "repository": "owner/repo",
+                        "url": "https://github.com/owner/repo/blob/main/src/file.py",
+                        "score": 1.0,
+                    },
+                ),
+            ],
+            test_mock={
+                "search_code": lambda *args, **kwargs: (
+                    1,
+                    [
+                        {
+                            "name": "file.py",
+                            "path": "src/file.py",
+                            "repository": "owner/repo",
+                            "url": "https://github.com/owner/repo/blob/main/src/file.py",
+                            "score": 1.0,
+                        }
+                    ],
+                )
+            },
+        )
+
+    @staticmethod
+    async def search_code(
+        credentials: GithubCredentials,
+        query: str,
+        repo: str,
+        per_page: int,
+    ) -> tuple[int, list[Output.SearchResult]]:
+        api = get_api(credentials, convert_urls=False)
+        full_query = f"{query} repo:{repo}" if repo else query
+        params = {"q": full_query, "per_page": str(per_page)}
+        response = await api.get("https://api.github.com/search/code", params=params)
+        data = response.json()
+        results: list[GithubSearchCodeBlock.Output.SearchResult] = [
+            GithubSearchCodeBlock.Output.SearchResult(
+                name=item["name"],
+                path=item["path"],
+                repository=item["repository"]["full_name"],
+                url=item["html_url"],
+                score=item["score"],
+            )
+            for item in data["items"]
+        ]
+        return data["total_count"], results
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            total_count, results = await self.search_code(
+                credentials,
+                input_data.query,
+                input_data.repo,
+                input_data.per_page,
+            )
+            yield "total_count", total_count
+            yield "results", results
+            for result in results:
+                yield "result", result
+        except Exception as e:
+            yield "error", str(e)
+
+
+class GithubGetRepositoryTreeBlock(Block):
+    class Input(BlockSchemaInput):
+        credentials: GithubCredentialsInput = GithubCredentialsField("repo")
+        repo_url: str = SchemaField(
+            description="URL of the GitHub repository",
+            placeholder="https://github.com/owner/repo",
+        )
+        branch: str = SchemaField(
+            description="Branch name to get the tree from",
+            default="main",
+        )
+        recursive: bool = SchemaField(
+            description="Whether to recursively list the entire tree",
+            default=True,
+        )
+
+    class Output(BlockSchemaOutput):
+        class TreeEntry(TypedDict):
+            path: str
+            type: str
+            size: int
+            sha: str
+
+        entry: TreeEntry = SchemaField(
+            title="Tree Entry", description="A file or directory in the tree"
+        )
+        entries: list[TreeEntry] = SchemaField(
+            description="List of all files and directories in the tree"
+        )
+        truncated: bool = SchemaField(
+            description="Whether the tree was truncated due to size"
+        )
+        error: str = SchemaField(description="Error message if getting tree failed")
+
+    def __init__(self):
+        super().__init__(
+            id="89c5c0ec-172e-4001-a32c-bdfe4d0c9e81",
+            description="This block lists the entire file tree of a GitHub repository recursively.",
+            categories={BlockCategory.DEVELOPER_TOOLS},
+            input_schema=GithubGetRepositoryTreeBlock.Input,
+            output_schema=GithubGetRepositoryTreeBlock.Output,
+            test_input={
+                "repo_url": "https://github.com/owner/repo",
+                "branch": "main",
+                "recursive": True,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("truncated", False),
+                (
+                    "entries",
+                    [
+                        {
+                            "path": "src/main.py",
+                            "type": "blob",
+                            "size": 1234,
+                            "sha": "abc123",
+                        }
+                    ],
+                ),
+                (
+                    "entry",
+                    {
+                        "path": "src/main.py",
+                        "type": "blob",
+                        "size": 1234,
+                        "sha": "abc123",
+                    },
+                ),
+            ],
+            test_mock={
+                "get_tree": lambda *args, **kwargs: (
+                    False,
+                    [
+                        {
+                            "path": "src/main.py",
+                            "type": "blob",
+                            "size": 1234,
+                            "sha": "abc123",
+                        }
+                    ],
+                )
+            },
+        )
+
+    @staticmethod
+    async def get_tree(
+        credentials: GithubCredentials,
+        repo_url: str,
+        branch: str,
+        recursive: bool,
+    ) -> tuple[bool, list[Output.TreeEntry]]:
+        api = get_api(credentials)
+        tree_url = repo_url + f"/git/trees/{quote(branch, safe='')}"
+        params = {"recursive": "1"} if recursive else {}
+        response = await api.get(tree_url, params=params)
+        data = response.json()
+        entries: list[GithubGetRepositoryTreeBlock.Output.TreeEntry] = [
+            GithubGetRepositoryTreeBlock.Output.TreeEntry(
+                path=item["path"],
+                type=item["type"],
+                size=item.get("size", 0),
+                sha=item["sha"],
+            )
+            for item in data["tree"]
+        ]
+        return data.get("truncated", False), entries
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GithubCredentials,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            truncated, entries = await self.get_tree(
+                credentials,
+                input_data.repo_url,
+                input_data.branch,
+                input_data.recursive,
+            )
+            yield "truncated", truncated
+            yield "entries", entries
+            for entry in entries:
+                yield "entry", entry
+        except Exception as e:
+            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/github/test_github_blocks.py
+++ b/autogpt_platform/backend/backend/blocks/github/test_github_blocks.py
@@ -0,0 +1,120 @@
+import inspect
+
+import pytest
+
+from backend.blocks.github._auth import TEST_CREDENTIALS, TEST_CREDENTIALS_INPUT
+from backend.blocks.github.commits import FileOperation, GithubMultiFileCommitBlock
+from backend.blocks.github.pull_requests import (
+    GithubMergePullRequestBlock,
+    prepare_pr_api_url,
+)
+from backend.util.exceptions import BlockExecutionError
+
+# ── prepare_pr_api_url tests ──
+
+
+class TestPreparePrApiUrl:
+    def test_https_scheme_preserved(self):
+        result = prepare_pr_api_url("https://github.com/owner/repo/pull/42", "merge")
+        assert result == "https://github.com/owner/repo/pulls/42/merge"
+
+    def test_http_scheme_preserved(self):
+        result = prepare_pr_api_url("http://github.com/owner/repo/pull/1", "files")
+        assert result == "http://github.com/owner/repo/pulls/1/files"
+
+    def test_no_scheme_defaults_to_https(self):
+        result = prepare_pr_api_url("github.com/owner/repo/pull/5", "merge")
+        assert result == "https://github.com/owner/repo/pulls/5/merge"
+
+    def test_reviewers_path(self):
+        result = prepare_pr_api_url(
+            "https://github.com/owner/repo/pull/99", "requested_reviewers"
+        )
+        assert result == "https://github.com/owner/repo/pulls/99/requested_reviewers"
+
+    def test_invalid_url_returned_as_is(self):
+        url = "https://example.com/not-a-pr"
+        assert prepare_pr_api_url(url, "merge") == url
+
+    def test_empty_string(self):
+        assert prepare_pr_api_url("", "merge") == ""
+
+
+# ── Error-path block tests ──
+# When a block's run() yields ("error", msg), _execute() converts it to a
+# BlockExecutionError. We call block.execute() directly (not execute_block_test,
+# which returns early on empty test_output).
+
+
+def _mock_block(block, mocks: dict):
+    """Apply mocks to a block's static methods, wrapping sync mocks as async."""
+    for name, mock_fn in mocks.items():
+        original = getattr(block, name)
+        if inspect.iscoroutinefunction(original):
+
+            async def async_mock(*args, _fn=mock_fn, **kwargs):
+                return _fn(*args, **kwargs)
+
+            setattr(block, name, async_mock)
+        else:
+            setattr(block, name, mock_fn)
+
+
+def _raise(exc: Exception):
+    """Helper that returns a callable which raises the given exception."""
+
+    def _raiser(*args, **kwargs):
+        raise exc
+
+    return _raiser
+
+
+@pytest.mark.asyncio
+async def test_merge_pr_error_path():
+    block = GithubMergePullRequestBlock()
+    _mock_block(block, {"merge_pr": _raise(RuntimeError("PR not mergeable"))})
+    input_data = {
+        "pr_url": "https://github.com/owner/repo/pull/1",
+        "merge_method": "squash",
+        "commit_title": "",
+        "commit_message": "",
+        "credentials": TEST_CREDENTIALS_INPUT,
+    }
+    with pytest.raises(BlockExecutionError, match="PR not mergeable"):
+        async for _ in block.execute(input_data, credentials=TEST_CREDENTIALS):
+            pass
+
+
+@pytest.mark.asyncio
+async def test_multi_file_commit_error_path():
+    block = GithubMultiFileCommitBlock()
+    _mock_block(block, {"multi_file_commit": _raise(RuntimeError("ref update failed"))})
+    input_data = {
+        "repo_url": "https://github.com/owner/repo",
+        "branch": "feature",
+        "commit_message": "test",
+        "files": [{"path": "a.py", "content": "x", "operation": "upsert"}],
+        "credentials": TEST_CREDENTIALS_INPUT,
+    }
+    with pytest.raises(BlockExecutionError, match="ref update failed"):
+        async for _ in block.execute(input_data, credentials=TEST_CREDENTIALS):
+            pass
+
+
+# ── FileOperation enum tests ──
+
+
+class TestFileOperation:
+    def test_upsert_value(self):
+        assert FileOperation.UPSERT == "upsert"
+
+    def test_delete_value(self):
+        assert FileOperation.DELETE == "delete"
+
+    def test_invalid_value_raises(self):
+        with pytest.raises(ValueError):
+            FileOperation("create")
+
+    def test_invalid_value_raises_typo(self):
+        with pytest.raises(ValueError):
+            FileOperation("upser")
--- a/autogpt_platform/backend/backend/blocks/google/gmail.py
+++ b/autogpt_platform/backend/backend/blocks/google/gmail.py
@@ -241,8 +241,8 @@ class GmailBase(Block, ABC):
                    h.ignore_links = False
                    h.ignore_images = True
                    return h.handle(html_content)
-                except ImportError:
-                    # Fallback: return raw HTML if html2text is not available
+                except Exception:
+                    # Keep extraction resilient if html2text is unavailable or fails.
                    return html_content

        # Handle content stored as attachment
--- a/autogpt_platform/backend/backend/blocks/helpers/review.py
+++ b/autogpt_platform/backend/backend/blocks/helpers/review.py
@@ -67,6 +67,7 @@ class HITLReviewHelper:
        graph_version: int,
        block_name: str = "Block",
        editable: bool = False,
+        is_graph_execution: bool = True,
    ) -> Optional[ReviewResult]:
        """
        Handle a review request for a block that requires human review.
@@ -143,10 +144,11 @@ class HITLReviewHelper:
            logger.info(
                f"Block {block_name} pausing execution for node {node_exec_id} - awaiting human review"
            )
-            await HITLReviewHelper.update_node_execution_status(
-                exec_id=node_exec_id,
-                status=ExecutionStatus.REVIEW,
-            )
+            if is_graph_execution:
+                await HITLReviewHelper.update_node_execution_status(
+                    exec_id=node_exec_id,
+                    status=ExecutionStatus.REVIEW,
+                )
            return None  # Signal that execution should pause

        # Mark review as processed if not already done
@@ -168,6 +170,7 @@ class HITLReviewHelper:
        graph_version: int,
        block_name: str = "Block",
        editable: bool = False,
+        is_graph_execution: bool = True,
    ) -> Optional[ReviewDecision]:
        """
        Handle a review request and return the decision in a single call.
@@ -197,6 +200,7 @@ class HITLReviewHelper:
            graph_version=graph_version,
            block_name=block_name,
            editable=editable,
+            is_graph_execution=is_graph_execution,
        )

        if review_result is None:
--- a/autogpt_platform/backend/backend/blocks/jina/search.py
+++ b/autogpt_platform/backend/backend/blocks/jina/search.py
@@ -17,7 +17,7 @@ from backend.blocks.jina._auth import (
 from backend.blocks.search import GetRequest
 from backend.data.model import SchemaField
 from backend.util.exceptions import BlockExecutionError
-from backend.util.request import HTTPClientError, HTTPServerError, validate_url
+from backend.util.request import HTTPClientError, HTTPServerError, validate_url_host


 class SearchTheWebBlock(Block, GetRequest):
@@ -112,7 +112,7 @@ class ExtractWebsiteContentBlock(Block, GetRequest):
    ) -> BlockOutput:
        if input_data.raw_content:
            try:
-                parsed_url, _, _ = await validate_url(input_data.url, [])
+                parsed_url, _, _ = await validate_url_host(input_data.url)
                url = parsed_url.geturl()
            except ValueError as e:
                yield "error", f"Invalid URL: {e}"
--- a/autogpt_platform/backend/backend/blocks/llm.py
+++ b/autogpt_platform/backend/backend/blocks/llm.py
@@ -34,8 +34,11 @@ from backend.util import json
 from backend.util.clients import OPENROUTER_BASE_URL
 from backend.util.logging import TruncatedLogger
 from backend.util.prompt import compress_context, estimate_token_count
+from backend.util.request import validate_url_host
+from backend.util.settings import Settings
 from backend.util.text import TextFormatter

+settings = Settings()
 logger = TruncatedLogger(logging.getLogger(__name__), "[LLM-Block]")
 fmt = TextFormatter(autoescape=False)

@@ -137,19 +140,31 @@ class LlmModel(str, Enum, metaclass=LlmModelMeta):
    # OpenRouter models
    OPENAI_GPT_OSS_120B = "openai/gpt-oss-120b"
    OPENAI_GPT_OSS_20B = "openai/gpt-oss-20b"
-    GEMINI_2_5_PRO = "google/gemini-2.5-pro-preview-03-25"
-    GEMINI_3_PRO_PREVIEW = "google/gemini-3-pro-preview"
+    GEMINI_2_5_PRO_PREVIEW = "google/gemini-2.5-pro-preview-03-25"
+    GEMINI_2_5_PRO = "google/gemini-2.5-pro"
+    GEMINI_3_1_PRO_PREVIEW = "google/gemini-3.1-pro-preview"
+    GEMINI_3_FLASH_PREVIEW = "google/gemini-3-flash-preview"
    GEMINI_2_5_FLASH = "google/gemini-2.5-flash"
    GEMINI_2_0_FLASH = "google/gemini-2.0-flash-001"
+    GEMINI_3_1_FLASH_LITE_PREVIEW = "google/gemini-3.1-flash-lite-preview"
    GEMINI_2_5_FLASH_LITE_PREVIEW = "google/gemini-2.5-flash-lite-preview-06-17"
    GEMINI_2_0_FLASH_LITE = "google/gemini-2.0-flash-lite-001"
    MISTRAL_NEMO = "mistralai/mistral-nemo"
+    MISTRAL_LARGE_3 = "mistralai/mistral-large-2512"
+    MISTRAL_MEDIUM_3_1 = "mistralai/mistral-medium-3.1"
+    MISTRAL_SMALL_3_2 = "mistralai/mistral-small-3.2-24b-instruct"
+    CODESTRAL = "mistralai/codestral-2508"
    COHERE_COMMAND_R_08_2024 = "cohere/command-r-08-2024"
    COHERE_COMMAND_R_PLUS_08_2024 = "cohere/command-r-plus-08-2024"
+    COHERE_COMMAND_A_03_2025 = "cohere/command-a-03-2025"
+    COHERE_COMMAND_A_TRANSLATE_08_2025 = "cohere/command-a-translate-08-2025"
+    COHERE_COMMAND_A_REASONING_08_2025 = "cohere/command-a-reasoning-08-2025"
+    COHERE_COMMAND_A_VISION_07_2025 = "cohere/command-a-vision-07-2025"
    DEEPSEEK_CHAT = "deepseek/deepseek-chat"  # Actually: DeepSeek V3
    DEEPSEEK_R1_0528 = "deepseek/deepseek-r1-0528"
    PERPLEXITY_SONAR = "perplexity/sonar"
    PERPLEXITY_SONAR_PRO = "perplexity/sonar-pro"
+    PERPLEXITY_SONAR_REASONING_PRO = "perplexity/sonar-reasoning-pro"
    PERPLEXITY_SONAR_DEEP_RESEARCH = "perplexity/sonar-deep-research"
    NOUSRESEARCH_HERMES_3_LLAMA_3_1_405B = "nousresearch/hermes-3-llama-3.1-405b"
    NOUSRESEARCH_HERMES_3_LLAMA_3_1_70B = "nousresearch/hermes-3-llama-3.1-70b"
@@ -157,9 +172,11 @@ class LlmModel(str, Enum, metaclass=LlmModelMeta):
    AMAZON_NOVA_MICRO_V1 = "amazon/nova-micro-v1"
    AMAZON_NOVA_PRO_V1 = "amazon/nova-pro-v1"
    MICROSOFT_WIZARDLM_2_8X22B = "microsoft/wizardlm-2-8x22b"
+    MICROSOFT_PHI_4 = "microsoft/phi-4"
    GRYPHE_MYTHOMAX_L2_13B = "gryphe/mythomax-l2-13b"
    META_LLAMA_4_SCOUT = "meta-llama/llama-4-scout"
    META_LLAMA_4_MAVERICK = "meta-llama/llama-4-maverick"
+    GROK_3 = "x-ai/grok-3"
    GROK_4 = "x-ai/grok-4"
    GROK_4_FAST = "x-ai/grok-4-fast"
    GROK_4_1_FAST = "x-ai/grok-4.1-fast"
@@ -337,17 +354,41 @@ MODEL_METADATA = {
        "ollama", 32768, None, "Dolphin Mistral Latest", "Ollama", "Mistral AI", 1
    ),
    # https://openrouter.ai/models
-    LlmModel.GEMINI_2_5_PRO: ModelMetadata(
+    LlmModel.GEMINI_2_5_PRO_PREVIEW: ModelMetadata(
        "open_router",
-        1050000,
-        8192,
+        1048576,
+        65536,
        "Gemini 2.5 Pro Preview 03.25",
        "OpenRouter",
        "Google",
        2,
    ),
-    LlmModel.GEMINI_3_PRO_PREVIEW: ModelMetadata(
-        "open_router", 1048576, 65535, "Gemini 3 Pro Preview", "OpenRouter", "Google", 2
+    LlmModel.GEMINI_2_5_PRO: ModelMetadata(
+        "open_router",
+        1048576,
+        65536,
+        "Gemini 2.5 Pro",
+        "OpenRouter",
+        "Google",
+        2,
+    ),
+    LlmModel.GEMINI_3_1_PRO_PREVIEW: ModelMetadata(
+        "open_router",
+        1048576,
+        65536,
+        "Gemini 3.1 Pro Preview",
+        "OpenRouter",
+        "Google",
+        2,
+    ),
+    LlmModel.GEMINI_3_FLASH_PREVIEW: ModelMetadata(
+        "open_router",
+        1048576,
+        65536,
+        "Gemini 3 Flash Preview",
+        "OpenRouter",
+        "Google",
+        1,
    ),
    LlmModel.GEMINI_2_5_FLASH: ModelMetadata(
        "open_router", 1048576, 65535, "Gemini 2.5 Flash", "OpenRouter", "Google", 1
@@ -355,6 +396,15 @@ MODEL_METADATA = {
    LlmModel.GEMINI_2_0_FLASH: ModelMetadata(
        "open_router", 1048576, 8192, "Gemini 2.0 Flash 001", "OpenRouter", "Google", 1
    ),
+    LlmModel.GEMINI_3_1_FLASH_LITE_PREVIEW: ModelMetadata(
+        "open_router",
+        1048576,
+        65536,
+        "Gemini 3.1 Flash Lite Preview",
+        "OpenRouter",
+        "Google",
+        1,
+    ),
    LlmModel.GEMINI_2_5_FLASH_LITE_PREVIEW: ModelMetadata(
        "open_router",
        1048576,
@@ -376,12 +426,78 @@ MODEL_METADATA = {
    LlmModel.MISTRAL_NEMO: ModelMetadata(
        "open_router", 128000, 4096, "Mistral Nemo", "OpenRouter", "Mistral AI", 1
    ),
+    LlmModel.MISTRAL_LARGE_3: ModelMetadata(
+        "open_router",
+        262144,
+        None,
+        "Mistral Large 3 2512",
+        "OpenRouter",
+        "Mistral AI",
+        2,
+    ),
+    LlmModel.MISTRAL_MEDIUM_3_1: ModelMetadata(
+        "open_router",
+        131072,
+        None,
+        "Mistral Medium 3.1",
+        "OpenRouter",
+        "Mistral AI",
+        2,
+    ),
+    LlmModel.MISTRAL_SMALL_3_2: ModelMetadata(
+        "open_router",
+        131072,
+        131072,
+        "Mistral Small 3.2 24B",
+        "OpenRouter",
+        "Mistral AI",
+        1,
+    ),
+    LlmModel.CODESTRAL: ModelMetadata(
+        "open_router",
+        256000,
+        None,
+        "Codestral 2508",
+        "OpenRouter",
+        "Mistral AI",
+        1,
+    ),
    LlmModel.COHERE_COMMAND_R_08_2024: ModelMetadata(
        "open_router", 128000, 4096, "Command R 08.2024", "OpenRouter", "Cohere", 1
    ),
    LlmModel.COHERE_COMMAND_R_PLUS_08_2024: ModelMetadata(
        "open_router", 128000, 4096, "Command R Plus 08.2024", "OpenRouter", "Cohere", 2
    ),
+    LlmModel.COHERE_COMMAND_A_03_2025: ModelMetadata(
+        "open_router", 256000, 8192, "Command A 03.2025", "OpenRouter", "Cohere", 2
+    ),
+    LlmModel.COHERE_COMMAND_A_TRANSLATE_08_2025: ModelMetadata(
+        "open_router",
+        128000,
+        8192,
+        "Command A Translate 08.2025",
+        "OpenRouter",
+        "Cohere",
+        2,
+    ),
+    LlmModel.COHERE_COMMAND_A_REASONING_08_2025: ModelMetadata(
+        "open_router",
+        256000,
+        32768,
+        "Command A Reasoning 08.2025",
+        "OpenRouter",
+        "Cohere",
+        3,
+    ),
+    LlmModel.COHERE_COMMAND_A_VISION_07_2025: ModelMetadata(
+        "open_router",
+        128000,
+        8192,
+        "Command A Vision 07.2025",
+        "OpenRouter",
+        "Cohere",
+        2,
+    ),
    LlmModel.DEEPSEEK_CHAT: ModelMetadata(
        "open_router", 64000, 2048, "DeepSeek Chat", "OpenRouter", "DeepSeek", 1
    ),
@@ -394,6 +510,15 @@ MODEL_METADATA = {
    LlmModel.PERPLEXITY_SONAR_PRO: ModelMetadata(
        "open_router", 200000, 8000, "Sonar Pro", "OpenRouter", "Perplexity", 2
    ),
+    LlmModel.PERPLEXITY_SONAR_REASONING_PRO: ModelMetadata(
+        "open_router",
+        128000,
+        8000,
+        "Sonar Reasoning Pro",
+        "OpenRouter",
+        "Perplexity",
+        2,
+    ),
    LlmModel.PERPLEXITY_SONAR_DEEP_RESEARCH: ModelMetadata(
        "open_router",
        128000,
@@ -439,6 +564,9 @@ MODEL_METADATA = {
    LlmModel.MICROSOFT_WIZARDLM_2_8X22B: ModelMetadata(
        "open_router", 65536, 4096, "WizardLM 2 8x22B", "OpenRouter", "Microsoft", 1
    ),
+    LlmModel.MICROSOFT_PHI_4: ModelMetadata(
+        "open_router", 16384, 16384, "Phi-4", "OpenRouter", "Microsoft", 1
+    ),
    LlmModel.GRYPHE_MYTHOMAX_L2_13B: ModelMetadata(
        "open_router", 4096, 4096, "MythoMax L2 13B", "OpenRouter", "Gryphe", 1
    ),
@@ -448,6 +576,15 @@ MODEL_METADATA = {
    LlmModel.META_LLAMA_4_MAVERICK: ModelMetadata(
        "open_router", 1048576, 1000000, "Llama 4 Maverick", "OpenRouter", "Meta", 1
    ),
+    LlmModel.GROK_3: ModelMetadata(
+        "open_router",
+        131072,
+        131072,
+        "Grok 3",
+        "OpenRouter",
+        "xAI",
+        2,
+    ),
    LlmModel.GROK_4: ModelMetadata(
        "open_router", 256000, 256000, "Grok 4", "OpenRouter", "xAI", 3
    ),
@@ -805,6 +942,11 @@ async def llm_call(
        if tools:
            raise ValueError("Ollama does not support tools.")

