added ability to disable cors at the backend

## Changes 🏗️

<img width="800" height="648" alt="Screenshot 2025-09-10 at 22 00 01"
src="https://github.com/user-attachments/assets/eb396d62-01f2-45e5-9150-4e01dfcb71d0"
/><br />

Adds a new `<Avatar />` component and uses that across the app. Is a
copy of
[shadcn/avatar](https://duckduckgo.com/?q=shadcn+avatar&t=brave&ia=web)
with the following modifications:
- renders images with
[`next/image`](https://duckduckgo.com/?q=next+image&t=brave&ia=web) by
default
- this ensures avatars rendered on the app are optimised and resized ✔️
- it will work as long as all the domains are white-listed in
`nextjs.config.mjs`
- allows to bypass and use a normal `<img />` tag via an `as` prop if
needed
  - sometimes we might need to render images from a dynamic cdn 🤷🏽‍♂️   

## Checklist 📋

### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
  - [x] ...

### For configuration changes:

None

.github/workflows/claude-ci-failure-auto-fix.yml

@@ -0,0 +1,97 @@
+name: Auto Fix CI Failures
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+
+permissions:
+  contents: write
+  pull-requests: write
+  actions: read
+  issues: write
+  id-token: write # Required for OIDC token exchange
+
+jobs:
+  auto-fix:
+    if: |
+      github.event.workflow_run.conclusion == 'failure' &&
+      github.event.workflow_run.pull_requests[0] &&
+      !startsWith(github.event.workflow_run.head_branch, 'claude-auto-fix-ci-')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup git identity
+        run: |
+          git config --global user.email "claude[bot]@users.noreply.github.com"
+          git config --global user.name "claude[bot]"
+
+      - name: Create fix branch
+        id: branch
+        run: |
+          BRANCH_NAME="claude-auto-fix-ci-${{ github.event.workflow_run.head_branch }}-${{ github.run_id }}"
+          git checkout -b "$BRANCH_NAME"
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: Get CI failure details
+        id: failure_details
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const run = await github.rest.actions.getWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }}
+            });
+
+            const jobs = await github.rest.actions.listJobsForWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }}
+            });
+
+            const failedJobs = jobs.data.jobs.filter(job => job.conclusion === 'failure');
+
+            let errorLogs = [];
+            for (const job of failedJobs) {
+              const logs = await github.rest.actions.downloadJobLogsForWorkflowRun({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                job_id: job.id
+              });
+              errorLogs.push({
+                jobName: job.name,
+                logs: logs.data
+              });
+            }
+
+            return {
+              runUrl: run.data.html_url,
+              failedJobs: failedJobs.map(j => j.name),
+              errorLogs: errorLogs
+            };
+
+      - name: Fix CI failures with Claude
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          prompt: |
+            /fix-ci 
+            Failed CI Run: ${{ fromJSON(steps.failure_details.outputs.result).runUrl }}
+            Failed Jobs: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs, ', ') }}
+            PR Number: ${{ github.event.workflow_run.pull_requests[0].number }}
+            Branch Name: ${{ steps.branch.outputs.branch_name }}
+            Base Branch: ${{ github.event.workflow_run.head_branch }}
+            Repository: ${{ github.repository }}
+
+            Error logs:
+            ${{ toJSON(fromJSON(steps.failure_details.outputs.result).errorLogs) }}
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_args: "--allowedTools 'Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(git:*),Bash(bun:*),Bash(npm:*),Bash(npx:*),Bash(gh:*)'"

.github/workflows/claude-dependabot.yml

@@ -0,0 +1,379 @@
+# Claude Dependabot PR Review Workflow
+# 
+# This workflow automatically runs Claude analysis on Dependabot PRs to:
+# - Identify dependency changes and their versions
+# - Look up changelogs for updated packages  
+# - Assess breaking changes and security impacts
+# - Provide actionable recommendations for the development team
+#
+# Triggered on: Dependabot PRs (opened, synchronize)
+# Requirements: ANTHROPIC_API_KEY secret must be configured
+
+name: Claude Dependabot PR Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  dependabot-review:
+    # Only run on Dependabot PRs
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    permissions:
+      contents: write
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for CI access
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      # Backend Python/Poetry setup (mirrors platform-backend-ci.yml)
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"  # Use standard version matching CI
+
+      - name: Set up Python dependency cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pypoetry
+          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
+
+      - name: Install Poetry
+        run: |
+          # Extract Poetry version from backend/poetry.lock (matches CI)
+          cd autogpt_platform/backend
+          HEAD_POETRY_VERSION=$(python3 ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
+          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
+          
+          # Install Poetry
+          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
+          
+          # Add Poetry to PATH
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Check poetry.lock
+        working-directory: autogpt_platform/backend
+        run: |
+          poetry lock
+          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
+            echo "Warning: poetry.lock not up to date, but continuing for setup"
+            git checkout poetry.lock  # Reset for clean setup
+          fi
+
+      - name: Install Python dependencies
+        working-directory: autogpt_platform/backend
+        run: poetry install
+
+      - name: Generate Prisma Client
+        working-directory: autogpt_platform/backend
+        run: poetry run prisma generate
+
+      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Set pnpm store directory
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+          echo "PNPM_HOME=$HOME/.pnpm-store" >> $GITHUB_ENV
+
+      - name: Cache frontend dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install JavaScript dependencies
+        working-directory: autogpt_platform/frontend
+        run: pnpm install --frozen-lockfile
+
+      # Install Playwright browsers for frontend testing
+      # NOTE: Disabled to save ~1 minute of setup time. Re-enable if Copilot needs browser automation (e.g., for MCP)
+      # - name: Install Playwright browsers
+      #   working-directory: autogpt_platform/frontend
+      #   run: pnpm playwright install --with-deps chromium
+
+      # Docker setup for development environment
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Copy default environment files
+        working-directory: autogpt_platform
+        run: |
+          # Copy default environment files for development
+          cp .env.default .env
+          cp backend/.env.default backend/.env
+          cp frontend/.env.default frontend/.env
+
+      # Phase 1: Cache and load Docker images for faster setup
+      - name: Set up Docker image cache
+        id: docker-cache
+        uses: actions/cache@v4
+        with:
+          path: ~/docker-cache
+          # Use a versioned key for cache invalidation when image list changes
+          key: docker-images-v2-${{ runner.os }}-${{ hashFiles('.github/workflows/copilot-setup-steps.yml') }}
+          restore-keys: |
+            docker-images-v2-${{ runner.os }}-
+            docker-images-v1-${{ runner.os }}-
+
+      - name: Load or pull Docker images
+        working-directory: autogpt_platform
+        run: |
+          mkdir -p ~/docker-cache
+          
+          # Define image list for easy maintenance
+          IMAGES=(
+            "redis:latest"
+            "rabbitmq:management"
+            "clamav/clamav-debian:latest"
+            "busybox:latest"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+            "supabase/postgres-meta:v0.86.1"
+            "supabase/studio:20250224-d10db0f"
+          )
+          
+          # Check if any cached tar files exist (more reliable than cache-hit)
+          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
+            echo "Docker cache found, loading images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              # Convert image name to filename (replace : and / with -)
+              filename=$(echo "$image" | tr ':/' '--')
+              if [ -f ~/docker-cache/${filename}.tar ]; then
+                echo "Loading $image..."
+                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
+              fi
+            done
+            wait
+            echo "All cached images loaded"
+          else
+            echo "No Docker cache found, pulling images in parallel..."
+            # Pull all images in parallel
+            for image in "${IMAGES[@]}"; do
+              docker pull "$image" &
+            done
+            wait
+            
+            # Only save cache on main branches (not PRs) to avoid cache pollution
+            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
+              echo "Saving Docker images to cache in parallel..."
+              for image in "${IMAGES[@]}"; do
+                # Convert image name to filename (replace : and / with -)
+                filename=$(echo "$image" | tr ':/' '--')
+                echo "Saving $image..."
+                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
+              done
+              wait
+              echo "Docker image cache saved"
+            else
+              echo "Skipping cache save for PR/feature branch"
+            fi
+          fi
+          
+          echo "Docker images ready for use"
+
+      # Phase 2: Build migrate service with GitHub Actions cache
+      - name: Build migrate Docker image with cache
+        working-directory: autogpt_platform
+        run: |
+          # Build the migrate image with buildx for GHA caching
+          docker buildx build \
+            --cache-from type=gha \
+            --cache-to type=gha,mode=max \
+            --target migrate \
+            --tag autogpt_platform-migrate:latest \
+            --load \
+            -f backend/Dockerfile \
+            ..
+
+      # Start services using pre-built images
+      - name: Start Docker services for development
+        working-directory: autogpt_platform
+        run: |
+          # Start essential services (migrate image already built with correct tag)
+          docker compose --profile local up deps --no-build --detach
+          echo "Waiting for services to be ready..."
+          
+          # Wait for database to be ready
+          echo "Checking database readiness..."
+          timeout 30 sh -c 'until docker compose exec -T db pg_isready -U postgres 2>/dev/null; do 
+            echo "  Waiting for database..."
+            sleep 2
+          done' && echo "✅ Database is ready" || echo "⚠️ Database ready check timeout after 30s, continuing..."
+          
+          # Check migrate service status
+          echo "Checking migration status..."
+          docker compose ps migrate || echo "  Migrate service not visible in ps output"
+          
+          # Wait for migrate service to complete
+          echo "Waiting for migrations to complete..."
+          timeout 30 bash -c '
+            ATTEMPTS=0
+            while [ $ATTEMPTS -lt 15 ]; do
+              ATTEMPTS=$((ATTEMPTS + 1))
+              
+              # Check using docker directly (more reliable than docker compose ps)
+              CONTAINER_STATUS=$(docker ps -a --filter "label=com.docker.compose.service=migrate" --format "{{.Status}}" | head -1)
+              
+              if [ -z "$CONTAINER_STATUS" ]; then
+                echo "  Attempt $ATTEMPTS: Migrate container not found yet..."
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited (0)"; then
+                echo "✅ Migrations completed successfully"
+                docker compose logs migrate --tail=5 2>/dev/null || true
+                exit 0
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited ([1-9]"; then
+                EXIT_CODE=$(echo "$CONTAINER_STATUS" | grep -oE "Exited \([0-9]+\)" | grep -oE "[0-9]+")
+                echo "❌ Migrations failed with exit code: $EXIT_CODE"
+                echo "Migration logs:"
+                docker compose logs migrate --tail=20 2>/dev/null || true
+                exit 1
+              elif echo "$CONTAINER_STATUS" | grep -q "Up"; then
+                echo "  Attempt $ATTEMPTS: Migrate container is running... ($CONTAINER_STATUS)"
+              else
+                echo "  Attempt $ATTEMPTS: Migrate container status: $CONTAINER_STATUS"
+              fi
+              
+              sleep 2
+            done
+            
+            echo "⚠️ Timeout: Could not determine migration status after 30 seconds"
+            echo "Final container check:"
+            docker ps -a --filter "label=com.docker.compose.service=migrate" || true
+            echo "Migration logs (if available):"
+            docker compose logs migrate --tail=10 2>/dev/null || echo "  No logs available"
+          ' || echo "⚠️ Migration check completed with warnings, continuing..."
+          
+          # Brief wait for other services to stabilize
+          echo "Waiting 5 seconds for other services to stabilize..."
+          sleep 5
+
+      # Verify installations and provide environment info
+      - name: Verify setup and show environment info
+        run: |
+          echo "=== Python Setup ==="
+          python --version
+          poetry --version
+          
+          echo "=== Node.js Setup ==="
+          node --version
+          pnpm --version
+          
+          echo "=== Additional Tools ==="
+          docker --version
+          docker compose version
+          gh --version || true
+          
+          echo "=== Services Status ==="
+          cd autogpt_platform
+          docker compose ps || true
+          
+          echo "=== Backend Dependencies ==="
+          cd backend
+          poetry show | head -10 || true
+          
+          echo "=== Frontend Dependencies ==="
+          cd ../frontend
+          pnpm list --depth=0 | head -10 || true
+          
+          echo "=== Environment Files ==="
+          ls -la ../.env* || true
+          ls -la .env* || true
+          ls -la ../backend/.env* || true
+          
+          echo "✅ AutoGPT Platform development environment setup complete!"
+          echo "🚀 Ready for development with Docker services running"
+          echo "📝 Backend server: poetry run serve (port 8000)"
+          echo "🌐 Frontend server: pnpm dev (port 3000)"
+
+
+      - name: Run Claude Dependabot Analysis
+        id: claude_review
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_args: |
+            --allowedTools "Bash(npm:*),Bash(pnpm:*),Bash(poetry:*),Bash(git:*),Edit,Replace,NotebookEditCell,mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*)"
+          prompt: |
+            You are Claude, an AI assistant specialized in reviewing Dependabot dependency update PRs. 
+            
+            Your primary tasks are:
+            1. **Analyze the dependency changes** in this Dependabot PR
+            2. **Look up changelogs** for all updated dependencies to understand what changed
+            3. **Identify breaking changes** and assess potential impact on the AutoGPT codebase
+            4. **Provide actionable recommendations** for the development team
+            
+            ## Analysis Process:
+            
+            1. **Identify Changed Dependencies**: 
+               - Use git diff to see what dependencies were updated
+               - Parse package.json, poetry.lock, requirements files, etc.
+               - List all package versions: old → new
+            
+            2. **Changelog Research**:
+               - For each updated dependency, look up its changelog/release notes
+               - Use WebFetch to access GitHub releases, NPM package pages, PyPI project pages. The pr should also have some details
+               - Focus on versions between the old and new versions
+               - Identify: breaking changes, deprecations, security fixes, new features
+            
+            3. **Breaking Change Assessment**:
+               - Categorize changes: BREAKING, MAJOR, MINOR, PATCH, SECURITY
+               - Assess impact on AutoGPT's usage patterns
+               - Check if AutoGPT uses affected APIs/features
+               - Look for migration guides or upgrade instructions
+            
+            4. **Codebase Impact Analysis**:
+               - Search the AutoGPT codebase for usage of changed APIs
+               - Identify files that might be affected by breaking changes
+               - Check test files for deprecated usage patterns
+               - Look for configuration changes needed
+            
+            ## Output Format:
+            
+            Provide a comprehensive review comment with:
+            
+            ### 🔍 Dependency Analysis Summary
+            - List of updated packages with version changes
+            - Overall risk assessment (LOW/MEDIUM/HIGH)
+            
+            ### 📋 Detailed Changelog Review
+            For each updated dependency:
+            - **Package**: name (old_version → new_version)
+            - **Changes**: Summary of key changes
+            - **Breaking Changes**: List any breaking changes
+            - **Security Fixes**: Note security improvements
+            - **Migration Notes**: Any upgrade steps needed
+            
+            ### ⚠️ Impact Assessment
+            - **Breaking Changes Found**: Yes/No with details
+            - **Affected Files**: List AutoGPT files that may need updates
+            - **Test Impact**: Any tests that may need updating
+            - **Configuration Changes**: Required config updates
+            
+            ### 🛠️ Recommendations
+            - **Action Required**: What the team should do
+            - **Testing Focus**: Areas to test thoroughly
+            - **Follow-up Tasks**: Any additional work needed
+            - **Merge Recommendation**: APPROVE/REVIEW_NEEDED/HOLD
+            
+            ### 📚 Useful Links
+            - Links to relevant changelogs, migration guides, documentation
+            
+            Be thorough but concise. Focus on actionable insights that help the development team make informed decisions about the dependency updates.

.github/workflows/claude.yml

@@ -30,18 +30,296 @@ jobs:
         github.event.issue.author_association == 'COLLABORATOR'
       )
     runs-on: ubuntu-latest
+    timeout-minutes: 45
+
     permissions:
-      contents: read
+      contents: write
       pull-requests: read
       issues: read
       id-token: write
+      actions: read # Required for CI access
     steps:
-      - name: Checkout repository
+      - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 1
+
+      # Backend Python/Poetry setup (mirrors platform-backend-ci.yml)
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"  # Use standard version matching CI
+
+      - name: Set up Python dependency cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pypoetry
+          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
+
+      - name: Install Poetry
+        run: |
+          # Extract Poetry version from backend/poetry.lock (matches CI)
+          cd autogpt_platform/backend
+          HEAD_POETRY_VERSION=$(python3 ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
+          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
+          
+          # Install Poetry
+          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
+          
+          # Add Poetry to PATH
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Check poetry.lock
+        working-directory: autogpt_platform/backend
+        run: |
+          poetry lock
+          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
+            echo "Warning: poetry.lock not up to date, but continuing for setup"
+            git checkout poetry.lock  # Reset for clean setup
+          fi
+
+      - name: Install Python dependencies
+        working-directory: autogpt_platform/backend
+        run: poetry install
+
+      - name: Generate Prisma Client
+        working-directory: autogpt_platform/backend
+        run: poetry run prisma generate
+
+      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Set pnpm store directory
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+          echo "PNPM_HOME=$HOME/.pnpm-store" >> $GITHUB_ENV
+
+      - name: Cache frontend dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install JavaScript dependencies
+        working-directory: autogpt_platform/frontend
+        run: pnpm install --frozen-lockfile
+
+      # Install Playwright browsers for frontend testing
+      # NOTE: Disabled to save ~1 minute of setup time. Re-enable if Copilot needs browser automation (e.g., for MCP)
+      # - name: Install Playwright browsers
+      #   working-directory: autogpt_platform/frontend
+      #   run: pnpm playwright install --with-deps chromium
+
+      # Docker setup for development environment
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Copy default environment files
+        working-directory: autogpt_platform
+        run: |
+          # Copy default environment files for development
+          cp .env.default .env
+          cp backend/.env.default backend/.env
+          cp frontend/.env.default frontend/.env
+
+      # Phase 1: Cache and load Docker images for faster setup
+      - name: Set up Docker image cache
+        id: docker-cache
+        uses: actions/cache@v4
+        with:
+          path: ~/docker-cache
+          # Use a versioned key for cache invalidation when image list changes
+          key: docker-images-v2-${{ runner.os }}-${{ hashFiles('.github/workflows/copilot-setup-steps.yml') }}
+          restore-keys: |
+            docker-images-v2-${{ runner.os }}-
+            docker-images-v1-${{ runner.os }}-
+
+      - name: Load or pull Docker images
+        working-directory: autogpt_platform
+        run: |
+          mkdir -p ~/docker-cache
+          
+          # Define image list for easy maintenance
+          IMAGES=(
+            "redis:latest"
+            "rabbitmq:management"
+            "clamav/clamav-debian:latest"
+            "busybox:latest"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+            "supabase/postgres-meta:v0.86.1"
+            "supabase/studio:20250224-d10db0f"
+          )
+          
+          # Check if any cached tar files exist (more reliable than cache-hit)
+          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
+            echo "Docker cache found, loading images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              # Convert image name to filename (replace : and / with -)
+              filename=$(echo "$image" | tr ':/' '--')
+              if [ -f ~/docker-cache/${filename}.tar ]; then
+                echo "Loading $image..."
+                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
+              fi
+            done
+            wait
+            echo "All cached images loaded"
+          else
+            echo "No Docker cache found, pulling images in parallel..."
+            # Pull all images in parallel
+            for image in "${IMAGES[@]}"; do
+              docker pull "$image" &
+            done
+            wait
+            
+            # Only save cache on main branches (not PRs) to avoid cache pollution
+            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
+              echo "Saving Docker images to cache in parallel..."
+              for image in "${IMAGES[@]}"; do
+                # Convert image name to filename (replace : and / with -)
+                filename=$(echo "$image" | tr ':/' '--')
+                echo "Saving $image..."
+                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
+              done
+              wait
+              echo "Docker image cache saved"
+            else
+              echo "Skipping cache save for PR/feature branch"
+            fi
+          fi
+          
+          echo "Docker images ready for use"
+
+      # Phase 2: Build migrate service with GitHub Actions cache
+      - name: Build migrate Docker image with cache
+        working-directory: autogpt_platform
+        run: |
+          # Build the migrate image with buildx for GHA caching
+          docker buildx build \
+            --cache-from type=gha \
+            --cache-to type=gha,mode=max \
+            --target migrate \
+            --tag autogpt_platform-migrate:latest \
+            --load \
+            -f backend/Dockerfile \
+            ..
+
+      # Start services using pre-built images
+      - name: Start Docker services for development
+        working-directory: autogpt_platform
+        run: |
+          # Start essential services (migrate image already built with correct tag)
+          docker compose --profile local up deps --no-build --detach
+          echo "Waiting for services to be ready..."
+          
+          # Wait for database to be ready
+          echo "Checking database readiness..."
+          timeout 30 sh -c 'until docker compose exec -T db pg_isready -U postgres 2>/dev/null; do 
+            echo "  Waiting for database..."
+            sleep 2
+          done' && echo "✅ Database is ready" || echo "⚠️ Database ready check timeout after 30s, continuing..."
+          
+          # Check migrate service status
+          echo "Checking migration status..."
+          docker compose ps migrate || echo "  Migrate service not visible in ps output"
+          
+          # Wait for migrate service to complete
+          echo "Waiting for migrations to complete..."
+          timeout 30 bash -c '
+            ATTEMPTS=0
+            while [ $ATTEMPTS -lt 15 ]; do
+              ATTEMPTS=$((ATTEMPTS + 1))
+              
+              # Check using docker directly (more reliable than docker compose ps)
+              CONTAINER_STATUS=$(docker ps -a --filter "label=com.docker.compose.service=migrate" --format "{{.Status}}" | head -1)
+              
+              if [ -z "$CONTAINER_STATUS" ]; then
+                echo "  Attempt $ATTEMPTS: Migrate container not found yet..."
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited (0)"; then
+                echo "✅ Migrations completed successfully"
+                docker compose logs migrate --tail=5 2>/dev/null || true
+                exit 0
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited ([1-9]"; then
+                EXIT_CODE=$(echo "$CONTAINER_STATUS" | grep -oE "Exited \([0-9]+\)" | grep -oE "[0-9]+")
+                echo "❌ Migrations failed with exit code: $EXIT_CODE"
+                echo "Migration logs:"
+                docker compose logs migrate --tail=20 2>/dev/null || true
+                exit 1
+              elif echo "$CONTAINER_STATUS" | grep -q "Up"; then
+                echo "  Attempt $ATTEMPTS: Migrate container is running... ($CONTAINER_STATUS)"
+              else
+                echo "  Attempt $ATTEMPTS: Migrate container status: $CONTAINER_STATUS"
+              fi
+              
+              sleep 2
+            done
+            
+            echo "⚠️ Timeout: Could not determine migration status after 30 seconds"
+            echo "Final container check:"
+            docker ps -a --filter "label=com.docker.compose.service=migrate" || true
+            echo "Migration logs (if available):"
+            docker compose logs migrate --tail=10 2>/dev/null || echo "  No logs available"
+          ' || echo "⚠️ Migration check completed with warnings, continuing..."
+          
+          # Brief wait for other services to stabilize
+          echo "Waiting 5 seconds for other services to stabilize..."
+          sleep 5
+
+      # Verify installations and provide environment info
+      - name: Verify setup and show environment info
+        run: |
+          echo "=== Python Setup ==="
+          python --version
+          poetry --version
+          
+          echo "=== Node.js Setup ==="
+          node --version
+          pnpm --version
+          
+          echo "=== Additional Tools ==="
+          docker --version
+          docker compose version
+          gh --version || true
+          
+          echo "=== Services Status ==="
+          cd autogpt_platform
+          docker compose ps || true
+          
+          echo "=== Backend Dependencies ==="
+          cd backend
+          poetry show | head -10 || true
+          
+          echo "=== Frontend Dependencies ==="
+          cd ../frontend
+          pnpm list --depth=0 | head -10 || true
+          
+          echo "=== Environment Files ==="
+          ls -la ../.env* || true
+          ls -la .env* || true
+          ls -la ../backend/.env* || true
+          
+          echo "✅ AutoGPT Platform development environment setup complete!"
+          echo "🚀 Ready for development with Docker services running"
+          echo "📝 Backend server: poetry run serve (port 8000)"
+          echo "🌐 Frontend server: pnpm dev (port 3000)"
+
       - name: Run Claude Code
         id: claude
-        uses: anthropics/claude-code-action@beta
+        uses: anthropics/claude-code-action@v1
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_args: |
+            --allowedTools "Bash(npm:*),Bash(pnpm:*),Bash(poetry:*),Bash(git:*),Edit,Replace,NotebookEditCell,mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*), Bash(gh pr edit:*)"
+            --model opus
+          additional_permissions: |
+            actions: read

.github/workflows/platform-frontend-ci.yml

@@ -160,7 +160,7 @@ jobs:
 
       - name: Run docker compose
         run: |
-          docker compose -f ../docker-compose.yml up -d
+          NEXT_PUBLIC_PW_TEST=true docker compose -f ../docker-compose.yml up -d
         env:
           DOCKER_BUILDKIT: 1
           BUILDX_CACHE_FROM: type=local,src=/tmp/.buildx-cache

autogpt_platform/CLAUDE.md

@@ -61,24 +61,27 @@ poetry run pytest path/to/test.py --snapshot-update
 
 ```bash
 # Install dependencies
-cd frontend && npm install
+cd frontend && pnpm i
 
 # Start development server
-npm run dev
+pnpm dev
 
 # Run E2E tests
-npm run test
+pnpm test
 
 # Run Storybook for component development
-npm run storybook
+pnpm storybook
 
 # Build production
-npm run build
+pnpm build
 
 # Type checking
-npm run types
+pnpm types
 ```
 
+We have a components library in autogpt_platform/frontend/src/components/atoms that should be used when adding new pages and components. 
+
+
 ## Architecture Overview
 
 ### Backend Architecture

autogpt_platform/autogpt_libs/autogpt_libs/api_key/key_manager.py

@@ -1,35 +0,0 @@
-import hashlib
-import secrets
-from typing import NamedTuple
-
-
-class APIKeyContainer(NamedTuple):
-    """Container for API key parts."""
-
-    raw: str
-    prefix: str
-    postfix: str
-    hash: str
-
-
-class APIKeyManager:
-    PREFIX: str = "agpt_"
-    PREFIX_LENGTH: int = 8
-    POSTFIX_LENGTH: int = 8
-
-    def generate_api_key(self) -> APIKeyContainer:
-        """Generate a new API key with all its parts."""
-        raw_key = f"{self.PREFIX}{secrets.token_urlsafe(32)}"
-        return APIKeyContainer(
-            raw=raw_key,
-            prefix=raw_key[: self.PREFIX_LENGTH],
-            postfix=raw_key[-self.POSTFIX_LENGTH :],
-            hash=hashlib.sha256(raw_key.encode()).hexdigest(),
-        )
-
-    def verify_api_key(self, provided_key: str, stored_hash: str) -> bool:
-        """Verify if a provided API key matches the stored hash."""
-        if not provided_key.startswith(self.PREFIX):
-            return False
-        provided_hash = hashlib.sha256(provided_key.encode()).hexdigest()
-        return secrets.compare_digest(provided_hash, stored_hash)

autogpt_platform/autogpt_libs/autogpt_libs/api_key/keysmith.py

@@ -0,0 +1,78 @@
+import hashlib
+import secrets
+from typing import NamedTuple
+
+from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
+
+
+class APIKeyContainer(NamedTuple):
+    """Container for API key parts."""
+
+    key: str
+    head: str
+    tail: str
+    hash: str
+    salt: str
+
+
+class APIKeySmith:
+    PREFIX: str = "agpt_"
+    HEAD_LENGTH: int = 8
+    TAIL_LENGTH: int = 8
+
+    def generate_key(self) -> APIKeyContainer:
+        """Generate a new API key with secure hashing."""
+        raw_key = f"{self.PREFIX}{secrets.token_urlsafe(32)}"
+        hash, salt = self.hash_key(raw_key)
+
+        return APIKeyContainer(
+            key=raw_key,
+            head=raw_key[: self.HEAD_LENGTH],
+            tail=raw_key[-self.TAIL_LENGTH :],
+            hash=hash,
+            salt=salt,
+        )
+
+    def verify_key(
+        self, provided_key: str, known_hash: str, known_salt: str | None = None
+    ) -> bool:
+        """
+        Verify an API key against a known hash (+ salt).
+        Supports verifying both legacy SHA256 and secure Scrypt hashes.
+        """
+        if not provided_key.startswith(self.PREFIX):
+            return False
+
+        # Handle legacy SHA256 hashes (migration support)
+        if known_salt is None:
+            legacy_hash = hashlib.sha256(provided_key.encode()).hexdigest()
+            return secrets.compare_digest(legacy_hash, known_hash)
+
+        try:
+            salt_bytes = bytes.fromhex(known_salt)
+            provided_hash = self._hash_key_with_salt(provided_key, salt_bytes)
+            return secrets.compare_digest(provided_hash, known_hash)
+        except (ValueError, TypeError):
+            return False
+
+    def hash_key(self, raw_key: str) -> tuple[str, str]:
+        """Migrate a legacy hash to secure hash format."""
+        salt = self._generate_salt()
+        hash = self._hash_key_with_salt(raw_key, salt)
+        return hash, salt.hex()
+
+    def _generate_salt(self) -> bytes:
+        """Generate a random salt for hashing."""
+        return secrets.token_bytes(32)
+
+    def _hash_key_with_salt(self, raw_key: str, salt: bytes) -> str:
+        """Hash API key using Scrypt with salt."""
+        kdf = Scrypt(
+            length=32,
+            salt=salt,
+            n=2**14,  # CPU/memory cost parameter
+            r=8,  # Block size parameter
+            p=1,  # Parallelization parameter
+        )
+        key_hash = kdf.derive(raw_key.encode())
+        return key_hash.hex()

autogpt_platform/autogpt_libs/autogpt_libs/api_key/test_keysmith.py

@@ -0,0 +1,79 @@
+import hashlib
+
+from autogpt_libs.api_key.keysmith import APIKeySmith
+
+
+def test_generate_api_key():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    assert key.key.startswith(keysmith.PREFIX)
+    assert key.head == key.key[: keysmith.HEAD_LENGTH]
+    assert key.tail == key.key[-keysmith.TAIL_LENGTH :]
+    assert len(key.hash) == 64  # 32 bytes hex encoded
+    assert len(key.salt) == 64  # 32 bytes hex encoded
+
+
+def test_verify_new_secure_key():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    # Test correct key validates
+    assert keysmith.verify_key(key.key, key.hash, key.salt) is True
+
+    # Test wrong key fails
+    wrong_key = f"{keysmith.PREFIX}wrongkey123"
+    assert keysmith.verify_key(wrong_key, key.hash, key.salt) is False
+
+
+def test_verify_legacy_key():
+    keysmith = APIKeySmith()
+    legacy_key = f"{keysmith.PREFIX}legacykey123"
+    legacy_hash = hashlib.sha256(legacy_key.encode()).hexdigest()
+
+    # Test legacy key validates without salt
+    assert keysmith.verify_key(legacy_key, legacy_hash) is True
+
+    # Test wrong legacy key fails
+    wrong_key = f"{keysmith.PREFIX}wronglegacy"
+    assert keysmith.verify_key(wrong_key, legacy_hash) is False
+
+
+def test_rehash_existing_key():
+    keysmith = APIKeySmith()
+    legacy_key = f"{keysmith.PREFIX}migratekey123"
+
+    # Migrate the legacy key
+    new_hash, new_salt = keysmith.hash_key(legacy_key)
+
+    # Verify migrated key works
+    assert keysmith.verify_key(legacy_key, new_hash, new_salt) is True
+
+    # Verify different key fails with migrated hash
+    wrong_key = f"{keysmith.PREFIX}wrongkey"
+    assert keysmith.verify_key(wrong_key, new_hash, new_salt) is False
+
+
+def test_invalid_key_prefix():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    # Test key without proper prefix fails
+    invalid_key = "invalid_prefix_key"
+    assert keysmith.verify_key(invalid_key, key.hash, key.salt) is False
+
+
+def test_secure_hash_requires_salt():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    # Secure hash without salt should fail
+    assert keysmith.verify_key(key.key, key.hash) is False
+
+
+def test_invalid_salt_format():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    # Invalid salt format should fail gracefully
+    assert keysmith.verify_key(key.key, key.hash, "invalid_hex") is False

autogpt_platform/autogpt_libs/poetry.lock

@@ -1002,6 +1002,18 @@ dynamodb = ["boto3 (>=1.9.71)"]
 redis = ["redis (>=2.10.5)"]
 test-filesource = ["pyyaml (>=5.3.1)", "watchdog (>=3.0.0)"]
 
+[[package]]
+name = "nodeenv"
+version = "1.9.1"
+description = "Node.js virtual environment builder"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
+groups = ["dev"]
+files = [
+    {file = "nodeenv-1.9.1-py2.py3-none-any.whl", hash = "sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9"},
+    {file = "nodeenv-1.9.1.tar.gz", hash = "sha256:6ec12890a2dab7946721edbfbcd91f3319c6ccc9aec47be7c7e6b7011ee6645f"},
+]
+
 [[package]]
 name = "opentelemetry-api"
 version = "1.35.0"
@@ -1347,6 +1359,27 @@ files = [
     {file = "pyrfc3339-2.0.1.tar.gz", hash = "sha256:e47843379ea35c1296c3b6c67a948a1a490ae0584edfcbdea0eaffb5dd29960b"},
 ]
 
+[[package]]
+name = "pyright"
+version = "1.1.404"
+description = "Command line wrapper for pyright"
+optional = false
+python-versions = ">=3.7"
+groups = ["dev"]
+files = [
+    {file = "pyright-1.1.404-py3-none-any.whl", hash = "sha256:c7b7ff1fdb7219c643079e4c3e7d4125f0dafcc19d253b47e898d130ea426419"},
+    {file = "pyright-1.1.404.tar.gz", hash = "sha256:455e881a558ca6be9ecca0b30ce08aa78343ecc031d37a198ffa9a7a1abeb63e"},
+]
+
+[package.dependencies]
+nodeenv = ">=1.6.0"
+typing-extensions = ">=4.1"
+
+[package.extras]
+all = ["nodejs-wheel-binaries", "twine (>=3.4.1)"]
+dev = ["twine (>=3.4.1)"]
+nodejs = ["nodejs-wheel-binaries"]
+
 [[package]]
 name = "pytest"
 version = "8.4.1"
@@ -1534,31 +1567,31 @@ pyasn1 = ">=0.1.3"
 
 [[package]]
 name = "ruff"
-version = "0.12.9"
+version = "0.12.11"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 groups = ["dev"]
 files = [
-    {file = "ruff-0.12.9-py3-none-linux_armv6l.whl", hash = "sha256:fcebc6c79fcae3f220d05585229463621f5dbf24d79fdc4936d9302e177cfa3e"},
-    {file = "ruff-0.12.9-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:aed9d15f8c5755c0e74467731a007fcad41f19bcce41cd75f768bbd687f8535f"},
-    {file = "ruff-0.12.9-py3-none-macosx_11_0_arm64.whl", hash = "sha256:5b15ea354c6ff0d7423814ba6d44be2807644d0c05e9ed60caca87e963e93f70"},
-    {file = "ruff-0.12.9-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d596c2d0393c2502eaabfef723bd74ca35348a8dac4267d18a94910087807c53"},
-    {file = "ruff-0.12.9-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:1b15599931a1a7a03c388b9c5df1bfa62be7ede6eb7ef753b272381f39c3d0ff"},
-    {file = "ruff-0.12.9-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3d02faa2977fb6f3f32ddb7828e212b7dd499c59eb896ae6c03ea5c303575756"},
-    {file = "ruff-0.12.9-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:17d5b6b0b3a25259b69ebcba87908496e6830e03acfb929ef9fd4c58675fa2ea"},
-    {file = "ruff-0.12.9-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:72db7521860e246adbb43f6ef464dd2a532ef2ef1f5dd0d470455b8d9f1773e0"},
-    {file = "ruff-0.12.9-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a03242c1522b4e0885af63320ad754d53983c9599157ee33e77d748363c561ce"},
-    {file = "ruff-0.12.9-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9fc83e4e9751e6c13b5046d7162f205d0a7bac5840183c5beebf824b08a27340"},
-    {file = "ruff-0.12.9-py3-none-manylinux_2_31_riscv64.whl", hash = "sha256:881465ed56ba4dd26a691954650de6ad389a2d1fdb130fe51ff18a25639fe4bb"},
-    {file = "ruff-0.12.9-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:43f07a3ccfc62cdb4d3a3348bf0588358a66da756aa113e071b8ca8c3b9826af"},
-    {file = "ruff-0.12.9-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:07adb221c54b6bba24387911e5734357f042e5669fa5718920ee728aba3cbadc"},
-    {file = "ruff-0.12.9-py3-none-musllinux_1_2_i686.whl", hash = "sha256:f5cd34fabfdea3933ab85d72359f118035882a01bff15bd1d2b15261d85d5f66"},
-    {file = "ruff-0.12.9-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:f6be1d2ca0686c54564da8e7ee9e25f93bdd6868263805f8c0b8fc6a449db6d7"},
-    {file = "ruff-0.12.9-py3-none-win32.whl", hash = "sha256:cc7a37bd2509974379d0115cc5608a1a4a6c4bff1b452ea69db83c8855d53f93"},
-    {file = "ruff-0.12.9-py3-none-win_amd64.whl", hash = "sha256:6fb15b1977309741d7d098c8a3cb7a30bc112760a00fb6efb7abc85f00ba5908"},
-    {file = "ruff-0.12.9-py3-none-win_arm64.whl", hash = "sha256:63c8c819739d86b96d500cce885956a1a48ab056bbcbc61b747ad494b2485089"},
-    {file = "ruff-0.12.9.tar.gz", hash = "sha256:fbd94b2e3c623f659962934e52c2bea6fc6da11f667a427a368adaf3af2c866a"},
+    {file = "ruff-0.12.11-py3-none-linux_armv6l.whl", hash = "sha256:93fce71e1cac3a8bf9200e63a38ac5c078f3b6baebffb74ba5274fb2ab276065"},
+    {file = "ruff-0.12.11-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:b8e33ac7b28c772440afa80cebb972ffd823621ded90404f29e5ab6d1e2d4b93"},
+    {file = "ruff-0.12.11-py3-none-macosx_11_0_arm64.whl", hash = "sha256:d69fb9d4937aa19adb2e9f058bc4fbfe986c2040acb1a4a9747734834eaa0bfd"},
+    {file = "ruff-0.12.11-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:411954eca8464595077a93e580e2918d0a01a19317af0a72132283e28ae21bee"},
+    {file = "ruff-0.12.11-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:6a2c0a2e1a450f387bf2c6237c727dd22191ae8c00e448e0672d624b2bbd7fb0"},
+    {file = "ruff-0.12.11-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:8ca4c3a7f937725fd2413c0e884b5248a19369ab9bdd850b5781348ba283f644"},
+    {file = "ruff-0.12.11-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:4d1df0098124006f6a66ecf3581a7f7e754c4df7644b2e6704cd7ca80ff95211"},
+    {file = "ruff-0.12.11-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5a8dd5f230efc99a24ace3b77e3555d3fbc0343aeed3fc84c8d89e75ab2ff793"},
+    {file = "ruff-0.12.11-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4dc75533039d0ed04cd33fb8ca9ac9620b99672fe7ff1533b6402206901c34ee"},
+    {file = "ruff-0.12.11-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4fc58f9266d62c6eccc75261a665f26b4ef64840887fc6cbc552ce5b29f96cc8"},
+    {file = "ruff-0.12.11-py3-none-manylinux_2_31_riscv64.whl", hash = "sha256:5a0113bd6eafd545146440225fe60b4e9489f59eb5f5f107acd715ba5f0b3d2f"},
+    {file = "ruff-0.12.11-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:0d737b4059d66295c3ea5720e6efc152623bb83fde5444209b69cd33a53e2000"},
+    {file = "ruff-0.12.11-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:916fc5defee32dbc1fc1650b576a8fed68f5e8256e2180d4d9855aea43d6aab2"},
+    {file = "ruff-0.12.11-py3-none-musllinux_1_2_i686.whl", hash = "sha256:c984f07d7adb42d3ded5be894fb4007f30f82c87559438b4879fe7aa08c62b39"},
+    {file = "ruff-0.12.11-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:e07fbb89f2e9249f219d88331c833860489b49cdf4b032b8e4432e9b13e8a4b9"},
+    {file = "ruff-0.12.11-py3-none-win32.whl", hash = "sha256:c792e8f597c9c756e9bcd4d87cf407a00b60af77078c96f7b6366ea2ce9ba9d3"},
+    {file = "ruff-0.12.11-py3-none-win_amd64.whl", hash = "sha256:a3283325960307915b6deb3576b96919ee89432ebd9c48771ca12ee8afe4a0fd"},
+    {file = "ruff-0.12.11-py3-none-win_arm64.whl", hash = "sha256:bae4d6e6a2676f8fb0f98b74594a048bae1b944aab17e9f5d504062303c6dbea"},
+    {file = "ruff-0.12.11.tar.gz", hash = "sha256:c6b09ae8426a65bbee5425b9d0b82796dbb07cb1af045743c79bfb163001165d"},
 ]
 
 [[package]]
@@ -1740,7 +1773,6 @@ files = [
     {file = "typing_extensions-4.14.1-py3-none-any.whl", hash = "sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76"},
     {file = "typing_extensions-4.14.1.tar.gz", hash = "sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36"},
 ]
-markers = {dev = "python_version < \"3.11\""}
 
 [[package]]
 name = "typing-inspection"
@@ -1897,4 +1929,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<4.0"
-content-hash = "ef7818fba061cea2841c6d7ca4852acde83e4f73b32fca1315e58660002bb0d0"
+content-hash = "0c40b63c3c921846cf05ccfb4e685d4959854b29c2c302245f9832e20aac6954"

autogpt_platform/autogpt_libs/pyproject.toml

@@ -9,6 +9,7 @@ packages = [{ include = "autogpt_libs" }]
 [tool.poetry.dependencies]
 python = ">=3.10,<4.0"
 colorama = "^0.4.6"
+cryptography = "^45.0"
 expiringdict = "^1.2.2"
 fastapi = "^0.116.1"
 google-cloud-logging = "^3.12.1"
@@ -21,11 +22,12 @@ supabase = "^2.16.0"
 uvicorn = "^0.35.0"
 
 [tool.poetry.group.dev.dependencies]
-ruff = "^0.12.9"
+pyright = "^1.1.404"
 pytest = "^8.4.1"
 pytest-asyncio = "^1.1.0"
 pytest-mock = "^3.14.1"
 pytest-cov = "^6.2.1"
+ruff = "^0.12.11"
 