+        # Validate user-provided Ollama host to prevent SSRF etc.
+        await validate_url_host(
+            ollama_host, trusted_hostnames=[settings.config.ollama_host]
+        )
+
        client = ollama.AsyncClient(host=ollama_host)
        sys_messages = [p["content"] for p in prompt if p["role"] == "system"]
        usr_messages = [p["content"] for p in prompt if p["role"] != "system"]
--- a/autogpt_platform/backend/backend/blocks/perplexity.py
+++ b/autogpt_platform/backend/backend/blocks/perplexity.py
@@ -4,7 +4,7 @@ from enum import Enum
 from typing import Any, Literal

 import openai
-from pydantic import SecretStr
+from pydantic import SecretStr, field_validator

 from backend.blocks._base import (
    Block,
@@ -13,6 +13,7 @@ from backend.blocks._base import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
+from backend.data.block import BlockInput
 from backend.data.model import (
    APIKeyCredentials,
    CredentialsField,
@@ -35,6 +36,20 @@ class PerplexityModel(str, Enum):
    SONAR_DEEP_RESEARCH = "perplexity/sonar-deep-research"


+def _sanitize_perplexity_model(value: Any) -> PerplexityModel:
+    """Return a valid PerplexityModel, falling back to SONAR for invalid values."""
+    if isinstance(value, PerplexityModel):
+        return value
+    try:
+        return PerplexityModel(value)
+    except ValueError:
+        logger.warning(
+            f"Invalid PerplexityModel '{value}', "
+            f"falling back to {PerplexityModel.SONAR.value}"
+        )
+        return PerplexityModel.SONAR
+
+
 PerplexityCredentials = CredentialsMetaInput[
    Literal[ProviderName.OPEN_ROUTER], Literal["api_key"]
 ]
@@ -73,6 +88,25 @@ class PerplexityBlock(Block):
            advanced=False,
        )
        credentials: PerplexityCredentials = PerplexityCredentialsField()
+
+        @field_validator("model", mode="before")
+        @classmethod
+        def fallback_invalid_model(cls, v: Any) -> PerplexityModel:
+            """Fall back to SONAR if the model value is not a valid
+            PerplexityModel (e.g. an OpenAI model ID set by the agent
+            generator)."""
+            return _sanitize_perplexity_model(v)
+
+        @classmethod
+        def validate_data(cls, data: BlockInput) -> str | None:
+            """Sanitize the model field before JSON schema validation so that
+            invalid values are replaced with the default instead of raising a
+            BlockInputError."""
+            model_value = data.get("model")
+            if model_value is not None:
+                data["model"] = _sanitize_perplexity_model(model_value).value
+            return super().validate_data(data)
+
        system_prompt: str = SchemaField(
            title="System Prompt",
            default="",
--- a/autogpt_platform/backend/backend/blocks/reddit.py
+++ b/autogpt_platform/backend/backend/blocks/reddit.py
@@ -2232,6 +2232,7 @@ class DeleteRedditPostBlock(Block):
                ("post_id", "abc123"),
            ],
            test_mock={"delete_post": lambda creds, post_id: True},
+            is_sensitive_action=True,
        )

    @staticmethod
@@ -2290,6 +2291,7 @@ class DeleteRedditCommentBlock(Block):
                ("comment_id", "xyz789"),
            ],
            test_mock={"delete_comment": lambda creds, comment_id: True},
+            is_sensitive_action=True,
        )

    @staticmethod
--- a/autogpt_platform/backend/backend/blocks/slant3d/order.py
+++ b/autogpt_platform/backend/backend/blocks/slant3d/order.py
@@ -72,6 +72,7 @@ class Slant3DCreateOrderBlock(Slant3DBlockBase):
                "_make_request": lambda *args, **kwargs: {"orderId": "314144241"},
                "_convert_to_color": lambda *args, **kwargs: "black",
            },
+            is_sensitive_action=True,
        )

    async def run(
--- a/autogpt_platform/backend/backend/blocks/test/test_perplexity.py
+++ b/autogpt_platform/backend/backend/blocks/test/test_perplexity.py
@@ -0,0 +1,81 @@
+"""Unit tests for PerplexityBlock model fallback behavior."""
+
+import pytest
+
+from backend.blocks.perplexity import (
+    TEST_CREDENTIALS_INPUT,
+    PerplexityBlock,
+    PerplexityModel,
+)
+
+
+def _make_input(**overrides) -> dict:
+    defaults = {
+        "prompt": "test query",
+        "credentials": TEST_CREDENTIALS_INPUT,
+    }
+    defaults.update(overrides)
+    return defaults
+
+
+class TestPerplexityModelFallback:
+    """Tests for fallback_invalid_model field_validator."""
+
+    def test_invalid_model_falls_back_to_sonar(self):
+        inp = PerplexityBlock.Input(**_make_input(model="gpt-5.2-2025-12-11"))
+        assert inp.model == PerplexityModel.SONAR
+
+    def test_another_invalid_model_falls_back_to_sonar(self):
+        inp = PerplexityBlock.Input(**_make_input(model="gpt-4o"))
+        assert inp.model == PerplexityModel.SONAR
+
+    def test_valid_model_string_is_kept(self):
+        inp = PerplexityBlock.Input(**_make_input(model="perplexity/sonar-pro"))
+        assert inp.model == PerplexityModel.SONAR_PRO
+
+    def test_valid_enum_value_is_kept(self):
+        inp = PerplexityBlock.Input(
+            **_make_input(model=PerplexityModel.SONAR_DEEP_RESEARCH)
+        )
+        assert inp.model == PerplexityModel.SONAR_DEEP_RESEARCH
+
+    def test_default_model_when_omitted(self):
+        inp = PerplexityBlock.Input(**_make_input())
+        assert inp.model == PerplexityModel.SONAR
+
+    @pytest.mark.parametrize(
+        "model_value",
+        [
+            "perplexity/sonar",
+            "perplexity/sonar-pro",
+            "perplexity/sonar-deep-research",
+        ],
+    )
+    def test_all_valid_models_accepted(self, model_value: str):
+        inp = PerplexityBlock.Input(**_make_input(model=model_value))
+        assert inp.model.value == model_value
+
+
+class TestPerplexityValidateData:
+    """Tests for validate_data which runs during block execution (before
+    Pydantic instantiation). Invalid models must be sanitized here so
+    JSON schema validation does not reject them."""
+
+    def test_invalid_model_sanitized_before_schema_validation(self):
+        data = _make_input(model="gpt-5.2-2025-12-11")
+        error = PerplexityBlock.Input.validate_data(data)
+        assert error is None
+        assert data["model"] == PerplexityModel.SONAR.value
+
+    def test_valid_model_unchanged_by_validate_data(self):
+        data = _make_input(model="perplexity/sonar-pro")
+        error = PerplexityBlock.Input.validate_data(data)
+        assert error is None
+        assert data["model"] == "perplexity/sonar-pro"
+
+    def test_missing_model_uses_default(self):
+        data = _make_input()  # no model key
+        error = PerplexityBlock.Input.validate_data(data)
+        assert error is None
+        inp = PerplexityBlock.Input(**data)
+        assert inp.model == PerplexityModel.SONAR
--- a/autogpt_platform/backend/backend/copilot/constants.py
+++ b/autogpt_platform/backend/backend/copilot/constants.py
@@ -6,6 +6,32 @@
 COPILOT_ERROR_PREFIX = "[__COPILOT_ERROR_f7a1__]"  # Renders as ErrorCard
 COPILOT_SYSTEM_PREFIX = "[__COPILOT_SYSTEM_e3b0__]"  # Renders as system info message

+# Prefix for all synthetic IDs generated by CoPilot block execution.
+# Used to distinguish CoPilot-generated records from real graph execution records
+# in PendingHumanReview and other tables.
+COPILOT_SYNTHETIC_ID_PREFIX = "copilot-"
+
+# Sub-prefixes for session-scoped and node-scoped synthetic IDs.
+COPILOT_SESSION_PREFIX = f"{COPILOT_SYNTHETIC_ID_PREFIX}session-"
+COPILOT_NODE_PREFIX = f"{COPILOT_SYNTHETIC_ID_PREFIX}node-"
+
+# Separator used in synthetic node_exec_id to encode node_id.
+# Format: "{node_id}:{random_hex}" — extract node_id via rsplit(":", 1)[0]
+COPILOT_NODE_EXEC_ID_SEPARATOR = ":"
+
 # Compaction notice messages shown to users.
 COMPACTION_DONE_MSG = "Earlier messages were summarized to fit within context limits."
 COMPACTION_TOOL_NAME = "context_compaction"
+
+
+def is_copilot_synthetic_id(id_value: str) -> bool:
+    """Check if an ID is a CoPilot synthetic ID (not from a real graph execution)."""
+    return id_value.startswith(COPILOT_SYNTHETIC_ID_PREFIX)
+
+
+def parse_node_id_from_exec_id(node_exec_id: str) -> str:
+    """Extract node_id from a synthetic node_exec_id.
+
+    Format: "{node_id}:{random_hex}" → returns "{node_id}".
+    """
+    return node_exec_id.rsplit(COPILOT_NODE_EXEC_ID_SEPARATOR, 1)[0]
--- a/autogpt_platform/backend/backend/copilot/sdk/mcp_tool_guide.md
+++ b/autogpt_platform/backend/backend/copilot/sdk/mcp_tool_guide.md
@@ -26,3 +26,17 @@ For other services, search the MCP registry at https://registry.modelcontextprot

 If the server requires credentials, a `SetupRequirementsResponse` is returned with an OAuth
 login prompt. Once the user completes the flow and confirms, retry the same call immediately.
+
+### Communication style
+
+Avoid technical jargon like "MCP server", "OAuth", or "credentials" when talking to the user.
+Use plain, friendly language instead:
+
+| Instead of… | Say… |
+|---|---|
+| "Let me connect to Sentry's MCP server and discover what tools are available." | "I can connect to Sentry and help identify important issues." |
+| "Let me connect to Sentry's MCP server now." | "Next, I'll connect to Sentry." |
+| "The MCP server at mcp.sentry.dev requires authentication. Please connect your credentials to continue." | "To continue, sign in to Sentry and approve access." |
+| "Sentry's MCP server needs OAuth authentication. You should see a prompt to connect your Sentry account…" | "You should see a prompt to sign in to Sentry. Once connected, I can help surface critical issues right away." |
+
+Use **"connect to [Service]"** or **"sign in to [Service]"** — never "MCP server", "OAuth", or "credentials".
--- a/autogpt_platform/backend/backend/copilot/stream_registry.py
+++ b/autogpt_platform/backend/backend/copilot/stream_registry.py
@@ -23,6 +23,11 @@ from typing import Any, Literal

 import orjson

+from backend.api.model import CopilotCompletionPayload
+from backend.data.notification_bus import (
+    AsyncRedisNotificationEventBus,
+    NotificationEvent,
+)
 from backend.data.redis_client import get_redis_async

 from .config import ChatConfig
@@ -38,6 +43,7 @@ from .response_model import (

 logger = logging.getLogger(__name__)
 config = ChatConfig()
+_notification_bus = AsyncRedisNotificationEventBus()

 # Track background tasks for this pod (just the asyncio.Task reference, not subscribers)
 _local_sessions: dict[str, asyncio.Task] = {}
@@ -745,6 +751,29 @@ async def mark_session_completed(

    # Clean up local session reference if exists
    _local_sessions.pop(session_id, None)
+
+    # Publish copilot completion notification via WebSocket
+    if meta:
+        parsed = _parse_session_meta(meta, session_id)
+        if parsed.user_id:
+            try:
+                await _notification_bus.publish(
+                    NotificationEvent(
+                        user_id=parsed.user_id,
+                        payload=CopilotCompletionPayload(
+                            type="copilot_completion",
+                            event="session_completed",
+                            session_id=session_id,
+                            status=status,
+                        ),
+                    )
+                )
+            except Exception as e:
+                logger.warning(
+                    f"Failed to publish copilot completion notification "
+                    f"for session {session_id}: {e}"
+                )
+
    return True


--- a/autogpt_platform/backend/backend/copilot/tools/init.py
+++ b/autogpt_platform/backend/backend/copilot/tools/init.py
@@ -12,6 +12,7 @@ from .agent_browser import BrowserActTool, BrowserNavigateTool, BrowserScreensho
 from .agent_output import AgentOutputTool
 from .base import BaseTool
 from .bash_exec import BashExecTool
+from .continue_run_block import ContinueRunBlockTool
 from .create_agent import CreateAgentTool
 from .customize_agent import CustomizeAgentTool
 from .edit_agent import EditAgentTool
@@ -68,6 +69,7 @@ TOOL_REGISTRY: dict[str, BaseTool] = {
    "move_agents_to_folder": MoveAgentsToFolderTool(),
    "run_agent": RunAgentTool(),
    "run_block": RunBlockTool(),
+    "continue_run_block": ContinueRunBlockTool(),
    "run_mcp_tool": RunMCPToolTool(),
    "get_mcp_guide": GetMCPGuideTool(),
    "view_agent_output": AgentOutputTool(),
--- a/autogpt_platform/backend/backend/copilot/tools/agent_browser.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_browser.py
@@ -33,7 +33,7 @@ import tempfile
 from typing import Any

 from backend.copilot.model import ChatSession
-from backend.util.request import validate_url
+from backend.util.request import validate_url_host

 from .base import BaseTool
 from .models import (
@@ -235,7 +235,7 @@ async def _restore_browser_state(
        if url:
            # Validate the saved URL to prevent SSRF via stored redirect targets.
            try:
-                await validate_url(url, trusted_origins=[])
+                await validate_url_host(url)
            except ValueError:
                logger.warning(
                    "[browser] State restore: blocked SSRF URL %s", url[:200]
@@ -473,7 +473,7 @@ class BrowserNavigateTool(BaseTool):
            )

        try:
-            await validate_url(url, trusted_origins=[])
+            await validate_url_host(url)
        except ValueError as e:
            return ErrorResponse(
                message=str(e),
--- a/autogpt_platform/backend/backend/copilot/tools/agent_browser_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_browser_test.py
@@ -68,17 +68,18 @@ def _run_result(rc: int = 0, stdout: str = "", stderr: str = "") -> tuple:


 # ---------------------------------------------------------------------------
-# SSRF protection via shared validate_url (backend.util.request)
+# SSRF protection via shared validate_url_host (backend.util.request)
 # ---------------------------------------------------------------------------

-# Patch target: validate_url is imported directly into agent_browser's module scope.
-_VALIDATE_URL = "backend.copilot.tools.agent_browser.validate_url"
+# Patch target: validate_url_host is imported directly into agent_browser's
+# module scope.
+_VALIDATE_URL = "backend.copilot.tools.agent_browser.validate_url_host"


 class TestSsrfViaValidateUrl:
-    """Verify that browser_navigate uses validate_url for SSRF protection.
+    """Verify that browser_navigate uses validate_url_host for SSRF protection.

-    We mock validate_url itself (not the low-level socket) so these tests
+    We mock validate_url_host itself (not the low-level socket) so these tests
    exercise the integration point, not the internals of request.py
    (which has its own thorough test suite in request_test.py).
    """
@@ -89,7 +90,7 @@ class TestSsrfViaValidateUrl:

    @pytest.mark.asyncio
    async def test_blocked_ip_returns_blocked_url_error(self):
-        """validate_url raises ValueError → tool returns blocked_url ErrorResponse."""
+        """validate_url_host raises ValueError → tool returns blocked_url ErrorResponse."""
        with patch(_VALIDATE_URL, new_callable=AsyncMock) as mock_validate:
            mock_validate.side_effect = ValueError(
                "Access to blocked IP 10.0.0.1 is not allowed."
@@ -124,8 +125,8 @@ class TestSsrfViaValidateUrl:
        assert result.error == "blocked_url"

    @pytest.mark.asyncio
-    async def test_validate_url_called_with_empty_trusted_origins(self):
-        """Confirms no trusted-origins bypass is granted — all URLs are validated."""
+    async def test_validate_url_host_called_without_trusted_hostnames(self):
+        """Confirms no trusted-hostnames bypass is granted — all URLs are validated."""
        with patch(_VALIDATE_URL, new_callable=AsyncMock) as mock_validate:
            mock_validate.return_value = (object(), False, ["1.2.3.4"])
            with patch(
@@ -143,7 +144,7 @@ class TestSsrfViaValidateUrl:
                        session=self.session,
                        url="https://example.com",
                    )
-        mock_validate.assert_called_once_with("https://example.com", trusted_origins=[])
+        mock_validate.assert_called_once_with("https://example.com")


 # ---------------------------------------------------------------------------
--- a/autogpt_platform/backend/backend/copilot/tools/agent_generator/fixer.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_generator/fixer.py
@@ -829,8 +829,12 @@ class AgentFixer:

        For nodes whose block has category "AI", this function ensures that the
        input_default has a "model" parameter set to one of the allowed models.
-        If missing or set to an unsupported value, it is replaced with
-        default_model.
+        If missing or set to an unsupported value, it is replaced with the
+        appropriate default.
+
+        Blocks that define their own ``enum`` constraint on the ``model`` field
+        in their inputSchema (e.g. PerplexityBlock) are validated against that
+        enum instead of the generic allowed set.

        Args:
            agent: The agent dictionary to fix
@@ -840,7 +844,7 @@ class AgentFixer:
        Returns:
            The fixed agent dictionary
        """
-        allowed_models = {"gpt-4o", "claude-opus-4-6"}
+        generic_allowed_models = {"gpt-4o", "claude-opus-4-6"}

        # Create a mapping of block_id to block for quick lookup
        block_map = {block.get("id"): block for block in blocks}
@@ -868,20 +872,36 @@ class AgentFixer:
                input_default = node.get("input_default", {})
                current_model = input_default.get("model")

+                # Determine allowed models and default from the block's schema.
+                # Blocks with a block-specific enum on the model field (e.g.
+                # PerplexityBlock) use their own enum values; others use the
+                # generic set.
+                model_schema = (
+                    block.get("inputSchema", {}).get("properties", {}).get("model", {})
+                )
+                block_model_enum = model_schema.get("enum")
+
+                if block_model_enum:
+                    allowed_models = set(block_model_enum)
+                    fallback_model = model_schema.get("default", block_model_enum[0])
+                else:
+                    allowed_models = generic_allowed_models
+                    fallback_model = default_model
+
                if current_model not in allowed_models:
                    block_name = block.get("name", "Unknown AI Block")
                    if current_model is None:
                        self.add_fix_log(
-                            f"Added model parameter '{default_model}' to AI "
+                            f"Added model parameter '{fallback_model}' to AI "
                            f"block node {node_id} ({block_name})"
                        )
                    else:
                        self.add_fix_log(
                            f"Replaced unsupported model '{current_model}' "
-                            f"with '{default_model}' on AI block node "
+                            f"with '{fallback_model}' on AI block node "
                            f"{node_id} ({block_name})"
                        )
-                    input_default["model"] = default_model
+                    input_default["model"] = fallback_model
                    node["input_default"] = input_default
                    fixed_count += 1

--- a/autogpt_platform/backend/backend/copilot/tools/agent_generator/fixer_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/agent_generator/fixer_test.py
@@ -475,6 +475,111 @@ class TestFixAiModelParameter:

        assert result["nodes"][0]["input_default"]["model"] == "claude-opus-4-6"

+    def test_block_specific_enum_uses_block_default(self):
+        """Blocks with their own model enum (e.g. PerplexityBlock) should use
+        the block's allowed models and default, not the generic ones."""
+        fixer = AgentFixer()
+        block_id = generate_uuid()
+        node = _make_node(
+            node_id="n1",
+            block_id=block_id,
+            input_default={"model": "gpt-5.2-2025-12-11"},
+        )
+        agent = _make_agent(nodes=[node])
+
+        blocks = [
+            {
+                "id": block_id,
+                "name": "PerplexityBlock",
+                "categories": [{"category": "AI"}],
+                "inputSchema": {
+                    "properties": {
+                        "model": {
+                            "type": "string",
+                            "enum": [
+                                "perplexity/sonar",
+                                "perplexity/sonar-pro",
+                                "perplexity/sonar-deep-research",
+                            ],
+                            "default": "perplexity/sonar",
+                        }
+                    },
+                },
+            }
+        ]
+
+        result = fixer.fix_ai_model_parameter(agent, blocks)
+
+        assert result["nodes"][0]["input_default"]["model"] == "perplexity/sonar"
+
+    def test_block_specific_enum_valid_model_unchanged(self):
+        """A valid block-specific model should not be replaced."""
+        fixer = AgentFixer()
+        block_id = generate_uuid()
+        node = _make_node(
+            node_id="n1",
+            block_id=block_id,
+            input_default={"model": "perplexity/sonar-pro"},
+        )
+        agent = _make_agent(nodes=[node])
+
+        blocks = [
+            {
+                "id": block_id,
+                "name": "PerplexityBlock",
+                "categories": [{"category": "AI"}],
+                "inputSchema": {
+                    "properties": {
+                        "model": {
+                            "type": "string",
+                            "enum": [
+                                "perplexity/sonar",
+                                "perplexity/sonar-pro",
+                                "perplexity/sonar-deep-research",
+                            ],
+                            "default": "perplexity/sonar",
+                        }
+                    },
+                },
+            }
+        ]
+
+        result = fixer.fix_ai_model_parameter(agent, blocks)
+
+        assert result["nodes"][0]["input_default"]["model"] == "perplexity/sonar-pro"
+
+    def test_block_specific_enum_missing_model_gets_block_default(self):
+        """Missing model on a block with enum should use the block's default."""
+        fixer = AgentFixer()
+        block_id = generate_uuid()
+        node = _make_node(node_id="n1", block_id=block_id, input_default={})
+        agent = _make_agent(nodes=[node])
+
+        blocks = [
+            {
+                "id": block_id,
+                "name": "PerplexityBlock",
+                "categories": [{"category": "AI"}],
+                "inputSchema": {
+                    "properties": {
+                        "model": {
+                            "type": "string",
+                            "enum": [
+                                "perplexity/sonar",
+                                "perplexity/sonar-pro",
+                                "perplexity/sonar-deep-research",
+                            ],
+                            "default": "perplexity/sonar",
+                        }
+                    },
+                },
+            }
+        ]
+
+        result = fixer.fix_ai_model_parameter(agent, blocks)
+
+        assert result["nodes"][0]["input_default"]["model"] == "perplexity/sonar"
+