 [build-system]
 requires = ["poetry-core"]

autogpt_platform/backend/backend/blocks/agent.py

@@ -1,8 +1,6 @@
 import logging
 from typing import Any, Optional
 
-from pydantic import JsonValue
-
 from backend.data.block import (
     Block,
     BlockCategory,
@@ -12,7 +10,7 @@ from backend.data.block import (
     BlockType,
     get_block,
 )
-from backend.data.execution import ExecutionStatus
+from backend.data.execution import ExecutionStatus, NodesInputMasks
 from backend.data.model import NodeExecutionStats, SchemaField
 from backend.util.json import validate_with_jsonschema
 from backend.util.retry import func_retry
@@ -33,7 +31,7 @@ class AgentExecutorBlock(Block):
         input_schema: dict = SchemaField(description="Input schema for the graph")
         output_schema: dict = SchemaField(description="Output schema for the graph")
 
-        nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = SchemaField(
+        nodes_input_masks: Optional[NodesInputMasks] = SchemaField(
             default=None, hidden=True
         )
 

autogpt_platform/backend/backend/blocks/ai_image_customizer.py

@@ -0,0 +1,154 @@
+from enum import Enum
+from typing import Literal
+
+from pydantic import SecretStr
+from replicate.client import Client as ReplicateClient
+from replicate.helpers import FileOutput
+
+from backend.data.block import Block, BlockCategory, BlockOutput, BlockSchema
+from backend.data.model import (
+    APIKeyCredentials,
+    CredentialsField,
+    CredentialsMetaInput,
+    SchemaField,
+)
+from backend.integrations.providers import ProviderName
+from backend.util.file import MediaFileType
+
+
+class GeminiImageModel(str, Enum):
+    NANO_BANANA = "google/nano-banana"
+
+
+class OutputFormat(str, Enum):
+    JPG = "jpg"
+    PNG = "png"
+
+
+TEST_CREDENTIALS = APIKeyCredentials(
+    id="01234567-89ab-cdef-0123-456789abcdef",
+    provider="replicate",
+    api_key=SecretStr("mock-replicate-api-key"),
+    title="Mock Replicate API key",
+    expires_at=None,
+)
+
+TEST_CREDENTIALS_INPUT = {
+    "provider": TEST_CREDENTIALS.provider,
+    "id": TEST_CREDENTIALS.id,
+    "type": TEST_CREDENTIALS.type,
+    "title": TEST_CREDENTIALS.title,
+}
+
+
+class AIImageCustomizerBlock(Block):
+    class Input(BlockSchema):
+        credentials: CredentialsMetaInput[
+            Literal[ProviderName.REPLICATE], Literal["api_key"]
+        ] = CredentialsField(
+            description="Replicate API key with permissions for Google Gemini image models",
+        )
+        prompt: str = SchemaField(
+            description="A text description of the image you want to generate",
+            title="Prompt",
+        )
+        model: GeminiImageModel = SchemaField(
+            description="The AI model to use for image generation and editing",
+            default=GeminiImageModel.NANO_BANANA,
+            title="Model",
+        )
+        images: list[MediaFileType] = SchemaField(
+            description="Optional list of input images to reference or modify",
+            default=[],
+            title="Input Images",
+        )
+        output_format: OutputFormat = SchemaField(
+            description="Format of the output image",
+            default=OutputFormat.PNG,
+            title="Output Format",
+        )
+
+    class Output(BlockSchema):
+        image_url: MediaFileType = SchemaField(description="URL of the generated image")
+        error: str = SchemaField(description="Error message if generation failed")
+
+    def __init__(self):
+        super().__init__(
+            id="d76bbe4c-930e-4894-8469-b66775511f71",
+            description=(
+                "Generate and edit custom images using Google's Nano-Banana model from Gemini 2.5. "
+                "Provide a prompt and optional reference images to create or modify images."
+            ),
+            categories={BlockCategory.AI, BlockCategory.MULTIMEDIA},
+            input_schema=AIImageCustomizerBlock.Input,
+            output_schema=AIImageCustomizerBlock.Output,
+            test_input={
+                "prompt": "Make the scene more vibrant and colorful",
+                "model": GeminiImageModel.NANO_BANANA,
+                "images": [],
+                "output_format": OutputFormat.JPG,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_output=[
+                ("image_url", "https://replicate.delivery/generated-image.jpg"),
+            ],
+            test_mock={
+                "run_model": lambda *args, **kwargs: MediaFileType(
+                    "https://replicate.delivery/generated-image.jpg"
+                ),
+            },
+            test_credentials=TEST_CREDENTIALS,
+        )
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: APIKeyCredentials,
+        graph_exec_id: str,
+        user_id: str,
+        **kwargs,
+    ) -> BlockOutput:
+        try:
+            result = await self.run_model(
+                api_key=credentials.api_key,
+                model_name=input_data.model.value,
+                prompt=input_data.prompt,
+                images=input_data.images,
+                output_format=input_data.output_format.value,
+            )
+            yield "image_url", result
+        except Exception as e:
+            yield "error", str(e)
+
+    async def run_model(
+        self,
+        api_key: SecretStr,
+        model_name: str,
+        prompt: str,
+        images: list[MediaFileType],
+        output_format: str,
+    ) -> MediaFileType:
+        client = ReplicateClient(api_token=api_key.get_secret_value())
+
+        input_params: dict = {
+            "prompt": prompt,
+            "output_format": output_format,
+        }
+
+        # Add images to input if provided (API expects "image_input" parameter)
+        if images:
+            input_params["image_input"] = [str(img) for img in images]
+
+        output: FileOutput | str = await client.async_run(  # type: ignore
+            model_name,
+            input=input_params,
+            wait=False,
+        )
+
+        if isinstance(output, FileOutput):
+            return MediaFileType(output.url)
+        if isinstance(output, str):
+            return MediaFileType(output)
+
+        raise ValueError("No output received from the model")

autogpt_platform/backend/backend/blocks/airtable/_api.py

@@ -661,6 +661,167 @@ async def update_field(
 #################################################################
 
 
+async def get_table_schema(
+    credentials: Credentials,
+    base_id: str,
+    table_id_or_name: str,
+) -> dict:
+    """
+    Get the schema for a specific table, including all field definitions.
+
+    Args:
+        credentials: Airtable API credentials
+        base_id: The base ID
+        table_id_or_name: The table ID or name
+
+    Returns:
+        Dict containing table schema with fields information
+    """
+    # First get all tables to find the right one
+    response = await Requests().get(
+        f"https://api.airtable.com/v0/meta/bases/{base_id}/tables",
+        headers={"Authorization": credentials.auth_header()},
+    )
+
+    data = response.json()
+    tables = data.get("tables", [])
+
+    # Find the matching table
+    for table in tables:
+        if table.get("id") == table_id_or_name or table.get("name") == table_id_or_name:
+            return table
+
+    raise ValueError(f"Table '{table_id_or_name}' not found in base '{base_id}'")
+
+
+def get_empty_value_for_field(field_type: str) -> Any:
+    """
+    Return the appropriate empty value for a given Airtable field type.
+
+    Args:
+        field_type: The Airtable field type
+
+    Returns:
+        The appropriate empty value for that field type
+    """
+    # Fields that should be false when empty
+    if field_type == "checkbox":
+        return False
+
+    # Fields that should be empty arrays
+    if field_type in [
+        "multipleSelects",
+        "multipleRecordLinks",
+        "multipleAttachments",
+        "multipleLookupValues",
+        "multipleCollaborators",
+    ]:
+        return []
+
+    # Fields that should be 0 when empty (numeric types)
+    if field_type in [
+        "number",
+        "percent",
+        "currency",
+        "rating",
+        "duration",
+        "count",
+        "autoNumber",
+    ]:
+        return 0
+
+    # Fields that should be empty strings
+    if field_type in [
+        "singleLineText",
+        "multilineText",
+        "email",
+        "url",
+        "phoneNumber",
+        "richText",
+        "barcode",
+    ]:
+        return ""
+
+    # Everything else gets null (dates, single selects, formulas, etc.)
+    return None
+
+
+async def normalize_records(
+    records: list[dict],
+    table_schema: dict,
+    include_field_metadata: bool = False,
+) -> dict:
+    """
+    Normalize Airtable records to include all fields with proper empty values.
+
+    Args:
+        records: List of record objects from Airtable API
+        table_schema: Table schema containing field definitions
+        include_field_metadata: Whether to include field metadata in response
+
+    Returns:
+        Dict with normalized records and optionally field metadata
+    """
+    fields = table_schema.get("fields", [])
+
+    # Normalize each record
+    normalized_records = []
+    for record in records:
+        normalized = {
+            "id": record.get("id"),
+            "createdTime": record.get("createdTime"),
+            "fields": {},
+        }
+
+        # Add existing fields
+        existing_fields = record.get("fields", {})
+
+        # Add all fields from schema, using empty values for missing ones
+        for field in fields:
+            field_name = field["name"]
+            field_type = field["type"]
+
+            if field_name in existing_fields:
+                # Field exists, use its value
+                normalized["fields"][field_name] = existing_fields[field_name]
+            else:
+                # Field is missing, add appropriate empty value
+                normalized["fields"][field_name] = get_empty_value_for_field(field_type)
+
+        normalized_records.append(normalized)
+
+    # Build result dictionary
+    if include_field_metadata:
+        field_metadata = {}
+        for field in fields:
+            metadata = {"type": field["type"], "id": field["id"]}
+
+            # Add type-specific metadata
+            options = field.get("options", {})
+            if field["type"] == "currency" and "symbol" in options:
+                metadata["symbol"] = options["symbol"]
+                metadata["precision"] = options.get("precision", 2)
+            elif field["type"] == "duration" and "durationFormat" in options:
+                metadata["format"] = options["durationFormat"]
+            elif field["type"] == "percent" and "precision" in options:
+                metadata["precision"] = options["precision"]
+            elif (
+                field["type"] in ["singleSelect", "multipleSelects"]
+                and "choices" in options
+            ):
+                metadata["choices"] = [choice["name"] for choice in options["choices"]]
+            elif field["type"] == "rating" and "max" in options:
+                metadata["max"] = options["max"]
+                metadata["icon"] = options.get("icon", "star")
+                metadata["color"] = options.get("color", "yellowBright")
+
+            field_metadata[field["name"]] = metadata
+
+        return {"records": normalized_records, "field_metadata": field_metadata}
+    else:
+        return {"records": normalized_records}
+
+
 async def list_records(
     credentials: Credentials,
     base_id: str,
@@ -1249,3 +1410,26 @@ async def list_bases(
     )
 
     return response.json()
+
+
+async def get_base_tables(
+    credentials: Credentials,
+    base_id: str,
+) -> list[dict]:
+    """
+    Get all tables for a specific base.
+
+    Args:
+        credentials: Airtable API credentials
+        base_id: The ID of the base
+
+    Returns:
+        list[dict]: List of table objects with their schemas
+    """
+    response = await Requests().get(
+        f"https://api.airtable.com/v0/meta/bases/{base_id}/tables",
+        headers={"Authorization": credentials.auth_header()},
+    )
+
+    data = response.json()
+    return data.get("tables", [])

autogpt_platform/backend/backend/blocks/airtable/bases.py

@@ -14,13 +14,13 @@ from backend.sdk import (
     SchemaField,
 )
 
-from ._api import create_base, list_bases
+from ._api import create_base, get_base_tables, list_bases
 from ._config import airtable
 
 
 class AirtableCreateBaseBlock(Block):
     """
-    Creates a new base in an Airtable workspace.
+    Creates a new base in an Airtable workspace, or returns existing base if one with the same name exists.
     """
 
     class Input(BlockSchema):
@@ -31,6 +31,10 @@ class AirtableCreateBaseBlock(Block):
             description="The workspace ID where the base will be created"
         )
         name: str = SchemaField(description="The name of the new base")
+        find_existing: bool = SchemaField(
+            description="If true, return existing base with same name instead of creating duplicate",
+            default=True,
+        )
         tables: list[dict] = SchemaField(
             description="At least one table and field must be specified. Array of table objects to create in the base. Each table should have 'name' and 'fields' properties",
             default=[
@@ -50,14 +54,18 @@ class AirtableCreateBaseBlock(Block):
         )
 
     class Output(BlockSchema):
-        base_id: str = SchemaField(description="The ID of the created base")
+        base_id: str = SchemaField(description="The ID of the created or found base")
         tables: list[dict] = SchemaField(description="Array of table objects")
         table: dict = SchemaField(description="A single table object")
+        was_created: bool = SchemaField(
+            description="True if a new base was created, False if existing was found",
+            default=True,
+        )
 
     def __init__(self):
         super().__init__(
             id="f59b88a8-54ce-4676-a508-fd614b4e8dce",
-            description="Create a new base in Airtable",
+            description="Create or find a base in Airtable",
             categories={BlockCategory.DATA},
             input_schema=self.Input,
             output_schema=self.Output,
@@ -66,6 +74,31 @@ class AirtableCreateBaseBlock(Block):
     async def run(
         self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
     ) -> BlockOutput:
+        # If find_existing is true, check if a base with this name already exists
+        if input_data.find_existing:
+            # List all bases to check for existing one with same name
+            # Note: Airtable API doesn't have a direct search, so we need to list and filter
+            existing_bases = await list_bases(credentials)
+
+            for base in existing_bases.get("bases", []):
+                if base.get("name") == input_data.name:
+                    # Base already exists, return it
+                    base_id = base.get("id")
+                    yield "base_id", base_id
+                    yield "was_created", False
+
+                    # Get the tables for this base
+                    try:
+                        tables = await get_base_tables(credentials, base_id)
+                        yield "tables", tables
+                        for table in tables:
+                            yield "table", table
+                    except Exception:
+                        # If we can't get tables, return empty list
+                        yield "tables", []
+                    return
+
+        # No existing base found or find_existing is false, create new one
         data = await create_base(
             credentials,
             input_data.workspace_id,
@@ -74,6 +107,7 @@ class AirtableCreateBaseBlock(Block):
         )
 
         yield "base_id", data.get("id", None)
+        yield "was_created", True
         yield "tables", data.get("tables", [])
         for table in data.get("tables", []):
             yield "table", table

autogpt_platform/backend/backend/blocks/airtable/records.py

@@ -2,7 +2,7 @@
 Airtable record operation blocks.
 """
 
-from typing import Optional
+from typing import Optional, cast
 
 from backend.sdk import (
     APIKeyCredentials,
@@ -18,7 +18,9 @@ from ._api import (
     create_record,
     delete_multiple_records,
     get_record,
+    get_table_schema,
     list_records,
+    normalize_records,
     update_multiple_records,
 )
 from ._config import airtable
@@ -54,12 +56,24 @@ class AirtableListRecordsBlock(Block):
         return_fields: list[str] = SchemaField(
             description="Specific fields to return (comma-separated)", default=[]
         )
+        normalize_output: bool = SchemaField(
+            description="Normalize output to include all fields with proper empty values (disable to skip schema fetch and get raw Airtable response)",
+            default=True,
+        )
+        include_field_metadata: bool = SchemaField(
+            description="Include field type and configuration metadata (requires normalize_output=true)",
+            default=False,
+        )
 
     class Output(BlockSchema):
         records: list[dict] = SchemaField(description="Array of record objects")
         offset: Optional[str] = SchemaField(
             description="Offset for next page (null if no more records)", default=None
         )
+        field_metadata: Optional[dict] = SchemaField(
+            description="Field type and configuration metadata (only when include_field_metadata=true)",
+            default=None,
+        )
 
     def __init__(self):
         super().__init__(
@@ -73,6 +87,7 @@ class AirtableListRecordsBlock(Block):
     async def run(
         self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
     ) -> BlockOutput:
+
         data = await list_records(
             credentials,
             input_data.base_id,
@@ -88,8 +103,33 @@ class AirtableListRecordsBlock(Block):
             fields=input_data.return_fields if input_data.return_fields else None,
         )
 
-        yield "records", data.get("records", [])
-        yield "offset", data.get("offset", None)
+        records = data.get("records", [])
+
+        # Normalize output if requested
+        if input_data.normalize_output:
+            # Fetch table schema
+            table_schema = await get_table_schema(
+                credentials, input_data.base_id, input_data.table_id_or_name
+            )
+
+            # Normalize the records
+            normalized_data = await normalize_records(
+                records,
+                table_schema,
+                include_field_metadata=input_data.include_field_metadata,
+            )
+
+            yield "records", normalized_data["records"]
+            yield "offset", data.get("offset", None)
+
+            if (
+                input_data.include_field_metadata
+                and "field_metadata" in normalized_data
+            ):
+                yield "field_metadata", normalized_data["field_metadata"]
+        else:
+            yield "records", records
+            yield "offset", data.get("offset", None)
 
 
 class AirtableGetRecordBlock(Block):
@@ -104,11 +144,23 @@ class AirtableGetRecordBlock(Block):
         base_id: str = SchemaField(description="The Airtable base ID")
         table_id_or_name: str = SchemaField(description="Table ID or name")
         record_id: str = SchemaField(description="The record ID to retrieve")
+        normalize_output: bool = SchemaField(
+            description="Normalize output to include all fields with proper empty values (disable to skip schema fetch and get raw Airtable response)",
+            default=True,
+        )
+        include_field_metadata: bool = SchemaField(
+            description="Include field type and configuration metadata (requires normalize_output=true)",
+            default=False,
+        )
 
     class Output(BlockSchema):
         id: str = SchemaField(description="The record ID")
         fields: dict = SchemaField(description="The record fields")
         created_time: str = SchemaField(description="The record created time")
+        field_metadata: Optional[dict] = SchemaField(
+            description="Field type and configuration metadata (only when include_field_metadata=true)",
+            default=None,
+        )
 
     def __init__(self):
         super().__init__(
@@ -122,6 +174,7 @@ class AirtableGetRecordBlock(Block):
     async def run(
         self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
     ) -> BlockOutput:
+
         record = await get_record(
             credentials,
             input_data.base_id,
@@ -129,9 +182,34 @@ class AirtableGetRecordBlock(Block):
             input_data.record_id,
         )
 
-        yield "id", record.get("id", None)
-        yield "fields", record.get("fields", None)
-        yield "created_time", record.get("createdTime", None)
+        # Normalize output if requested
+        if input_data.normalize_output:
+            # Fetch table schema
+            table_schema = await get_table_schema(
+                credentials, input_data.base_id, input_data.table_id_or_name
+            )
+
+            # Normalize the single record (wrap in list and unwrap result)
+            normalized_data = await normalize_records(
+                [record],
+                table_schema,
+                include_field_metadata=input_data.include_field_metadata,
+            )
+
+            normalized_record = normalized_data["records"][0]
+            yield "id", normalized_record.get("id", None)
+            yield "fields", normalized_record.get("fields", None)
+            yield "created_time", normalized_record.get("createdTime", None)
+
+            if (
+                input_data.include_field_metadata
+                and "field_metadata" in normalized_data
+            ):
+                yield "field_metadata", normalized_data["field_metadata"]
+        else:
+            yield "id", record.get("id", None)
+            yield "fields", record.get("fields", None)
+            yield "created_time", record.get("createdTime", None)
 
 
 class AirtableCreateRecordsBlock(Block):
@@ -148,6 +226,10 @@ class AirtableCreateRecordsBlock(Block):
         records: list[dict] = SchemaField(
             description="Array of records to create (each with 'fields' object)"
         )
+        skip_normalization: bool = SchemaField(
+            description="Skip output normalization to get raw Airtable response (faster but may have missing fields)",
+            default=False,
+        )
         typecast: bool = SchemaField(
             description="Automatically convert string values to appropriate types",
             default=False,
@@ -159,7 +241,6 @@ class AirtableCreateRecordsBlock(Block):
 
     class Output(BlockSchema):
         records: list[dict] = SchemaField(description="Array of created record objects")
-        details: dict = SchemaField(description="Details of the created records")
 
     def __init__(self):
         super().__init__(
@@ -173,7 +254,7 @@ class AirtableCreateRecordsBlock(Block):
     async def run(
         self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
     ) -> BlockOutput:
-        # The create_record API expects records in a specific format
+
         data = await create_record(
             credentials,
             input_data.base_id,
@@ -182,11 +263,22 @@ class AirtableCreateRecordsBlock(Block):
             typecast=input_data.typecast if input_data.typecast else None,
             return_fields_by_field_id=input_data.return_fields_by_field_id,
         )
+        result_records = cast(list[dict], data.get("records", []))
 
-        yield "records", data.get("records", [])
-        details = data.get("details", None)
-        if details:
-            yield "details", details
+        # Normalize output unless explicitly disabled
+        if not input_data.skip_normalization and result_records:
+            # Fetch table schema
+            table_schema = await get_table_schema(
+                credentials, input_data.base_id, input_data.table_id_or_name
+            )
+
+            # Normalize the records
+            normalized_data = await normalize_records(
+                result_records, table_schema, include_field_metadata=False
+            )
+            result_records = normalized_data["records"]
+
+        yield "records", result_records
 
 
 class AirtableUpdateRecordsBlock(Block):

autogpt_platform/backend/backend/blocks/bannerbear/__init__.py

@@ -0,0 +1,3 @@
+from .text_overlay import BannerbearTextOverlayBlock
+
+__all__ = ["BannerbearTextOverlayBlock"]

autogpt_platform/backend/backend/blocks/bannerbear/_config.py

@@ -0,0 +1,8 @@
+from backend.sdk import BlockCostType, ProviderBuilder
+
+bannerbear = (
+    ProviderBuilder("bannerbear")
+    .with_api_key("BANNERBEAR_API_KEY", "Bannerbear API Key")
+    .with_base_cost(1, BlockCostType.RUN)
+    .build()
+)

autogpt_platform/backend/backend/blocks/bannerbear/text_overlay.py

@@ -0,0 +1,239 @@
+import uuid
+from typing import TYPE_CHECKING, Any, Dict, List
+
+if TYPE_CHECKING:
+    pass
+
+from pydantic import SecretStr
+
+from backend.sdk import (
+    APIKeyCredentials,
+    Block,
+    BlockCategory,
+    BlockOutput,
+    BlockSchema,
+    CredentialsMetaInput,
+    Requests,
+    SchemaField,
+)
+
+from ._config import bannerbear
+
+TEST_CREDENTIALS = APIKeyCredentials(
+    id="01234567-89ab-cdef-0123-456789abcdef",
+    provider="bannerbear",
+    api_key=SecretStr("mock-bannerbear-api-key"),
+    title="Mock Bannerbear API Key",
+)
+
+
+class TextModification(BlockSchema):
+    name: str = SchemaField(
+        description="The name of the layer to modify in the template"
+    )
+    text: str = SchemaField(description="The text content to add to this layer")
+    color: str = SchemaField(
+        description="Hex color code for the text (e.g., '#FF0000')",
+        default="",
+        advanced=True,
+    )
+    font_family: str = SchemaField(
+        description="Font family to use for the text",
+        default="",
+        advanced=True,
+    )
+    font_size: int = SchemaField(
+        description="Font size in pixels",
+        default=0,
+        advanced=True,
+    )
+    font_weight: str = SchemaField(
+        description="Font weight (e.g., 'bold', 'normal')",
+        default="",
+        advanced=True,
+    )
+    text_align: str = SchemaField(
+        description="Text alignment (left, center, right)",
+        default="",
+        advanced=True,
+    )
+
+
+class BannerbearTextOverlayBlock(Block):
+    class Input(BlockSchema):
+        credentials: CredentialsMetaInput = bannerbear.credentials_field(
+            description="API credentials for Bannerbear"
+        )
+        template_id: str = SchemaField(
+            description="The unique ID of your Bannerbear template"
+        )
+        project_id: str = SchemaField(
+            description="Optional: Project ID (required when using Master API Key)",
+            default="",
+            advanced=True,
+        )
+        text_modifications: List[TextModification] = SchemaField(
+            description="List of text layers to modify in the template"
+        )
+        image_url: str = SchemaField(
+            description="Optional: URL of an image to use in the template",
+            default="",
+            advanced=True,
+        )
+        image_layer_name: str = SchemaField(
+            description="Optional: Name of the image layer in the template",
+            default="photo",
+            advanced=True,
+        )
+        webhook_url: str = SchemaField(
+            description="Optional: URL to receive webhook notification when image is ready",
+            default="",
+            advanced=True,
+        )
+        metadata: str = SchemaField(
+            description="Optional: Custom metadata to attach to the image",
+            default="",
+            advanced=True,
+        )
+
+    class Output(BlockSchema):
+        success: bool = SchemaField(
+            description="Whether the image generation was successfully initiated"
+        )
+        image_url: str = SchemaField(
+            description="URL of the generated image (if synchronous) or placeholder"
+        )
+        uid: str = SchemaField(description="Unique identifier for the generated image")
+        status: str = SchemaField(description="Status of the image generation")
+        error: str = SchemaField(description="Error message if the operation failed")
+
+    def __init__(self):
+        super().__init__(
+            id="c7d3a5c2-05fc-450e-8dce-3b0e04626009",
+            description="Add text overlay to images using Bannerbear templates. Perfect for creating social media graphics, marketing materials, and dynamic image content.",
+            categories={BlockCategory.PRODUCTIVITY, BlockCategory.AI},
+            input_schema=self.Input,
+            output_schema=self.Output,
+            test_input={
+                "template_id": "jJWBKNELpQPvbX5R93Gk",
+                "text_modifications": [
+                    {
+                        "name": "headline",
+                        "text": "Amazing Product Launch!",
+                        "color": "#FF0000",
+                    },
+                    {
+                        "name": "subtitle",
+                        "text": "50% OFF Today Only",
+                    },
+                ],
+                "credentials": {
+                    "provider": "bannerbear",
+                    "id": str(uuid.uuid4()),
+                    "type": "api_key",
+                },
+            },
+            test_output=[
+                ("success", True),
+                ("image_url", "https://cdn.bannerbear.com/test-image.jpg"),
+                ("uid", "test-uid-123"),
+                ("status", "completed"),
+            ],
+            test_mock={
+                "_make_api_request": lambda *args, **kwargs: {
+                    "uid": "test-uid-123",
+                    "status": "completed",
+                    "image_url": "https://cdn.bannerbear.com/test-image.jpg",
+                }
+            },
+            test_credentials=TEST_CREDENTIALS,
+        )
+
+    async def _make_api_request(self, payload: dict, api_key: str) -> dict:
+        """Make the actual API request to Bannerbear. This is separated for easy mocking in tests."""
+        headers = {
+            "Authorization": f"Bearer {api_key}",
+            "Content-Type": "application/json",
+        }
+
+        response = await Requests().post(
+            "https://sync.api.bannerbear.com/v2/images",
+            headers=headers,
+            json=payload,
+        )
+
+        if response.status in [200, 201, 202]:
+            return response.json()
+        else:
+            error_msg = f"API request failed with status {response.status}"
+            if response.text:
+                try:
+                    error_data = response.json()
+                    error_msg = (
+                        f"{error_msg}: {error_data.get('message', response.text)}"
+                    )
+                except Exception:
+                    error_msg = f"{error_msg}: {response.text}"
+            raise Exception(error_msg)
+
+    async def run(
+        self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
+    ) -> BlockOutput:
+        # Build the modifications array
+        modifications = []
+
+        # Add text modifications
+        for text_mod in input_data.text_modifications:
+            mod_data: Dict[str, Any] = {
+                "name": text_mod.name,
+                "text": text_mod.text,
+            }
+
+            # Add optional text styling parameters only if they have values
+            if text_mod.color and text_mod.color.strip():
+                mod_data["color"] = text_mod.color
+            if text_mod.font_family and text_mod.font_family.strip():
+                mod_data["font_family"] = text_mod.font_family
+            if text_mod.font_size and text_mod.font_size > 0:
+                mod_data["font_size"] = text_mod.font_size
+            if text_mod.font_weight and text_mod.font_weight.strip():
+                mod_data["font_weight"] = text_mod.font_weight
+            if text_mod.text_align and text_mod.text_align.strip():
+                mod_data["text_align"] = text_mod.text_align
+
+            modifications.append(mod_data)
+
+        # Add image modification if provided and not empty
+        if input_data.image_url and input_data.image_url.strip():
+            modifications.append(
+                {
+                    "name": input_data.image_layer_name,
+                    "image_url": input_data.image_url,
+                }
+            )
+
+        # Build the request payload - only include non-empty optional fields
+        payload = {
+            "template": input_data.template_id,
+            "modifications": modifications,
+        }
+
+        # Add project_id if provided (required for Master API keys)
+        if input_data.project_id and input_data.project_id.strip():
+            payload["project_id"] = input_data.project_id
+
+        if input_data.webhook_url and input_data.webhook_url.strip():
+            payload["webhook_url"] = input_data.webhook_url
+        if input_data.metadata and input_data.metadata.strip():
+            payload["metadata"] = input_data.metadata
+
+        # Make the API request using the private method
+        data = await self._make_api_request(
+            payload, credentials.api_key.get_secret_value()
+        )
+
+        # Synchronous request - image should be ready
+        yield "success", True
+        yield "image_url", data.get("image_url", "")
+        yield "uid", data.get("uid", "")
+        yield "status", data.get("status", "completed")

autogpt_platform/backend/backend/blocks/google/gmail.py

@@ -1094,6 +1094,117 @@ class GmailGetThreadBlock(GmailBase):
         return thread
 
 
+async def _build_reply_message(
+    service, input_data, graph_exec_id: str, user_id: str
+) -> tuple[str, str]:
+    """
+    Builds a reply MIME message for Gmail threads.
+
+    Returns:
+        tuple: (base64-encoded raw message, threadId)
+    """
+    # Get parent message for reply context
+    parent = await asyncio.to_thread(
+        lambda: service.users()
+        .messages()
+        .get(
+            userId="me",
+            id=input_data.parentMessageId,
+            format="metadata",
+            metadataHeaders=[
+                "Subject",
+                "References",
+                "Message-ID",
+                "From",
+                "To",
+                "Cc",
+                "Reply-To",
+            ],
+        )
+        .execute()
+    )
+
+    # Build headers dictionary, preserving all values for duplicate headers
+    headers = {}
+    for h in parent.get("payload", {}).get("headers", []):
+        name = h["name"].lower()
+        value = h["value"]
+        if name in headers:
+            # For duplicate headers, keep the first occurrence (most relevant for reply context)
+            continue
+        headers[name] = value
+
+    # Determine recipients if not specified
+    if not (input_data.to or input_data.cc or input_data.bcc):
+        if input_data.replyAll:
+            recipients = [parseaddr(headers.get("from", ""))[1]]
+            recipients += [addr for _, addr in getaddresses([headers.get("to", "")])]
+            recipients += [addr for _, addr in getaddresses([headers.get("cc", "")])]
+            # Use dict.fromkeys() for O(n) deduplication while preserving order
+            input_data.to = list(dict.fromkeys(filter(None, recipients)))
+        else:
+            # Check Reply-To header first, fall back to From header
+            reply_to = headers.get("reply-to", "")
+            from_addr = headers.get("from", "")
+            sender = parseaddr(reply_to if reply_to else from_addr)[1]
+            input_data.to = [sender] if sender else []
+
+    # Set subject with Re: prefix if not already present
+    if input_data.subject:
+        subject = input_data.subject
+    else:
+        parent_subject = headers.get("subject", "").strip()
+        # Only add "Re:" if not already present (case-insensitive check)
+        if parent_subject.lower().startswith("re:"):
+            subject = parent_subject
+        else:
+            subject = f"Re: {parent_subject}" if parent_subject else "Re:"
+
+    # Build references header for proper threading
+    references = headers.get("references", "").split()
+    if headers.get("message-id"):
+        references.append(headers["message-id"])
+
+    # Create MIME message
+    msg = MIMEMultipart()
+    if input_data.to:
+        msg["To"] = ", ".join(input_data.to)
+    if input_data.cc:
+        msg["Cc"] = ", ".join(input_data.cc)
+    if input_data.bcc:
+        msg["Bcc"] = ", ".join(input_data.bcc)
+    msg["Subject"] = subject
+    if headers.get("message-id"):
+        msg["In-Reply-To"] = headers["message-id"]
+    if references:
+        msg["References"] = " ".join(references)
+
+    # Use the helper function for consistent content type handling
+    msg.attach(_make_mime_text(input_data.body, input_data.content_type))
+
+    # Handle attachments
+    for attach in input_data.attachments:
+        local_path = await store_media_file(
+            user_id=user_id,
+            graph_exec_id=graph_exec_id,
+            file=attach,
+            return_content=False,
+        )
+        abs_path = get_exec_file_path(graph_exec_id, local_path)
+        part = MIMEBase("application", "octet-stream")
+        with open(abs_path, "rb") as f:
+            part.set_payload(f.read())
+        encoders.encode_base64(part)
+        part.add_header(
+            "Content-Disposition", f"attachment; filename={Path(abs_path).name}"
+        )
+        msg.attach(part)
+
+    # Encode message
+    raw = base64.urlsafe_b64encode(msg.as_bytes()).decode("utf-8")
+    return raw, input_data.threadId
+
+
 class GmailReplyBlock(GmailBase):
     """
     Replies to Gmail threads with intelligent content type detection.
@@ -1230,93 +1341,146 @@ class GmailReplyBlock(GmailBase):
     async def _reply(
         self, service, input_data: Input, graph_exec_id: str, user_id: str
     ) -> dict:
-        parent = await asyncio.to_thread(
-            lambda: service.users()
-            .messages()
-            .get(
-                userId="me",
-                id=input_data.parentMessageId,
-                format="metadata",
-                metadataHeaders=[
-                    "Subject",
-                    "References",
-                    "Message-ID",
-                    "From",
-                    "To",
-                    "Cc",
-                    "Reply-To",
-                ],
-            )
-            .execute()
+        # Build the reply message using the shared helper
+        raw, thread_id = await _build_reply_message(
+            service, input_data, graph_exec_id, user_id
         )
 
-        headers = {
-            h["name"].lower(): h["value"]
-            for h in parent.get("payload", {}).get("headers", [])
-        }
-        if not (input_data.to or input_data.cc or input_data.bcc):
-            if input_data.replyAll:
-                recipients = [parseaddr(headers.get("from", ""))[1]]
-                recipients += [
-                    addr for _, addr in getaddresses([headers.get("to", "")])
-                ]
-                recipients += [
-                    addr for _, addr in getaddresses([headers.get("cc", "")])
-                ]
-                dedup: list[str] = []
-                for r in recipients:
-                    if r and r not in dedup:
-                        dedup.append(r)
-                input_data.to = dedup
-            else:
-                sender = parseaddr(headers.get("reply-to", headers.get("from", "")))[1]
-                input_data.to = [sender] if sender else []
-        subject = input_data.subject or (f"Re: {headers.get('subject', '')}".strip())
-        references = headers.get("references", "").split()
-        if headers.get("message-id"):
-            references.append(headers["message-id"])
-
-        msg = MIMEMultipart()
-        if input_data.to:
-            msg["To"] = ", ".join(input_data.to)
-        if input_data.cc:
-            msg["Cc"] = ", ".join(input_data.cc)
-        if input_data.bcc:
-            msg["Bcc"] = ", ".join(input_data.bcc)
-        msg["Subject"] = subject
-        if headers.get("message-id"):
-            msg["In-Reply-To"] = headers["message-id"]
-        if references:
-            msg["References"] = " ".join(references)
-        # Use the new helper function for consistent content type handling
-        msg.attach(_make_mime_text(input_data.body, input_data.content_type))
-
-        for attach in input_data.attachments:
-            local_path = await store_media_file(
-                user_id=user_id,
-                graph_exec_id=graph_exec_id,
-                file=attach,
-                return_content=False,
-            )
-            abs_path = get_exec_file_path(graph_exec_id, local_path)
-            part = MIMEBase("application", "octet-stream")
-            with open(abs_path, "rb") as f:
-                part.set_payload(f.read())
-            encoders.encode_base64(part)
-            part.add_header(
-                "Content-Disposition", f"attachment; filename={Path(abs_path).name}"
-            )
-            msg.attach(part)
-
-        raw = base64.urlsafe_b64encode(msg.as_bytes()).decode("utf-8")
+        # Send the message
         return await asyncio.to_thread(
             lambda: service.users()
             .messages()
-            .send(userId="me", body={"threadId": input_data.threadId, "raw": raw})
+            .send(userId="me", body={"threadId": thread_id, "raw": raw})
             .execute()
         )
 
 
+class GmailDraftReplyBlock(GmailBase):
+    """
+    Creates draft replies to Gmail threads with intelligent content type detection.
+
+    Features:
+    - Automatic HTML detection: Draft replies containing HTML tags are formatted as text/html
+    - No hard-wrap for plain text: Plain text draft replies preserve natural line flow
+    - Manual content type override: Use content_type parameter to force specific format
+    - Reply-all functionality: Option to reply to all original recipients
+    - Thread preservation: Maintains proper email threading with headers
+    - Full Unicode/emoji support with UTF-8 encoding
+    """
+
+    class Input(BlockSchema):
+        credentials: GoogleCredentialsInput = GoogleCredentialsField(
+            [
+                "https://www.googleapis.com/auth/gmail.modify",
+                "https://www.googleapis.com/auth/gmail.readonly",
+            ]
+        )
+        threadId: str = SchemaField(description="Thread ID to reply in")
+        parentMessageId: str = SchemaField(
+            description="ID of the message being replied to"
+        )
+        to: list[str] = SchemaField(description="To recipients", default_factory=list)
+        cc: list[str] = SchemaField(description="CC recipients", default_factory=list)
+        bcc: list[str] = SchemaField(description="BCC recipients", default_factory=list)
+        replyAll: bool = SchemaField(
+            description="Reply to all original recipients", default=False
+        )
+        subject: str = SchemaField(description="Email subject", default="")
+        body: str = SchemaField(description="Email body (plain text or HTML)")
+        content_type: Optional[Literal["auto", "plain", "html"]] = SchemaField(
+            description="Content type: 'auto' (default - detects HTML), 'plain', or 'html'",
+            default=None,
+            advanced=True,
+        )
+        attachments: list[MediaFileType] = SchemaField(
+            description="Files to attach", default_factory=list, advanced=True
+        )
+
+    class Output(BlockSchema):
+        draftId: str = SchemaField(description="Created draft ID")
+        messageId: str = SchemaField(description="Draft message ID")
+        threadId: str = SchemaField(description="Thread ID")
+        status: str = SchemaField(description="Draft creation status")
+        error: str = SchemaField(description="Error message if any")
+
+    def __init__(self):
+        super().__init__(
+            id="d7a9f3e2-8b4c-4d6f-9e1a-3c5b7f8d2a6e",
+            description="Create draft replies to Gmail threads with automatic HTML detection and proper text formatting. Plain text draft replies maintain natural paragraph flow without 78-character line wrapping. HTML content is automatically detected and formatted correctly.",
+            categories={BlockCategory.COMMUNICATION},
+            input_schema=GmailDraftReplyBlock.Input,
+            output_schema=GmailDraftReplyBlock.Output,
+            disabled=not GOOGLE_OAUTH_IS_CONFIGURED,
+            test_input={
+                "threadId": "t1",
+                "parentMessageId": "m1",
+                "body": "Thanks for your message. I'll review and get back to you.",
+                "replyAll": False,
+                "credentials": TEST_CREDENTIALS_INPUT,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("draftId", "draft1"),
+                ("messageId", "m2"),
+                ("threadId", "t1"),
+                ("status", "draft_created"),
+            ],
+            test_mock={
+                "_create_draft_reply": lambda *args, **kwargs: {
+                    "id": "draft1",
+                    "message": {"id": "m2", "threadId": "t1"},
+                }
+            },
+        )
+
+    async def run(
+        self,
+        input_data: Input,
+        *,
+        credentials: GoogleCredentials,
+        graph_exec_id: str,
+        user_id: str,
+        **kwargs,
+    ) -> BlockOutput:
+        service = self._build_service(credentials, **kwargs)
+        draft = await self._create_draft_reply(
+            service,
+            input_data,
+            graph_exec_id,
+            user_id,
+        )
+        yield "draftId", draft["id"]
+        yield "messageId", draft["message"]["id"]
+        yield "threadId", draft["message"].get("threadId", input_data.threadId)
+        yield "status", "draft_created"
+
+    async def _create_draft_reply(
+        self, service, input_data: Input, graph_exec_id: str, user_id: str
+    ) -> dict:
+        # Build the reply message using the shared helper
+        raw, thread_id = await _build_reply_message(
+            service, input_data, graph_exec_id, user_id
+        )
+
+        # Create draft with proper thread association
+        draft = await asyncio.to_thread(
+            lambda: service.users()
+            .drafts()
+            .create(
+                userId="me",
+                body={
+                    "message": {
+                        "threadId": thread_id,
+                        "raw": raw,
+                    }
+                },
+            )
+            .execute()
+        )
+
+        return draft
+
+
 class GmailGetProfileBlock(GmailBase):
     class Input(BlockSchema):
         credentials: GoogleCredentialsInput = GoogleCredentialsField(

autogpt_platform/backend/backend/blocks/test/test_smart_decision_maker.py

@@ -35,20 +35,19 @@ async def execute_graph(
     logger.info("Input data: %s", input_data)
 
     # --- Test adding new executions --- #
-    response = await agent_server.test_execute_graph(
+    graph_exec = await agent_server.test_execute_graph(
         user_id=test_user.id,
         graph_id=test_graph.id,
         graph_version=test_graph.version,
         node_input=input_data,
     )
-    graph_exec_id = response.graph_exec_id
-    logger.info("Created execution with ID: %s", graph_exec_id)
+    logger.info("Created execution with ID: %s", graph_exec.id)
 
     # Execution queue should be empty
     logger.info("Waiting for execution to complete...")
-    result = await wait_execution(test_user.id, graph_exec_id, 30)
+    result = await wait_execution(test_user.id, graph_exec.id, 30)
     logger.info("Execution completed with %d results", len(result))
-    return graph_exec_id
+    return graph_exec.id
 
 
 @pytest.mark.asyncio(loop_scope="session")

autogpt_platform/backend/backend/data/__init__.py

@@ -1,5 +1,8 @@
+from backend.server.v2.library.model import LibraryAgentPreset
+
 from .graph import NodeModel
 from .integrations import Webhook  # noqa: F401
 
-# Resolve Webhook <- NodeModel forward reference
+# Resolve Webhook forward references
 NodeModel.model_rebuild()
+LibraryAgentPreset.model_rebuild()

autogpt_platform/backend/backend/data/api_key.py

@@ -1,57 +1,31 @@
 import logging
 import uuid
 from datetime import datetime, timezone
-from typing import List, Optional
+from typing import Optional
 