 class TestFixAgentExecutorBlocks:
    """Tests for fix_agent_executor_blocks."""
--- a/autogpt_platform/backend/backend/copilot/tools/continue_run_block.py
+++ b/autogpt_platform/backend/backend/copilot/tools/continue_run_block.py
@@ -0,0 +1,157 @@
+"""Tool for continuing block execution after human review approval."""
+
+import logging
+from typing import Any
+
+from prisma.enums import ReviewStatus
+
+from backend.blocks import get_block
+from backend.copilot.constants import (
+    COPILOT_NODE_PREFIX,
+    COPILOT_SESSION_PREFIX,
+    parse_node_id_from_exec_id,
+)
+from backend.copilot.model import ChatSession
+from backend.data.db_accessors import review_db
+
+from .base import BaseTool
+from .helpers import execute_block, resolve_block_credentials
+from .models import ErrorResponse, ToolResponseBase
+
+logger = logging.getLogger(__name__)
+
+
+class ContinueRunBlockTool(BaseTool):
+    """Tool for continuing a block execution after human review approval."""
+
+    @property
+    def name(self) -> str:
+        return "continue_run_block"
+
+    @property
+    def description(self) -> str:
+        return (
+            "Continue executing a block after human review approval. "
+            "Use this after a run_block call returned review_required. "
+            "Pass the review_id from the review_required response. "
+            "The block will execute with the original pre-approved input data."
+        )
+
+    @property
+    def parameters(self) -> dict[str, Any]:
+        return {
+            "type": "object",
+            "properties": {
+                "review_id": {
+                    "type": "string",
+                    "description": (
+                        "The review_id from a previous review_required response. "
+                        "This resumes execution with the pre-approved input data."
+                    ),
+                },
+            },
+            "required": ["review_id"],
+        }
+
+    @property
+    def requires_auth(self) -> bool:
+        return True
+
+    async def _execute(
+        self,
+        user_id: str | None,
+        session: ChatSession,
+        **kwargs,
+    ) -> ToolResponseBase:
+        review_id = (
+            kwargs.get("review_id", "").strip() if kwargs.get("review_id") else ""
+        )
+        session_id = session.session_id
+
+        if not review_id:
+            return ErrorResponse(
+                message="Please provide a review_id", session_id=session_id
+            )
+
+        if not user_id:
+            return ErrorResponse(
+                message="Authentication required", session_id=session_id
+            )
+
+        # Look up and validate the review record via adapter
+        reviews = await review_db().get_reviews_by_node_exec_ids([review_id], user_id)
+        review = reviews.get(review_id)
+
+        if not review:
+            return ErrorResponse(
+                message=(
+                    f"Review '{review_id}' not found or already executed. "
+                    "It may have been consumed by a previous continue_run_block call."
+                ),
+                session_id=session_id,
+            )
+
+        # Validate the review belongs to this session
+        expected_graph_exec_id = f"{COPILOT_SESSION_PREFIX}{session_id}"
+        if review.graph_exec_id != expected_graph_exec_id:
+            return ErrorResponse(
+                message="Review does not belong to this session.",
+                session_id=session_id,
+            )
+
+        if review.status == ReviewStatus.WAITING:
+            return ErrorResponse(
+                message="Review has not been approved yet. "
+                "Please wait for the user to approve the review first.",
+                session_id=session_id,
+            )
+
+        if review.status == ReviewStatus.REJECTED:
+            return ErrorResponse(
+                message="Review was rejected. The block will not execute.",
+                session_id=session_id,
+            )
+
+        # Extract block_id from review_id: copilot-node-{block_id}:{random_hex}
+        block_id = parse_node_id_from_exec_id(review_id).removeprefix(
+            COPILOT_NODE_PREFIX
+        )
+        block = get_block(block_id)
+        if not block:
+            return ErrorResponse(
+                message=f"Block '{block_id}' not found", session_id=session_id
+            )
+
+        input_data: dict[str, Any] = (
+            review.payload if isinstance(review.payload, dict) else {}
+        )
+
+        logger.info(
+            f"Continuing block {block.name} ({block_id}) for user {user_id} "
+            f"with review_id={review_id}"
+        )
+
+        matched_creds, missing_creds = await resolve_block_credentials(
+            user_id, block, input_data
+        )
+        if missing_creds:
+            return ErrorResponse(
+                message=f"Block '{block.name}' requires credentials that are not configured.",
+                session_id=session_id,
+            )
+
+        result = await execute_block(
+            block=block,
+            block_id=block_id,
+            input_data=input_data,
+            user_id=user_id,
+            session_id=session_id,
+            node_exec_id=review_id,
+            matched_credentials=matched_creds,
+        )
+
+        # Delete review record after successful execution (one-time use)
+        if result.type != "error":
+            await review_db().delete_review_by_node_exec_id(review_id, user_id)
+
+        return result
--- a/autogpt_platform/backend/backend/copilot/tools/continue_run_block_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/continue_run_block_test.py
@@ -0,0 +1,186 @@
+"""Tests for ContinueRunBlockTool."""
+
+from unittest.mock import AsyncMock, MagicMock, patch
+
+import pytest
+from prisma.enums import ReviewStatus
+
+from ._test_data import make_session
+from .continue_run_block import ContinueRunBlockTool
+from .models import BlockOutputResponse, ErrorResponse
+
+_TEST_USER_ID = "test-user-continue"
+
+
+def _make_review_model(
+    node_exec_id: str,
+    status: ReviewStatus = ReviewStatus.APPROVED,
+    payload: dict | None = None,
+    graph_exec_id: str = "",
+):
+    """Create a mock PendingHumanReviewModel."""
+    mock = MagicMock()
+    mock.node_exec_id = node_exec_id
+    mock.status = status
+    mock.payload = payload or {"text": "hello"}
+    mock.graph_exec_id = graph_exec_id
+    return mock
+
+
+class TestContinueRunBlock:
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_missing_review_id_returns_error(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+
+        response = await tool._execute(
+            user_id=_TEST_USER_ID,
+            session=session,
+            review_id="",
+        )
+
+        assert isinstance(response, ErrorResponse)
+        assert "review_id" in response.message
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_review_not_found_returns_error(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+
+        mock_db = MagicMock()
+        mock_db.get_reviews_by_node_exec_ids = AsyncMock(return_value={})
+
+        with patch(
+            "backend.copilot.tools.continue_run_block.review_db",
+            return_value=mock_db,
+        ):
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                review_id="copilot-node-some-block:abc12345",
+            )
+
+        assert isinstance(response, ErrorResponse)
+        assert "not found" in response.message
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_waiting_review_returns_error(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+        review_id = "copilot-node-some-block:abc12345"
+        graph_exec_id = f"copilot-session-{session.session_id}"
+        review = _make_review_model(
+            review_id, status=ReviewStatus.WAITING, graph_exec_id=graph_exec_id
+        )
+
+        mock_db = MagicMock()
+        mock_db.get_reviews_by_node_exec_ids = AsyncMock(
+            return_value={review_id: review}
+        )
+
+        with patch(
+            "backend.copilot.tools.continue_run_block.review_db",
+            return_value=mock_db,
+        ):
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                review_id=review_id,
+            )
+
+        assert isinstance(response, ErrorResponse)
+        assert "not been approved" in response.message
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_rejected_review_returns_error(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+        review_id = "copilot-node-some-block:abc12345"
+        graph_exec_id = f"copilot-session-{session.session_id}"
+        review = _make_review_model(
+            review_id, status=ReviewStatus.REJECTED, graph_exec_id=graph_exec_id
+        )
+
+        mock_db = MagicMock()
+        mock_db.get_reviews_by_node_exec_ids = AsyncMock(
+            return_value={review_id: review}
+        )
+
+        with patch(
+            "backend.copilot.tools.continue_run_block.review_db",
+            return_value=mock_db,
+        ):
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                review_id=review_id,
+            )
+
+        assert isinstance(response, ErrorResponse)
+        assert "rejected" in response.message.lower()
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_approved_review_executes_block(self):
+        tool = ContinueRunBlockTool()
+        session = make_session(user_id=_TEST_USER_ID)
+        review_id = "copilot-node-delete-branch-id:abc12345"
+        graph_exec_id = f"copilot-session-{session.session_id}"
+        input_data = {"repo_url": "https://github.com/test/repo", "branch": "main"}
+        review = _make_review_model(
+            review_id,
+            status=ReviewStatus.APPROVED,
+            payload=input_data,
+            graph_exec_id=graph_exec_id,
+        )
+
+        mock_block = MagicMock()
+        mock_block.name = "Delete Branch"
+
+        async def mock_execute(data, **kwargs):
+            yield "result", "Branch deleted"
+
+        mock_block.execute = mock_execute
+        mock_block.input_schema.get_credentials_fields_info.return_value = []
+
+        mock_workspace_db = MagicMock()
+        mock_workspace_db.get_or_create_workspace = AsyncMock(
+            return_value=MagicMock(id="test-workspace-id")
+        )
+
+        mock_db = MagicMock()
+        mock_db.get_reviews_by_node_exec_ids = AsyncMock(
+            return_value={review_id: review}
+        )
+        mock_db.delete_review_by_node_exec_id = AsyncMock(return_value=1)
+
+        with (
+            patch(
+                "backend.copilot.tools.continue_run_block.review_db",
+                return_value=mock_db,
+            ),
+            patch(
+                "backend.copilot.tools.continue_run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.workspace_db",
+                return_value=mock_workspace_db,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+        ):
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                review_id=review_id,
+            )
+
+        assert isinstance(response, BlockOutputResponse)
+        assert response.success is True
+        assert response.block_name == "Delete Branch"
+        # Verify review was deleted (one-time use)
+        mock_db.delete_review_by_node_exec_id.assert_called_once_with(
+            review_id, _TEST_USER_ID
+        )
--- a/autogpt_platform/backend/backend/copilot/tools/helpers.py
+++ b/autogpt_platform/backend/backend/copilot/tools/helpers.py
@@ -1,7 +1,24 @@
 """Shared helpers for chat tools."""

+import logging
+from collections import defaultdict
 from typing import Any

+from pydantic_core import PydanticUndefined
+
+from backend.blocks._base import AnyBlockSchema
+from backend.copilot.constants import COPILOT_NODE_PREFIX, COPILOT_SESSION_PREFIX
+from backend.data.db_accessors import workspace_db
+from backend.data.execution import ExecutionContext
+from backend.data.model import CredentialsFieldInfo, CredentialsMetaInput
+from backend.integrations.creds_manager import IntegrationCredentialsManager
+from backend.util.exceptions import BlockError
+
+from .models import BlockOutputResponse, ErrorResponse, ToolResponseBase
+from .utils import match_credentials_to_requirements
+
+logger = logging.getLogger(__name__)
+

 def get_inputs_from_schema(
    input_schema: dict[str, Any],
@@ -27,3 +44,159 @@ def get_inputs_from_schema(
        for name, schema in properties.items()
        if name not in exclude
    ]
+
+
+async def execute_block(
+    *,
+    block: AnyBlockSchema,
+    block_id: str,
+    input_data: dict[str, Any],
+    user_id: str,
+    session_id: str,
+    node_exec_id: str,
+    matched_credentials: dict[str, CredentialsMetaInput],
+    sensitive_action_safe_mode: bool = False,
+) -> ToolResponseBase:
+    """Execute a block with full context setup, credential injection, and error handling.
+
+    This is the shared execution path used by both ``run_block`` (after review
+    check) and ``continue_run_block`` (after approval).
+
+    Returns:
+        BlockOutputResponse on success, ErrorResponse on failure.
+    """
+    try:
+        workspace = await workspace_db().get_or_create_workspace(user_id)
+
+        synthetic_graph_id = f"{COPILOT_SESSION_PREFIX}{session_id}"
+        synthetic_node_id = f"{COPILOT_NODE_PREFIX}{block_id}"
+
+        execution_context = ExecutionContext(
+            user_id=user_id,
+            graph_id=synthetic_graph_id,
+            graph_exec_id=synthetic_graph_id,
+            graph_version=1,
+            node_id=synthetic_node_id,
+            node_exec_id=node_exec_id,
+            workspace_id=workspace.id,
+            session_id=session_id,
+            sensitive_action_safe_mode=sensitive_action_safe_mode,
+        )
+
+        exec_kwargs: dict[str, Any] = {
+            "user_id": user_id,
+            "execution_context": execution_context,
+            "workspace_id": workspace.id,
+            "graph_exec_id": synthetic_graph_id,
+            "node_exec_id": node_exec_id,
+            "node_id": synthetic_node_id,
+            "graph_version": 1,
+            "graph_id": synthetic_graph_id,
+        }
+
+        # Inject credentials
+        creds_manager = IntegrationCredentialsManager()
+        for field_name, cred_meta in matched_credentials.items():
+            if field_name not in input_data:
+                input_data[field_name] = cred_meta.model_dump()
+
+            actual_credentials = await creds_manager.get(
+                user_id, cred_meta.id, lock=False
+            )
+            if actual_credentials:
+                exec_kwargs[field_name] = actual_credentials
+            else:
+                return ErrorResponse(
+                    message=f"Failed to retrieve credentials for {field_name}",
+                    session_id=session_id,
+                )
+
+        # Execute the block and collect outputs
+        outputs: dict[str, list[Any]] = defaultdict(list)
+        async for output_name, output_data in block.execute(
+            input_data,
+            **exec_kwargs,
+        ):
+            outputs[output_name].append(output_data)
+
+        return BlockOutputResponse(
+            message=f"Block '{block.name}' executed successfully",
+            block_id=block_id,
+            block_name=block.name,
+            outputs=dict(outputs),
+            success=True,
+            session_id=session_id,
+        )
+
+    except BlockError as e:
+        logger.warning(f"Block execution failed: {e}")
+        return ErrorResponse(
+            message=f"Block execution failed: {e}",
+            error=str(e),
+            session_id=session_id,
+        )
+    except Exception as e:
+        logger.error(f"Unexpected error executing block: {e}", exc_info=True)
+        return ErrorResponse(
+            message=f"Failed to execute block: {str(e)}",
+            error=str(e),
+            session_id=session_id,
+        )
+
+
+async def resolve_block_credentials(
+    user_id: str,
+    block: AnyBlockSchema,
+    input_data: dict[str, Any] | None = None,
+) -> tuple[dict[str, CredentialsMetaInput], list[CredentialsMetaInput]]:
+    """Resolve credentials for a block by matching user's available credentials.
+
+    Handles discriminated credentials (e.g. provider selection based on model).
+
+    Returns:
+        (matched_credentials, missing_credentials)
+    """
+    input_data = input_data or {}
+    requirements = _resolve_discriminated_credentials(block, input_data)
+
+    if not requirements:
+        return {}, []
+
+    return await match_credentials_to_requirements(user_id, requirements)
+
+
+def _resolve_discriminated_credentials(
+    block: AnyBlockSchema,
+    input_data: dict[str, Any],
+) -> dict[str, CredentialsFieldInfo]:
+    """Resolve credential requirements, applying discriminator logic where needed."""
+    credentials_fields_info = block.input_schema.get_credentials_fields_info()
+    if not credentials_fields_info:
+        return {}
+
+    resolved: dict[str, CredentialsFieldInfo] = {}
+
+    for field_name, field_info in credentials_fields_info.items():
+        effective_field_info = field_info
+
+        if field_info.discriminator and field_info.discriminator_mapping:
+            discriminator_value = input_data.get(field_info.discriminator)
+            if discriminator_value is None:
+                field = block.input_schema.model_fields.get(field_info.discriminator)
+                if field and field.default is not PydanticUndefined:
+                    discriminator_value = field.default
+
+            if (
+                discriminator_value
+                and discriminator_value in field_info.discriminator_mapping
+            ):
+                effective_field_info = field_info.discriminate(discriminator_value)
+                effective_field_info.discriminator_values.add(discriminator_value)
+                logger.debug(
+                    f"Discriminated provider for {field_name}: "
+                    f"{discriminator_value} -> {effective_field_info.provider}"
+                )
+
+        resolved[field_name] = effective_field_info
+
+    return resolved
--- a/autogpt_platform/backend/backend/copilot/tools/models.py
+++ b/autogpt_platform/backend/backend/copilot/tools/models.py
@@ -39,6 +39,7 @@ class ResponseType(str, Enum):
    BLOCK_LIST = "block_list"
    BLOCK_DETAILS = "block_details"
    BLOCK_OUTPUT = "block_output"
+    REVIEW_REQUIRED = "review_required"

    # MCP
    MCP_GUIDE = "mcp_guide"
@@ -458,6 +459,21 @@ class BlockOutputResponse(ToolResponseBase):
    success: bool = True


+class ReviewRequiredResponse(ToolResponseBase):
+    """Response when a block requires human review before execution."""
+
+    type: ResponseType = ResponseType.REVIEW_REQUIRED
+    block_id: str
+    block_name: str
+    review_id: str = Field(description="The review ID for tracking approval status")
+    graph_exec_id: str = Field(
+        description="The graph execution ID for fetching review status"
+    )
+    input_data: dict[str, Any] = Field(
+        description="The input data that requires review"
+    )
+
+
 class WebFetchResponse(ToolResponseBase):
    """Response for web_fetch tool."""

--- a/autogpt_platform/backend/backend/copilot/tools/run_agent.py
+++ b/autogpt_platform/backend/backend/copilot/tools/run_agent.py
@@ -534,7 +534,9 @@ class RunAgentTool(BaseTool):
                return ExecutionStartedResponse(
                    message=(
                        f"Agent '{library_agent.name}' is awaiting human review. "
-                        f"Check at {library_agent_link}."
+                        f"The user can approve or reject inline. After approval, "
+                        f"the execution resumes automatically. Use view_agent_output "
+                        f"with execution_id='{execution.id}' to check the result."
                    ),
                    session_id=session_id,
                    execution_id=execution.id,
--- a/autogpt_platform/backend/backend/copilot/tools/run_block.py
+++ b/autogpt_platform/backend/backend/copilot/tools/run_block.py
@@ -2,38 +2,34 @@

 import logging
 import uuid
-from collections import defaultdict
 from typing import Any

-from pydantic_core import PydanticUndefined
-
 from backend.blocks import BlockType, get_block
 from backend.blocks._base import AnyBlockSchema
+from backend.copilot.constants import (
+    COPILOT_NODE_EXEC_ID_SEPARATOR,
+    COPILOT_NODE_PREFIX,
+    COPILOT_SESSION_PREFIX,
+)
 from backend.copilot.model import ChatSession
-from backend.data.db_accessors import workspace_db
+from backend.data.db_accessors import review_db
 from backend.data.execution import ExecutionContext
-from backend.data.model import CredentialsFieldInfo, CredentialsMetaInput
-from backend.integrations.creds_manager import IntegrationCredentialsManager
-from backend.util.exceptions import BlockError

 from .base import BaseTool
 from .find_block import COPILOT_EXCLUDED_BLOCK_IDS, COPILOT_EXCLUDED_BLOCK_TYPES
-from .helpers import get_inputs_from_schema
+from .helpers import execute_block, get_inputs_from_schema, resolve_block_credentials
 from .models import (
    BlockDetails,
    BlockDetailsResponse,
-    BlockOutputResponse,
    ErrorResponse,
    InputValidationErrorResponse,
+    ReviewRequiredResponse,
    SetupInfo,
    SetupRequirementsResponse,
    ToolResponseBase,
    UserReadiness,
 )
-from .utils import (
-    build_missing_credentials_from_field_info,
-    match_credentials_to_requirements,
-)
+from .utils import build_missing_credentials_from_field_info

 logger = logging.getLogger(__name__)

@@ -52,7 +48,9 @@ class RunBlockTool(BaseTool):
            "IMPORTANT: You MUST call find_block first to get the block's 'id' - "
            "do NOT guess or make up block IDs. "
            "On first attempt (without input_data), returns detailed schema showing "
-            "required inputs and outputs. Then call again with proper input_data to execute."
+            "required inputs and outputs. Then call again with proper input_data to execute. "
+            "If a block requires human review, use continue_run_block with the "
+            "review_id after the user approves."
        )

    @property
@@ -166,11 +164,10 @@ class RunBlockTool(BaseTool):

        logger.info(f"Executing block {block.name} ({block_id}) for user {user_id}")

-        creds_manager = IntegrationCredentialsManager()
        (
            matched_credentials,
            missing_credentials,
-        ) = await self._resolve_block_credentials(user_id, block, input_data)
+        ) = await resolve_block_credentials(user_id, block, input_data)

        # Get block schemas for details/validation
        try:
@@ -279,169 +276,97 @@ class RunBlockTool(BaseTool):
                user_authenticated=True,
            )

-        try:
-            # Get or create user's workspace for CoPilot file operations
-            workspace = await workspace_db().get_or_create_workspace(user_id)
+        # Generate synthetic IDs for CoPilot context.
+        # Encode node_id in node_exec_id so it can be extracted later
+        # (e.g. for auto-approve, where we need node_id but have no NodeExecution row).
+        synthetic_graph_id = f"{COPILOT_SESSION_PREFIX}{session.session_id}"
+        synthetic_node_id = f"{COPILOT_NODE_PREFIX}{block_id}"

-            # Generate synthetic IDs for CoPilot context
-            # Each chat session is treated as its own agent with one continuous run
-            # This means:
-            # - graph_id (agent) = session (memories scoped to session when limit_to_agent=True)
-            # - graph_exec_id (run) = session (memories scoped to session when limit_to_run=True)
-            # - node_exec_id = unique per block execution
-            synthetic_graph_id = f"copilot-session-{session.session_id}"
-            synthetic_graph_exec_id = f"copilot-session-{session.session_id}"
-            synthetic_node_id = f"copilot-node-{block_id}"
-            synthetic_node_exec_id = (
-                f"copilot-{session.session_id}-{uuid.uuid4().hex[:8]}"
-            )
-
-            # Create unified execution context with all required fields
-            execution_context = ExecutionContext(
-                # Execution identity
-                user_id=user_id,
-                graph_id=synthetic_graph_id,
-                graph_exec_id=synthetic_graph_exec_id,
-                graph_version=1,  # Versions are 1-indexed
-                node_id=synthetic_node_id,
-                node_exec_id=synthetic_node_exec_id,
-                # Workspace with session scoping
-                workspace_id=workspace.id,
-                session_id=session.session_id,
-            )
-
-            # Prepare kwargs for block execution
-            # Keep individual kwargs for backwards compatibility with existing blocks
-            exec_kwargs: dict[str, Any] = {
-                "user_id": user_id,
-                "execution_context": execution_context,
-                # Legacy: individual kwargs for blocks not yet using execution_context
-                "workspace_id": workspace.id,
-                "graph_exec_id": synthetic_graph_exec_id,
-                "node_exec_id": synthetic_node_exec_id,
-                "node_id": synthetic_node_id,
-                "graph_version": 1,  # Versions are 1-indexed
-                "graph_id": synthetic_graph_id,
-            }
-
-            for field_name, cred_meta in matched_credentials.items():
-                # Inject metadata into input_data (for validation)
-                if field_name not in input_data:
-                    input_data[field_name] = cred_meta.model_dump()
-
-                # Fetch actual credentials and pass as kwargs (for execution)
-                actual_credentials = await creds_manager.get(
-                    user_id, cred_meta.id, lock=False
-                )
-                if actual_credentials:
-                    exec_kwargs[field_name] = actual_credentials
-                else:
-                    return ErrorResponse(
-                        message=f"Failed to retrieve credentials for {field_name}",
-                        session_id=session_id,
-                    )
-
-            # Execute the block and collect outputs
-            outputs: dict[str, list[Any]] = defaultdict(list)
-            async for output_name, output_data in block.execute(
-                input_data,
-                **exec_kwargs,
-            ):
-                outputs[output_name].append(output_data)
-
-            return BlockOutputResponse(
-                message=f"Block '{block.name}' executed successfully",
+        # Check for an existing WAITING review for this block with the same input.
+        # If the LLM retries run_block with identical input, we reuse the existing
+        # review instead of creating duplicates. Different inputs = new execution.
+        existing_reviews = await review_db().get_pending_reviews_for_execution(
+            synthetic_graph_id, user_id
+        )
+        existing_review = next(
+            (
+                r
+                for r in existing_reviews
+                if r.node_id == synthetic_node_id
+                and r.status.value == "WAITING"
+                and r.payload == input_data
+            ),
+            None,
+        )
+        if existing_review:
+            return ReviewRequiredResponse(
+                message=(
+                    f"Block '{block.name}' requires human review. "
+                    f"After the user approves, call continue_run_block with "
+                    f"review_id='{existing_review.node_exec_id}' to execute."
+                ),
+                session_id=session_id,
                block_id=block_id,
                block_name=block.name,
-                outputs=dict(outputs),
-                success=True,
-                session_id=session_id,
+                review_id=existing_review.node_exec_id,
+                graph_exec_id=synthetic_graph_id,
+                input_data=input_data,
            )

-        except BlockError as e:
-            logger.warning(f"Block execution failed: {e}")
-            return ErrorResponse(
-                message=f"Block execution failed: {e}",
-                error=str(e),
-                session_id=session_id,
-            )
-        except Exception as e:
-            logger.error(f"Unexpected error executing block: {e}", exc_info=True)
-            return ErrorResponse(
-                message=f"Failed to execute block: {str(e)}",
-                error=str(e),
+        synthetic_node_exec_id = (
+            f"{synthetic_node_id}{COPILOT_NODE_EXEC_ID_SEPARATOR}"
+            f"{uuid.uuid4().hex[:8]}"
+        )
+
+        # Check for HITL review before execution.
+        # This creates the review record in the DB for CoPilot flows.
+        review_context = ExecutionContext(
+            user_id=user_id,
+            graph_id=synthetic_graph_id,
+            graph_exec_id=synthetic_graph_id,
+            graph_version=1,
+            node_id=synthetic_node_id,
+            node_exec_id=synthetic_node_exec_id,
+            sensitive_action_safe_mode=True,
+        )
+        should_pause, input_data = await block.is_block_exec_need_review(
+            input_data,
+            user_id=user_id,
+            node_id=synthetic_node_id,
+            node_exec_id=synthetic_node_exec_id,
+            graph_exec_id=synthetic_graph_id,
+            graph_id=synthetic_graph_id,
+            graph_version=1,
+            execution_context=review_context,
+            is_graph_execution=False,
+        )
+        if should_pause:
+            return ReviewRequiredResponse(
+                message=(
+                    f"Block '{block.name}' requires human review. "
+                    f"After the user approves, call continue_run_block with "
+                    f"review_id='{synthetic_node_exec_id}' to execute."
+                ),
                session_id=session_id,
+                block_id=block_id,
+                block_name=block.name,
+                review_id=synthetic_node_exec_id,
+                graph_exec_id=synthetic_graph_id,
+                input_data=input_data,
            )

-    async def _resolve_block_credentials(
-        self,
-        user_id: str,
-        block: AnyBlockSchema,
-        input_data: dict[str, Any] | None = None,
-    ) -> tuple[dict[str, CredentialsMetaInput], list[CredentialsMetaInput]]:
-        """
-        Resolve credentials for a block by matching user's available credentials.
-
-        Args:
-            user_id: User ID
-            block: Block to resolve credentials for
-            input_data: Input data for the block (used to determine provider via discriminator)
-
-        Returns:
-            tuple of (matched_credentials, missing_credentials) - matched credentials
-            are used for block execution, missing ones indicate setup requirements.
-        """
-        input_data = input_data or {}
-        requirements = self._resolve_discriminated_credentials(block, input_data)
-
-        if not requirements:
-            return {}, []
-
-        return await match_credentials_to_requirements(user_id, requirements)
+        return await execute_block(
+            block=block,
+            block_id=block_id,
+            input_data=input_data,
+            user_id=user_id,
+            session_id=session_id,
+            node_exec_id=synthetic_node_exec_id,
+            matched_credentials=matched_credentials,
+        )

    def _get_inputs_list(self, block: AnyBlockSchema) -> list[dict[str, Any]]:
        """Extract non-credential inputs from block schema."""
        schema = block.input_schema.jsonschema()
        credentials_fields = set(block.input_schema.get_credentials_fields().keys())
        return get_inputs_from_schema(schema, exclude_fields=credentials_fields)
-
-    def _resolve_discriminated_credentials(
-        self,
-        block: AnyBlockSchema,
-        input_data: dict[str, Any],
-    ) -> dict[str, CredentialsFieldInfo]:
-        """Resolve credential requirements, applying discriminator logic where needed."""
-        credentials_fields_info = block.input_schema.get_credentials_fields_info()
-        if not credentials_fields_info:
-            return {}
-
-        resolved: dict[str, CredentialsFieldInfo] = {}
-
-        for field_name, field_info in credentials_fields_info.items():
-            effective_field_info = field_info
-
-            if field_info.discriminator and field_info.discriminator_mapping:
-                discriminator_value = input_data.get(field_info.discriminator)
-                if discriminator_value is None:
-                    field = block.input_schema.model_fields.get(
-                        field_info.discriminator
-                    )
-                    if field and field.default is not PydanticUndefined:
-                        discriminator_value = field.default
-
-                if (
-                    discriminator_value
-                    and discriminator_value in field_info.discriminator_mapping
-                ):
-                    effective_field_info = field_info.discriminate(discriminator_value)
-                    # For host-scoped credentials, add the discriminator value
-                    # (e.g., URL) so _credential_is_for_host can match it
-                    effective_field_info.discriminator_values.add(discriminator_value)
-                    logger.debug(
-                        f"Discriminated provider for {field_name}: "
-                        f"{discriminator_value} -> {effective_field_info.provider}"
-                    )
-
-            resolved[field_name] = effective_field_info
-
-        return resolved
--- a/autogpt_platform/backend/backend/copilot/tools/run_block_test.py
+++ b/autogpt_platform/backend/backend/copilot/tools/run_block_test.py
@@ -12,6 +12,7 @@ from .models import (
    BlockOutputResponse,
    ErrorResponse,
    InputValidationErrorResponse,
+    ReviewRequiredResponse,
 )
 from .run_block import RunBlockTool

@@ -27,9 +28,16 @@ def make_mock_block(
    mock.name = name
    mock.block_type = block_type
    mock.disabled = disabled
+    mock.is_sensitive_action = False
    mock.input_schema = MagicMock()
    mock.input_schema.jsonschema.return_value = {"properties": {}, "required": []}
-    mock.input_schema.get_credentials_fields_info.return_value = []
+    mock.input_schema.get_credentials_fields_info.return_value = {}
+    mock.input_schema.get_credentials_fields.return_value = {}
+
+    async def _no_review(input_data, **kwargs):
+        return False, input_data
+
+    mock.is_block_exec_need_review = _no_review
    return mock


@@ -46,6 +54,7 @@ def make_mock_block_with_schema(
    mock.name = name
    mock.block_type = BlockType.STANDARD
    mock.disabled = False
+    mock.is_sensitive_action = False
    mock.description = f"Test block: {name}"

    input_schema = {
@@ -63,6 +72,12 @@ def make_mock_block_with_schema(
    mock.output_schema = MagicMock()
    mock.output_schema.jsonschema.return_value = output_schema

+    # Default: no review needed, pass through input_data unchanged
+    async def _no_review(input_data, **kwargs):
+        return False, input_data
+
+    mock.is_block_exec_need_review = _no_review
+
    return mock


@@ -126,9 +141,15 @@ class TestRunBlockFiltering:
            "standard-id", "HTTP Request", BlockType.STANDARD
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=standard_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=standard_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()
            response = await tool._execute(
@@ -154,12 +175,7 @@ class TestRunBlockInputValidation:

    @pytest.mark.asyncio(loop_scope="session")
    async def test_unknown_input_fields_are_rejected(self):
-        """run_block rejects unknown input fields instead of silently ignoring them.
-
-        Scenario: The AI Text Generator block has a field called 'model' (for LLM model
-        selection), but the LLM calling the tool guesses wrong and sends 'LLM_Model'
-        instead. The block should reject the request and return the valid schema.
-        """
+        """run_block rejects unknown input fields instead of silently ignoring them."""
        session = make_session(user_id=_TEST_USER_ID)

        mock_block = make_mock_block_with_schema(
@@ -182,27 +198,31 @@ class TestRunBlockInputValidation:
            output_properties={"response": {"type": "string"}},
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=mock_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()
-
-            # Provide 'prompt' (correct) but 'LLM_Model' instead of 'model' (wrong key)
            response = await tool._execute(
                user_id=_TEST_USER_ID,
                session=session,
                block_id="ai-text-gen-id",
                input_data={
                    "prompt": "Write a haiku about coding",
-                    "LLM_Model": "claude-opus-4-6",  # WRONG KEY - should be 'model'
+                    "LLM_Model": "claude-opus-4-6",
                },
            )

        assert isinstance(response, InputValidationErrorResponse)
        assert "LLM_Model" in response.unrecognized_fields
        assert "Block was not executed" in response.message
-        assert "inputs" in response.model_dump()  # valid schema included
+        assert "inputs" in response.model_dump()

    @pytest.mark.asyncio(loop_scope="session")
    async def test_multiple_wrong_keys_are_all_reported(self):
@@ -221,21 +241,26 @@ class TestRunBlockInputValidation:
            required_fields=["prompt"],
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=mock_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()
-
            response = await tool._execute(
                user_id=_TEST_USER_ID,
                session=session,
                block_id="ai-text-gen-id",
                input_data={
-                    "prompt": "Hello",  # correct
-                    "llm_model": "claude-opus-4-6",  # WRONG - should be 'model'
-                    "system_prompt": "Be helpful",  # WRONG - should be 'sys_prompt'
-                    "retries": 5,  # WRONG - should be 'retry'
+                    "prompt": "Hello",
+                    "llm_model": "claude-opus-4-6",
+                    "system_prompt": "Be helpful",
+                    "retries": 5,
                },
            )

@@ -262,23 +287,26 @@ class TestRunBlockInputValidation:
            required_fields=["prompt"],
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=mock_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()
-
-            # 'prompt' is missing AND 'LLM_Model' is an unknown field
            response = await tool._execute(
                user_id=_TEST_USER_ID,
                session=session,
                block_id="ai-text-gen-id",
                input_data={
-                    "LLM_Model": "claude-opus-4-6",  # wrong key, and 'prompt' is missing
+                    "LLM_Model": "claude-opus-4-6",
                },
            )

-        # Unknown fields are caught first
        assert isinstance(response, InputValidationErrorResponse)
        assert "LLM_Model" in response.unrecognized_fields

@@ -313,7 +341,11 @@ class TestRunBlockInputValidation:
                return_value=mock_block,
            ),
            patch(
-                "backend.copilot.tools.run_block.workspace_db",
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+            patch(
+                "backend.copilot.tools.helpers.workspace_db",
                return_value=mock_workspace_db,
            ),
        ):
@@ -325,7 +357,7 @@ class TestRunBlockInputValidation:
                block_id="ai-text-gen-id",
                input_data={
                    "prompt": "Write a haiku",
-                    "model": "gpt-4o-mini",  # correct field name
+                    "model": "gpt-4o-mini",
                },
            )

@@ -347,20 +379,191 @@ class TestRunBlockInputValidation:
            required_fields=["prompt"],
        )

-        with patch(
-            "backend.copilot.tools.run_block.get_block",
-            return_value=mock_block,
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
        ):
            tool = RunBlockTool()

-            # Only provide valid optional field, missing required 'prompt'
            response = await tool._execute(
                user_id=_TEST_USER_ID,
                session=session,
                block_id="ai-text-gen-id",
                input_data={
-                    "model": "gpt-4o-mini",  # valid but optional
+                    "model": "gpt-4o-mini",
                },
            )

        assert isinstance(response, BlockDetailsResponse)
+
+
+class TestRunBlockSensitiveAction:
+    """Tests for sensitive action HITL review in RunBlockTool.
+
+    run_block calls is_block_exec_need_review() explicitly before execution.
+    When review is needed (should_pause=True), ReviewRequiredResponse is returned.
+    """
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_sensitive_block_paused_returns_review_required(self):
+        """When is_block_exec_need_review returns should_pause=True, ReviewRequiredResponse is returned."""
+        session = make_session(user_id=_TEST_USER_ID)
+
+        input_data = {
+            "repo_url": "https://github.com/test/repo",
+            "branch": "feature-branch",
+        }
+        mock_block = make_mock_block_with_schema(
+            block_id="delete-branch-id",
+            name="Delete Branch",
+            input_properties={
+                "repo_url": {"type": "string"},
+                "branch": {"type": "string"},
+            },
+            required_fields=["repo_url", "branch"],
+        )
+        mock_block.is_sensitive_action = True
+        mock_block.is_block_exec_need_review = AsyncMock(
+            return_value=(True, input_data)
+        )
+
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+        ):
+            tool = RunBlockTool()
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                block_id="delete-branch-id",
+                input_data=input_data,
+            )
+
+        assert isinstance(response, ReviewRequiredResponse)
+        assert "requires human review" in response.message
+        assert "continue_run_block" in response.message
+        assert response.block_name == "Delete Branch"
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_sensitive_block_executes_after_approval(self):
+        """After approval (should_pause=False), sensitive blocks execute and return outputs."""
+        session = make_session(user_id=_TEST_USER_ID)
+
+        input_data = {
+            "repo_url": "https://github.com/test/repo",
+            "branch": "feature-branch",
+        }
+        mock_block = make_mock_block_with_schema(
+            block_id="delete-branch-id",
+            name="Delete Branch",
+            input_properties={
+                "repo_url": {"type": "string"},
+                "branch": {"type": "string"},
+            },
+            required_fields=["repo_url", "branch"],
+        )
+        mock_block.is_sensitive_action = True
+        mock_block.is_block_exec_need_review = AsyncMock(
+            return_value=(False, input_data)
+        )
+
+        async def mock_execute(input_data, **kwargs):
+            yield "result", "Branch deleted successfully"
+
+        mock_block.execute = mock_execute
+
+        mock_workspace_db = MagicMock()
+        mock_workspace_db.get_or_create_workspace = AsyncMock(
+            return_value=MagicMock(id="test-workspace-id")
+        )
+
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+            patch(
+                "backend.copilot.tools.helpers.workspace_db",
+                return_value=mock_workspace_db,
+            ),
+        ):
+            tool = RunBlockTool()
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                block_id="delete-branch-id",
+                input_data=input_data,
+            )
+
+        assert isinstance(response, BlockOutputResponse)
+        assert response.success is True
+
+    @pytest.mark.asyncio(loop_scope="session")
+    async def test_non_sensitive_block_executes_normally(self):
+        """Non-sensitive blocks skip review and execute directly."""
+        session = make_session(user_id=_TEST_USER_ID)
+
+        input_data = {"url": "https://example.com"}
+        mock_block = make_mock_block_with_schema(
+            block_id="http-request-id",
+            name="HTTP Request",
+            input_properties={
+                "url": {"type": "string"},
+            },
+            required_fields=["url"],
+        )
+        mock_block.is_sensitive_action = False
+        mock_block.is_block_exec_need_review = AsyncMock(
+            return_value=(False, input_data)
+        )
+
+        async def mock_execute(input_data, **kwargs):
+            yield "response", {"status": 200}
+
+        mock_block.execute = mock_execute
+
+        mock_workspace_db = MagicMock()
+        mock_workspace_db.get_or_create_workspace = AsyncMock(
+            return_value=MagicMock(id="test-workspace-id")
+        )
+
+        with (
+            patch(
+                "backend.copilot.tools.run_block.get_block",
+                return_value=mock_block,
+            ),
+            patch(
+                "backend.copilot.tools.helpers.match_credentials_to_requirements",
+                return_value=({}, []),
+            ),
+            patch(
+                "backend.copilot.tools.helpers.workspace_db",
+                return_value=mock_workspace_db,
+            ),
+        ):
+            tool = RunBlockTool()
+            response = await tool._execute(
+                user_id=_TEST_USER_ID,
+                session=session,
+                block_id="http-request-id",
+                input_data=input_data,
+            )
+
+        assert isinstance(response, BlockOutputResponse)
+        assert response.success is True
--- a/autogpt_platform/backend/backend/copilot/tools/run_mcp_tool.py
+++ b/autogpt_platform/backend/backend/copilot/tools/run_mcp_tool.py
@@ -14,7 +14,7 @@ from backend.blocks.mcp.helpers import (
 )
 from backend.copilot.model import ChatSession
 from backend.copilot.tools.utils import build_missing_credentials_from_field_info
-from backend.util.request import HTTPClientError, validate_url
+from backend.util.request import HTTPClientError, validate_url_host

 from .base import BaseTool
 from .models import (
@@ -34,6 +34,11 @@ logger = logging.getLogger(__name__)
 _AUTH_STATUS_CODES = {401, 403}


+def _service_name(host: str) -> str:
+    """Strip the 'mcp.' prefix from an MCP hostname: 'mcp.sentry.dev' → 'sentry.dev'"""
+    return host[4:] if host.startswith("mcp.") else host
+
+
 class RunMCPToolTool(BaseTool):
    """
    Tool for discovering and executing tools on any MCP server.
@@ -144,7 +149,7 @@ class RunMCPToolTool(BaseTool):

        # Validate URL to prevent SSRF — blocks loopback and private IP ranges
        try:
-            await validate_url(server_url, trusted_origins=[])
+            await validate_url_host(server_url)
        except ValueError as e:
            msg = str(e)
            if "Unable to resolve" in msg or "No IP addresses" in msg:
@@ -303,8 +308,8 @@ class RunMCPToolTool(BaseTool):
            )
            return ErrorResponse(
                message=(
-                    f"The MCP server at {server_host(server_url)} requires authentication, "
-                    "but no credential configuration was found."
+                    f"Unable to connect to {_service_name(server_host(server_url))} "
+                    "— no credentials configured."
                ),
                session_id=session_id,
            )
@@ -312,15 +317,13 @@ class RunMCPToolTool(BaseTool):
        missing_creds_list = list(missing_creds_dict.values())

        host = server_host(server_url)
+        service = _service_name(host)
        return SetupRequirementsResponse(
-            message=(
-                f"The MCP server at {host} requires authentication. "
-                "Please connect your credentials to continue."
-            ),
+            message=(f"To continue, sign in to {service} and approve access."),
            session_id=session_id,
            setup_info=SetupInfo(
                agent_id=server_url,
-                agent_name=f"MCP: {host}",
+                agent_name=service,
                user_readiness=UserReadiness(
                    has_all_credentials=False,
                    missing_credentials=missing_creds_dict,
--- a/autogpt_platform/backend/backend/copilot/tools/test_run_block_details.py
+++ b/autogpt_platform/backend/backend/copilot/tools/test_run_block_details.py
@@ -65,9 +65,8 @@ async def test_run_block_returns_details_when_no_input_provided():
        return_value=http_block,
    ):
        # Mock credentials check to return no missing credentials
-        with patch.object(
-            RunBlockTool,
-            "_resolve_block_credentials",
+        with patch(
+            "backend.copilot.tools.run_block.resolve_block_credentials",
            new_callable=AsyncMock,
            return_value=({}, []),  # (matched_credentials, missing_credentials)
        ):
@@ -123,9 +122,8 @@ async def test_run_block_returns_details_when_only_credentials_provided():
        "backend.copilot.tools.run_block.get_block",
        return_value=mock,
    ):
-        with patch.object(
-            RunBlockTool,
-            "_resolve_block_credentials",
+        with patch(
+            "backend.copilot.tools.run_block.resolve_block_credentials",
            new_callable=AsyncMock,
            return_value=(
                {
--- a/autogpt_platform/backend/backend/copilot/tools/test_run_mcp_tool.py
+++ b/autogpt_platform/backend/backend/copilot/tools/test_run_mcp_tool.py
@@ -100,7 +100,7 @@ async def test_ssrf_blocked_url_returns_error():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url",
+        "backend.copilot.tools.run_mcp_tool.validate_url_host",
        new_callable=AsyncMock,
        side_effect=ValueError("blocked loopback"),
    ):
@@ -138,7 +138,7 @@ async def test_non_dict_tool_arguments_returns_error():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url",
+        "backend.copilot.tools.run_mcp_tool.validate_url_host",
        new_callable=AsyncMock,
    ):
        with patch(
@@ -171,7 +171,7 @@ async def test_discover_tools_returns_discovered_response():
    mock_tools = _make_tool_list("fetch", "search")

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -208,7 +208,7 @@ async def test_discover_tools_with_credentials():
    mock_tools = _make_tool_list("push_notification")

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -249,7 +249,7 @@ async def test_execute_tool_returns_output_response():
    text_result = "# Example Domain\nThis domain is for examples."

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -285,7 +285,7 @@ async def test_execute_tool_parses_json_result():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -320,7 +320,7 @@ async def test_execute_tool_image_content():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -359,7 +359,7 @@ async def test_execute_tool_resource_content():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -399,7 +399,7 @@ async def test_execute_tool_multi_item_content():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -437,7 +437,7 @@ async def test_execute_tool_empty_content_returns_none():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -470,7 +470,7 @@ async def test_execute_tool_returns_error_on_tool_failure():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -512,7 +512,7 @@ async def test_auth_required_without_creds_returns_setup_requirements():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -555,7 +555,7 @@ async def test_auth_error_with_existing_creds_returns_error():
    mock_creds.access_token = SecretStr("stale-token")

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -589,7 +589,7 @@ async def test_mcp_client_error_returns_error_response():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -621,7 +621,7 @@ async def test_unexpected_exception_returns_generic_error():
    session = make_session(_USER_ID)

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -719,7 +719,7 @@ async def test_credential_lookup_normalizes_trailing_slash():
    url_with_slash = "https://mcp.example.com/mcp/"

    with patch(
-        "backend.copilot.tools.run_mcp_tool.validate_url", new_callable=AsyncMock
+        "backend.copilot.tools.run_mcp_tool.validate_url_host", new_callable=AsyncMock
    ):
        with patch(
            "backend.copilot.tools.run_mcp_tool.auto_lookup_mcp_credential",
@@ -756,4 +756,4 @@ async def test_build_setup_requirements_returns_setup_response():
    )
    assert isinstance(result, SetupRequirementsResponse)
    assert result.setup_info.agent_id == _SERVER_URL
-    assert "authentication" in result.message.lower()
+    assert "sign in" in result.message.lower()
--- a/autogpt_platform/backend/backend/data/block_cost_config.py
+++ b/autogpt_platform/backend/backend/data/block_cost_config.py
@@ -100,19 +100,31 @@ MODEL_COST: dict[LlmModel, int] = {
    LlmModel.OLLAMA_DOLPHIN: 1,
    LlmModel.OPENAI_GPT_OSS_120B: 1,
    LlmModel.OPENAI_GPT_OSS_20B: 1,
+    LlmModel.GEMINI_2_5_PRO_PREVIEW: 4,
    LlmModel.GEMINI_2_5_PRO: 4,
-    LlmModel.GEMINI_3_PRO_PREVIEW: 5,
+    LlmModel.GEMINI_3_1_PRO_PREVIEW: 5,
+    LlmModel.GEMINI_3_FLASH_PREVIEW: 2,
    LlmModel.GEMINI_2_5_FLASH: 1,
    LlmModel.GEMINI_2_0_FLASH: 1,
+    LlmModel.GEMINI_3_1_FLASH_LITE_PREVIEW: 1,
    LlmModel.GEMINI_2_5_FLASH_LITE_PREVIEW: 1,
    LlmModel.GEMINI_2_0_FLASH_LITE: 1,
    LlmModel.MISTRAL_NEMO: 1,
+    LlmModel.MISTRAL_LARGE_3: 2,
+    LlmModel.MISTRAL_MEDIUM_3_1: 2,
+    LlmModel.MISTRAL_SMALL_3_2: 1,
+    LlmModel.CODESTRAL: 1,
    LlmModel.COHERE_COMMAND_R_08_2024: 1,
    LlmModel.COHERE_COMMAND_R_PLUS_08_2024: 3,
+    LlmModel.COHERE_COMMAND_A_03_2025: 3,
+    LlmModel.COHERE_COMMAND_A_TRANSLATE_08_2025: 3,
+    LlmModel.COHERE_COMMAND_A_REASONING_08_2025: 6,
+    LlmModel.COHERE_COMMAND_A_VISION_07_2025: 3,
    LlmModel.DEEPSEEK_CHAT: 2,
    LlmModel.DEEPSEEK_R1_0528: 1,
    LlmModel.PERPLEXITY_SONAR: 1,
    LlmModel.PERPLEXITY_SONAR_PRO: 5,
+    LlmModel.PERPLEXITY_SONAR_REASONING_PRO: 5,
    LlmModel.PERPLEXITY_SONAR_DEEP_RESEARCH: 10,
    LlmModel.NOUSRESEARCH_HERMES_3_LLAMA_3_1_405B: 1,
    LlmModel.NOUSRESEARCH_HERMES_3_LLAMA_3_1_70B: 1,
@@ -120,6 +132,7 @@ MODEL_COST: dict[LlmModel, int] = {
    LlmModel.AMAZON_NOVA_MICRO_V1: 1,
    LlmModel.AMAZON_NOVA_PRO_V1: 1,
    LlmModel.MICROSOFT_WIZARDLM_2_8X22B: 1,
+    LlmModel.MICROSOFT_PHI_4: 1,
    LlmModel.GRYPHE_MYTHOMAX_L2_13B: 1,
    LlmModel.META_LLAMA_4_SCOUT: 1,
    LlmModel.META_LLAMA_4_MAVERICK: 1,
@@ -127,6 +140,7 @@ MODEL_COST: dict[LlmModel, int] = {
    LlmModel.LLAMA_API_LLAMA4_MAVERICK: 1,
    LlmModel.LLAMA_API_LLAMA3_3_8B: 1,
    LlmModel.LLAMA_API_LLAMA3_3_70B: 1,
+    LlmModel.GROK_3: 3,
    LlmModel.GROK_4: 9,
    LlmModel.GROK_4_FAST: 1,
    LlmModel.GROK_4_1_FAST: 1,
--- a/autogpt_platform/backend/backend/data/db_accessors.py
+++ b/autogpt_platform/backend/backend/data/db_accessors.py
@@ -116,3 +116,16 @@ def workspace_db():
        workspace_db = get_database_manager_async_client()

    return workspace_db
+
+
+def review_db():
+    if db.is_connected():
+        from backend.data import human_review as _review_db
+
+        review_db = _review_db
+    else:
+        from backend.util.clients import get_database_manager_async_client
+
+        review_db = get_database_manager_async_client()
+
+    return review_db
--- a/autogpt_platform/backend/backend/data/db_manager.py
+++ b/autogpt_platform/backend/backend/data/db_manager.py
@@ -79,7 +79,10 @@ from backend.data.graph import (
 from backend.data.human_review import (
    cancel_pending_reviews_for_execution,
    check_approval,
+    delete_review_by_node_exec_id,
    get_or_create_human_review,
+    get_pending_reviews_for_execution,
+    get_reviews_by_node_exec_ids,
    has_pending_reviews_for_graph_exec,
    update_review_processed_status,
 )
@@ -246,7 +249,10 @@ class DatabaseManager(AppService):
    # ============ Human In The Loop ============ #
    cancel_pending_reviews_for_execution = _(cancel_pending_reviews_for_execution)
    check_approval = _(check_approval)
+    delete_review_by_node_exec_id = _(delete_review_by_node_exec_id)
    get_or_create_human_review = _(get_or_create_human_review)
+    get_pending_reviews_for_execution = _(get_pending_reviews_for_execution)
+    get_reviews_by_node_exec_ids = _(get_reviews_by_node_exec_ids)
    has_pending_reviews_for_graph_exec = _(has_pending_reviews_for_graph_exec)
    update_review_processed_status = _(update_review_processed_status)

@@ -433,7 +439,10 @@ class DatabaseManagerAsyncClient(AppServiceClient):
    # ============ Human In The Loop ============ #
    cancel_pending_reviews_for_execution = d.cancel_pending_reviews_for_execution
    check_approval = d.check_approval
+    delete_review_by_node_exec_id = d.delete_review_by_node_exec_id
    get_or_create_human_review = d.get_or_create_human_review
+    get_pending_reviews_for_execution = d.get_pending_reviews_for_execution
+    get_reviews_by_node_exec_ids = d.get_reviews_by_node_exec_ids
    update_review_processed_status = d.update_review_processed_status

    # ============ User Comms ============ #
--- a/autogpt_platform/backend/backend/data/human_review.py
+++ b/autogpt_platform/backend/backend/data/human_review.py
@@ -17,6 +17,10 @@ from backend.api.features.executions.review.model import (
    PendingHumanReviewModel,
    SafeJsonData,
 )
+from backend.copilot.constants import (
+    is_copilot_synthetic_id,
+    parse_node_id_from_exec_id,
+)
 from backend.data.execution import get_graph_execution_meta
 from backend.util.json import SafeJson

@@ -123,11 +127,13 @@ async def create_auto_approval_record(
    Raises:
        ValueError: If the graph execution doesn't belong to the user
    """
-    # Validate that the graph execution belongs to this user (defense in depth)
-    graph_exec = await get_graph_execution_meta(
+    # Validate ownership: if a graph execution record exists, it must belong
+    # to this user. Non-graph executions (e.g. CoPilot) won't have a record.
+    if not is_copilot_synthetic_id(
+        graph_exec_id
+    ) and not await get_graph_execution_meta(
        user_id=user_id, execution_id=graph_exec_id
-    )
-    if not graph_exec:
+    ):
        raise ValueError(
            f"Graph execution {graph_exec_id} not found or doesn't belong to user {user_id}"
        )
@@ -265,7 +271,7 @@ async def get_pending_review_by_node_exec_id(

 async def get_reviews_by_node_exec_ids(
    node_exec_ids: list[str], user_id: str
-) -> dict[str, "PendingHumanReviewModel"]:
+) -> dict[str, PendingHumanReviewModel]:
    """
    Get multiple reviews by their node execution IDs regardless of status.