-from autogpt_libs.api_key.key_manager import APIKeyManager
+from autogpt_libs.api_key.keysmith import APIKeySmith
 from prisma.enums import APIKeyPermission, APIKeyStatus
-from prisma.errors import PrismaError
 from prisma.models import APIKey as PrismaAPIKey
-from prisma.types import (
-    APIKeyCreateInput,
-    APIKeyUpdateInput,
-    APIKeyWhereInput,
-    APIKeyWhereUniqueInput,
-)
-from pydantic import BaseModel
+from prisma.types import APIKeyWhereUniqueInput
+from pydantic import BaseModel, Field
 
-from backend.data.db import BaseDbModel
+from backend.util.exceptions import NotAuthorizedError, NotFoundError
 
 logger = logging.getLogger(__name__)
+keysmith = APIKeySmith()
 
 
-# Some basic exceptions
-class APIKeyError(Exception):
-    """Base exception for API key operations"""
-
-    pass
-
-
-class APIKeyNotFoundError(APIKeyError):
-    """Raised when an API key is not found"""
-
-    pass
-
-
-class APIKeyPermissionError(APIKeyError):
-    """Raised when there are permission issues with API key operations"""
-
-    pass
-
-
-class APIKeyValidationError(APIKeyError):
-    """Raised when API key validation fails"""
-
-    pass
-
-
-class APIKey(BaseDbModel):
+class APIKeyInfo(BaseModel):
+    id: str
     name: str
-    prefix: str
-    key: str
-    status: APIKeyStatus = APIKeyStatus.ACTIVE
-    permissions: List[APIKeyPermission]
-    postfix: str
+    head: str = Field(
+        description=f"The first {APIKeySmith.HEAD_LENGTH} characters of the key"
+    )
+    tail: str = Field(
+        description=f"The last {APIKeySmith.TAIL_LENGTH} characters of the key"
+    )
+    status: APIKeyStatus
+    permissions: list[APIKeyPermission]
     created_at: datetime
     last_used_at: Optional[datetime] = None
     revoked_at: Optional[datetime] = None
@@ -60,266 +34,211 @@ class APIKey(BaseDbModel):
 
     @staticmethod
     def from_db(api_key: PrismaAPIKey):
-        try:
-            return APIKey(
-                id=api_key.id,
-                name=api_key.name,
-                prefix=api_key.prefix,
-                postfix=api_key.postfix,
-                key=api_key.key,
-                status=APIKeyStatus(api_key.status),
-                permissions=[APIKeyPermission(p) for p in api_key.permissions],
-                created_at=api_key.createdAt,
-                last_used_at=api_key.lastUsedAt,
-                revoked_at=api_key.revokedAt,
-                description=api_key.description,
-                user_id=api_key.userId,
-            )
-        except Exception as e:
-            logger.error(f"Error creating APIKey from db: {str(e)}")
-            raise APIKeyError(f"Failed to create API key object: {str(e)}")
+        return APIKeyInfo(
+            id=api_key.id,
+            name=api_key.name,
+            head=api_key.head,
+            tail=api_key.tail,
+            status=APIKeyStatus(api_key.status),
+            permissions=[APIKeyPermission(p) for p in api_key.permissions],
+            created_at=api_key.createdAt,
+            last_used_at=api_key.lastUsedAt,
+            revoked_at=api_key.revokedAt,
+            description=api_key.description,
+            user_id=api_key.userId,
+        )
 
 
-class APIKeyWithoutHash(BaseModel):
-    id: str
-    name: str
-    prefix: str
-    postfix: str
-    status: APIKeyStatus
-    permissions: List[APIKeyPermission]
-    created_at: datetime
-    last_used_at: Optional[datetime]
-    revoked_at: Optional[datetime]
-    description: Optional[str]
-    user_id: str
+class APIKeyInfoWithHash(APIKeyInfo):
+    hash: str
+    salt: str | None = None  # None for legacy keys
+
+    def match(self, plaintext_key: str) -> bool:
+        """Returns whether the given key matches this API key object."""
+        return keysmith.verify_key(plaintext_key, self.hash, self.salt)
 
     @staticmethod
     def from_db(api_key: PrismaAPIKey):
-        try:
-            return APIKeyWithoutHash(
-                id=api_key.id,
-                name=api_key.name,
-                prefix=api_key.prefix,
-                postfix=api_key.postfix,
-                status=APIKeyStatus(api_key.status),
-                permissions=[APIKeyPermission(p) for p in api_key.permissions],
-                created_at=api_key.createdAt,
-                last_used_at=api_key.lastUsedAt,
-                revoked_at=api_key.revokedAt,
-                description=api_key.description,
-                user_id=api_key.userId,
-            )
-        except Exception as e:
-            logger.error(f"Error creating APIKeyWithoutHash from db: {str(e)}")
-            raise APIKeyError(f"Failed to create API key object: {str(e)}")
+        return APIKeyInfoWithHash(
+            **APIKeyInfo.from_db(api_key).model_dump(),
+            hash=api_key.hash,
+            salt=api_key.salt,
+        )
+
+    def without_hash(self) -> APIKeyInfo:
+        return APIKeyInfo(**self.model_dump(exclude={"hash", "salt"}))
 
 
-async def generate_api_key(
+async def create_api_key(
     name: str,
     user_id: str,
-    permissions: List[APIKeyPermission],
+    permissions: list[APIKeyPermission],
     description: Optional[str] = None,
-) -> tuple[APIKeyWithoutHash, str]:
+) -> tuple[APIKeyInfo, str]:
     """
     Generate a new API key and store it in the database.
     Returns the API key object (without hash) and the plain text key.
     """
-    try:
-        api_manager = APIKeyManager()
-        key = api_manager.generate_api_key()
+    generated_key = keysmith.generate_key()
 
-        api_key = await PrismaAPIKey.prisma().create(
-            data=APIKeyCreateInput(
-                id=str(uuid.uuid4()),
-                name=name,
-                prefix=key.prefix,
-                postfix=key.postfix,
-                key=key.hash,
-                permissions=[p for p in permissions],
-                description=description,
-                userId=user_id,
-            )
-        )
+    saved_key_obj = await PrismaAPIKey.prisma().create(
+        data={
+            "id": str(uuid.uuid4()),
+            "name": name,
+            "head": generated_key.head,
+            "tail": generated_key.tail,
+            "hash": generated_key.hash,
+            "salt": generated_key.salt,
+            "permissions": [p for p in permissions],
+            "description": description,
+            "userId": user_id,
+        }
+    )
 
-        api_key_without_hash = APIKeyWithoutHash.from_db(api_key)
-        return api_key_without_hash, key.raw
-    except PrismaError as e:
-        logger.error(f"Database error while generating API key: {str(e)}")
-        raise APIKeyError(f"Failed to generate API key: {str(e)}")
-    except Exception as e:
-        logger.error(f"Unexpected error while generating API key: {str(e)}")
-        raise APIKeyError(f"Failed to generate API key: {str(e)}")
+    return APIKeyInfo.from_db(saved_key_obj), generated_key.key
 
 
-async def validate_api_key(plain_text_key: str) -> Optional[APIKey]:
+async def get_active_api_keys_by_head(head: str) -> list[APIKeyInfoWithHash]:
+    results = await PrismaAPIKey.prisma().find_many(
+        where={"head": head, "status": APIKeyStatus.ACTIVE}
+    )
+    return [APIKeyInfoWithHash.from_db(key) for key in results]
+
+
+async def validate_api_key(plaintext_key: str) -> Optional[APIKeyInfo]:
     """
-    Validate an API key and return the API key object if valid.
+    Validate an API key and return the API key object if valid and active.
     """
     try:
-        if not plain_text_key.startswith(APIKeyManager.PREFIX):
+        if not plaintext_key.startswith(APIKeySmith.PREFIX):
             logger.warning("Invalid API key format")
             return None
 
-        prefix = plain_text_key[: APIKeyManager.PREFIX_LENGTH]
-        api_manager = APIKeyManager()
+        head = plaintext_key[: APIKeySmith.HEAD_LENGTH]
+        potential_matches = await get_active_api_keys_by_head(head)
 
-        api_key = await PrismaAPIKey.prisma().find_first(
-            where=APIKeyWhereInput(prefix=prefix, status=(APIKeyStatus.ACTIVE))
+        matched_api_key = next(
+            (pm for pm in potential_matches if pm.match(plaintext_key)),
+            None,
         )
-
-        if not api_key:
-            logger.warning(f"No active API key found with prefix {prefix}")
+        if not matched_api_key:
+            # API key not found or invalid
             return None
 
-        is_valid = api_manager.verify_api_key(plain_text_key, api_key.key)
-        if not is_valid:
-            logger.warning("API key verification failed")
-            return None
-
-        return APIKey.from_db(api_key)
-    except Exception as e:
-        logger.error(f"Error validating API key: {str(e)}")
-        raise APIKeyValidationError(f"Failed to validate API key: {str(e)}")
-
-
-async def revoke_api_key(key_id: str, user_id: str) -> Optional[APIKeyWithoutHash]:
-    try:
-        api_key = await PrismaAPIKey.prisma().find_unique(where={"id": key_id})
-
-        if not api_key:
-            raise APIKeyNotFoundError(f"API key with id {key_id} not found")
-
-        if api_key.userId != user_id:
-            raise APIKeyPermissionError(
-                "You do not have permission to revoke this API key."
+        # Migrate legacy keys to secure format on successful validation
+        if matched_api_key.salt is None:
+            matched_api_key = await _migrate_key_to_secure_hash(
+                plaintext_key, matched_api_key
             )
 
-        where_clause: APIKeyWhereUniqueInput = {"id": key_id}
-        updated_api_key = await PrismaAPIKey.prisma().update(
-            where=where_clause,
-            data=APIKeyUpdateInput(
-                status=APIKeyStatus.REVOKED, revokedAt=datetime.now(timezone.utc)
-            ),
-        )
+        return matched_api_key.without_hash()
+    except Exception as e:
+        logger.error(f"Error while validating API key: {e}")
+        raise RuntimeError("Failed to validate API key") from e
 
-        if updated_api_key:
-            return APIKeyWithoutHash.from_db(updated_api_key)
+
+async def _migrate_key_to_secure_hash(
+    plaintext_key: str, key_obj: APIKeyInfoWithHash
+) -> APIKeyInfoWithHash:
+    """Replace the SHA256 hash of a legacy API key with a salted Scrypt hash."""
+    try:
+        new_hash, new_salt = keysmith.hash_key(plaintext_key)
+        await PrismaAPIKey.prisma().update(
+            where={"id": key_obj.id}, data={"hash": new_hash, "salt": new_salt}
+        )
+        logger.info(f"Migrated legacy API key #{key_obj.id} to secure format")
+        # Update the API key object with new values for return
+        key_obj.hash = new_hash
+        key_obj.salt = new_salt
+    except Exception as e:
+        logger.error(f"Failed to migrate legacy API key #{key_obj.id}: {e}")
+
+    return key_obj
+
+
+async def revoke_api_key(key_id: str, user_id: str) -> APIKeyInfo:
+    api_key = await PrismaAPIKey.prisma().find_unique(where={"id": key_id})
+
+    if not api_key:
+        raise NotFoundError(f"API key with id {key_id} not found")
+
+    if api_key.userId != user_id:
+        raise NotAuthorizedError("You do not have permission to revoke this API key.")
+
+    updated_api_key = await PrismaAPIKey.prisma().update(
+        where={"id": key_id},
+        data={
+            "status": APIKeyStatus.REVOKED,
+            "revokedAt": datetime.now(timezone.utc),
+        },
+    )
+    if not updated_api_key:
+        raise NotFoundError(f"API key #{key_id} vanished while trying to revoke.")
+
+    return APIKeyInfo.from_db(updated_api_key)
+
+
+async def list_user_api_keys(user_id: str) -> list[APIKeyInfo]:
+    api_keys = await PrismaAPIKey.prisma().find_many(
+        where={"userId": user_id}, order={"createdAt": "desc"}
+    )
+
+    return [APIKeyInfo.from_db(key) for key in api_keys]
+
+
+async def suspend_api_key(key_id: str, user_id: str) -> APIKeyInfo:
+    selector: APIKeyWhereUniqueInput = {"id": key_id}
+    api_key = await PrismaAPIKey.prisma().find_unique(where=selector)
+
+    if not api_key:
+        raise NotFoundError(f"API key with id {key_id} not found")
+
+    if api_key.userId != user_id:
+        raise NotAuthorizedError("You do not have permission to suspend this API key.")
+
+    updated_api_key = await PrismaAPIKey.prisma().update(
+        where=selector, data={"status": APIKeyStatus.SUSPENDED}
+    )
+    if not updated_api_key:
+        raise NotFoundError(f"API key #{key_id} vanished while trying to suspend.")
+
+    return APIKeyInfo.from_db(updated_api_key)
+
+
+def has_permission(api_key: APIKeyInfo, required_permission: APIKeyPermission) -> bool:
+    return required_permission in api_key.permissions
+
+
+async def get_api_key_by_id(key_id: str, user_id: str) -> Optional[APIKeyInfo]:
+    api_key = await PrismaAPIKey.prisma().find_first(
+        where={"id": key_id, "userId": user_id}
+    )
+
+    if not api_key:
         return None
-    except (APIKeyNotFoundError, APIKeyPermissionError) as e:
-        raise e
-    except PrismaError as e:
-        logger.error(f"Database error while revoking API key: {str(e)}")
-        raise APIKeyError(f"Failed to revoke API key: {str(e)}")
-    except Exception as e:
-        logger.error(f"Unexpected error while revoking API key: {str(e)}")
-        raise APIKeyError(f"Failed to revoke API key: {str(e)}")
 
-
-async def list_user_api_keys(user_id: str) -> List[APIKeyWithoutHash]:
-    try:
-        where_clause: APIKeyWhereInput = {"userId": user_id}
-
-        api_keys = await PrismaAPIKey.prisma().find_many(
-            where=where_clause, order={"createdAt": "desc"}
-        )
-
-        return [APIKeyWithoutHash.from_db(key) for key in api_keys]
-    except PrismaError as e:
-        logger.error(f"Database error while listing API keys: {str(e)}")
-        raise APIKeyError(f"Failed to list API keys: {str(e)}")
-    except Exception as e:
-        logger.error(f"Unexpected error while listing API keys: {str(e)}")
-        raise APIKeyError(f"Failed to list API keys: {str(e)}")
-
-
-async def suspend_api_key(key_id: str, user_id: str) -> Optional[APIKeyWithoutHash]:
-    try:
-        api_key = await PrismaAPIKey.prisma().find_unique(where={"id": key_id})
-
-        if not api_key:
-            raise APIKeyNotFoundError(f"API key with id {key_id} not found")
-
-        if api_key.userId != user_id:
-            raise APIKeyPermissionError(
-                "You do not have permission to suspend this API key."
-            )
-
-        where_clause: APIKeyWhereUniqueInput = {"id": key_id}
-        updated_api_key = await PrismaAPIKey.prisma().update(
-            where=where_clause,
-            data=APIKeyUpdateInput(status=APIKeyStatus.SUSPENDED),
-        )
-
-        if updated_api_key:
-            return APIKeyWithoutHash.from_db(updated_api_key)
-        return None
-    except (APIKeyNotFoundError, APIKeyPermissionError) as e:
-        raise e
-    except PrismaError as e:
-        logger.error(f"Database error while suspending API key: {str(e)}")
-        raise APIKeyError(f"Failed to suspend API key: {str(e)}")
-    except Exception as e:
-        logger.error(f"Unexpected error while suspending API key: {str(e)}")
-        raise APIKeyError(f"Failed to suspend API key: {str(e)}")
-
-
-def has_permission(api_key: APIKey, required_permission: APIKeyPermission) -> bool:
-    try:
-        return required_permission in api_key.permissions
-    except Exception as e:
-        logger.error(f"Error checking API key permissions: {str(e)}")
-        return False
-
-
-async def get_api_key_by_id(key_id: str, user_id: str) -> Optional[APIKeyWithoutHash]:
-    try:
-        api_key = await PrismaAPIKey.prisma().find_first(
-            where=APIKeyWhereInput(id=key_id, userId=user_id)
-        )
-
-        if not api_key:
-            return None
-
-        return APIKeyWithoutHash.from_db(api_key)
-    except PrismaError as e:
-        logger.error(f"Database error while getting API key: {str(e)}")
-        raise APIKeyError(f"Failed to get API key: {str(e)}")
-    except Exception as e:
-        logger.error(f"Unexpected error while getting API key: {str(e)}")
-        raise APIKeyError(f"Failed to get API key: {str(e)}")
+    return APIKeyInfo.from_db(api_key)
 
 
 async def update_api_key_permissions(
-    key_id: str, user_id: str, permissions: List[APIKeyPermission]
-) -> Optional[APIKeyWithoutHash]:
+    key_id: str, user_id: str, permissions: list[APIKeyPermission]
+) -> APIKeyInfo:
     """
     Update the permissions of an API key.
     """
-    try:
-        api_key = await PrismaAPIKey.prisma().find_unique(where={"id": key_id})
+    api_key = await PrismaAPIKey.prisma().find_unique(where={"id": key_id})
 
-        if api_key is None:
-            raise APIKeyNotFoundError("No such API key found.")
+    if api_key is None:
+        raise NotFoundError("No such API key found.")
 
-        if api_key.userId != user_id:
-            raise APIKeyPermissionError(
-                "You do not have permission to update this API key."
-            )
+    if api_key.userId != user_id:
+        raise NotAuthorizedError("You do not have permission to update this API key.")
 
-        where_clause: APIKeyWhereUniqueInput = {"id": key_id}
-        updated_api_key = await PrismaAPIKey.prisma().update(
-            where=where_clause,
-            data=APIKeyUpdateInput(permissions=permissions),
-        )
+    updated_api_key = await PrismaAPIKey.prisma().update(
+        where={"id": key_id},
+        data={"permissions": permissions},
+    )
+    if not updated_api_key:
+        raise NotFoundError(f"API key #{key_id} vanished while trying to update.")
 
-        if updated_api_key:
-            return APIKeyWithoutHash.from_db(updated_api_key)
-        return None
-    except (APIKeyNotFoundError, APIKeyPermissionError) as e:
-        raise e
-    except PrismaError as e:
-        logger.error(f"Database error while updating API key permissions: {str(e)}")
-        raise APIKeyError(f"Failed to update API key permissions: {str(e)}")
-    except Exception as e:
-        logger.error(f"Unexpected error while updating API key permissions: {str(e)}")
-        raise APIKeyError(f"Failed to update API key permissions: {str(e)}")
+    return APIKeyInfo.from_db(updated_api_key)

autogpt_platform/backend/backend/data/block.py

@@ -8,6 +8,7 @@ from enum import Enum
 from typing import (
     TYPE_CHECKING,
     Any,
+    Callable,
     ClassVar,
     Generic,
     Optional,
@@ -44,9 +45,10 @@ if TYPE_CHECKING:
 
 app_config = Config()
 
-BlockData = tuple[str, Any]  # Input & Output data should be a tuple of (name, data).
 BlockInput = dict[str, Any]  # Input: 1 input pin consumes 1 data.
-BlockOutput = AsyncGen[BlockData, None]  # Output: 1 output pin produces n data.
+BlockOutputEntry = tuple[str, Any]  # Output data should be a tuple of (name, value).
+BlockOutput = AsyncGen[BlockOutputEntry, None]  # Output: 1 output pin produces n data.
+BlockTestOutput = BlockOutputEntry | tuple[str, Callable[[Any], bool]]
 CompletedBlockOutput = dict[str, list[Any]]  # Completed stream, collected as a dict.
 