@@ -292,21 +298,26 @@ async def get_reviews_by_node_exec_ids(
    if not reviews:
        return {}

-    # Batch fetch all node executions to avoid N+1 queries
-    node_exec_ids_to_fetch = [review.nodeExecId for review in reviews]
-    node_execs = await AgentNodeExecution.prisma().find_many(
-        where={"id": {"in": node_exec_ids_to_fetch}},
-        include={"Node": True},
-    )
-
-    # Create mapping from node_exec_id to node_id
-    node_exec_id_to_node_id = {
-        node_exec.id: node_exec.agentNodeId for node_exec in node_execs
+    # Split into synthetic (CoPilot) and real IDs for different resolution paths
+    synthetic_ids = {
+        r.nodeExecId for r in reviews if is_copilot_synthetic_id(r.nodeExecId)
    }
+    real_ids = [r.nodeExecId for r in reviews if r.nodeExecId not in synthetic_ids]
+
+    # Batch fetch real node executions to avoid N+1 queries
+    node_exec_id_to_node_id: dict[str, str] = {}
+    if real_ids:
+        node_execs = await AgentNodeExecution.prisma().find_many(
+            where={"id": {"in": real_ids}},
+        )
+        node_exec_id_to_node_id = {ne.id: ne.agentNodeId for ne in node_execs}

    result = {}
    for review in reviews:
-        node_id = node_exec_id_to_node_id.get(review.nodeExecId, review.nodeExecId)
+        if review.nodeExecId in synthetic_ids:
+            node_id = parse_node_id_from_exec_id(review.nodeExecId)
+        else:
+            node_id = node_exec_id_to_node_id.get(review.nodeExecId, review.nodeExecId)
        result[review.nodeExecId] = PendingHumanReviewModel.from_db(
            review, node_id=node_id
        )
@@ -331,6 +342,19 @@ async def has_pending_reviews_for_graph_exec(graph_exec_id: str) -> bool:
    return count > 0


+async def _resolve_node_id(node_exec_id: str, get_node_execution) -> str:
+    """Resolve node_id from a node_exec_id.
+
+    For CoPilot synthetic IDs (e.g. copilot-node-block-id:abc12345),
+    extract the node_id portion (copilot-node-block-id).
+    For real graph executions, look up the NodeExecution record.
+    """
+    if is_copilot_synthetic_id(node_exec_id):
+        return parse_node_id_from_exec_id(node_exec_id)
+    node_exec = await get_node_execution(node_exec_id)
+    return node_exec.node_id if node_exec else node_exec_id
+
+
 async def get_pending_reviews_for_user(
    user_id: str, page: int = 1, page_size: int = 25
 ) -> list["PendingHumanReviewModel"]:
@@ -361,8 +385,7 @@ async def get_pending_reviews_for_user(
    # Fetch node_id for each review from NodeExecution
    result = []
    for review in reviews:
-        node_exec = await get_node_execution(review.nodeExecId)
-        node_id = node_exec.node_id if node_exec else review.nodeExecId
+        node_id = await _resolve_node_id(review.nodeExecId, get_node_execution)
        result.append(PendingHumanReviewModel.from_db(review, node_id=node_id))

    return result
@@ -370,7 +393,7 @@ async def get_pending_reviews_for_user(

 async def get_pending_reviews_for_execution(
    graph_exec_id: str, user_id: str
-) -> list["PendingHumanReviewModel"]:
+) -> list[PendingHumanReviewModel]:
    """
    Get all pending reviews for a specific graph execution.

@@ -396,8 +419,7 @@ async def get_pending_reviews_for_execution(
    # Fetch node_id for each review from NodeExecution
    result = []
    for review in reviews:
-        node_exec = await get_node_execution(review.nodeExecId)
-        node_id = node_exec.node_id if node_exec else review.nodeExecId
+        node_id = await _resolve_node_id(review.nodeExecId, get_node_execution)
        result.append(PendingHumanReviewModel.from_db(review, node_id=node_id))

    return result
@@ -509,8 +531,12 @@ async def process_all_reviews_for_execution(

    result = {}
    for review in all_result_reviews:
-        node_exec = await get_node_execution(review.nodeExecId)
-        node_id = node_exec.node_id if node_exec else review.nodeExecId
+        if is_copilot_synthetic_id(review.nodeExecId):
+            # CoPilot synthetic node_exec_ids encode node_id as "{node_id}:{random}"
+            node_id = parse_node_id_from_exec_id(review.nodeExecId)
+        else:
+            node_exec = await get_node_execution(review.nodeExecId)
+            node_id = node_exec.node_id if node_exec else review.nodeExecId
        result[review.nodeExecId] = PendingHumanReviewModel.from_db(
            review, node_id=node_id
        )
@@ -564,3 +590,21 @@ async def cancel_pending_reviews_for_execution(graph_exec_id: str, user_id: str)
        },
    )
    return result
+
+
+async def delete_review_by_node_exec_id(node_exec_id: str, user_id: str) -> int:
+    """Delete a review record by node execution ID after it has been consumed.
+
+    Used by CoPilot's continue_run_block to clean up one-time-use review records
+    after successful execution.
+
+    Args:
+        node_exec_id: The node execution ID of the review to delete
+        user_id: User ID for authorization
+
+    Returns:
+        Number of records deleted
+    """
+    return await PendingHumanReview.prisma().delete_many(
+        where={"nodeExecId": node_exec_id, "userId": user_id}
+    )
--- a/autogpt_platform/backend/backend/data/notification_bus.py
+++ b/autogpt_platform/backend/backend/data/notification_bus.py
@@ -8,6 +8,8 @@ from backend.api.model import NotificationPayload
 from backend.data.event_bus import AsyncRedisEventBus
 from backend.util.settings import Settings

+_settings = Settings()
+

 class NotificationEvent(BaseModel):
    """Generic notification event destined for websocket delivery."""
@@ -26,7 +28,7 @@ class AsyncRedisNotificationEventBus(AsyncRedisEventBus[NotificationEvent]):

    @property
    def event_bus_name(self) -> str:
-        return Settings().config.notification_event_bus_name
+        return _settings.config.notification_event_bus_name

    async def publish(self, event: NotificationEvent) -> None:
        await self.publish_event(event, event.user_id)
--- a/autogpt_platform/backend/backend/util/request.py
+++ b/autogpt_platform/backend/backend/util/request.py
@@ -144,76 +144,106 @@ async def _resolve_host(hostname: str) -> list[str]:
    return ip_addresses


-async def validate_url(
-    url: str, trusted_origins: list[str]
+async def validate_url_host(
+    url: str, trusted_hostnames: Optional[list[str]] = None
 ) -> tuple[URL, bool, list[str]]:
    """
-    Validates the URL to prevent SSRF attacks by ensuring it does not point
-    to a private, link-local, or otherwise blocked IP address — unless
+    Validates a (URL's) host string to prevent SSRF attacks by ensuring it does not
+    point to a private, link-local, or otherwise blocked IP address — unless
    the hostname is explicitly trusted.

+    Hosts in `trusted_hostnames` are permitted without checks.
+    All other hosts are resolved and checked against `BLOCKED_IP_NETWORKS`.
+
+    Params:
+        url: A hostname, netloc, or URL to validate.
+             If no scheme is included, `http://` is assumed.
+        trusted_hostnames: A list of hostnames that don't require validation.
+
+    Raises:
+      ValueError:
+        - if the URL has a disallowed URL scheme
+        - if the URL/host string can't be parsed
+        - if the hostname contains invalid or unsupported (non-ASCII) characters
+        - if the host resolves to a blocked IP
+
    Returns:
-        str: The validated, canonicalized, parsed URL
-        is_trusted: Boolean indicating if the hostname is in trusted_origins
-        ip_addresses: List of IP addresses for the host; empty if the host is trusted
+        1. The validated, canonicalized, parsed host/URL,
+           with hostname ASCII-safe encoding
+        2. Whether the host is trusted (based on the passed `trusted_hostnames`).
+        3. List of resolved IP addresses for the host; empty if the host is trusted.
    """
    parsed = parse_url(url)

-    # Check scheme
    if parsed.scheme not in ALLOWED_SCHEMES:
        raise ValueError(
-            f"Scheme '{parsed.scheme}' is not allowed. Only HTTP/HTTPS are supported."
+            f"URL scheme '{parsed.scheme}' is not allowed; allowed schemes: "
+            f"{', '.join(ALLOWED_SCHEMES)}"
        )

-    # Validate and IDNA encode hostname
    if not parsed.hostname:
-        raise ValueError("Invalid URL: No hostname found.")
+        raise ValueError(f"Invalid host/URL; no host in parse result: {url}")

    # IDNA encode to prevent Unicode domain attacks
    try:
        ascii_hostname = idna.encode(parsed.hostname).decode("ascii")
    except idna.IDNAError:
-        raise ValueError("Invalid hostname with unsupported characters.")
+        raise ValueError(f"Hostname '{parsed.hostname}' has unsupported characters")

-    # Check hostname characters
    if not HOSTNAME_REGEX.match(ascii_hostname):
-        raise ValueError("Hostname contains invalid characters.")
+        raise ValueError(f"Hostname '{parsed.hostname}' has unsupported characters")

-    # Check if hostname is trusted
-    is_trusted = ascii_hostname in trusted_origins
-
-    # If not trusted, validate IP addresses
-    ip_addresses: list[str] = []
-    if not is_trusted:
-        # Resolve all IP addresses for the hostname
-        ip_addresses = await _resolve_host(ascii_hostname)
-
-        # Block any IP address that belongs to a blocked range
-        for ip_str in ip_addresses:
-            if _is_ip_blocked(ip_str):
-                raise ValueError(
-                    f"Access to blocked or private IP address {ip_str} "
-                    f"for hostname {ascii_hostname} is not allowed."
-                )
-
-    # Reconstruct the netloc with IDNA-encoded hostname and preserve port
-    netloc = ascii_hostname
-    if parsed.port:
-        netloc = f"{ascii_hostname}:{parsed.port}"
-
-    return (
-        URL(
-            parsed.scheme,
-            netloc,
-            quote(parsed.path, safe="/%:@"),
-            parsed.params,
-            parsed.query,
-            parsed.fragment,
-        ),
-        is_trusted,
-        ip_addresses,
+    # Re-create parsed URL object with IDNA-encoded hostname
+    parsed = URL(
+        parsed.scheme,
+        (ascii_hostname if parsed.port is None else f"{ascii_hostname}:{parsed.port}"),
+        quote(parsed.path, safe="/%:@"),
+        parsed.params,
+        parsed.query,
+        parsed.fragment,
    )

+    is_trusted = trusted_hostnames and any(
+        matches_allowed_host(parsed, allowed)
+        for allowed in (
+            # Normalize + parse allowlist entries the same way for consistent matching
+            parse_url(w)
+            for w in trusted_hostnames
+        )
+    )
+
+    if is_trusted:
+        return parsed, True, []
+
+    # If not allowlisted, go ahead with host resolution and IP target check
+    return parsed, False, await _resolve_and_check_blocked(ascii_hostname)
+
+
+def matches_allowed_host(url: URL, allowed: URL) -> bool:
+    if url.hostname != allowed.hostname:
+        return False
+
+    # Allow any port if not explicitly specified in the allowlist
+    if allowed.port is None:
+        return True
+
+    return url.port == allowed.port
+
+
+async def _resolve_and_check_blocked(hostname: str) -> list[str]:
+    """
+    Resolves hostname to IPs and raises ValueError if any resolve to
+    a blocked network. Returns the list of resolved IP addresses.
+    """
+    ip_addresses = await _resolve_host(hostname)
+    for ip_str in ip_addresses:
+        if _is_ip_blocked(ip_str):
+            raise ValueError(
+                f"Access to blocked or private IP address {ip_str} "
+                f"for hostname {hostname} is not allowed."
+            )
+    return ip_addresses
+

 def parse_url(url: str) -> URL:
    """Canonicalizes and parses a URL string."""
@@ -352,7 +382,7 @@ class Requests:
    ):
        self.trusted_origins = []
        for url in trusted_origins or []:
-            hostname = urlparse(url).hostname
+            hostname = parse_url(url).netloc  # {host}[:{port}]
            if not hostname:
                raise ValueError(f"Invalid URL: Unable to determine hostname of {url}")
            self.trusted_origins.append(hostname)
@@ -450,7 +480,7 @@ class Requests:
            data = form

        # Validate URL and get trust status
-        parsed_url, is_trusted, ip_addresses = await validate_url(
+        parsed_url, is_trusted, ip_addresses = await validate_url_host(
            url, self.trusted_origins
        )

@@ -503,7 +533,6 @@ class Requests:
                json=json,
                **kwargs,
            ) as response:
-
                if self.raise_for_status:
                    try:
                        response.raise_for_status()
--- a/autogpt_platform/backend/backend/util/request_test.py
+++ b/autogpt_platform/backend/backend/util/request_test.py
@@ -1,7 +1,7 @@
 import pytest
 from aiohttp import web

-from backend.util.request import pin_url, validate_url
+from backend.util.request import pin_url, validate_url_host


@pytest.mark.parametrize(
@@ -60,9 +60,9 @@ async def test_validate_url_no_dns_rebinding(
 ):
    if should_raise:
        with pytest.raises(ValueError):
-            await validate_url(raw_url, trusted_origins)
+            await validate_url_host(raw_url, trusted_origins)
    else:
-        validated_url, _, _ = await validate_url(raw_url, trusted_origins)
+        validated_url, _, _ = await validate_url_host(raw_url, trusted_origins)
        assert validated_url.geturl() == expected_value


@@ -101,10 +101,10 @@ async def test_dns_rebinding_fix(
    if expect_error:
        # If any IP is blocked, we expect a ValueError
        with pytest.raises(ValueError):
-            url, _, ip_addresses = await validate_url(hostname, [])
+            url, _, ip_addresses = await validate_url_host(hostname)
            pin_url(url, ip_addresses)
    else:
-        url, _, ip_addresses = await validate_url(hostname, [])
+        url, _, ip_addresses = await validate_url_host(hostname)
        pinned_url = pin_url(url, ip_addresses).geturl()
        # The pinned_url should contain the first valid IP
        assert pinned_url.startswith("http://") or pinned_url.startswith("https://")
--- a/autogpt_platform/backend/backend/util/settings.py
+++ b/autogpt_platform/backend/backend/util/settings.py
@@ -89,6 +89,10 @@ class Config(UpdateTrackingModel["Config"], BaseSettings):
        le=500,
        description="Thread pool size for FastAPI sync operations. All sync endpoints and dependencies automatically use this pool. Higher values support more concurrent sync operations but use more memory.",
    )
+    ollama_host: str = Field(
+        default="localhost:11434",
+        description="Default Ollama host; exempted from SSRF checks.",
+    )
    pyro_host: str = Field(
        default="localhost",
        description="The default hostname of the Pyro server.",
--- a/autogpt_platform/backend/migrations/20260308095500_migrate_deprecated_gemini_3_pro_preview/migration.sql
+++ b/autogpt_platform/backend/migrations/20260308095500_migrate_deprecated_gemini_3_pro_preview/migration.sql
@@ -0,0 +1,22 @@
+-- Migrate Gemini 3 Pro Preview to Gemini 3.1 Pro Preview
+-- This updates all AgentNode blocks that use the deprecated Gemini 3 Pro Preview model
+-- Google is shutting down google/gemini-3-pro-preview on March 9, 2026
+
+-- Update AgentNode constant inputs
+UPDATE "AgentNode"
+SET "constantInput" = JSONB_SET(
+    "constantInput"::jsonb,
+    '{model}',
+    '"google/gemini-3.1-pro-preview"'::jsonb
+)
+WHERE "constantInput"::jsonb->>'model' = 'google/gemini-3-pro-preview';
+
+-- Update AgentPreset input overrides (stored in AgentNodeExecutionInputOutput)
+UPDATE "AgentNodeExecutionInputOutput"
+SET "data" = JSONB_SET(
+    "data"::jsonb,
+    '{model}',
+    '"google/gemini-3.1-pro-preview"'::jsonb
+)
+WHERE "agentPresetId" IS NOT NULL
+  AND "data"::jsonb->>'model' = 'google/gemini-3-pro-preview';
--- a/autogpt_platform/backend/migrations/20260310120000_remove_graph_exec_fk_from_pending_human_review/migration.sql
+++ b/autogpt_platform/backend/migrations/20260310120000_remove_graph_exec_fk_from_pending_human_review/migration.sql
@@ -0,0 +1,7 @@
+-- Remove GraphExecution foreign key from PendingHumanReview
+-- The graphExecId column remains for querying, but we remove the FK constraint
+-- to AgentGraphExecution since PendingHumanReview records can now be created
+-- with synthetic graph_exec_ids (e.g., CoPilot direct block execution uses
+-- "copilot-session-{session_id}" as graph_exec_id).
+
+ALTER TABLE "PendingHumanReview" DROP CONSTRAINT IF EXISTS "PendingHumanReview_graphExecId_fkey";
--- a/autogpt_platform/backend/migrations/20260313120000_fix_perplexity_block_invalid_models/migration.sql
+++ b/autogpt_platform/backend/migrations/20260313120000_fix_perplexity_block_invalid_models/migration.sql
@@ -0,0 +1,40 @@
+-- Fix PerplexityBlock nodes that have invalid model values (e.g. gpt-4o,
+-- gpt-5.2-2025-12-11) set by the agent generator. Defaults them to the
+-- standard "perplexity/sonar" model.
+--
+-- PerplexityBlock ID: c8a5f2e9-8b3d-4a7e-9f6c-1d5e3c9b7a4f
+-- Valid models: perplexity/sonar, perplexity/sonar-pro, perplexity/sonar-deep-research
+
+UPDATE "AgentNode"
+SET "constantInput" = JSONB_SET(
+    "constantInput"::jsonb,
+    '{model}',
+    '"perplexity/sonar"'::jsonb
+)
+WHERE "agentBlockId" = 'c8a5f2e9-8b3d-4a7e-9f6c-1d5e3c9b7a4f'
+  AND "constantInput"::jsonb ? 'model'
+  AND "constantInput"::jsonb->>'model' NOT IN (
+      'perplexity/sonar',
+      'perplexity/sonar-pro',
+      'perplexity/sonar-deep-research'
+  );
+
+-- Update AgentPreset input overrides (stored in AgentNodeExecutionInputOutput).
+-- The table links to AgentNode through AgentNodeExecution, not directly.
+UPDATE "AgentNodeExecutionInputOutput" io
+SET "data" = JSONB_SET(
+    io."data"::jsonb,
+    '{model}',
+    '"perplexity/sonar"'::jsonb
+)
+FROM "AgentNodeExecution" exe
+JOIN "AgentNode" n ON n."id" = exe."agentNodeId"
+WHERE io."agentPresetId" IS NOT NULL
+  AND (io."referencedByInputExecId" = exe."id" OR io."referencedByOutputExecId" = exe."id")
+  AND n."agentBlockId" = 'c8a5f2e9-8b3d-4a7e-9f6c-1d5e3c9b7a4f'
+  AND io."data"::jsonb ? 'model'
+  AND io."data"::jsonb->>'model' NOT IN (
+      'perplexity/sonar',
+      'perplexity/sonar-pro',
+      'perplexity/sonar-deep-research'
+  );
--- a/autogpt_platform/backend/schema.prisma
+++ b/autogpt_platform/backend/schema.prisma
@@ -566,8 +566,6 @@ model AgentGraphExecution {
  shareToken String?   @unique
  sharedAt   DateTime?

-  PendingHumanReviews PendingHumanReview[]
-
  @@index([agentGraphId, agentGraphVersion])
  @@index([userId, isDeleted, createdAt])
  @@index([createdAt])
@@ -664,8 +662,7 @@ model PendingHumanReview {
  updatedAt     DateTime?    @updatedAt
  reviewedAt    DateTime?

-  User           User                @relation(fields: [userId], references: [id], onDelete: Cascade)
-  GraphExecution AgentGraphExecution @relation(fields: [graphExecId], references: [id], onDelete: Cascade)
+  User User @relation(fields: [userId], references: [id], onDelete: Cascade)

  @@unique([nodeExecId]) // One pending review per node execution
  @@index([userId, status])
--- a/autogpt_platform/backend/snapshots/lib_agts_search
+++ b/autogpt_platform/backend/snapshots/lib_agts_search
@@ -4,7 +4,6 @@
      "id": "test-agent-1",
      "graph_id": "test-agent-1",
      "graph_version": 1,
-      "owner_user_id": "3e53486c-cf57-477e-ba2a-cb02dc828e1a",
      "image_url": null,
      "creator_name": "Test Creator",
      "creator_image_url": "",
@@ -51,7 +50,6 @@
      "id": "test-agent-2",
      "graph_id": "test-agent-2",
      "graph_version": 1,
-      "owner_user_id": "3e53486c-cf57-477e-ba2a-cb02dc828e1a",
      "image_url": null,
      "creator_name": "Test Creator",
      "creator_image_url": "",
--- a/autogpt_platform/backend/test/blocks/test_gmail.py
+++ b/autogpt_platform/backend/test/blocks/test_gmail.py
@@ -84,6 +84,27 @@ class TestGmailReadBlock:
            assert "Hello World" in result
            assert "This is HTML content" in result

+    @pytest.mark.asyncio
+    async def test_html_fallback_when_html2text_conversion_fails(self):
+        """Fallback to raw HTML when html2text converter raises unexpectedly."""
+        html_text = "<html><body><p>Broken <b>HTML</p></body></html>"
+
+        msg = {
+            "id": "test_msg_html_error",
+            "payload": {
+                "mimeType": "text/html",
+                "body": {"data": self._encode_base64(html_text)},
+            },
+        }
+
+        with patch("html2text.HTML2Text") as mock_html2text:
+            mock_converter = Mock()
+            mock_converter.handle.side_effect = ValueError("conversion failed")
+            mock_html2text.return_value = mock_converter
+
+            result = await self.gmail_block._get_email_body(msg, self.mock_service)
+            assert result == html_text
+
    @pytest.mark.asyncio
    async def test_html_fallback_when_html2text_unavailable(self):
        """Test fallback to raw HTML when html2text is not available."""
--- a/autogpt_platform/frontend/src/app/(platform)/build/actions.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/build/actions.ts
@@ -1,36 +0,0 @@
-"use server";
-
-import BackendAPI from "@/lib/autogpt-server-api/client";
-import { OttoQuery, OttoResponse } from "@/lib/autogpt-server-api/types";
-
-const api = new BackendAPI();
-
-export async function askOtto(
-  query: string,
-  conversationHistory: { query: string; response: string }[],
-  includeGraphData: boolean,
-  graphId?: string,
-): Promise<OttoResponse> {
-  const messageId = `${Date.now()}-web`;
-
-  const ottoQuery: OttoQuery = {
-    query,
-    conversation_history: conversationHistory,
-    message_id: messageId,
-    include_graph_data: includeGraphData,
-    graph_id: graphId,
-  };
-
-  try {
-    const response = await api.askOtto(ottoQuery);
-    return response;
-  } catch (error) {
-    console.error("Error in askOtto server action:", error);
-    return {
-      answer: error instanceof Error ? error.message : "Unknown error occurred",
-      documents: [],
-      success: false,
-      error: true,
-    };
-  }
-}
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/CustomNode/CustomNode.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/CustomNode/CustomNode.tsx
@@ -23,6 +23,12 @@ import { WebhookDisclaimer } from "./components/WebhookDisclaimer";
 import { SubAgentUpdateFeature } from "./components/SubAgentUpdate/SubAgentUpdateFeature";
 import { useCustomNode } from "./useCustomNode";

+function hasAdvancedFields(schema: RJSFSchema): boolean {
+  const properties = schema?.properties;
+  if (!properties) return false;
+  return Object.values(properties).some((prop: any) => prop.advanced === true);
+}
+
 export type CustomNodeData = {
  hardcodedValues: {
    [key: string]: any;
@@ -108,7 +114,11 @@ export const CustomNode: React.FC<NodeProps<CustomNode>> = React.memo(
            )}
            showHandles={showHandles}
          />
-          <NodeAdvancedToggle nodeId={nodeId} />
+          <NodeAdvancedToggle
+            nodeId={nodeId}
+            isLastSection={data.uiType === BlockUIType.OUTPUT}
+            hasAdvancedFields={hasAdvancedFields(inputSchema)}
+          />
          {data.uiType != BlockUIType.OUTPUT && (
            <OutputHandler
              uiType={data.uiType}
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/CustomNode/components/NodeAdvancedToggle.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/CustomNode/components/NodeAdvancedToggle.tsx
@@ -2,18 +2,33 @@ import { useNodeStore } from "@/app/(platform)/build/stores/nodeStore";
 import { Button } from "@/components/atoms/Button/Button";
 import { Text } from "@/components/atoms/Text/Text";
 import { CaretDownIcon } from "@phosphor-icons/react";
+import { cn } from "@/lib/utils";

 type Props = {
  nodeId: string;
+  isLastSection?: boolean;
+  hasAdvancedFields?: boolean;
 };

-export function NodeAdvancedToggle({ nodeId }: Props) {
+export function NodeAdvancedToggle({
+  nodeId,
+  isLastSection,
+  hasAdvancedFields = true,
+}: Props) {
  const showAdvanced = useNodeStore(
    (state) => state.nodeAdvancedStates[nodeId] || false,
  );
  const setShowAdvanced = useNodeStore((state) => state.setShowAdvanced);
+
+  if (!hasAdvancedFields) return null;
+
  return (
-    <div className="flex items-center justify-start gap-2 bg-white px-5 pb-3.5">
+    <div
+      className={cn(
+        "flex items-center justify-start gap-2 bg-white px-5 pb-3.5",
+        isLastSection && "rounded-b-xlarge",
+      )}
+    >
      <Button
        variant="ghost"
        className="h-fit min-w-0 p-0 hover:border-transparent hover:bg-transparent"
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/OutputHandler.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/nodes/OutputHandler.tsx
@@ -1,6 +1,6 @@
 import { Button } from "@/components/atoms/Button/Button";
 import { Text } from "@/components/atoms/Text/Text";
-import { CaretDownIcon, InfoIcon } from "@phosphor-icons/react";
+import { CaretDownIcon, CaretRightIcon, InfoIcon } from "@phosphor-icons/react";
 import { RJSFSchema } from "@rjsf/utils";
 import { useState } from "react";

@@ -30,13 +30,41 @@ export const OutputHandler = ({
  const properties = outputSchema?.properties || {};
  const [isOutputVisible, setIsOutputVisible] = useState(true);
  const brokenOutputs = useBrokenOutputs(nodeId);
+  const [expandedObjects, setExpandedObjects] = useState<
+    Record<string, boolean>
+  >({});

  const showHandles = uiType !== BlockUIType.OUTPUT;

+  function toggleObjectExpanded(key: string) {
+    setExpandedObjects((prev) => ({ ...prev, [key]: !prev[key] }));
+  }
+
+  function hasConnectedOrBrokenDescendant(
+    schema: RJSFSchema,
+    keyPrefix: string,
+  ): boolean {
+    if (!schema) return false;
+    return Object.entries(schema).some(
+      ([key, fieldSchema]: [string, RJSFSchema]) => {
+        const fullKey = keyPrefix ? `${keyPrefix}_#_${key}` : key;
+        if (isOutputConnected(nodeId, fullKey) || brokenOutputs.has(fullKey))
+          return true;
+        if (fieldSchema?.properties)
+          return hasConnectedOrBrokenDescendant(
+            fieldSchema.properties,
+            fullKey,
+          );
+        return false;
+      },
+    );
+  }
+
  const renderOutputHandles = (
    schema: RJSFSchema,
    keyPrefix: string = "",
    titlePrefix: string = "",
+    connectedOnly: boolean = false,
  ): React.ReactNode[] => {
    return Object.entries(schema).map(
      ([key, fieldSchema]: [string, RJSFSchema]) => {
@@ -44,10 +72,23 @@ export const OutputHandler = ({
        const fieldTitle = titlePrefix + (fieldSchema?.title || key);

        const isConnected = isOutputConnected(nodeId, fullKey);
-        const shouldShow = isConnected || isOutputVisible;
+        const isBroken = brokenOutputs.has(fullKey);
+        const hasNestedProperties = !!fieldSchema?.properties;
+        const selfIsRelevant = isConnected || isBroken;
+        const descendantIsRelevant =
+          hasNestedProperties &&
+          hasConnectedOrBrokenDescendant(fieldSchema.properties!, fullKey);
+
+        const shouldShow = connectedOnly
+          ? selfIsRelevant || descendantIsRelevant
+          : isOutputVisible || selfIsRelevant || descendantIsRelevant;
+
        const { displayType, colorClass, hexColor } =
          getTypeDisplayInfo(fieldSchema);
-        const isBroken = brokenOutputs.has(fullKey);
+        const isExpanded = expandedObjects[fullKey] ?? false;
+
+        // User expanded → show all children; auto-expanded → filter to connected only
+        const shouldRenderChildren = isExpanded || descendantIsRelevant;

        return shouldShow ? (
          <div
@@ -56,6 +97,19 @@ export const OutputHandler = ({
            data-tutorial-id={`output-handler-${nodeId}-${fieldTitle}`}
          >
            <div className="relative flex items-center gap-2">
+              {hasNestedProperties && (
+                <button
+                  onClick={() => toggleObjectExpanded(fullKey)}
+                  className="flex items-center text-slate-500 hover:text-slate-700"
+                  aria-label={isExpanded ? "Collapse" : "Expand"}
+                >
+                  {isExpanded ? (
+                    <CaretDownIcon size={12} weight="bold" />
+                  ) : (
+                    <CaretRightIcon size={12} weight="bold" />
+                  )}
+                </button>
+              )}
              {fieldSchema?.description && (
                <TooltipProvider>
                  <Tooltip>
@@ -102,12 +156,14 @@ export const OutputHandler = ({
              )}
            </div>

-            {/* Recursively render nested properties */}
-            {fieldSchema?.properties &&
+            {/* Nested properties */}
+            {hasNestedProperties &&
+              shouldRenderChildren &&
              renderOutputHandles(
-                fieldSchema.properties,
+                fieldSchema.properties!,
                fullKey,
-                `${fieldTitle}.`,
+                "",
+                !isExpanded,
              )}
          </div>
        ) : null;
@@ -136,7 +192,7 @@ export const OutputHandler = ({
      </Button>

      <div className="flex flex-col items-end gap-2">
-        {renderOutputHandles(properties)}
+        {renderOutputHandles(properties, "", "", !isOutputVisible)}
      </div>
    </div>
  );
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/tutorial/helpers/blocks.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/tutorial/helpers/blocks.ts
@@ -75,7 +75,7 @@ export const getSecondCalculatorNode = () => {
 export const getFormContainerSelector = (blockId: string): string | null => {
  const node = getNodeByBlockId(blockId);
  if (node) {
-    return `[data-id="form-creator-container-${node.id}"]`;
+    return `[data-id="form-creator-container-${node.id}-node"]`;
  }
  return null;
 };
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/tutorial/styles.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/tutorial/styles.ts
@@ -7,6 +7,7 @@
 *
 * Typography (body, small, action, info, tip, warning) uses Tailwind utilities directly in steps.ts
 */
+import "shepherd.js/dist/css/shepherd.css";
 import "./tutorial.css";

 export const injectTutorialStyles = () => {
--- a/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/tutorial/tutorial.css
+++ b/autogpt_platform/frontend/src/app/(platform)/build/components/FlowEditor/tutorial/tutorial.css
@@ -1,3 +1,14 @@
+.new-builder-tutorial-disable {
+  opacity: 0.3 !important;
+  pointer-events: none !important;
+  filter: grayscale(100%) !important;
+}
+
+.new-builder-tutorial-highlight {
+  position: relative;
+  z-index: 10;
+}
+
 .new-builder-tutorial-highlight * {
  opacity: 1 !important;
  filter: none !important;
--- a/autogpt_platform/frontend/src/app/(platform)/build/stores/historyStore.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/build/stores/historyStore.ts
@@ -25,34 +25,60 @@ type HistoryStore = {

 const MAX_HISTORY = 50;

+// Microtask batching state — kept outside the store to avoid triggering
+// re-renders. When multiple pushState calls happen in the same synchronous
+// execution (e.g. node deletion cascading to edge cleanup), only the first
+// (pre-change) state is kept and committed as a single history entry.
+let pendingState: HistoryState | null = null;
+let batchScheduled = false;
+
 export const useHistoryStore = create<HistoryStore>((set, get) => ({
  past: [{ nodes: [], edges: [] }],
  future: [],

  pushState: (state: HistoryState) => {
-    const { past } = get();
-    const lastState = past[past.length - 1];
-
-    if (lastState && isEqual(lastState, state)) {
-      return;
+    // Keep only the first state within a microtask batch — it represents
+    // the true pre-change snapshot before any cascading mutations.
+    if (!pendingState) {
+      pendingState = state;
    }

-    const actualCurrentState = {
-      nodes: useNodeStore.getState().nodes,
-      edges: useEdgeStore.getState().edges,
-    };
+    if (!batchScheduled) {
+      batchScheduled = true;
+      queueMicrotask(() => {
+        const stateToCommit = pendingState;
+        pendingState = null;
+        batchScheduled = false;

-    if (isEqual(state, actualCurrentState)) {
-      return;
+        if (!stateToCommit) return;
+
+        const { past } = get();
+        const lastState = past[past.length - 1];
+
+        if (lastState && isEqual(lastState, stateToCommit)) {
+          return;
+        }
+
+        const actualCurrentState = {
+          nodes: useNodeStore.getState().nodes,
+          edges: useEdgeStore.getState().edges,
+        };
+
+        if (isEqual(stateToCommit, actualCurrentState)) {
+          return;
+        }
+
+        set((prev) => ({
+          past: [...prev.past.slice(-MAX_HISTORY + 1), stateToCommit],
+          future: [],
+        }));
+      });
    }
-
-    set((prev) => ({
-      past: [...prev.past.slice(-MAX_HISTORY + 1), state],
-      future: [],
-    }));
  },

  initializeHistory: () => {
+    pendingState = null;
+
    const currentNodes = useNodeStore.getState().nodes;
    const currentEdges = useEdgeStore.getState().edges;

@@ -122,5 +148,8 @@ export const useHistoryStore = create<HistoryStore>((set, get) => ({
  },
  canRedo: () => get().future.length > 0,

-  clear: () => set({ past: [{ nodes: [], edges: [] }], future: [] }),
+  clear: () => {
+    pendingState = null;
+    set({ past: [{ nodes: [], edges: [] }], future: [] });
+  },
 }));
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/CopilotPage.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/CopilotPage.tsx
@@ -15,6 +15,8 @@ import { ChatSidebar } from "./components/ChatSidebar/ChatSidebar";
 import { DeleteChatDialog } from "./components/DeleteChatDialog/DeleteChatDialog";
 import { MobileDrawer } from "./components/MobileDrawer/MobileDrawer";
 import { MobileHeader } from "./components/MobileHeader/MobileHeader";
+import { NotificationBanner } from "./components/NotificationBanner/NotificationBanner";
+import { NotificationDialog } from "./components/NotificationDialog/NotificationDialog";
 import { ScaleLoader } from "./components/ScaleLoader/ScaleLoader";
 import { useCopilotPage } from "./useCopilotPage";

@@ -117,6 +119,7 @@ export function CopilotPage() {
        onDrop={handleDrop}
      >
        {isMobile && <MobileHeader onOpenDrawer={handleOpenDrawer} />}
+        <NotificationBanner />
        {/* Drop overlay */}
        <div
          className={cn(
@@ -201,6 +204,7 @@ export function CopilotPage() {
          onCancel={handleCancelDelete}
        />
      )}
+      <NotificationDialog />
    </SidebarProvider>
  );
 }
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatInput/useChatInput.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatInput/useChatInput.ts
@@ -1,3 +1,4 @@
+import { useCopilotUIStore } from "@/app/(platform)/copilot/store";
 import { ChangeEvent, FormEvent, useEffect, useState } from "react";

 interface Args {
@@ -16,6 +17,16 @@ export function useChatInput({
 }: Args) {
  const [value, setValue] = useState("");
  const [isSending, setIsSending] = useState(false);
+  const { initialPrompt, setInitialPrompt } = useCopilotUIStore();
+
+  useEffect(
+    function consumeInitialPrompt() {
+      if (!initialPrompt) return;
+      setValue((prev) => (prev.length === 0 ? initialPrompt : prev));
+      setInitialPrompt(null);
+    },
+    [initialPrompt, setInitialPrompt],
+  );

  useEffect(
    function focusOnMount() {
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/ChatMessagesContainer.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/ChatMessagesContainer.tsx
@@ -1,3 +1,4 @@
+import { useMemo } from "react";
 import {
  Conversation,
  ConversationContent,
@@ -8,6 +9,7 @@ import { LoadingSpinner } from "@/components/atoms/LoadingSpinner/LoadingSpinner
 import { FileUIPart, UIDataTypes, UIMessage, UITools } from "ai";
 import { TOOL_PART_PREFIX } from "../JobStatsBar/constants";
 import { TurnStatsBar } from "../JobStatsBar/TurnStatsBar";
+import { CopilotPendingReviews } from "../CopilotPendingReviews/CopilotPendingReviews";
 import {
  buildRenderSegments,
  getTurnMessages,
@@ -51,6 +53,50 @@ function renderSegments(
  });
 }

+/**
+ * Extract graph_exec_id from tool outputs that need review.
+ * Handles both:
+ * - run_block ReviewRequiredResponse (has graph_exec_id directly)
+ * - run_agent ExecutionStartedResponse with status "REVIEW" (has execution_id)
+ */
+function extractGraphExecId(
+  messages: UIMessage<unknown, UIDataTypes, UITools>[],
+): string | null {
+  // Scan backwards — the most recent review output has the ID
+  for (let i = messages.length - 1; i >= 0; i--) {
+    const msg = messages[i];
+    for (const part of msg.parts) {
+      if ("output" in part && part.output) {
+        const out =
+          typeof part.output === "string"
+            ? (() => {
+                try {
+                  return JSON.parse(part.output);
+                } catch {
+                  return null;
+                }
+              })()
+            : part.output;
+        if (out && typeof out === "object") {
+          // run_block: ReviewRequiredResponse has graph_exec_id
+          if ("graph_exec_id" in out) {
+            return (out as { graph_exec_id: string }).graph_exec_id;
+          }
+          // run_agent: ExecutionStartedResponse with status "REVIEW"
+          if (
+            "execution_id" in out &&
+            "status" in out &&
+            (out as { status: string }).status === "REVIEW"
+          ) {
+            return (out as { execution_id: string }).execution_id;
+          }
+        }
+      }
+    }
+  }
+  return null;
+}
+
 export function ChatMessagesContainer({
  messages,
  status,
@@ -60,6 +106,7 @@ export function ChatMessagesContainer({
  sessionID,
 }: Props) {
  const lastMessage = messages[messages.length - 1];
+  const graphExecId = useMemo(() => extractGraphExecId(messages), [messages]);

  const hasInflight = (() => {
    if (lastMessage?.role !== "assistant") return false;
@@ -205,6 +252,7 @@ export function ChatMessagesContainer({
            </MessageContent>
          </Message>
        )}
+        {graphExecId && <CopilotPendingReviews graphExecId={graphExecId} />}
        {error && (
          <details className="rounded-lg bg-red-50 p-4 text-sm text-red-700">
            <summary className="cursor-pointer font-medium">
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/components/MessagePartRenderer.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/components/MessagePartRenderer.tsx
@@ -130,6 +130,7 @@ export function MessagePartRenderer({ part, messageID, partIndex }: Props) {
    case "tool-get_doc_page":
      return <SearchDocsTool key={key} part={part as ToolUIPart} />;
    case "tool-run_block":
+    case "tool-continue_run_block":
      return <RunBlockTool key={key} part={part as ToolUIPart} />;
    case "tool-run_mcp_tool":
      return <RunMCPToolComponent key={key} part={part as ToolUIPart} />;
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/helpers.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/helpers.ts
@@ -19,6 +19,7 @@ const CUSTOM_TOOL_TYPES = new Set([
  "tool-search_docs",
  "tool-get_doc_page",
  "tool-run_block",
+  "tool-continue_run_block",
  "tool-run_mcp_tool",
  "tool-run_agent",
  "tool-schedule_agent",
@@ -33,6 +34,7 @@ const INTERACTIVE_RESPONSE_TYPES: ReadonlySet<string> = new Set([
  ResponseType.setup_requirements,
  ResponseType.agent_details,
  ResponseType.block_details,
+  ResponseType.review_required,
  ResponseType.need_login,
  ResponseType.input_validation_error,
  ResponseType.agent_builder_clarification_needed,
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatSidebar/ChatSidebar.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatSidebar/ChatSidebar.tsx
@@ -23,24 +23,36 @@ import {
  useSidebar,
 } from "@/components/ui/sidebar";
 import { cn } from "@/lib/utils";
-import { DotsThree, PlusCircleIcon, PlusIcon } from "@phosphor-icons/react";
+import {
+  CheckCircle,
+  DotsThree,
+  PlusCircleIcon,
+  PlusIcon,
+} from "@phosphor-icons/react";
 import { useQueryClient } from "@tanstack/react-query";
 import { AnimatePresence, motion } from "framer-motion";
 import { parseAsString, useQueryState } from "nuqs";
 import { useEffect, useRef, useState } from "react";
 import { useCopilotUIStore } from "../../store";
+import { NotificationToggle } from "./components/NotificationToggle/NotificationToggle";
 import { DeleteChatDialog } from "../DeleteChatDialog/DeleteChatDialog";
+import { PulseLoader } from "../PulseLoader/PulseLoader";

 export function ChatSidebar() {
  const { state } = useSidebar();
  const isCollapsed = state === "collapsed";
  const [sessionId, setSessionId] = useQueryState("sessionId", parseAsString);
-  const { sessionToDelete, setSessionToDelete } = useCopilotUIStore();
+  const {
+    sessionToDelete,
+    setSessionToDelete,
+    completedSessionIDs,
+    clearCompletedSession,
+  } = useCopilotUIStore();

  const queryClient = useQueryClient();

  const { data: sessionsResponse, isLoading: isLoadingSessions } =
-    useGetV2ListSessions({ limit: 50 });
+    useGetV2ListSessions({ limit: 50 }, { query: { refetchInterval: 10_000 } });

  const { mutate: deleteSession, isPending: isDeleting } =
    useDeleteV2DeleteSession({
@@ -99,6 +111,22 @@ export function ChatSidebar() {
    }
  }, [editingSessionId]);

+  // Refetch session list when active session changes
+  useEffect(() => {
+    queryClient.invalidateQueries({
+      queryKey: getGetV2ListSessionsQueryKey(),
+    });
+  }, [sessionId, queryClient]);
+
+  // Clear completed indicator when navigating to a session (works for all paths)
+  useEffect(() => {
+    if (!sessionId || !completedSessionIDs.has(sessionId)) return;
+    clearCompletedSession(sessionId);
+    const remaining = completedSessionIDs.size - 1;
+    document.title =
+      remaining > 0 ? `(${remaining}) Otto is ready - AutoGPT` : "AutoGPT";
+  }, [sessionId, completedSessionIDs, clearCompletedSession]);
+
  const sessions =
    sessionsResponse?.status === 200 ? sessionsResponse.data.sessions : [];

@@ -228,8 +256,11 @@ export function ChatSidebar() {
                <Text variant="h3" size="body-medium">
                  Your chats
                </Text>
-                <div className="relative left-6">
-                  <SidebarTrigger />
+                <div className="relative left-5 flex items-center gap-1">
+                  <NotificationToggle />
+                  <div className="relative left-1">
+                    <SidebarTrigger />
+                  </div>
                </div>
              </div>
              {sessionId ? (
@@ -305,8 +336,8 @@ export function ChatSidebar() {
                        onClick={() => handleSelectSession(session.id)}
                        className="w-full px-3 py-2.5 pr-10 text-left"
                      >
-                        <div className="flex min-w-0 max-w-full flex-col overflow-hidden">
-                          <div className="min-w-0 max-w-full">
+                        <div className="flex min-w-0 max-w-full items-center gap-2">
+                          <div className="min-w-0 flex-1">
                            <Text
                              variant="body"
                              className={cn(
@@ -329,10 +360,22 @@ export function ChatSidebar() {
                                </motion.span>
                              </AnimatePresence>
                            </Text>
+                            <Text variant="small" className="text-neutral-400">
+                              {formatDate(session.updated_at)}
+                            </Text>
                          </div>
-                          <Text variant="small" className="text-neutral-400">
-                            {formatDate(session.updated_at)}
-                          </Text>
+                          {session.is_processing &&
+                            session.id !== sessionId &&
+                            !completedSessionIDs.has(session.id) && (
+                              <PulseLoader size={16} className="shrink-0" />
+                            )}
+                          {completedSessionIDs.has(session.id) &&
+                            session.id !== sessionId && (
+                              <CheckCircle
+                                className="h-4 w-4 shrink-0 text-green-500"
+                                weight="fill"
+                              />
+                            )}
                        </div>
                      </button>
                    )}
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatSidebar/components/NotificationToggle/NotificationToggle.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatSidebar/components/NotificationToggle/NotificationToggle.tsx
@@ -0,0 +1,92 @@
+"use client";
+
+import { Switch } from "@/components/atoms/Switch/Switch";
+import {
+  Popover,
+  PopoverContent,
+  PopoverTrigger,
+} from "@/components/molecules/Popover/Popover";
+import { toast } from "@/components/molecules/Toast/use-toast";
+import { cn } from "@/lib/utils";
+import { Bell, BellRinging, BellSlash } from "@phosphor-icons/react";
+import { useCopilotUIStore } from "../../../../store";
+
+export function NotificationToggle() {
+  const {
+    isNotificationsEnabled,
+    setNotificationsEnabled,
+    isSoundEnabled,
+    toggleSound,
+  } = useCopilotUIStore();
+
+  async function handleToggleNotifications() {
+    if (isNotificationsEnabled) {
+      setNotificationsEnabled(false);
+      return;
+    }
+    if (typeof Notification === "undefined") {
+      toast({
+        title: "Notifications not supported",
+        description: "Your browser does not support notifications.",
+        variant: "destructive",
+      });
+      return;
+    }
+    const permission = await Notification.requestPermission();
+    if (permission === "granted") {
+      setNotificationsEnabled(true);
+    } else {
+      toast({
+        title: "Notifications blocked",
+        description:
+          "Please allow notifications in your browser settings to enable this feature.",
+        variant: "destructive",
+      });
+    }
+  }
+
+  return (
+    <Popover>
+      <PopoverTrigger asChild>
+        <button
+          className="rounded p-1 text-black transition-colors hover:bg-zinc-50"
+          aria-label="Notification settings"
+        >
+          {!isNotificationsEnabled ? (
+            <BellSlash className="!size-5" />
+          ) : isSoundEnabled ? (
+            <BellRinging className="!size-5" />
+          ) : (
+            <Bell className="!size-5" />
+          )}
+        </button>
+      </PopoverTrigger>
+      <PopoverContent align="start" className="w-56 p-3">
+        <div className="flex flex-col gap-3">
+          <label className="flex items-center justify-between">
+            <span className="text-sm text-zinc-700">Notifications</span>
+            <Switch
+              checked={isNotificationsEnabled}
+              onCheckedChange={handleToggleNotifications}
+            />
+          </label>
+          <label className="flex items-center justify-between">
+            <span
+              className={cn(
+                "text-sm text-zinc-700",
+                !isNotificationsEnabled && "opacity-50",
+              )}
+            >
+              Sound
+            </span>
+            <Switch
+              checked={isSoundEnabled && isNotificationsEnabled}
+              onCheckedChange={toggleSound}
+              disabled={!isNotificationsEnabled}
+            />
+          </label>
+        </div>
+      </PopoverContent>
+    </Popover>
+  );
+}
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/CopilotPendingReviews/CopilotPendingReviews.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/CopilotPendingReviews/CopilotPendingReviews.tsx
@@ -0,0 +1,61 @@
+"use client";
+
+import { useCallback } from "react";
+import { PendingReviewsList } from "@/components/organisms/PendingReviewsList/PendingReviewsList";
+import { useCopilotChatActions } from "../CopilotChatActionsProvider/useCopilotChatActions";
+import { usePendingReviewsForExecution } from "@/hooks/usePendingReviews";
+import { okData } from "@/app/api/helpers";
+
+interface Props {
+  graphExecId: string;
+}
+
+/**
+ * Renders a single consolidated PendingReviewsList for all pending copilot
+ * reviews in a session — mirrors the non-copilot review page behavior.
+ * Works for both run_block (synthetic copilot-session-*) and run_agent (real graph exec) reviews.
+ */
+export function CopilotPendingReviews({ graphExecId }: Props) {
+  const { onSend } = useCopilotChatActions();
+  const { pendingReviews, refetch } = usePendingReviewsForExecution(
+    graphExecId,
+    { enabled: !!graphExecId, refetchInterval: 2000 },
+  );
+
+  // Graph executions auto-resume after approval; block reviews need continue_run_block.
+  const isGraphExecution = !graphExecId.startsWith("copilot-session-");
+
+  const handleReviewComplete = useCallback(async () => {
+    // Brief delay for the server to propagate the approval
+    await new Promise((resolve) => setTimeout(resolve, 500));
+    const result = await refetch();
+    const remaining = okData(result.data) || [];
+
+    if (remaining.length > 0) return;
+
+    if (isGraphExecution) {
+      onSend(
+        `All pending reviews have been processed. ` +
+          `The agent execution will resume automatically for approved reviews. ` +
+          `Use view_agent_output with execution_id="${graphExecId}" to check the result.`,
+      );
+    } else {
+      onSend(
+        `All pending reviews have been processed. ` +
+          `For any approved reviews, call continue_run_block with the corresponding review_id to execute them. ` +
+          `For rejected reviews, no further action is needed.`,
+      );
+    }
+  }, [refetch, onSend, isGraphExecution, graphExecId]);
+
+  if (pendingReviews.length === 0) return null;
+
+  return (
+    <div className="py-2">
+      <PendingReviewsList
+        reviews={pendingReviews}
+        onReviewComplete={handleReviewComplete}
+      />
+    </div>
+  );
+}
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/MobileDrawer/MobileDrawer.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/MobileDrawer/MobileDrawer.tsx
@@ -3,8 +3,17 @@ import { Button } from "@/components/atoms/Button/Button";
 import { Text } from "@/components/atoms/Text/Text";
 import { scrollbarStyles } from "@/components/styles/scrollbars";
 import { cn } from "@/lib/utils";
-import { PlusIcon, SpinnerGapIcon, X } from "@phosphor-icons/react";
+import {
+  CheckCircle,
+  PlusIcon,
+  SpeakerHigh,
+  SpeakerSlash,
+  SpinnerGapIcon,
+  X,
+} from "@phosphor-icons/react";
 import { Drawer } from "vaul";
+import { useCopilotUIStore } from "../../store";
+import { PulseLoader } from "../PulseLoader/PulseLoader";