 
@@ -89,6 +91,45 @@ class BlockCategory(Enum):
         return {"category": self.name, "description": self.value}
 
 
+class BlockCostType(str, Enum):
+    RUN = "run"  # cost X credits per run
+    BYTE = "byte"  # cost X credits per byte
+    SECOND = "second"  # cost X credits per second
+
+
+class BlockCost(BaseModel):
+    cost_amount: int
+    cost_filter: BlockInput
+    cost_type: BlockCostType
+
+    def __init__(
+        self,
+        cost_amount: int,
+        cost_type: BlockCostType = BlockCostType.RUN,
+        cost_filter: Optional[BlockInput] = None,
+        **data: Any,
+    ) -> None:
+        super().__init__(
+            cost_amount=cost_amount,
+            cost_filter=cost_filter or {},
+            cost_type=cost_type,
+            **data,
+        )
+
+
+class BlockInfo(BaseModel):
+    id: str
+    name: str
+    inputSchema: dict[str, Any]
+    outputSchema: dict[str, Any]
+    costs: list[BlockCost]
+    description: str
+    categories: list[dict[str, str]]
+    contributors: list[dict[str, Any]]
+    staticOutput: bool
+    uiType: str
+
+
 class BlockSchema(BaseModel):
     cached_jsonschema: ClassVar[dict[str, Any]]
 
@@ -306,7 +347,7 @@ class Block(ABC, Generic[BlockSchemaInputType, BlockSchemaOutputType]):
         input_schema: Type[BlockSchemaInputType] = EmptySchema,
         output_schema: Type[BlockSchemaOutputType] = EmptySchema,
         test_input: BlockInput | list[BlockInput] | None = None,
-        test_output: BlockData | list[BlockData] | None = None,
+        test_output: BlockTestOutput | list[BlockTestOutput] | None = None,
         test_mock: dict[str, Any] | None = None,
         test_credentials: Optional[Credentials | dict[str, Credentials]] = None,
         disabled: bool = False,
@@ -452,6 +493,24 @@ class Block(ABC, Generic[BlockSchemaInputType, BlockSchemaOutputType]):
             "uiType": self.block_type.value,
         }
 
+    def get_info(self) -> BlockInfo:
+        from backend.data.credit import get_block_cost
+
+        return BlockInfo(
+            id=self.id,
+            name=self.name,
+            inputSchema=self.input_schema.jsonschema(),
+            outputSchema=self.output_schema.jsonschema(),
+            costs=get_block_cost(self),
+            description=self.description,
+            categories=[category.dict() for category in self.categories],
+            contributors=[
+                contributor.model_dump() for contributor in self.contributors
+            ],
+            staticOutput=self.static_output,
+            uiType=self.block_type.value,
+        )
+
     async def execute(self, input_data: BlockInput, **kwargs) -> BlockOutput:
         if error := self.input_schema.validate_data(input_data):
             raise ValueError(

autogpt_platform/backend/backend/data/block_cost_config.py

@@ -29,8 +29,7 @@ from backend.blocks.replicate.replicate_block import ReplicateModelBlock
 from backend.blocks.smart_decision_maker import SmartDecisionMakerBlock
 from backend.blocks.talking_head import CreateTalkingAvatarVideoBlock
 from backend.blocks.text_to_speech_block import UnrealTextToSpeechBlock
-from backend.data.block import Block
-from backend.data.cost import BlockCost, BlockCostType
+from backend.data.block import Block, BlockCost, BlockCostType
 from backend.integrations.credentials_store import (
     aiml_api_credentials,
     anthropic_credentials,

autogpt_platform/backend/backend/data/cost.py

@@ -1,32 +0,0 @@
-from enum import Enum
-from typing import Any, Optional
-
-from pydantic import BaseModel
-
-from backend.data.block import BlockInput
-
-
-class BlockCostType(str, Enum):
-    RUN = "run"  # cost X credits per run
-    BYTE = "byte"  # cost X credits per byte
-    SECOND = "second"  # cost X credits per second
-
-
-class BlockCost(BaseModel):
-    cost_amount: int
-    cost_filter: BlockInput
-    cost_type: BlockCostType
-
-    def __init__(
-        self,
-        cost_amount: int,
-        cost_type: BlockCostType = BlockCostType.RUN,
-        cost_filter: Optional[BlockInput] = None,
-        **data: Any,
-    ) -> None:
-        super().__init__(
-            cost_amount=cost_amount,
-            cost_filter=cost_filter or {},
-            cost_type=cost_type,
-            **data,
-        )

autogpt_platform/backend/backend/data/credit.py

@@ -2,7 +2,7 @@ import logging
 from abc import ABC, abstractmethod
 from collections import defaultdict
 from datetime import datetime, timezone
-from typing import Any, cast
+from typing import TYPE_CHECKING, Any, cast
 
 import stripe
 from prisma import Json
@@ -23,7 +23,6 @@ from pydantic import BaseModel
 
 from backend.data import db
 from backend.data.block_cost_config import BLOCK_COSTS
-from backend.data.cost import BlockCost
 from backend.data.model import (
     AutoTopUpConfig,
     RefundRequest,
@@ -41,6 +40,9 @@ from backend.util.models import Pagination
 from backend.util.retry import func_retry
 from backend.util.settings import Settings
 
+if TYPE_CHECKING:
+    from backend.data.block import Block, BlockCost
+
 settings = Settings()
 stripe.api_key = settings.secrets.stripe_api_key
 logger = logging.getLogger(__name__)
@@ -997,10 +999,14 @@ def get_user_credit_model() -> UserCreditBase:
     return UserCredit()
 
 
-def get_block_costs() -> dict[str, list[BlockCost]]:
+def get_block_costs() -> dict[str, list["BlockCost"]]:
     return {block().id: costs for block, costs in BLOCK_COSTS.items()}
 
 
+def get_block_cost(block: "Block") -> list["BlockCost"]:
+    return BLOCK_COSTS.get(block.__class__, [])
+
+
 async def get_stripe_customer_id(user_id: str) -> str:
     user = await get_user_by_id(user_id)
 

autogpt_platform/backend/backend/data/execution.py

@@ -11,11 +11,14 @@ from typing import (
     Generator,
     Generic,
     Literal,
+    Mapping,
     Optional,
     TypeVar,
+    cast,
     overload,
 )
 
+from prisma import Json
 from prisma.enums import AgentExecutionStatus
 from prisma.models import (
     AgentGraphExecution,
@@ -24,7 +27,6 @@ from prisma.models import (
     AgentNodeExecutionKeyValueData,
 )
 from prisma.types import (
-    AgentGraphExecutionCreateInput,
     AgentGraphExecutionUpdateManyMutationInput,
     AgentGraphExecutionWhereInput,
     AgentNodeExecutionCreateInput,
@@ -60,7 +62,7 @@ from .includes import (
     GRAPH_EXECUTION_INCLUDE_WITH_NODES,
     graph_execution_include,
 )
-from .model import GraphExecutionStats, NodeExecutionStats
+from .model import CredentialsMetaInput, GraphExecutionStats, NodeExecutionStats
 
 T = TypeVar("T")
 
@@ -87,6 +89,8 @@ class BlockErrorStats(BaseModel):
 
 
 ExecutionStatus = AgentExecutionStatus
+NodeInputMask = Mapping[str, JsonValue]
+NodesInputMasks = Mapping[str, NodeInputMask]
 
 
 class GraphExecutionMeta(BaseDbModel):
@@ -94,7 +98,10 @@ class GraphExecutionMeta(BaseDbModel):
     user_id: str
     graph_id: str
     graph_version: int
-    preset_id: Optional[str] = None
+    inputs: Optional[BlockInput]  # no default -> required in the OpenAPI spec
+    credential_inputs: Optional[dict[str, CredentialsMetaInput]]
+    nodes_input_masks: Optional[dict[str, BlockInput]]
+    preset_id: Optional[str]
     status: ExecutionStatus
     started_at: datetime
     ended_at: datetime
@@ -179,6 +186,18 @@ class GraphExecutionMeta(BaseDbModel):
             user_id=_graph_exec.userId,
             graph_id=_graph_exec.agentGraphId,
             graph_version=_graph_exec.agentGraphVersion,
+            inputs=cast(BlockInput | None, _graph_exec.inputs),
+            credential_inputs=(
+                {
+                    name: CredentialsMetaInput.model_validate(cmi)
+                    for name, cmi in cast(dict, _graph_exec.credentialInputs).items()
+                }
+                if _graph_exec.credentialInputs
+                else None
+            ),
+            nodes_input_masks=cast(
+                dict[str, BlockInput] | None, _graph_exec.nodesInputMasks
+            ),
             preset_id=_graph_exec.agentPresetId,
             status=ExecutionStatus(_graph_exec.executionStatus),
             started_at=start_time,
@@ -206,7 +225,7 @@ class GraphExecutionMeta(BaseDbModel):
 
 
 class GraphExecution(GraphExecutionMeta):
-    inputs: BlockInput
+    inputs: BlockInput  # type: ignore - incompatible override is intentional
     outputs: CompletedBlockOutput
 
     @staticmethod
@@ -226,15 +245,18 @@ class GraphExecution(GraphExecutionMeta):
         )
 
         inputs = {
-            **{
-                # inputs from Agent Input Blocks
-                exec.input_data["name"]: exec.input_data.get("value")
-                for exec in complete_node_executions
-                if (
-                    (block := get_block(exec.block_id))
-                    and block.block_type == BlockType.INPUT
-                )
-            },
+            **(
+                graph_exec.inputs
+                or {
+                    # fallback: extract inputs from Agent Input Blocks
+                    exec.input_data["name"]: exec.input_data.get("value")
+                    for exec in complete_node_executions
+                    if (
+                        (block := get_block(exec.block_id))
+                        and block.block_type == BlockType.INPUT
+                    )
+                }
+            ),
             **{
                 # input from webhook-triggered block
                 "payload": exec.input_data["payload"]
@@ -252,14 +274,13 @@ class GraphExecution(GraphExecutionMeta):
             if (
                 block := get_block(exec.block_id)
             ) and block.block_type == BlockType.OUTPUT:
-                outputs[exec.input_data["name"]].append(
-                    exec.input_data.get("value", None)
-                )
+                outputs[exec.input_data["name"]].append(exec.input_data.get("value"))
 
         return GraphExecution(
             **{
                 field_name: getattr(graph_exec, field_name)
                 for field_name in GraphExecutionMeta.model_fields
+                if field_name != "inputs"
             },
             inputs=inputs,
             outputs=outputs,
@@ -292,13 +313,17 @@ class GraphExecutionWithNodes(GraphExecution):
             node_executions=node_executions,
         )
 
-    def to_graph_execution_entry(self, user_context: "UserContext"):
+    def to_graph_execution_entry(
+        self,
+        user_context: "UserContext",
+        compiled_nodes_input_masks: Optional[NodesInputMasks] = None,
+    ):
         return GraphExecutionEntry(
             user_id=self.user_id,
             graph_id=self.graph_id,
             graph_version=self.graph_version or 0,
             graph_exec_id=self.id,
-            nodes_input_masks={},  # FIXME: store credentials on AgentGraphExecution
+            nodes_input_masks=compiled_nodes_input_masks,
             user_context=user_context,
         )
 
@@ -335,7 +360,7 @@ class NodeExecutionResult(BaseModel):
         else:
             input_data: BlockInput = defaultdict()
             for data in _node_exec.Input or []:
-                input_data[data.name] = type_utils.convert(data.data, type[Any])
+                input_data[data.name] = type_utils.convert(data.data, JsonValue)
 
         output_data: CompletedBlockOutput = defaultdict(list)
 
@@ -344,7 +369,7 @@ class NodeExecutionResult(BaseModel):
                 output_data[name].extend(messages)
         else:
             for data in _node_exec.Output or []:
-                output_data[data.name].append(type_utils.convert(data.data, type[Any]))
+                output_data[data.name].append(type_utils.convert(data.data, JsonValue))
 
         graph_execution: AgentGraphExecution | None = _node_exec.GraphExecution
         if graph_execution:
@@ -539,9 +564,12 @@ async def get_graph_execution(
 async def create_graph_execution(
     graph_id: str,
     graph_version: int,
-    starting_nodes_input: list[tuple[str, BlockInput]],
+    starting_nodes_input: list[tuple[str, BlockInput]],  # list[(node_id, BlockInput)]
+    inputs: Mapping[str, JsonValue],
     user_id: str,
-    preset_id: str | None = None,
+    preset_id: Optional[str] = None,
+    credential_inputs: Optional[Mapping[str, CredentialsMetaInput]] = None,
+    nodes_input_masks: Optional[NodesInputMasks] = None,
 ) -> GraphExecutionWithNodes:
     """
     Create a new AgentGraphExecution record.
@@ -549,11 +577,18 @@ async def create_graph_execution(
         The id of the AgentGraphExecution and the list of ExecutionResult for each node.
     """
     result = await AgentGraphExecution.prisma().create(
-        data=AgentGraphExecutionCreateInput(
-            agentGraphId=graph_id,
-            agentGraphVersion=graph_version,
-            executionStatus=ExecutionStatus.QUEUED,
-            NodeExecutions={
+        data={
+            "agentGraphId": graph_id,
+            "agentGraphVersion": graph_version,
+            "executionStatus": ExecutionStatus.QUEUED,
+            "inputs": SafeJson(inputs),
+            "credentialInputs": (
+                SafeJson(credential_inputs) if credential_inputs else Json({})
+            ),
+            "nodesInputMasks": (
+                SafeJson(nodes_input_masks) if nodes_input_masks else Json({})
+            ),
+            "NodeExecutions": {
                 "create": [
                     AgentNodeExecutionCreateInput(
                         agentNodeId=node_id,
@@ -569,9 +604,9 @@ async def create_graph_execution(
                     for node_id, node_input in starting_nodes_input
                 ]
             },
-            userId=user_id,
-            agentPresetId=preset_id,
-        ),
+            "userId": user_id,
+            "agentPresetId": preset_id,
+        },
         include=GRAPH_EXECUTION_INCLUDE_WITH_NODES,
     )
 
@@ -582,7 +617,7 @@ async def upsert_execution_input(
     node_id: str,
     graph_exec_id: str,
     input_name: str,
-    input_data: Any,
+    input_data: JsonValue,
     node_exec_id: str | None = None,
 ) -> tuple[str, BlockInput]:
     """
@@ -631,7 +666,7 @@ async def upsert_execution_input(
         )
         return existing_execution.id, {
             **{
-                input_data.name: type_utils.convert(input_data.data, type[Any])
+                input_data.name: type_utils.convert(input_data.data, JsonValue)
                 for input_data in existing_execution.Input or []
             },
             input_name: input_data,
@@ -888,7 +923,7 @@ class GraphExecutionEntry(BaseModel):
     graph_exec_id: str
     graph_id: str
     graph_version: int
-    nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None
+    nodes_input_masks: Optional[NodesInputMasks] = None
     user_context: UserContext
 
 

autogpt_platform/backend/backend/data/graph.py

@@ -12,7 +12,7 @@ from prisma.types import (
     AgentNodeLinkCreateInput,
     StoreListingVersionWhereInput,
 )
-from pydantic import Field, JsonValue, create_model
+from pydantic import BaseModel, Field, create_model
 from pydantic.fields import computed_field
 
 from backend.blocks.agent import AgentExecutorBlock
@@ -34,6 +34,7 @@ from .db import BaseDbModel, query_raw_with_schema, transaction
 from .includes import AGENT_GRAPH_INCLUDE, AGENT_NODE_INCLUDE
 
 if TYPE_CHECKING:
+    from .execution import NodesInputMasks
     from .integrations import Webhook
 
 logger = logging.getLogger(__name__)
@@ -159,6 +160,7 @@ class BaseGraph(BaseDbModel):
     is_active: bool = True
     name: str
     description: str
+    recommended_schedule_cron: str | None = None
     nodes: list[Node] = []
     links: list[Link] = []
     forked_from_id: str | None = None
@@ -205,6 +207,35 @@ class BaseGraph(BaseDbModel):
             None,
         )
 
+    @computed_field
+    @property
+    def trigger_setup_info(self) -> "GraphTriggerInfo | None":
+        if not (
+            self.webhook_input_node
+            and (trigger_block := self.webhook_input_node.block).webhook_config
+        ):
+            return None
+
+        return GraphTriggerInfo(
+            provider=trigger_block.webhook_config.provider,
+            config_schema={
+                **(json_schema := trigger_block.input_schema.jsonschema()),
+                "properties": {
+                    pn: sub_schema
+                    for pn, sub_schema in json_schema["properties"].items()
+                    if not is_credentials_field_name(pn)
+                },
+                "required": [
+                    pn
+                    for pn in json_schema.get("required", [])
+                    if not is_credentials_field_name(pn)
+                ],
+            },
+            credentials_input_name=next(
+                iter(trigger_block.input_schema.get_credentials_fields()), None
+            ),
+        )
+
     @staticmethod
     def _generate_schema(
         *props: tuple[type[AgentInputBlock.Input] | type[AgentOutputBlock.Input], dict],
@@ -238,6 +269,14 @@ class BaseGraph(BaseDbModel):
         }
 
 
+class GraphTriggerInfo(BaseModel):
+    provider: ProviderName
+    config_schema: dict[str, Any] = Field(
+        description="Input schema for the trigger block"
+    )
+    credentials_input_name: Optional[str]
+
+
 class Graph(BaseGraph):
     sub_graphs: list[BaseGraph] = []  # Flattened sub-graphs
 
@@ -414,7 +453,7 @@ class GraphModel(Graph):
     def validate_graph(
         self,
         for_run: bool = False,
-        nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+        nodes_input_masks: Optional["NodesInputMasks"] = None,
     ):
         """
         Validate graph structure and raise `ValueError` on issues.
@@ -428,7 +467,7 @@ class GraphModel(Graph):
     def _validate_graph(
         graph: BaseGraph,
         for_run: bool = False,
-        nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+        nodes_input_masks: Optional["NodesInputMasks"] = None,
     ) -> None:
         errors = GraphModel._validate_graph_get_errors(
             graph, for_run, nodes_input_masks
@@ -442,7 +481,7 @@ class GraphModel(Graph):
     def validate_graph_get_errors(
         self,
         for_run: bool = False,
-        nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+        nodes_input_masks: Optional["NodesInputMasks"] = None,
     ) -> dict[str, dict[str, str]]:
         """
         Validate graph and return structured errors per node.
@@ -464,7 +503,7 @@ class GraphModel(Graph):
     def _validate_graph_get_errors(
         graph: BaseGraph,
         for_run: bool = False,
-        nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+        nodes_input_masks: Optional["NodesInputMasks"] = None,
     ) -> dict[str, dict[str, str]]:
         """
         Validate graph and return structured errors per node.
@@ -658,6 +697,7 @@ class GraphModel(Graph):
             is_active=graph.isActive,
             name=graph.name or "",
             description=graph.description or "",
+            recommended_schedule_cron=graph.recommendedScheduleCron,
             nodes=[NodeModel.from_db(node, for_export) for node in graph.Nodes or []],
             links=list(
                 {
@@ -1045,6 +1085,7 @@ async def __create_graph(tx, graph: Graph, user_id: str):
                 version=graph.version,
                 name=graph.name,
                 description=graph.description,
+                recommendedScheduleCron=graph.recommended_schedule_cron,
                 isActive=graph.is_active,
                 userId=user_id,
                 forkedFromId=graph.forked_from_id,

autogpt_platform/backend/backend/data/includes.py

@@ -59,9 +59,15 @@ def graph_execution_include(
     }
 
 
+AGENT_PRESET_INCLUDE: prisma.types.AgentPresetInclude = {
+    "InputPresets": True,
+    "Webhook": True,
+}
+
+
 INTEGRATION_WEBHOOK_INCLUDE: prisma.types.IntegrationWebhookInclude = {
     "AgentNodes": {"include": AGENT_NODE_INCLUDE},
-    "AgentPresets": {"include": {"InputPresets": True}},
+    "AgentPresets": {"include": AGENT_PRESET_INCLUDE},
 }
 
 

autogpt_platform/backend/backend/executor/manager.py

@@ -10,7 +10,6 @@ from typing import TYPE_CHECKING, Any, Optional, TypeVar, cast
 
 from pika.adapters.blocking_connection import BlockingChannel
 from pika.spec import Basic, BasicProperties
-from pydantic import JsonValue
 from redis.asyncio.lock import Lock as RedisLock
 
 from backend.blocks.io import AgentOutputBlock
@@ -38,9 +37,9 @@ from prometheus_client import Gauge, start_http_server
 from backend.blocks.agent import AgentExecutorBlock
 from backend.data import redis_client as redis
 from backend.data.block import (
-    BlockData,
     BlockInput,
     BlockOutput,
+    BlockOutputEntry,
     BlockSchema,
     get_block,
 )
@@ -52,6 +51,7 @@ from backend.data.execution import (
     GraphExecutionEntry,
     NodeExecutionEntry,
     NodeExecutionResult,
+    NodesInputMasks,
     UserContext,
 )
 from backend.data.graph import Link, Node
@@ -131,7 +131,7 @@ async def execute_node(
     creds_manager: IntegrationCredentialsManager,
     data: NodeExecutionEntry,
     execution_stats: NodeExecutionStats | None = None,
-    nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+    nodes_input_masks: Optional[NodesInputMasks] = None,
 ) -> BlockOutput:
     """
     Execute a node in the graph. This will trigger a block execution on a node,
@@ -237,12 +237,12 @@ async def execute_node(
 async def _enqueue_next_nodes(
     db_client: "DatabaseManagerAsyncClient",
     node: Node,
-    output: BlockData,
+    output: BlockOutputEntry,
     user_id: str,
     graph_exec_id: str,
     graph_id: str,
     log_metadata: LogMetadata,
-    nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]],
+    nodes_input_masks: Optional[NodesInputMasks],
     user_context: UserContext,
 ) -> list[NodeExecutionEntry]:
     async def add_enqueued_execution(
@@ -419,7 +419,7 @@ class ExecutionProcessor:
         self,
         node_exec: NodeExecutionEntry,
         node_exec_progress: NodeExecutionProgress,
-        nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]],
+        nodes_input_masks: Optional[NodesInputMasks],
         graph_stats_pair: tuple[GraphExecutionStats, threading.Lock],
     ) -> NodeExecutionStats:
         log_metadata = LogMetadata(
@@ -487,7 +487,7 @@ class ExecutionProcessor:
         stats: NodeExecutionStats,
         db_client: "DatabaseManagerAsyncClient",
         log_metadata: LogMetadata,
-        nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+        nodes_input_masks: Optional[NodesInputMasks] = None,
     ) -> ExecutionStatus:
         status = ExecutionStatus.RUNNING
 
@@ -1053,7 +1053,7 @@ class ExecutionProcessor:
         node_id: str,
         graph_exec: GraphExecutionEntry,
         log_metadata: LogMetadata,
-        nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]],
+        nodes_input_masks: Optional[NodesInputMasks],
         execution_queue: ExecutionQueue[NodeExecutionEntry],
     ) -> None:
         """Process a node's output, update its status, and enqueue next nodes.

autogpt_platform/backend/backend/executor/manager_test.py

@@ -35,21 +35,20 @@ async def execute_graph(
     logger.info(f"Input data: {input_data}")
 
     # --- Test adding new executions --- #
-    response = await agent_server.test_execute_graph(
+    graph_exec = await agent_server.test_execute_graph(
         user_id=test_user.id,
         graph_id=test_graph.id,
         graph_version=test_graph.version,
         node_input=input_data,
     )
-    graph_exec_id = response.graph_exec_id
-    logger.info(f"Created execution with ID: {graph_exec_id}")
+    logger.info(f"Created execution with ID: {graph_exec.id}")
 
     # Execution queue should be empty
     logger.info("Waiting for execution to complete...")
-    result = await wait_execution(test_user.id, graph_exec_id, 30)
+    result = await wait_execution(test_user.id, graph_exec.id, 30)
     logger.info(f"Execution completed with {len(result)} results")
     assert len(result) == num_execs
-    return graph_exec_id
+    return graph_exec.id
 
 
 async def assert_sample_graph_executions(
@@ -379,7 +378,7 @@ async def test_execute_preset(server: SpinTestServer):
 
     # Verify execution
     assert result is not None
-    graph_exec_id = result["id"]
+    graph_exec_id = result.id
 
     # Wait for execution to complete
     executions = await wait_execution(test_user.id, graph_exec_id)
@@ -468,7 +467,7 @@ async def test_execute_preset_with_clash(server: SpinTestServer):
 
     # Verify execution
     assert result is not None, "Result must not be None"
-    graph_exec_id = result["id"]
+    graph_exec_id = result.id
 
     # Wait for execution to complete
     executions = await wait_execution(test_user.id, graph_exec_id)

autogpt_platform/backend/backend/executor/utils.py

@@ -4,20 +4,27 @@ import threading
 import time
 from collections import defaultdict
 from concurrent.futures import Future
-from typing import Any, Optional
+from typing import Any, Mapping, Optional, cast
 
 from pydantic import BaseModel, JsonValue, ValidationError
 
 from backend.data import execution as execution_db
 from backend.data import graph as graph_db
-from backend.data.block import Block, BlockData, BlockInput, BlockType, get_block
+from backend.data.block import (
+    Block,
+    BlockCostType,
+    BlockInput,
+    BlockOutputEntry,
+    BlockType,
+    get_block,
+)
 from backend.data.block_cost_config import BLOCK_COSTS
-from backend.data.cost import BlockCostType
 from backend.data.db import prisma
 from backend.data.execution import (
     ExecutionStatus,
     GraphExecutionStats,
     GraphExecutionWithNodes,
+    NodesInputMasks,
     UserContext,
 )
 from backend.data.graph import GraphModel, Node
@@ -239,7 +246,7 @@ def _tokenise(path: str) -> list[tuple[str, str]] | None:
 # --------------------------------------------------------------------------- #
 
 
-def parse_execution_output(output: BlockData, name: str) -> Any | None:
+def parse_execution_output(output: BlockOutputEntry, name: str) -> JsonValue | None:
     """
     Retrieve a nested value out of `output` using the flattened *name*.
 