 interface Props {
  isOpen: boolean;
@@ -52,6 +61,13 @@ export function MobileDrawer({
  onClose,
  onOpenChange,
 }: Props) {
+  const {
+    completedSessionIDs,
+    clearCompletedSession,
+    isSoundEnabled,
+    toggleSound,
+  } = useCopilotUIStore();
+
  return (
    <Drawer.Root open={isOpen} onOpenChange={onOpenChange} direction="left">
      <Drawer.Portal>
@@ -62,14 +78,31 @@ export function MobileDrawer({
              <Drawer.Title className="text-lg font-semibold text-zinc-800">
                Your chats
              </Drawer.Title>
-              <Button
-                variant="icon"
-                size="icon"
-                aria-label="Close sessions"
-                onClick={onClose}
-              >
-                <X width="1rem" height="1rem" />
-              </Button>
+              <div className="flex items-center gap-1">
+                <button
+                  onClick={toggleSound}
+                  className="rounded p-1.5 text-zinc-400 transition-colors hover:text-zinc-600"
+                  aria-label={
+                    isSoundEnabled
+                      ? "Disable notification sound"
+                      : "Enable notification sound"
+                  }
+                >
+                  {isSoundEnabled ? (
+                    <SpeakerHigh className="h-4 w-4" />
+                  ) : (
+                    <SpeakerSlash className="h-4 w-4" />
+                  )}
+                </button>
+                <Button
+                  variant="icon"
+                  size="icon"
+                  aria-label="Close sessions"
+                  onClick={onClose}
+                >
+                  <X width="1rem" height="1rem" />
+                </Button>
+              </div>
            </div>
            {currentSessionId ? (
              <div className="mt-2">
@@ -103,7 +136,12 @@ export function MobileDrawer({
              sessions.map((session) => (
                <button
                  key={session.id}
-                  onClick={() => onSelectSession(session.id)}
+                  onClick={() => {
+                    onSelectSession(session.id);
+                    if (completedSessionIDs.has(session.id)) {
+                      clearCompletedSession(session.id);
+                    }
+                  }}
                  className={cn(
                    "w-full rounded-lg px-3 py-2.5 text-left transition-colors",
                    session.id === currentSessionId
@@ -112,7 +150,7 @@ export function MobileDrawer({
                  )}
                >
                  <div className="flex min-w-0 max-w-full flex-col overflow-hidden">
-                    <div className="min-w-0 max-w-full">
+                    <div className="flex min-w-0 max-w-full items-center gap-1.5">
                      <Text
                        variant="body"
                        className={cn(
@@ -124,6 +162,18 @@ export function MobileDrawer({
                      >
                        {session.title || "Untitled chat"}
                      </Text>
+                      {session.is_processing &&
+                        !completedSessionIDs.has(session.id) &&
+                        session.id !== currentSessionId && (
+                          <PulseLoader size={8} className="shrink-0" />
+                        )}
+                      {completedSessionIDs.has(session.id) &&
+                        session.id !== currentSessionId && (
+                          <CheckCircle
+                            className="h-4 w-4 shrink-0 text-green-500"
+                            weight="fill"
+                          />
+                        )}
                    </div>
                    <Text variant="small" className="text-neutral-400">
                      {formatDate(session.updated_at)}
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/NotificationBanner/NotificationBanner.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/NotificationBanner/NotificationBanner.tsx
@@ -0,0 +1,74 @@
+"use client";
+
+import { Button } from "@/components/atoms/Button/Button";
+import { Text } from "@/components/atoms/Text/Text";
+import { Key, storage } from "@/services/storage/local-storage";
+import { BellRinging, X } from "@phosphor-icons/react";
+import { useEffect, useState } from "react";
+import { useCopilotUIStore } from "../../store";
+
+export function NotificationBanner() {
+  const { setNotificationsEnabled, isNotificationsEnabled } =
+    useCopilotUIStore();
+
+  const [dismissed, setDismissed] = useState(
+    () => storage.get(Key.COPILOT_NOTIFICATION_BANNER_DISMISSED) === "true",
+  );
+  const [permission, setPermission] = useState(() =>
+    typeof Notification !== "undefined" ? Notification.permission : "denied",
+  );
+
+  // Re-read dismissed flag when notifications are toggled off (e.g. clearCopilotLocalData)
+  useEffect(() => {
+    if (!isNotificationsEnabled) {
+      setDismissed(
+        storage.get(Key.COPILOT_NOTIFICATION_BANNER_DISMISSED) === "true",
+      );
+    }
+  }, [isNotificationsEnabled]);
+
+  // Don't show if notifications aren't supported, already decided, dismissed, or already enabled
+  if (
+    typeof Notification === "undefined" ||
+    permission !== "default" ||
+    dismissed ||
+    isNotificationsEnabled
+  ) {
+    return null;
+  }
+
+  function handleEnable() {
+    Notification.requestPermission().then((result) => {
+      setPermission(result);
+      if (result === "granted") {
+        setNotificationsEnabled(true);
+        handleDismiss();
+      }
+    });
+  }
+
+  function handleDismiss() {
+    storage.set(Key.COPILOT_NOTIFICATION_BANNER_DISMISSED, "true");
+    setDismissed(true);
+  }
+
+  return (
+    <div className="flex items-center gap-3 border-b border-amber-200 bg-amber-50 px-4 py-2.5">
+      <BellRinging className="h-5 w-5 shrink-0 text-amber-600" weight="fill" />
+      <Text variant="body" className="flex-1 text-sm text-amber-800">
+        Enable browser notifications to know when Otto finishes working, even
+        when you switch tabs.
+      </Text>
+      <Button variant="primary" size="small" onClick={handleEnable}>
+        Enable
+      </Button>
+      <button
+        onClick={handleDismiss}
+        className="rounded p-1 text-amber-400 transition-colors hover:text-amber-600"
+        aria-label="Dismiss"
+      >
+        <X className="h-4 w-4" />
+      </button>
+    </div>
+  );
+}
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/NotificationDialog/NotificationDialog.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/NotificationDialog/NotificationDialog.tsx
@@ -0,0 +1,95 @@
+"use client";
+
+import { Button } from "@/components/atoms/Button/Button";
+import { Text } from "@/components/atoms/Text/Text";
+import { Dialog } from "@/components/molecules/Dialog/Dialog";
+import { Key, storage } from "@/services/storage/local-storage";
+import { BellRinging } from "@phosphor-icons/react";
+import { useEffect, useState } from "react";
+import { useCopilotUIStore } from "../../store";
+
+export function NotificationDialog() {
+  const {
+    showNotificationDialog,
+    setShowNotificationDialog,
+    setNotificationsEnabled,
+    isNotificationsEnabled,
+  } = useCopilotUIStore();
+
+  const [dismissed, setDismissed] = useState(
+    () => storage.get(Key.COPILOT_NOTIFICATION_DIALOG_DISMISSED) === "true",
+  );
+  const [permission, setPermission] = useState(() =>
+    typeof Notification !== "undefined" ? Notification.permission : "denied",
+  );
+
+  // Re-read dismissed flag when notifications are toggled off (e.g. clearCopilotLocalData)
+  useEffect(() => {
+    if (!isNotificationsEnabled) {
+      setDismissed(
+        storage.get(Key.COPILOT_NOTIFICATION_DIALOG_DISMISSED) === "true",
+      );
+    }
+  }, [isNotificationsEnabled]);
+
+  const shouldShowAuto =
+    typeof Notification !== "undefined" &&
+    permission === "default" &&
+    !dismissed;
+
+  const isOpen = showNotificationDialog || shouldShowAuto;
+
+  function handleEnable() {
+    if (typeof Notification === "undefined") {
+      handleDismiss();
+      return;
+    }
+    Notification.requestPermission().then((result) => {
+      setPermission(result);
+      if (result === "granted") {
+        setNotificationsEnabled(true);
+        handleDismiss();
+      }
+    });
+  }
+
+  function handleDismiss() {
+    storage.set(Key.COPILOT_NOTIFICATION_DIALOG_DISMISSED, "true");
+    setDismissed(true);
+    setShowNotificationDialog(false);
+  }
+
+  return (
+    <Dialog
+      title="Stay in the loop"
+      styling={{ maxWidth: "28rem", minWidth: "auto" }}
+      controlled={{
+        isOpen,
+        set: async (open) => {
+          if (!open) handleDismiss();
+        },
+      }}
+      onClose={handleDismiss}
+    >
+      <Dialog.Content>
+        <div className="flex flex-col items-center gap-4 py-2">
+          <div className="flex h-12 w-12 items-center justify-center rounded-full bg-violet-100">
+            <BellRinging className="h-6 w-6 text-violet-600" weight="fill" />
+          </div>
+          <Text variant="body" className="text-center text-neutral-600">
+            Otto can notify you when a response is ready, even if you switch
+            tabs or close this page. Enable notifications so you never miss one.
+          </Text>
+        </div>
+        <Dialog.Footer>
+          <Button variant="secondary" onClick={handleDismiss}>
+            Not now
+          </Button>
+          <Button variant="primary" onClick={handleEnable}>
+            Enable notifications
+          </Button>
+        </Dialog.Footer>
+      </Dialog.Content>
+    </Dialog>
+  );
+}
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/components/PulseLoader/PulseLoader.module.css
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/components/PulseLoader/PulseLoader.module.css
@@ -15,6 +15,8 @@
  position: absolute;
  left: 0;
  top: 0;
+  transform: scale(0);
+  opacity: 0;
  animation: ripple 2s linear infinite;
 }

@@ -25,7 +27,10 @@
@keyframes ripple {
  0% {
    transform: scale(0);
-    opacity: 1;
+    opacity: 0.6;
+  }
+  50% {
+    opacity: 0.3;
  }
  100% {
    transform: scale(1);
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/store.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/store.ts
@@ -1,3 +1,4 @@
+import { Key, storage } from "@/services/storage/local-storage";
 import { create } from "zustand";

 export interface DeleteTarget {
@@ -6,17 +7,89 @@ export interface DeleteTarget {
 }

 interface CopilotUIState {
+  /** Prompt extracted from URL hash (e.g. /copilot#prompt=...) for input prefill. */
+  initialPrompt: string | null;
+  setInitialPrompt: (prompt: string | null) => void;
+
  sessionToDelete: DeleteTarget | null;
  setSessionToDelete: (target: DeleteTarget | null) => void;

  isDrawerOpen: boolean;
  setDrawerOpen: (open: boolean) => void;
+
+  completedSessionIDs: Set<string>;
+  addCompletedSession: (id: string) => void;
+  clearCompletedSession: (id: string) => void;
+  clearAllCompletedSessions: () => void;
+
+  isNotificationsEnabled: boolean;
+  setNotificationsEnabled: (enabled: boolean) => void;
+
+  isSoundEnabled: boolean;
+  toggleSound: () => void;
+
+  showNotificationDialog: boolean;
+  setShowNotificationDialog: (show: boolean) => void;
+
+  clearCopilotLocalData: () => void;
 }

 export const useCopilotUIStore = create<CopilotUIState>((set) => ({
+  initialPrompt: null,
+  setInitialPrompt: (prompt) => set({ initialPrompt: prompt }),
+
  sessionToDelete: null,
  setSessionToDelete: (target) => set({ sessionToDelete: target }),

  isDrawerOpen: false,
  setDrawerOpen: (open) => set({ isDrawerOpen: open }),
+
+  completedSessionIDs: new Set<string>(),
+  addCompletedSession: (id) =>
+    set((state) => {
+      const next = new Set(state.completedSessionIDs);
+      next.add(id);
+      return { completedSessionIDs: next };
+    }),
+  clearCompletedSession: (id) =>
+    set((state) => {
+      const next = new Set(state.completedSessionIDs);
+      next.delete(id);
+      return { completedSessionIDs: next };
+    }),
+  clearAllCompletedSessions: () =>
+    set({ completedSessionIDs: new Set<string>() }),
+
+  isNotificationsEnabled:
+    storage.get(Key.COPILOT_NOTIFICATIONS_ENABLED) === "true" &&
+    typeof Notification !== "undefined" &&
+    Notification.permission === "granted",
+  setNotificationsEnabled: (enabled) => {
+    storage.set(Key.COPILOT_NOTIFICATIONS_ENABLED, String(enabled));
+    set({ isNotificationsEnabled: enabled });
+  },
+
+  isSoundEnabled: storage.get(Key.COPILOT_SOUND_ENABLED) !== "false",
+  toggleSound: () =>
+    set((state) => {
+      const next = !state.isSoundEnabled;
+      storage.set(Key.COPILOT_SOUND_ENABLED, String(next));
+      return { isSoundEnabled: next };
+    }),
+
+  showNotificationDialog: false,
+  setShowNotificationDialog: (show) => set({ showNotificationDialog: show }),
+
+  clearCopilotLocalData: () => {
+    storage.clean(Key.COPILOT_NOTIFICATIONS_ENABLED);
+    storage.clean(Key.COPILOT_SOUND_ENABLED);
+    storage.clean(Key.COPILOT_NOTIFICATION_BANNER_DISMISSED);
+    storage.clean(Key.COPILOT_NOTIFICATION_DIALOG_DISMISSED);
+    set({
+      completedSessionIDs: new Set<string>(),
+      isNotificationsEnabled: false,
+      isSoundEnabled: true,
+    });
+    document.title = "AutoGPT";
+  },
 }));
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/RunBlock.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/RunBlock.tsx
@@ -15,6 +15,7 @@ import {
  isRunBlockBlockOutput,
  isRunBlockDetailsOutput,
  isRunBlockErrorOutput,
+  isRunBlockReviewRequiredOutput,
  isRunBlockSetupRequirementsOutput,
  ToolIcon,
 } from "./helpers";
@@ -54,10 +55,15 @@ export function RunBlockTool({ part }: Props) {
    part.state === "output-available" &&
    !!output &&
    !setupRequirementsOutput &&
+    !isRunBlockReviewRequiredOutput(output) &&
    (isRunBlockBlockOutput(output) ||
      isRunBlockDetailsOutput(output) ||
      isRunBlockErrorOutput(output));

+  // Review UI is rendered at the chat level by CopilotPendingReviews,
+  // not inside each tool card. This matches the non-copilot flow where
+  // a single PendingReviewsList shows all reviews grouped together.
+
  return (
    <div className="py-2">
      <div className="flex items-center gap-2 text-sm text-muted-foreground">
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/helpers.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunBlock/helpers.tsx
@@ -26,6 +26,18 @@ export interface BlockDetailsResponse {
  user_authenticated: boolean;
 }

+/** Response when a block requires human review before execution. */
+export interface ReviewRequiredResponse {
+  type: typeof ResponseType.review_required;
+  message: string;
+  session_id?: string | null;
+  block_id: string;
+  block_name: string;
+  review_id: string;
+  graph_exec_id: string;
+  input_data: Record<string, unknown>;
+}
+
 export interface RunBlockInput {
  block_id?: string;
  block_name?: string;
@@ -36,12 +48,14 @@ export type RunBlockToolOutput =
  | SetupRequirementsResponse
  | BlockDetailsResponse
  | BlockOutputResponse
+  | ReviewRequiredResponse
  | ErrorResponse;

 const RUN_BLOCK_OUTPUT_TYPES = new Set<string>([
  ResponseType.setup_requirements,
  ResponseType.block_details,
  ResponseType.block_output,
+  ResponseType.review_required,
  ResponseType.error,
 ]);

@@ -66,7 +80,19 @@ export function isRunBlockDetailsOutput(
 export function isRunBlockBlockOutput(
  output: RunBlockToolOutput,
 ): output is BlockOutputResponse {
-  return output.type === ResponseType.block_output || "block_id" in output;
+  return (
+    output.type === ResponseType.block_output ||
+    ("block_id" in output && !("review_id" in output))
+  );
+}
+
+export function isRunBlockReviewRequiredOutput(
+  output: RunBlockToolOutput,
+): output is ReviewRequiredResponse {
+  return (
+    output.type === ResponseType.review_required ||
+    ("review_id" in output && "block_name" in output && "input_data" in output)
+  );
 }

 export function isRunBlockErrorOutput(
@@ -91,6 +117,7 @@ function parseOutput(output: unknown): RunBlockToolOutput | null {
    if (typeof type === "string" && RUN_BLOCK_OUTPUT_TYPES.has(type)) {
      return output as RunBlockToolOutput;
    }
+    if ("review_id" in output) return output as ReviewRequiredResponse;
    if ("block_id" in output) return output as BlockOutputResponse;
    if ("block" in output) return output as BlockDetailsResponse;
    if ("setup_info" in output) return output as SetupRequirementsResponse;
@@ -135,6 +162,9 @@ export function getAnimationText(part: {
      if (isRunBlockSetupRequirementsOutput(output)) {
        return `Setup needed for "${output.setup_info.agent_name}"`;
      }
+      if (isRunBlockReviewRequiredOutput(output)) {
+        return `Review needed for "${output.block_name}"`;
+      }
      return "Error running block";
    }
    case "output-error":
@@ -227,6 +257,14 @@ export function getAccordionMeta(output: RunBlockToolOutput): {
    };
  }

+  if (isRunBlockReviewRequiredOutput(output)) {
+    return {
+      icon,
+      title: output.block_name,
+      description: "Sensitive action — awaiting review",
+    };
+  }
+
  return {
    icon: (
      <WarningDiamondIcon size={32} weight="light" className="text-red-500" />
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunMCPTool/tests/helpers.test.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunMCPTool/tests/helpers.test.tsx
@@ -235,8 +235,8 @@ describe("getAnimationText", () => {
      state: "input-streaming",
      ...BASE,
    });
-    expect(text).toContain("Discovering");
-    expect(text).toContain("mcp.example.com");
+    expect(text).toContain("Connecting");
+    expect(text).toContain("example.com");
  });

  it("shows tool call text when tool_name is set", () => {
@@ -245,7 +245,7 @@ describe("getAnimationText", () => {
      input: { server_url: "https://mcp.example.com/mcp", tool_name: "fetch" },
    });
    expect(text).toContain("fetch");
-    expect(text).toContain("mcp.example.com");
+    expect(text).toContain("example.com");
  });

  it("includes query argument preview when tool_arguments has a query key", () => {
@@ -282,7 +282,7 @@ describe("getAnimationText", () => {
        tool_arguments: {},
      },
    });
-    expect(text).toBe("Calling list_users on mcp.example.com");
+    expect(text).toBe("Calling list_users on example.com");
  });

  it("truncates long argument previews to 60 chars with ellipsis", () => {
@@ -327,8 +327,8 @@ describe("getAnimationText", () => {
      output: DISCOVERY,
      input: { server_url: "https://mcp.example.com/mcp" },
    });
-    expect(text).toContain("Discovered");
-    expect(text).toContain("1");
+    expect(text).toContain("Connected");
+    expect(text).toContain("example.com");
  });

  it("shows setup label on output-available for setup requirements", () => {
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunMCPTool/components/MCPSetupCard/MCPSetupCard.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunMCPTool/components/MCPSetupCard/MCPSetupCard.tsx
@@ -12,8 +12,6 @@ import { CredentialsProvidersContext } from "@/providers/agent-credentials/crede
 import { useContext, useEffect, useRef, useState } from "react";
 import { useCopilotChatActions } from "../../../../components/CopilotChatActionsProvider/useCopilotChatActions";
 import { ContentMessage } from "../../../../components/ToolAccordion/AccordionContent";
-import { serverHost } from "../../helpers";
-
 interface Props {
  output: SetupRequirementsResponse;
  /**
@@ -38,7 +36,8 @@ export function MCPSetupCard({ output, retryInstruction }: Props) {

  // setup_info.agent_id is set to the server_url in the backend
  const serverUrl = output.setup_info.agent_id;
-  const host = serverHost(serverUrl);
+  // agent_name is computed by the backend as the display name for the service
+  const service = output.setup_info.agent_name;

  const [loading, setLoading] = useState(false);
  const [error, setError] = useState<string | null>(null);
@@ -95,10 +94,7 @@ export function MCPSetupCard({ output, retryInstruction }: Props) {
      }

      setConnected(true);
-      onSend(
-        retryInstruction ??
-          "I've connected the MCP server credentials. Please retry.",
-      );
+      onSend(retryInstruction ?? "I've connected. Please retry.");
    } catch (e: unknown) {
      const err = e as Record<string, unknown>;
      if (err?.status === 400) {
@@ -137,10 +133,7 @@ export function MCPSetupCard({ output, retryInstruction }: Props) {
      if (!(res.status >= 200 && res.status < 300))
        throw new Error("Failed to store token");
      setConnected(true);
-      onSend(
-        retryInstruction ??
-          "I've connected the MCP server credentials. Please retry.",
-      );
+      onSend(retryInstruction ?? "I've connected. Please retry.");
    } catch (e: unknown) {
      const err = e as Record<string, unknown>;
      setError(
@@ -155,7 +148,7 @@ export function MCPSetupCard({ output, retryInstruction }: Props) {
  if (connected) {
    return (
      <div className="mt-2 rounded-lg border border-green-200 bg-green-50 px-3 py-2 text-sm text-green-700">
-        Connected to {host}!
+        Connected to {service}!
      </div>
    );
  }
@@ -171,7 +164,7 @@ export function MCPSetupCard({ output, retryInstruction }: Props) {
          onClick={handleConnect}
          disabled={loading}
        >
-          {loading ? "Connecting…" : `Connect to ${host}`}
+          {loading ? "Connecting…" : `Connect ${service}`}
        </Button>

        {error && (
@@ -184,7 +177,7 @@ export function MCPSetupCard({ output, retryInstruction }: Props) {
          <div className="mt-3 flex gap-2">
            <input
              type="password"
-              aria-label={`API token for ${host}`}
+              aria-label={`API token for ${service}`}
              placeholder="Paste API token"
              value={manualToken}
              onChange={(e) => setManualToken(e.target.value)}
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunMCPTool/components/MCPSetupCard/tests/MCPSetupCard.test.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunMCPTool/components/MCPSetupCard/tests/MCPSetupCard.test.tsx
@@ -32,11 +32,11 @@ vi.mock("@/app/api/__generated__/endpoints/mcp/mcp", () => ({
 function makeSetupOutput(serverUrl = "https://mcp.example.com/mcp") {
  return {
    type: "setup_requirements" as const,
-    message: "The MCP server at mcp.example.com requires authentication.",
+    message: "To continue, sign in to example.com and approve access.",
    session_id: "test-session",
    setup_info: {
      agent_id: serverUrl,
-      agent_name: "MCP: mcp.example.com",
+      agent_name: "example.com",
      user_readiness: {
        has_all_credentials: false,
        missing_credentials: {},
@@ -58,9 +58,9 @@ describe("MCPSetupCard", () => {

  it("renders setup message and connect button", () => {
    render(<MCPSetupCard output={makeSetupOutput()} />);
-    expect(screen.getByText(/requires authentication/)).toBeDefined();
+    expect(screen.getByText(/sign in to example\.com/i)).toBeDefined();
    expect(
-      screen.getByRole("button", { name: /connect to mcp.example.com/i }),
+      screen.getByRole("button", { name: /connect example\.com/i }),
    ).toBeDefined();
  });

@@ -76,7 +76,7 @@ describe("MCPSetupCard", () => {

    render(<MCPSetupCard output={makeSetupOutput()} />);
    fireEvent.click(
-      screen.getByRole("button", { name: /connect to mcp.example.com/i }),
+      screen.getByRole("button", { name: /connect example\.com/i }),
    );

    await waitFor(() => {
@@ -100,7 +100,7 @@ describe("MCPSetupCard", () => {

    render(<MCPSetupCard output={makeSetupOutput()} />);
    fireEvent.click(
-      screen.getByRole("button", { name: /connect to mcp.example.com/i }),
+      screen.getByRole("button", { name: /connect example\.com/i }),
    );

    await waitFor(() => {
@@ -127,7 +127,7 @@ describe("MCPSetupCard", () => {
    fireEvent.click(screen.getByRole("button", { name: /use token/i }));

    await waitFor(() => {
-      expect(screen.getByText(/connected to mcp.example.com/i)).toBeDefined();
+      expect(screen.getByText(/connected to example\.com/i)).toBeDefined();
    });
  });
 });
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunMCPTool/helpers.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/tools/RunMCPTool/helpers.tsx
@@ -125,6 +125,11 @@ export function serverHost(url: string): string {
  }
 }

+/** Strip the 'mcp.' prefix from an MCP hostname: 'mcp.sentry.dev' → 'sentry.dev' */
+export function serviceNameFromHost(host: string): string {
+  return host.startsWith("mcp.") ? host.slice(4) : host;
+}
+
 /**
 * Return a short preview of the most meaningful argument value, e.g. `"my query"`.
 * Checks common "query" key names first, then falls back to the first string value.
@@ -174,28 +179,30 @@ export function getAnimationText(part: {
  const host = input?.server_url ? serverHost(input.server_url) : "";
  const toolName = input?.tool_name?.trim();

+  const service = host ? serviceNameFromHost(host) : "";
+
  switch (part.state) {
    case "input-streaming":
    case "input-available": {
-      if (!toolName) return `Discovering MCP tools${host ? ` on ${host}` : ""}`;
+      if (!toolName) return `Connecting to ${service || "integration"}…`;
      const argPreview = getArgPreview(input?.tool_arguments);
-      return `Calling ${toolName}${argPreview ? `(${argPreview})` : ""}${host ? ` on ${host}` : ""}`;
+      return `Calling ${toolName}${argPreview ? `(${argPreview})` : ""}${service ? ` on ${service}` : ""}`;
    }
    case "output-available": {
      const output = getRunMCPToolOutput(part);
-      if (!output) return "Connecting to MCP server";
+      if (!output) return "Connecting…";
      if (isSetupRequirementsOutput(output))
-        return `Connect to ${output.setup_info.agent_name}`;
+        return `Connect ${output.setup_info.agent_name}`;
      if (isMCPToolOutput(output))
-        return `Ran ${output.tool_name}${host ? ` on ${host}` : ""}`;
+        return `Ran ${output.tool_name}${service ? ` on ${service}` : ""}`;
      if (isDiscoveryOutput(output))
-        return `Discovered ${output.tools.length} tool(s) on ${serverHost(output.server_url)}`;
-      return "MCP error";
+        return `Connected to ${serviceNameFromHost(serverHost(output.server_url))}`;
+      return "Connection error";
    }
    case "output-error":
-      return "MCP error";
+      return "Connection error";
    default:
-      return "Connecting to MCP server";
+      return "Connecting…";
  }
 }

--- a/autogpt_platform/frontend/src/app/(platform)/copilot/useCopilotNotifications.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/useCopilotNotifications.ts
@@ -0,0 +1,118 @@
+import { useBackendAPI } from "@/lib/autogpt-server-api/context";
+import type { WebSocketNotification } from "@/lib/autogpt-server-api/types";
+import { useEffect, useRef } from "react";
+import { useCopilotUIStore } from "./store";
+
+const ORIGINAL_TITLE = "AutoGPT";
+const NOTIFICATION_SOUND_PATH = "/sounds/notification.mp3";
+
+/**
+ * Listens for copilot completion notifications via WebSocket.
+ * Updates the Zustand store, plays a sound, and updates document.title.
+ */
+export function useCopilotNotifications(activeSessionID: string | null) {
+  const api = useBackendAPI();
+  const audioRef = useRef<HTMLAudioElement | null>(null);
+  const activeSessionRef = useRef(activeSessionID);
+  activeSessionRef.current = activeSessionID;
+  const windowFocusedRef = useRef(true);
+
+  // Pre-load audio element
+  useEffect(() => {
+    if (typeof window === "undefined") return;
+    const audio = new Audio(NOTIFICATION_SOUND_PATH);
+    audio.volume = 0.5;
+    audioRef.current = audio;
+  }, []);
+
+  // Listen for WebSocket notifications
+  useEffect(() => {
+    function handleNotification(notification: WebSocketNotification) {
+      if (notification.type !== "copilot_completion") return;
+      if (notification.event !== "session_completed") return;
+
+      const sessionID = (notification as Record<string, unknown>).session_id;
+      if (typeof sessionID !== "string") return;
+
+      const state = useCopilotUIStore.getState();
+
+      const isActiveSession = sessionID === activeSessionRef.current;
+      const isUserAway =
+        document.visibilityState === "hidden" || !windowFocusedRef.current;
+
+      // Skip if viewing the active session and it's in focus
+      if (isActiveSession && !isUserAway) return;
+
+      // Skip if we already notified for this session (e.g. WS replay)
+      if (state.completedSessionIDs.has(sessionID)) return;
+
+      // Always update UI state (checkmark + title) regardless of notification setting
+      state.addCompletedSession(sessionID);
+      const count = useCopilotUIStore.getState().completedSessionIDs.size;
+      document.title = `(${count}) Otto is ready - ${ORIGINAL_TITLE}`;
+
+      // Sound and browser notifications are gated by the user setting
+      if (!state.isNotificationsEnabled) return;
+
+      if (state.isSoundEnabled && audioRef.current) {
+        audioRef.current.currentTime = 0;
+        audioRef.current.play().catch(() => {});
+      }
+
+      // Send browser notification when user is away
+      if (
+        typeof Notification !== "undefined" &&
+        Notification.permission === "granted" &&
+        isUserAway
+      ) {
+        const n = new Notification("Otto is ready", {
+          body: "A response is waiting for you.",
+          icon: "/favicon.ico",
+        });
+        n.onclick = () => {
+          window.focus();
+          const url = new URL(window.location.href);
+          url.searchParams.set("sessionId", sessionID);
+          window.history.pushState({}, "", url.toString());
+          window.dispatchEvent(new PopStateEvent("popstate"));
+          n.close();
+        };
+      }
+    }
+
+    const detach = api.onWebSocketMessage("notification", handleNotification);
+    return () => {
+      detach();
+    };
+  }, [api]);
+
+  // Track window focus for browser notifications when app is in background
+  useEffect(() => {
+    function handleFocus() {
+      windowFocusedRef.current = true;
+      if (useCopilotUIStore.getState().completedSessionIDs.size === 0) {
+        document.title = ORIGINAL_TITLE;
+      }
+    }
+    function handleBlur() {
+      windowFocusedRef.current = false;
+    }
+    function handleVisibilityChange() {
+      if (
+        document.visibilityState === "visible" &&
+        useCopilotUIStore.getState().completedSessionIDs.size === 0
+      ) {
+        document.title = ORIGINAL_TITLE;
+      }
+    }
+
+    window.addEventListener("focus", handleFocus);
+    window.addEventListener("blur", handleBlur);
+    document.addEventListener("visibilitychange", handleVisibilityChange);
+    return () => {
+      window.removeEventListener("focus", handleFocus);
+      window.removeEventListener("blur", handleBlur);
+      document.removeEventListener("visibilitychange", handleVisibilityChange);
+    };
+  }, []);
+}
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/useCopilotPage.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/useCopilotPage.ts
@@ -13,11 +13,48 @@ import type { FileUIPart } from "ai";
 import { useEffect, useRef, useState } from "react";
 import { useCopilotUIStore } from "./store";
 import { useChatSession } from "./useChatSession";
+import { useCopilotNotifications } from "./useCopilotNotifications";
 import { useCopilotStream } from "./useCopilotStream";

 const TITLE_POLL_INTERVAL_MS = 2_000;
 const TITLE_POLL_MAX_ATTEMPTS = 5;

+/**
+ * Extract a prompt from the URL hash fragment.
+ * Supports: /copilot#prompt=URL-encoded-text
+ * Optionally auto-submits if ?autosubmit=true is in the query string.
+ * Returns null if no prompt is present.
+ */
+function extractPromptFromUrl(): {
+  prompt: string;
+  autosubmit: boolean;
+} | null {
+  if (typeof window === "undefined") return null;
+
+  const hash = window.location.hash;
+  if (!hash) return null;
+
+  const hashParams = new URLSearchParams(hash.slice(1));
+  const prompt = hashParams.get("prompt");
+
+  if (!prompt || !prompt.trim()) return null;
+
+  const searchParams = new URLSearchParams(window.location.search);
+  const autosubmit = searchParams.get("autosubmit") === "true";
+
+  // Clean up hash + autosubmit param only (preserve other query params)
+  const cleanURL = new URL(window.location.href);
+  cleanURL.hash = "";
+  cleanURL.searchParams.delete("autosubmit");
+  window.history.replaceState(
+    null,
+    "",
+    `${cleanURL.pathname}${cleanURL.search}`,
+  );
+
+  return { prompt: prompt.trim(), autosubmit };
+}
+
 interface UploadedFile {
  file_id: string;
  name: string;
@@ -60,6 +97,8 @@ export function useCopilotPage() {
    refetchSession,
  });

+  useCopilotNotifications(sessionId);
+
  // --- Delete session ---
  const { mutate: deleteSessionMutation, isPending: isDeleting } =
    useDeleteV2DeleteSession({
@@ -124,6 +163,28 @@ export function useCopilotPage() {
    }
  }, [sessionId, pendingMessage, sendMessage]);

+  // --- Extract prompt from URL hash on mount (e.g. /copilot#prompt=Hello) ---
+  const { setInitialPrompt } = useCopilotUIStore();
+  const hasProcessedUrlPrompt = useRef(false);
+  useEffect(() => {
+    if (hasProcessedUrlPrompt.current) return;
+
+    const urlPrompt = extractPromptFromUrl();
+    if (!urlPrompt) return;
+
+    hasProcessedUrlPrompt.current = true;
+
+    if (urlPrompt.autosubmit) {
+      setPendingMessage(urlPrompt.prompt);
+      void createSession().catch(() => {
+        setPendingMessage(null);
+        setInitialPrompt(urlPrompt.prompt);
+      });
+    } else {
+      setInitialPrompt(urlPrompt.prompt);
+    }
+  }, [createSession, setInitialPrompt]);
+
  async function uploadFiles(
    files: File[],
    sid: string,
--- a/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/NewAgentLibraryView.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/NewAgentLibraryView.tsx
@@ -44,6 +44,7 @@ export function NewAgentLibraryView() {
    handleSelectRun,
    handleCountsChange,
    handleClearSelectedRun,
+    handleScheduleDeleted,
    onRunInitiated,
    onTriggerSetup,
    onScheduleCreated,
@@ -196,6 +197,7 @@ export function NewAgentLibraryView() {
            selectedRunId={activeItem ?? undefined}
            onSelectRun={handleSelectRun}
            onClearSelectedRun={handleClearSelectedRun}
+            onScheduleDeleted={handleScheduleDeleted}
            onTabChange={setActiveTab}
            onCountsChange={handleCountsChange}
          />
@@ -206,7 +208,7 @@ export function NewAgentLibraryView() {
            <SelectedScheduleView
              agent={agent}
              scheduleId={activeItem}
-              onClearSelectedRun={handleClearSelectedRun}
+              onScheduleDeleted={handleScheduleDeleted}
              banner={renderMarketplaceUpdateBanner()}
            />
          ) : activeTab === "templates" ? (
--- a/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/modals/ScheduleAgentModal/components/CronScheduler/CronScheduler.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/modals/ScheduleAgentModal/components/CronScheduler/CronScheduler.tsx
@@ -260,7 +260,7 @@ export function CronScheduler({
      )}

      {frequency !== "hourly" &&
-        !(frequency === "custom" && customInterval.unit === "hours") && (
+        !(frequency === "custom" && customInterval.unit !== "days") && (
          <TimeAt
            value={selectedTime}
            onChange={setSelectedTime}
--- a/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/selected-views/SelectedScheduleView/SelectedScheduleView.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/selected-views/SelectedScheduleView/SelectedScheduleView.tsx
@@ -19,14 +19,14 @@ import { useSelectedScheduleView } from "./useSelectedScheduleView";
 interface Props {
  agent: LibraryAgent;
  scheduleId: string;
-  onClearSelectedRun?: () => void;
+  onScheduleDeleted?: (deletedScheduleId: string) => void;
  banner?: React.ReactNode;
 }

 export function SelectedScheduleView({
  agent,
  scheduleId,
-  onClearSelectedRun,
+  onScheduleDeleted,
  banner,
 }: Props) {
  const { schedule, isLoading, error } = useSelectedScheduleView(
@@ -89,7 +89,7 @@ export function SelectedScheduleView({
                  <SelectedScheduleActions
                    agent={agent}
                    scheduleId={schedule.id}
-                    onDeleted={onClearSelectedRun}
+                    onDeleted={() => onScheduleDeleted?.(schedule.id)}
                  />
                </div>
              ) : null}
@@ -168,7 +168,7 @@ export function SelectedScheduleView({
          <SelectedScheduleActions
            agent={agent}
            scheduleId={schedule.id}
-            onDeleted={onClearSelectedRun}
+            onDeleted={() => onScheduleDeleted?.(schedule.id)}
          />
        </div>
      ) : null}
--- a/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/selected-views/SelectedScheduleView/components/SelectedScheduleActions/useSelectedScheduleActions.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/selected-views/SelectedScheduleView/components/SelectedScheduleActions/useSelectedScheduleActions.ts
@@ -28,13 +28,15 @@ export function useSelectedScheduleActions({
    mutation: {
      onSuccess: () => {
        toast({ title: "Schedule deleted" });
+        setShowDeleteDialog(false);
+
+        onDeleted?.();
+
        queryClient.invalidateQueries({
          queryKey: getGetV1ListExecutionSchedulesForAGraphQueryOptions(
            agent.graph_id,
          ).queryKey,
        });
-        setShowDeleteDialog(false);
-        onDeleted?.();
      },
      onError: (error: unknown) =>
        toast({
--- a/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/sidebar/SidebarRunsList/SidebarRunsList.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/sidebar/SidebarRunsList/SidebarRunsList.tsx
@@ -28,6 +28,7 @@ interface Props {
    tab?: "runs" | "scheduled" | "templates" | "triggers",
  ) => void;
  onClearSelectedRun?: () => void;
+  onScheduleDeleted?: (deletedScheduleId: string) => void;
  onTabChange?: (tab: "runs" | "scheduled" | "templates" | "triggers") => void;
  onCountsChange?: (info: {
    runsCount: number;
@@ -43,6 +44,7 @@ export function SidebarRunsList({
  selectedRunId,
  onSelectRun,
  onClearSelectedRun,
+  onScheduleDeleted,
  onTabChange,
  onCountsChange,
 }: Props) {
@@ -183,6 +185,7 @@ export function SidebarRunsList({
                    agent={agent}
                    selected={selectedRunId === s.id}
                    onClick={() => onSelectRun(s.id, "scheduled")}
+                    onDeleted={() => onScheduleDeleted?.(s.id)}
                  />
                </div>
              ))
--- a/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/sidebar/SidebarRunsList/components/ScheduleActionsDropdown.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/sidebar/SidebarRunsList/components/ScheduleActionsDropdown.tsx
@@ -39,15 +39,15 @@ export function ScheduleActionsDropdown({ agent, schedule, onDeleted }: Props) {
      await deleteSchedule({ scheduleId: schedule.id });

      toast({ title: "Schedule deleted" });
+      setShowDeleteDialog(false);
+
+      onDeleted?.();

      queryClient.invalidateQueries({
        queryKey: getGetV1ListExecutionSchedulesForAGraphQueryOptions(
          agent.graph_id,
        ).queryKey,
      });
-
-      setShowDeleteDialog(false);
-      onDeleted?.();
    } catch (error: unknown) {
      toast({
        title: "Failed to delete schedule",
--- a/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/hooks/useMarketplaceUpdate.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/hooks/useMarketplaceUpdate.ts
@@ -47,7 +47,7 @@ export function useMarketplaceUpdate({ agent }: UseMarketplaceUpdateProps) {
      {
        query: {
          // Only fetch if user is the creator
-          enabled: !!(user?.id && agent?.owner_user_id === user.id),
+          enabled: !!(user?.id && agent?.can_access_graph),
        },
      },
    );
@@ -90,7 +90,7 @@ export function useMarketplaceUpdate({ agent }: UseMarketplaceUpdateProps) {
      };
    }

-    const isUserCreator = agent?.owner_user_id === user?.id;
+    const isUserCreator = !!(agent?.can_access_graph && user?.id);

    const submissionsResponse = okData(submissionsData) as any;
    const agentSubmissions =
--- a/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/useNewAgentLibraryView.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/useNewAgentLibraryView.ts
@@ -1,5 +1,6 @@
 import { useGetV2GetLibraryAgent } from "@/app/api/__generated__/endpoints/library/library";
 import { useGetV2GetASpecificPreset } from "@/app/api/__generated__/endpoints/presets/presets";
+import { useGetV1ListExecutionSchedulesForAGraph } from "@/app/api/__generated__/endpoints/schedules/schedules";
 import { GraphExecutionJobInfo } from "@/app/api/__generated__/models/graphExecutionJobInfo";
 import { GraphExecutionMeta } from "@/app/api/__generated__/models/graphExecutionMeta";
 import { LibraryAgentPreset } from "@/app/api/__generated__/models/libraryAgentPreset";
@@ -122,6 +123,37 @@ export function useNewAgentLibraryView() {
    });
  }

+  const { data: schedules } = useGetV1ListExecutionSchedulesForAGraph(
+    agent?.graph_id || "",
+    {
+      query: {
+        enabled: !!agent?.graph_id,
+        select: okData,
+      },
+    },
+  );
+
+  function handleScheduleDeleted(deletedScheduleId: string) {
+    if (activeItem !== deletedScheduleId) {
+      return;
+    }
+
+    if (!schedules) {
+      handleClearSelectedRun();
+      return;
+    }
+
+    const remainingSchedules = schedules.filter(
+      (s) => s.id !== deletedScheduleId,
+    );
+
+    if (remainingSchedules.length > 0) {
+      handleSelectRun(remainingSchedules[0].id, "scheduled");
+    } else {
+      handleClearSelectedRun();
+    }
+  }
+
  function handleSetActiveTab(
    tab: "runs" | "scheduled" | "templates" | "triggers",
  ) {
@@ -205,6 +237,7 @@ export function useNewAgentLibraryView() {
    activeTab,
    setActiveTab: handleSetActiveTab,
    handleClearSelectedRun,
+    handleScheduleDeleted,
    handleCountsChange,
    handleSelectRun,
    handleSelectSettings,
--- a/autogpt_platform/frontend/src/app/(platform)/reset-password/page.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/reset-password/page.tsx
@@ -42,6 +42,14 @@ function ResetPasswordContent() {

      if (isExpiredOrUsed) {
        setShowExpiredMessage(true);
+        // Also show a toast with the Supabase error detail for debugging
+        if (errorDescription) {
+          toast({
+            title: "Link Expired",
+            description: errorDescription,
+            variant: "destructive",
+          });
+        }
      } else {
        // Show toast for other errors
        const errorMessage =
--- a/autogpt_platform/frontend/src/app/api/generated/models/responseType.ts
+++ b/autogpt_platform/frontend/src/app/api/generated/models/responseType.ts
@@ -1,60 +0,0 @@
-/**
- * Generated by orval v7.13.0 🍺
- * Do not edit manually.
- * AutoGPT Agent Server
- * This server is used to execute agents that are created by the AutoGPT system.
- * OpenAPI spec version: 0.1
- */
-
-/**
- * Types of tool responses.
- */
-export type ResponseType = typeof ResponseType[keyof typeof ResponseType];
-
-
-// eslint-disable-next-line @typescript-eslint/no-redeclare
-export const ResponseType = {
-  error: 'error',
-  no_results: 'no_results',
-  need_login: 'need_login',
-  agents_found: 'agents_found',
-  agent_details: 'agent_details',
-  setup_requirements: 'setup_requirements',
-  input_validation_error: 'input_validation_error',
-  execution_started: 'execution_started',
-  agent_output: 'agent_output',
-  understanding_updated: 'understanding_updated',
-  suggested_goal: 'suggested_goal',
-  agent_builder_guide: 'agent_builder_guide',
-  agent_builder_preview: 'agent_builder_preview',
-  agent_builder_saved: 'agent_builder_saved',
-  agent_builder_clarification_needed: 'agent_builder_clarification_needed',
-  agent_builder_validation_result: 'agent_builder_validation_result',
-  agent_builder_fix_result: 'agent_builder_fix_result',
-  block_list: 'block_list',
-  block_details: 'block_details',
-  block_output: 'block_output',
-  mcp_guide: 'mcp_guide',
-  mcp_tools_discovered: 'mcp_tools_discovered',
-  mcp_tool_output: 'mcp_tool_output',
-  doc_search_results: 'doc_search_results',
-  doc_page: 'doc_page',
-  workspace_file_list: 'workspace_file_list',
-  workspace_file_content: 'workspace_file_content',
-  workspace_file_metadata: 'workspace_file_metadata',
-  workspace_file_written: 'workspace_file_written',
-  workspace_file_deleted: 'workspace_file_deleted',
-  folder_created: 'folder_created',
-  folder_list: 'folder_list',
-  folder_updated: 'folder_updated',
-  folder_moved: 'folder_moved',
-  folder_deleted: 'folder_deleted',
-  agents_moved_to_folder: 'agents_moved_to_folder',
-  browser_navigate: 'browser_navigate',
-  browser_act: 'browser_act',
-  browser_screenshot: 'browser_screenshot',
-  bash_exec: 'bash_exec',
-  web_fetch: 'web_fetch',
-  feature_request_search: 'feature_request_search',
-  feature_request_created: 'feature_request_created',
-} as const;
--- a/autogpt_platform/frontend/src/app/api/auth/callback/reset-password/route.ts
+++ b/autogpt_platform/frontend/src/app/api/auth/callback/reset-password/route.ts
@@ -9,6 +9,25 @@ export async function GET(request: NextRequest) {
    process.env.NEXT_PUBLIC_FRONTEND_BASE_URL || "http://localhost:3000";

  if (!code) {
+    // Supabase may redirect here with error params instead of a code
+    // (e.g. when the OTP token is expired or already used)
+    const error = searchParams.get("error");
+    const errorCode = searchParams.get("error_code");
+    const errorDescription = searchParams.get("error_description");
+
+    if (error || errorCode || errorDescription) {
+      // Forward raw Supabase error params to the reset-password page,
+      // which already handles classification (expired vs other errors)
+      const params = new URLSearchParams();
+      if (error) params.set("error", error);
+      if (errorCode) params.set("error_code", errorCode);
+      if (errorDescription) params.set("error_description", errorDescription);
+
+      return NextResponse.redirect(
+        `${origin}/reset-password?${params.toString()}`,
+      );
+    }
+
    return NextResponse.redirect(
      `${origin}/reset-password?error=${encodeURIComponent("Missing verification code")}`,
    );
--- a/autogpt_platform/frontend/src/app/api/openapi.json
+++ b/autogpt_platform/frontend/src/app/api/openapi.json
@@ -9711,7 +9711,6 @@
          "id": { "type": "string", "title": "Id" },
          "graph_id": { "type": "string", "title": "Graph Id" },
          "graph_version": { "type": "integer", "title": "Graph Version" },
-          "owner_user_id": { "type": "string", "title": "Owner User Id" },
          "image_url": {
            "anyOf": [{ "type": "string" }, { "type": "null" }],
            "title": "Image Url"
@@ -9799,7 +9798,8 @@
          },
          "can_access_graph": {
            "type": "boolean",
-            "title": "Can Access Graph"
+            "title": "Can Access Graph",
+            "description": "Indicates whether the same user owns the corresponding graph"
          },
          "is_latest_version": {
            "type": "boolean",
@@ -9831,7 +9831,6 @@
          "id",
          "graph_id",
          "graph_version",
-          "owner_user_id",
          "image_url",
          "creator_name",
          "creator_image_url",
@@ -11557,6 +11556,7 @@
          "block_list",
          "block_details",
          "block_output",
+          "review_required",
          "mcp_guide",
          "mcp_tools_discovered",
          "mcp_tool_output",
@@ -11829,10 +11829,11 @@
          "title": {
            "anyOf": [{ "type": "string" }, { "type": "null" }],
            "title": "Title"
-          }
+          },
+          "is_processing": { "type": "boolean", "title": "Is Processing" }
        },
        "type": "object",
-        "required": ["id", "created_at", "updated_at"],
+        "required": ["id", "created_at", "updated_at", "is_processing"],
        "title": "SessionSummaryResponse",
        "description": "Response model for a session summary (without messages)."
      },
--- a/autogpt_platform/frontend/src/app/api/proxy/[...path]/route.ts
+++ b/autogpt_platform/frontend/src/app/api/proxy/[...path]/route.ts
@@ -57,27 +57,25 @@ async function handleWorkspaceDownload(
    );
  }

-  // Get the content type from the backend response
+  // Fully buffer the response before forwarding.  Passing response.body as a
+  // ReadableStream causes silent truncation in Next.js / Vercel — the last
+  // ~10 KB of larger files are dropped, corrupting PNGs and truncating CSVs.
+  const buffer = await response.arrayBuffer();
+
  const contentType =
    response.headers.get("Content-Type") || "application/octet-stream";
  const contentDisposition = response.headers.get("Content-Disposition");

-  // Stream the response body
  const responseHeaders: Record<string, string> = {
    "Content-Type": contentType,
+    "Content-Length": String(buffer.byteLength),
  };

  if (contentDisposition) {
    responseHeaders["Content-Disposition"] = contentDisposition;
  }

-  const contentLength = response.headers.get("Content-Length");
-  if (contentLength) {
-    responseHeaders["Content-Length"] = contentLength;
-  }
-
-  // Stream the response body directly instead of buffering in memory
-  return new NextResponse(response.body, {
+  return new NextResponse(buffer, {
    status: 200,
    headers: responseHeaders,
  });
--- a/Show More
+++ b/Show More