@@ -263,7 +270,7 @@ def parse_execution_output(output: BlockData, name: str) -> Any | None:
     if tokens is None:
         return None
 
-    cur: Any = data
+    cur: JsonValue = data
     for delim, ident in tokens:
         if delim == LIST_SPLIT:
             # list[index]
@@ -428,7 +435,7 @@ def validate_exec(
 async def _validate_node_input_credentials(
     graph: GraphModel,
     user_id: str,
-    nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+    nodes_input_masks: Optional[NodesInputMasks] = None,
 ) -> dict[str, dict[str, str]]:
     """
     Checks all credentials for all nodes of the graph and returns structured errors.
@@ -508,8 +515,8 @@ async def _validate_node_input_credentials(
 
 def make_node_credentials_input_map(
     graph: GraphModel,
-    graph_credentials_input: dict[str, CredentialsMetaInput],
-) -> dict[str, dict[str, JsonValue]]:
+    graph_credentials_input: Mapping[str, CredentialsMetaInput],
+) -> NodesInputMasks:
     """
     Maps credentials for an execution to the correct nodes.
 
@@ -544,8 +551,8 @@ def make_node_credentials_input_map(
 async def validate_graph_with_credentials(
     graph: GraphModel,
     user_id: str,
-    nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
-) -> dict[str, dict[str, str]]:
+    nodes_input_masks: Optional[NodesInputMasks] = None,
+) -> Mapping[str, Mapping[str, str]]:
     """
     Validate graph including credentials and return structured errors per node.
 
@@ -575,7 +582,7 @@ async def _construct_starting_node_execution_input(
     graph: GraphModel,
     user_id: str,
     graph_inputs: BlockInput,
-    nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+    nodes_input_masks: Optional[NodesInputMasks] = None,
 ) -> list[tuple[str, BlockInput]]:
     """
     Validates and prepares the input data for executing a graph.
@@ -616,7 +623,7 @@ async def _construct_starting_node_execution_input(
 
         # Extract request input data, and assign it to the input pin.
         if block.block_type == BlockType.INPUT:
-            input_name = node.input_default.get("name")
+            input_name = cast(str | None, node.input_default.get("name"))
             if input_name and input_name in graph_inputs:
                 input_data = {"value": graph_inputs[input_name]}
 
@@ -643,9 +650,9 @@ async def validate_and_construct_node_execution_input(
     user_id: str,
     graph_inputs: BlockInput,
     graph_version: Optional[int] = None,
-    graph_credentials_inputs: Optional[dict[str, CredentialsMetaInput]] = None,
-    nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
-) -> tuple[GraphModel, list[tuple[str, BlockInput]], dict[str, dict[str, JsonValue]]]:
+    graph_credentials_inputs: Optional[Mapping[str, CredentialsMetaInput]] = None,
+    nodes_input_masks: Optional[NodesInputMasks] = None,
+) -> tuple[GraphModel, list[tuple[str, BlockInput]], NodesInputMasks]:
     """
     Public wrapper that handles graph fetching, credential mapping, and validation+construction.
     This centralizes the logic used by both scheduler validation and actual execution.
@@ -659,7 +666,9 @@ async def validate_and_construct_node_execution_input(
         nodes_input_masks: Node inputs to use.
 
     Returns:
-        tuple[GraphModel, list[tuple[str, BlockInput]]]: Graph model and list of tuples for node execution input.
+        GraphModel: Full graph object for the given `graph_id`.
+        list[tuple[node_id, BlockInput]]: Starting node IDs with corresponding inputs.
+        dict[str, BlockInput]: Node input masks including all passed-in credentials.
 
     Raises:
         NotFoundError: If the graph is not found.
@@ -700,11 +709,11 @@ async def validate_and_construct_node_execution_input(
 
 
 def _merge_nodes_input_masks(
-    overrides_map_1: dict[str, dict[str, JsonValue]],
-    overrides_map_2: dict[str, dict[str, JsonValue]],
-) -> dict[str, dict[str, JsonValue]]:
+    overrides_map_1: NodesInputMasks,
+    overrides_map_2: NodesInputMasks,
+) -> NodesInputMasks:
     """Perform a per-node merge of input overrides"""
-    result = overrides_map_1.copy()
+    result = dict(overrides_map_1).copy()
     for node_id, overrides2 in overrides_map_2.items():
         if node_id in result:
             result[node_id] = {**result[node_id], **overrides2}
@@ -854,8 +863,8 @@ async def add_graph_execution(
     inputs: Optional[BlockInput] = None,
     preset_id: Optional[str] = None,
     graph_version: Optional[int] = None,
-    graph_credentials_inputs: Optional[dict[str, CredentialsMetaInput]] = None,
-    nodes_input_masks: Optional[dict[str, dict[str, JsonValue]]] = None,
+    graph_credentials_inputs: Optional[Mapping[str, CredentialsMetaInput]] = None,
+    nodes_input_masks: Optional[NodesInputMasks] = None,
 ) -> GraphExecutionWithNodes:
     """
     Adds a graph execution to the queue and returns the execution entry.
@@ -879,7 +888,7 @@ async def add_graph_execution(
     else:
         edb = get_database_manager_async_client()
 
-    graph, starting_nodes_input, nodes_input_masks = (
+    graph, starting_nodes_input, compiled_nodes_input_masks = (
         await validate_and_construct_node_execution_input(
             graph_id=graph_id,
             user_id=user_id,
@@ -892,10 +901,15 @@ async def add_graph_execution(
     graph_exec = None
 
     try:
+        # Sanity check: running add_graph_execution with the properties of
+        # the graph_exec created here should create the same execution again.
         graph_exec = await edb.create_graph_execution(
             user_id=user_id,
             graph_id=graph_id,
             graph_version=graph.version,
+            inputs=inputs or {},
+            credential_inputs=graph_credentials_inputs,
+            nodes_input_masks=nodes_input_masks,
             starting_nodes_input=starting_nodes_input,
             preset_id=preset_id,
         )
@@ -904,9 +918,9 @@ async def add_graph_execution(
         user_context = await get_user_context(user_id)
 
         queue = await get_async_execution_queue()
-        graph_exec_entry = graph_exec.to_graph_execution_entry(user_context)
-        if nodes_input_masks:
-            graph_exec_entry.nodes_input_masks = nodes_input_masks
+        graph_exec_entry = graph_exec.to_graph_execution_entry(
+            user_context, compiled_nodes_input_masks
+        )
 
         logger.info(
             f"Created graph execution #{graph_exec.id} for graph "
@@ -952,7 +966,7 @@ async def add_graph_execution(
 class ExecutionOutputEntry(BaseModel):
     node: Node
     node_exec_id: str
-    data: BlockData
+    data: BlockOutputEntry
 
 
 class NodeExecutionProgress:

autogpt_platform/backend/backend/executor/utils_test.py

@@ -1,6 +1,7 @@
 from typing import cast
 
 import pytest
+from pytest_mock import MockerFixture
 
 from backend.executor.utils import merge_execution_input, parse_execution_output
 from backend.util.mock import MockObject
@@ -276,3 +277,142 @@ def test_merge_execution_input():
     result = merge_execution_input(data)
     assert "mixed" in result
     assert result["mixed"].attr[0]["key"] == "value3"
+
+
+@pytest.mark.asyncio
+async def test_add_graph_execution_is_repeatable(mocker: MockerFixture):
+    """
+    Verify that calling the function with its own output creates the same execution again.
+    """
+    from backend.data.execution import GraphExecutionWithNodes
+    from backend.data.model import CredentialsMetaInput
+    from backend.executor.utils import add_graph_execution
+    from backend.integrations.providers import ProviderName
+
+    # Mock data
+    graph_id = "test-graph-id"
+    user_id = "test-user-id"
+    inputs = {"test_input": "test_value"}
+    preset_id = "test-preset-id"
+    graph_version = 1
+    graph_credentials_inputs = {
+        "cred_key": CredentialsMetaInput(
+            id="cred-id", provider=ProviderName("test_provider"), type="oauth2"
+        )
+    }
+    nodes_input_masks = {"node1": {"input1": "masked_value"}}
+
+    # Mock the graph object returned by validate_and_construct_node_execution_input
+    mock_graph = mocker.MagicMock()
+    mock_graph.version = graph_version
+
+    # Mock the starting nodes input and compiled nodes input masks
+    starting_nodes_input = [
+        ("node1", {"input1": "value1"}),
+        ("node2", {"input1": "value2"}),
+    ]
+    compiled_nodes_input_masks = {"node1": {"input1": "compiled_mask"}}
+
+    # Mock the graph execution object
+    mock_graph_exec = mocker.MagicMock(spec=GraphExecutionWithNodes)
+    mock_graph_exec.id = "execution-id-123"
+    mock_graph_exec.to_graph_execution_entry.return_value = mocker.MagicMock()
+
+    # Mock user context
+    mock_user_context = {"user_id": user_id, "context": "test_context"}
+
+    # Mock the queue and event bus
+    mock_queue = mocker.AsyncMock()
+    mock_event_bus = mocker.MagicMock()
+    mock_event_bus.publish = mocker.AsyncMock()
+
+    # Setup mocks
+    mock_validate = mocker.patch(
+        "backend.executor.utils.validate_and_construct_node_execution_input"
+    )
+    mock_edb = mocker.patch("backend.executor.utils.execution_db")
+    mock_prisma = mocker.patch("backend.executor.utils.prisma")
+    mock_get_user_context = mocker.patch("backend.executor.utils.get_user_context")
+    mock_get_queue = mocker.patch("backend.executor.utils.get_async_execution_queue")
+    mock_get_event_bus = mocker.patch(
+        "backend.executor.utils.get_async_execution_event_bus"
+    )
+
+    # Setup mock returns
+    mock_validate.return_value = (
+        mock_graph,
+        starting_nodes_input,
+        compiled_nodes_input_masks,
+    )
+    mock_prisma.is_connected.return_value = True
+    mock_edb.create_graph_execution = mocker.AsyncMock(return_value=mock_graph_exec)
+    mock_get_user_context.return_value = mock_user_context
+    mock_get_queue.return_value = mock_queue
+    mock_get_event_bus.return_value = mock_event_bus
+
+    # Call the function - first execution
+    result1 = await add_graph_execution(
+        graph_id=graph_id,
+        user_id=user_id,
+        inputs=inputs,
+        preset_id=preset_id,
+        graph_version=graph_version,
+        graph_credentials_inputs=graph_credentials_inputs,
+        nodes_input_masks=nodes_input_masks,
+    )
+
+    # Store the parameters used in the first call to create_graph_execution
+    first_call_kwargs = mock_edb.create_graph_execution.call_args[1]
+
+    # Verify the create_graph_execution was called with correct parameters
+    mock_edb.create_graph_execution.assert_called_once_with(
+        user_id=user_id,
+        graph_id=graph_id,
+        graph_version=mock_graph.version,
+        inputs=inputs,
+        credential_inputs=graph_credentials_inputs,
+        nodes_input_masks=nodes_input_masks,
+        starting_nodes_input=starting_nodes_input,
+        preset_id=preset_id,
+    )
+
+    # Set up the graph execution mock to have properties we can extract
+    mock_graph_exec.graph_id = graph_id
+    mock_graph_exec.user_id = user_id
+    mock_graph_exec.graph_version = graph_version
+    mock_graph_exec.inputs = inputs
+    mock_graph_exec.credential_inputs = graph_credentials_inputs
+    mock_graph_exec.nodes_input_masks = nodes_input_masks
+    mock_graph_exec.preset_id = preset_id
+
+    # Create a second mock execution for the sanity check
+    mock_graph_exec_2 = mocker.MagicMock(spec=GraphExecutionWithNodes)
+    mock_graph_exec_2.id = "execution-id-456"
+    mock_graph_exec_2.to_graph_execution_entry.return_value = mocker.MagicMock()
+
+    # Reset mocks and set up for second call
+    mock_edb.create_graph_execution.reset_mock()
+    mock_edb.create_graph_execution.return_value = mock_graph_exec_2
+    mock_validate.reset_mock()
+
+    # Sanity check: call add_graph_execution with properties from first result
+    # This should create the same execution parameters
+    result2 = await add_graph_execution(
+        graph_id=mock_graph_exec.graph_id,
+        user_id=mock_graph_exec.user_id,
+        inputs=mock_graph_exec.inputs,
+        preset_id=mock_graph_exec.preset_id,
+        graph_version=mock_graph_exec.graph_version,
+        graph_credentials_inputs=mock_graph_exec.credential_inputs,
+        nodes_input_masks=mock_graph_exec.nodes_input_masks,
+    )
+
+    # Verify that create_graph_execution was called with identical parameters
+    second_call_kwargs = mock_edb.create_graph_execution.call_args[1]
+
+    # The sanity check: both calls should use identical parameters
+    assert first_call_kwargs == second_call_kwargs
+
+    # Both executions should succeed (though they create different objects)
+    assert result1 == mock_graph_exec
+    assert result2 == mock_graph_exec_2

autogpt_platform/backend/backend/sdk/__init__.py

@@ -63,7 +63,7 @@ except ImportError:
 
 # Cost System
 try:
-    from backend.data.cost import BlockCost, BlockCostType
+    from backend.data.block import BlockCost, BlockCostType
 except ImportError:
     from backend.data.block_cost_config import BlockCost, BlockCostType
 

autogpt_platform/backend/backend/sdk/builder.py

@@ -8,7 +8,7 @@ from typing import Callable, List, Optional, Type
 
 from pydantic import SecretStr
 
-from backend.data.cost import BlockCost, BlockCostType
+from backend.data.block import BlockCost, BlockCostType
 from backend.data.model import (
     APIKeyCredentials,
     Credentials,

autogpt_platform/backend/backend/sdk/cost_integration.py

@@ -8,9 +8,8 @@ BLOCK_COSTS configuration used by the execution system.
 import logging
 from typing import List, Type
 
-from backend.data.block import Block
+from backend.data.block import Block, BlockCost
 from backend.data.block_cost_config import BLOCK_COSTS
-from backend.data.cost import BlockCost
 from backend.sdk.registry import AutoRegistry
 
 logger = logging.getLogger(__name__)

autogpt_platform/backend/backend/sdk/provider.py

@@ -7,7 +7,7 @@ from typing import Any, Callable, List, Optional, Set, Type
 
 from pydantic import BaseModel, SecretStr
 
-from backend.data.cost import BlockCost
+from backend.data.block import BlockCost
 from backend.data.model import (
     APIKeyCredentials,
     Credentials,

autogpt_platform/backend/backend/server/conn_manager_test.py

@@ -88,6 +88,7 @@ async def test_send_graph_execution_result(
         user_id="user-1",
         graph_id="test_graph",
         graph_version=1,
+        preset_id=None,
         status=ExecutionStatus.COMPLETED,
         started_at=datetime.now(tz=timezone.utc),
         ended_at=datetime.now(tz=timezone.utc),
@@ -101,6 +102,8 @@ async def test_send_graph_execution_result(
             "input_1": "some input value :)",
             "input_2": "some *other* input value",
         },
+        credential_inputs=None,
+        nodes_input_masks=None,
         outputs={
             "the_output": ["some output value"],
             "other_output": ["sike there was another output"],

autogpt_platform/backend/backend/server/external/middleware.py

@@ -1,16 +1,14 @@
-from fastapi import Depends, HTTPException, Request
+from fastapi import HTTPException, Security
 from fastapi.security import APIKeyHeader
 from prisma.enums import APIKeyPermission
 
-from backend.data.api_key import has_permission, validate_api_key
+from backend.data.api_key import APIKeyInfo, has_permission, validate_api_key
 
-api_key_header = APIKeyHeader(name="X-API-Key")
+api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
 
 
-async def require_api_key(request: Request):
+async def require_api_key(api_key: str | None = Security(api_key_header)) -> APIKeyInfo:
     """Base middleware for API key authentication"""
-    api_key = await api_key_header(request)
-
     if api_key is None:
         raise HTTPException(status_code=401, detail="Missing API key")
 
@@ -19,18 +17,19 @@ async def require_api_key(request: Request):
     if not api_key_obj:
         raise HTTPException(status_code=401, detail="Invalid API key")
 
-    request.state.api_key = api_key_obj
     return api_key_obj
 
 
 def require_permission(permission: APIKeyPermission):
     """Dependency function for checking specific permissions"""
 
-    async def check_permission(api_key=Depends(require_api_key)):
+    async def check_permission(
+        api_key: APIKeyInfo = Security(require_api_key),
+    ) -> APIKeyInfo:
         if not has_permission(api_key, permission):
             raise HTTPException(
                 status_code=403,
-                detail=f"API key missing required permission: {permission}",
+                detail=f"API key lacks the required permission '{permission}'",
             )
         return api_key
 

autogpt_platform/backend/backend/server/external/routes/v1.py

@@ -2,14 +2,14 @@ import logging
 from collections import defaultdict
 from typing import Annotated, Any, Optional, Sequence
 
-from fastapi import APIRouter, Body, Depends, HTTPException
+from fastapi import APIRouter, Body, HTTPException, Security
 from prisma.enums import AgentExecutionStatus, APIKeyPermission
 from typing_extensions import TypedDict
 
 import backend.data.block
 from backend.data import execution as execution_db
 from backend.data import graph as graph_db
-from backend.data.api_key import APIKey
+from backend.data.api_key import APIKeyInfo
 from backend.data.block import BlockInput, CompletedBlockOutput
 from backend.executor.utils import add_graph_execution
 from backend.server.external.middleware import require_permission
@@ -47,7 +47,7 @@ class GraphExecutionResult(TypedDict):
 @v1_router.get(
     path="/blocks",
     tags=["blocks"],
-    dependencies=[Depends(require_permission(APIKeyPermission.READ_BLOCK))],
+    dependencies=[Security(require_permission(APIKeyPermission.READ_BLOCK))],
 )
 def get_graph_blocks() -> Sequence[dict[Any, Any]]:
     blocks = [block() for block in backend.data.block.get_blocks().values()]
@@ -57,12 +57,12 @@ def get_graph_blocks() -> Sequence[dict[Any, Any]]:
 @v1_router.post(
     path="/blocks/{block_id}/execute",
     tags=["blocks"],
-    dependencies=[Depends(require_permission(APIKeyPermission.EXECUTE_BLOCK))],
+    dependencies=[Security(require_permission(APIKeyPermission.EXECUTE_BLOCK))],
 )
 async def execute_graph_block(
     block_id: str,
     data: BlockInput,
-    api_key: APIKey = Depends(require_permission(APIKeyPermission.EXECUTE_BLOCK)),
+    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.EXECUTE_BLOCK)),
 ) -> CompletedBlockOutput:
     obj = backend.data.block.get_block(block_id)
     if not obj:
@@ -82,7 +82,7 @@ async def execute_graph(
     graph_id: str,
     graph_version: int,
     node_input: Annotated[dict[str, Any], Body(..., embed=True, default_factory=dict)],
-    api_key: APIKey = Depends(require_permission(APIKeyPermission.EXECUTE_GRAPH)),
+    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.EXECUTE_GRAPH)),
 ) -> dict[str, Any]:
     try:
         graph_exec = await add_graph_execution(
@@ -104,7 +104,7 @@ async def execute_graph(
 async def get_graph_execution_results(
     graph_id: str,
     graph_exec_id: str,
-    api_key: APIKey = Depends(require_permission(APIKeyPermission.READ_GRAPH)),
+    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.READ_GRAPH)),
 ) -> GraphExecutionResult:
     graph = await graph_db.get_graph(graph_id, user_id=api_key.user_id)
     if not graph:

autogpt_platform/backend/backend/server/model.py

@@ -3,7 +3,7 @@ from typing import Any, Optional
 
 import pydantic
 
-from backend.data.api_key import APIKeyPermission, APIKeyWithoutHash
+from backend.data.api_key import APIKeyInfo, APIKeyPermission
 from backend.data.graph import Graph
 from backend.util.timezone_name import TimeZoneName
 
@@ -34,10 +34,6 @@ class WSSubscribeGraphExecutionsRequest(pydantic.BaseModel):
     graph_id: str
 
 
-class ExecuteGraphResponse(pydantic.BaseModel):
-    graph_exec_id: str
-
-
 class CreateGraph(pydantic.BaseModel):
     graph: Graph
 
@@ -49,7 +45,7 @@ class CreateAPIKeyRequest(pydantic.BaseModel):
 
 
 class CreateAPIKeyResponse(pydantic.BaseModel):
-    api_key: APIKeyWithoutHash
+    api_key: APIKeyInfo
     plain_text_key: str
 
 

autogpt_platform/backend/backend/server/rest_api.py

@@ -12,6 +12,7 @@ from autogpt_libs.auth import add_auth_responses_to_openapi
 from autogpt_libs.auth import verify_settings as verify_auth_settings
 from fastapi.exceptions import RequestValidationError
 from fastapi.routing import APIRoute
+from prisma.errors import PrismaError
 
 import backend.data.block
 import backend.data.db
@@ -39,6 +40,7 @@ from backend.server.external.api import external_app
 from backend.server.middleware.security import SecurityHeadersMiddleware
 from backend.util import json
 from backend.util.cloud_storage import shutdown_cloud_storage_handler
+from backend.util.exceptions import NotAuthorizedError, NotFoundError
 from backend.util.feature_flag import initialize_launchdarkly, shutdown_launchdarkly
 from backend.util.service import UnhealthyServiceError
 
@@ -195,10 +197,14 @@ async def validation_error_handler(
     )
 
 
+app.add_exception_handler(PrismaError, handle_internal_http_error(500))
+app.add_exception_handler(NotFoundError, handle_internal_http_error(404, False))
+app.add_exception_handler(NotAuthorizedError, handle_internal_http_error(403, False))
 app.add_exception_handler(RequestValidationError, validation_error_handler)
 app.add_exception_handler(pydantic.ValidationError, validation_error_handler)
 app.add_exception_handler(ValueError, handle_internal_http_error(400))
 app.add_exception_handler(Exception, handle_internal_http_error(500))
+
 app.include_router(backend.server.routers.v1.v1_router, tags=["v1"], prefix="/api")
 app.include_router(
     backend.server.v2.store.routes.router, tags=["v2"], prefix="/api/store"
@@ -246,13 +252,19 @@ async def health():
 
 class AgentServer(backend.util.service.AppProcess):
     def run(self):
-        server_app = starlette.middleware.cors.CORSMiddleware(
-            app=app,
-            allow_origins=settings.config.backend_cors_allow_origins,
-            allow_credentials=True,
-            allow_methods=["*"],  # Allows all methods
-            allow_headers=["*"],  # Allows all headers
-        )
+
+        if settings.config.enable_cors_all_origins:
+            server_app = starlette.middleware.cors.CORSMiddleware(
+                app=app,
+                allow_origins=settings.config.backend_cors_allow_origins,
+                allow_credentials=True,
+                allow_methods=["*"],  # Allows all methods
+                allow_headers=["*"],  # Allows all headers
+            )
+        else:
+            logger.info("CORS is disabled")
+            server_app = app
+
         uvicorn.run(
             server_app,
             host=backend.util.settings.Config().agent_api_host,
@@ -363,6 +375,7 @@ class AgentServer(backend.util.service.AppProcess):
             preset_id=preset_id,
             user_id=user_id,
             inputs=inputs or {},
+            credential_inputs={},
         )
 
     @staticmethod

autogpt_platform/backend/backend/server/routers/v1.py

@@ -27,20 +27,9 @@ from typing_extensions import Optional, TypedDict
 import backend.server.integrations.router
 import backend.server.routers.analytics
 import backend.server.v2.library.db as library_db
+from backend.data import api_key as api_key_db
 from backend.data import execution as execution_db
 from backend.data import graph as graph_db
-from backend.data.api_key import (
-    APIKeyError,
-    APIKeyNotFoundError,
-    APIKeyPermissionError,
-    APIKeyWithoutHash,
-    generate_api_key,
-    get_api_key_by_id,
-    list_user_api_keys,
-    revoke_api_key,
-    suspend_api_key,
-    update_api_key_permissions,
-)
 from backend.data.block import BlockInput, CompletedBlockOutput, get_block, get_blocks
 from backend.data.credit import (
     AutoTopUpConfig,
@@ -78,7 +67,6 @@ from backend.server.model import (
     CreateAPIKeyRequest,
     CreateAPIKeyResponse,
     CreateGraph,
-    ExecuteGraphResponse,
     RequestTopUp,
     SetGraphActiveVersion,
     TimezoneResponse,
@@ -177,7 +165,6 @@ async def get_user_timezone_route(
     summary="Update user timezone",
     tags=["auth"],
     dependencies=[Security(requires_user)],
-    response_model=TimezoneResponse,
 )
 async def update_user_timezone_route(
     user_id: Annotated[str, Security(get_user_id)], request: UpdateTimezoneRequest
@@ -783,7 +770,7 @@ async def execute_graph(
     ],
     graph_version: Optional[int] = None,
     preset_id: Optional[str] = None,
-) -> ExecuteGraphResponse:
+) -> execution_db.GraphExecutionMeta:
     current_balance = await _user_credit_model.get_credits(user_id)
     if current_balance <= 0:
         raise HTTPException(
@@ -792,7 +779,7 @@ async def execute_graph(
         )
 
     try:
-        graph_exec = await execution_utils.add_graph_execution(
+        return await execution_utils.add_graph_execution(
             graph_id=graph_id,
             user_id=user_id,
             inputs=inputs,
@@ -800,7 +787,6 @@ async def execute_graph(
             graph_version=graph_version,
             graph_credentials_inputs=credentials_inputs,
         )
-        return ExecuteGraphResponse(graph_exec_id=graph_exec.id)
     except GraphValidationError as e:
         # Return structured validation errors that the frontend can parse
         raise HTTPException(
@@ -1084,7 +1070,6 @@ async def delete_graph_execution_schedule(
 @v1_router.post(
     "/api-keys",
     summary="Create new API key",
-    response_model=CreateAPIKeyResponse,
     tags=["api-keys"],
     dependencies=[Security(requires_user)],
 )
@@ -1092,128 +1077,73 @@ async def create_api_key(
     request: CreateAPIKeyRequest, user_id: Annotated[str, Security(get_user_id)]
 ) -> CreateAPIKeyResponse:
     """Create a new API key"""
-    try:
-        api_key, plain_text = await generate_api_key(
-            name=request.name,
-            user_id=user_id,
-            permissions=request.permissions,
-            description=request.description,
-        )
-        return CreateAPIKeyResponse(api_key=api_key, plain_text_key=plain_text)
-    except APIKeyError as e:
-        logger.error(
-            "Could not create API key for user %s: %s. Review input and permissions.",
-            user_id,
-            e,
-        )
-        raise HTTPException(
-            status_code=400,
-            detail={"message": str(e), "hint": "Verify request payload and try again."},
-        )
+    api_key_info, plain_text_key = await api_key_db.create_api_key(
+        name=request.name,
+        user_id=user_id,
+        permissions=request.permissions,
+        description=request.description,
+    )
+    return CreateAPIKeyResponse(api_key=api_key_info, plain_text_key=plain_text_key)
 
 
 @v1_router.get(
     "/api-keys",
     summary="List user API keys",
-    response_model=list[APIKeyWithoutHash] | dict[str, str],
     tags=["api-keys"],
     dependencies=[Security(requires_user)],
 )
 async def get_api_keys(
     user_id: Annotated[str, Security(get_user_id)],
-) -> list[APIKeyWithoutHash]:
+) -> list[api_key_db.APIKeyInfo]:
     """List all API keys for the user"""
-    try:
-        return await list_user_api_keys(user_id)
-    except APIKeyError as e:
-        logger.error("Failed to list API keys for user %s: %s", user_id, e)
-        raise HTTPException(
-            status_code=400,
-            detail={"message": str(e), "hint": "Check API key service availability."},
-        )
+    return await api_key_db.list_user_api_keys(user_id)
 
 
 @v1_router.get(
     "/api-keys/{key_id}",
     summary="Get specific API key",
-    response_model=APIKeyWithoutHash,
     tags=["api-keys"],
     dependencies=[Security(requires_user)],
 )
 async def get_api_key(
     key_id: str, user_id: Annotated[str, Security(get_user_id)]
-) -> APIKeyWithoutHash:
+) -> api_key_db.APIKeyInfo:
     """Get a specific API key"""
-    try:
-        api_key = await get_api_key_by_id(key_id, user_id)
-        if not api_key:
-            raise HTTPException(status_code=404, detail="API key not found")
-        return api_key
-    except APIKeyError as e:
-        logger.error("Error retrieving API key %s for user %s: %s", key_id, user_id, e)
-        raise HTTPException(
-            status_code=400,
-            detail={"message": str(e), "hint": "Ensure the key ID is correct."},
-        )
+    api_key = await api_key_db.get_api_key_by_id(key_id, user_id)
+    if not api_key:
+        raise HTTPException(status_code=404, detail="API key not found")
+    return api_key
 
 
 @v1_router.delete(
     "/api-keys/{key_id}",
     summary="Revoke API key",
-    response_model=APIKeyWithoutHash,
     tags=["api-keys"],
     dependencies=[Security(requires_user)],
 )
 async def delete_api_key(
     key_id: str, user_id: Annotated[str, Security(get_user_id)]
-) -> Optional[APIKeyWithoutHash]:
+) -> api_key_db.APIKeyInfo:
     """Revoke an API key"""
-    try:
-        return await revoke_api_key(key_id, user_id)
-    except APIKeyNotFoundError:
-        raise HTTPException(status_code=404, detail="API key not found")
-    except APIKeyPermissionError:
-        raise HTTPException(status_code=403, detail="Permission denied")
-    except APIKeyError as e:
-        logger.error("Failed to revoke API key %s for user %s: %s", key_id, user_id, e)
-        raise HTTPException(
-            status_code=400,
-            detail={
-                "message": str(e),
-                "hint": "Verify permissions or try again later.",
-            },
-        )
+    return await api_key_db.revoke_api_key(key_id, user_id)
 
 
 @v1_router.post(
     "/api-keys/{key_id}/suspend",
     summary="Suspend API key",
-    response_model=APIKeyWithoutHash,
     tags=["api-keys"],
     dependencies=[Security(requires_user)],
 )
 async def suspend_key(
     key_id: str, user_id: Annotated[str, Security(get_user_id)]
-) -> Optional[APIKeyWithoutHash]:
+) -> api_key_db.APIKeyInfo:
     """Suspend an API key"""
-    try:
-        return await suspend_api_key(key_id, user_id)
-    except APIKeyNotFoundError:
-        raise HTTPException(status_code=404, detail="API key not found")
-    except APIKeyPermissionError:
-        raise HTTPException(status_code=403, detail="Permission denied")
-    except APIKeyError as e:
-        logger.error("Failed to suspend API key %s for user %s: %s", key_id, user_id, e)
-        raise HTTPException(
-            status_code=400,
-            detail={"message": str(e), "hint": "Check user permissions and retry."},
-        )
+    return await api_key_db.suspend_api_key(key_id, user_id)
 
 
 @v1_router.put(
     "/api-keys/{key_id}/permissions",
     summary="Update key permissions",
-    response_model=APIKeyWithoutHash,
     tags=["api-keys"],
     dependencies=[Security(requires_user)],
 )
@@ -1221,22 +1151,8 @@ async def update_permissions(
     key_id: str,
     request: UpdatePermissionsRequest,
     user_id: Annotated[str, Security(get_user_id)],
-) -> Optional[APIKeyWithoutHash]:
+) -> api_key_db.APIKeyInfo:
     """Update API key permissions"""
-    try:
-        return await update_api_key_permissions(key_id, user_id, request.permissions)
-    except APIKeyNotFoundError:
-        raise HTTPException(status_code=404, detail="API key not found")
-    except APIKeyPermissionError:
-        raise HTTPException(status_code=403, detail="Permission denied")
-    except APIKeyError as e:
-        logger.error(
-            "Failed to update permissions for API key %s of user %s: %s",
-            key_id,
-            user_id,
-            e,
-        )
-        raise HTTPException(
-            status_code=400,
-            detail={"message": str(e), "hint": "Ensure permissions list is valid."},
-        )
+    return await api_key_db.update_api_key_permissions(
+        key_id, user_id, request.permissions
+    )

autogpt_platform/backend/backend/server/utils/api_key_auth.py

@@ -3,8 +3,9 @@ API Key authentication utilities for FastAPI applications.
 """
 
 import inspect
+import logging
 import secrets
-from typing import Any, Callable, Optional
+from typing import Any, Awaitable, Callable, Optional
 
 from fastapi import HTTPException, Request
 from fastapi.security import APIKeyHeader
@@ -12,6 +13,8 @@ from starlette.status import HTTP_401_UNAUTHORIZED
 
 from backend.util.exceptions import MissingConfigError
 
+logger = logging.getLogger(__name__)
+
 
 class APIKeyAuthenticator(APIKeyHeader):
     """
@@ -51,7 +54,8 @@ class APIKeyAuthenticator(APIKeyHeader):
         header_name (str): The name of the header containing the API key
         expected_token (Optional[str]): The expected API key value for simple token matching
         validator (Optional[Callable]): Custom validation function that takes an API key
-            string and returns a boolean or object. Can be async.
+            string and returns a truthy value if and only if the passed string is a
+            valid API key. Can be async.
         status_if_missing (int): HTTP status code to use for validation errors
         message_if_invalid (str): Error message to return when validation fails
     """
@@ -60,7 +64,9 @@ class APIKeyAuthenticator(APIKeyHeader):
         self,
         header_name: str,
         expected_token: Optional[str] = None,
-        validator: Optional[Callable[[str], bool]] = None,
+        validator: Optional[
+            Callable[[str], Any] | Callable[[str], Awaitable[Any]]
+        ] = None,
         status_if_missing: int = HTTP_401_UNAUTHORIZED,
         message_if_invalid: str = "Invalid API key",
     ):
@@ -75,7 +81,7 @@ class APIKeyAuthenticator(APIKeyHeader):
         self.message_if_invalid = message_if_invalid
 
     async def __call__(self, request: Request) -> Any:
-        api_key = await super()(request)
+        api_key = await super().__call__(request)
         if api_key is None:
             raise HTTPException(
                 status_code=self.status_if_missing, detail="No API key in request"
@@ -106,4 +112,9 @@ class APIKeyAuthenticator(APIKeyHeader):
                 f"{self.__class__.__name__}.expected_token is not set; "
                 "either specify it or provide a custom validator"
             )
-        return secrets.compare_digest(api_key, self.expected_token)
+        try:
+            return secrets.compare_digest(api_key, self.expected_token)
+        except TypeError as e:
+            # If value is not an ASCII string, compare_digest raises a TypeError
+            logger.warning(f"{self.model.name} API key check failed: {e}")
+            return False

autogpt_platform/backend/backend/server/utils/api_key_auth_test.py

@@ -0,0 +1,537 @@
+"""
+Unit tests for APIKeyAuthenticator class.
+"""
+
+from unittest.mock import Mock, patch
+
+import pytest
+from fastapi import HTTPException, Request
+from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN
+
+from backend.server.utils.api_key_auth import APIKeyAuthenticator
+from backend.util.exceptions import MissingConfigError
+
+
+@pytest.fixture
+def mock_request():
+    """Create a mock request object."""
+    request = Mock(spec=Request)
+    request.state = Mock()
+    request.headers = {}
+    return request
+
+
+@pytest.fixture
+def api_key_auth():
+    """Create a basic APIKeyAuthenticator instance."""
+    return APIKeyAuthenticator(
+        header_name="X-API-Key", expected_token="test-secret-token"
+    )
+
+
+@pytest.fixture
+def api_key_auth_custom_validator():
+    """Create APIKeyAuthenticator with custom validator."""
+
+    def custom_validator(api_key: str) -> bool:
+        return api_key == "custom-valid-key"
+
+    return APIKeyAuthenticator(header_name="X-API-Key", validator=custom_validator)
+
+
+@pytest.fixture
+def api_key_auth_async_validator():
+    """Create APIKeyAuthenticator with async custom validator."""
+
+    async def async_validator(api_key: str) -> bool:
+        return api_key == "async-valid-key"
+
+    return APIKeyAuthenticator(header_name="X-API-Key", validator=async_validator)
+
+
+@pytest.fixture
+def api_key_auth_object_validator():
+    """Create APIKeyAuthenticator that returns objects from validator."""
+
+    async def object_validator(api_key: str):
+        if api_key == "user-key":
+            return {"user_id": "123", "permissions": ["read", "write"]}
+        return None
+
+    return APIKeyAuthenticator(header_name="X-API-Key", validator=object_validator)
+
+
+# ========== Basic Initialization Tests ========== #
+
+
+def test_init_with_expected_token():
+    """Test initialization with expected token."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="test-token")
+
+    assert auth.model.name == "X-API-Key"
+    assert auth.expected_token == "test-token"
+    assert auth.custom_validator is None
+    assert auth.status_if_missing == HTTP_401_UNAUTHORIZED
+    assert auth.message_if_invalid == "Invalid API key"
+
+
+def test_init_with_custom_validator():
+    """Test initialization with custom validator."""
+
+    def validator(key: str) -> bool:
+        return True
+
+    auth = APIKeyAuthenticator(header_name="Authorization", validator=validator)
+
+    assert auth.model.name == "Authorization"
+    assert auth.expected_token is None
+    assert auth.custom_validator == validator
+    assert auth.status_if_missing == HTTP_401_UNAUTHORIZED
+    assert auth.message_if_invalid == "Invalid API key"
+
+
+def test_init_with_custom_parameters():
+    """Test initialization with custom status and message."""
+    auth = APIKeyAuthenticator(
+        header_name="X-Custom-Key",
+        expected_token="token",
+        status_if_missing=HTTP_403_FORBIDDEN,
+        message_if_invalid="Access denied",
+    )
+
+    assert auth.model.name == "X-Custom-Key"
+    assert auth.status_if_missing == HTTP_403_FORBIDDEN
+    assert auth.message_if_invalid == "Access denied"
+
+
+def test_scheme_name_generation():
+    """Test that scheme_name is generated correctly."""
+    auth = APIKeyAuthenticator(header_name="X-Custom-Header", expected_token="token")
+
+    assert auth.scheme_name == "APIKeyAuthenticator-X-Custom-Header"
+
+
+# ========== Authentication Flow Tests ========== #
+
+
+@pytest.mark.asyncio
+async def test_api_key_missing(api_key_auth, mock_request):
+    """Test behavior when API key is missing from request."""
+    # Mock the parent class method to return None (no API key)
+    with pytest.raises(HTTPException) as exc_info:
+        await api_key_auth(mock_request)
+
+    assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+    assert exc_info.value.detail == "No API key in request"
+
+
+@pytest.mark.asyncio
+async def test_api_key_valid(api_key_auth, mock_request):
+    """Test behavior with valid API key."""
+    # Mock the parent class to return the API key
+    with patch.object(
+        api_key_auth.__class__.__bases__[0],
+        "__call__",
+        return_value="test-secret-token",
+    ):
+        result = await api_key_auth(mock_request)
+
+    assert result is True
+
+
+@pytest.mark.asyncio
+async def test_api_key_invalid(api_key_auth, mock_request):
+    """Test behavior with invalid API key."""
+    # Mock the parent class to return an invalid API key
+    with patch.object(
+        api_key_auth.__class__.__bases__[0], "__call__", return_value="invalid-token"
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await api_key_auth(mock_request)
+
+    assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+    assert exc_info.value.detail == "Invalid API key"
+
+
+# ========== Custom Validator Tests ========== #
+
+
+@pytest.mark.asyncio
+async def test_custom_status_and_message(mock_request):
+    """Test custom status code and message."""
+    auth = APIKeyAuthenticator(
+        header_name="X-API-Key",
+        expected_token="valid-token",
+        status_if_missing=HTTP_403_FORBIDDEN,
+        message_if_invalid="Access forbidden",
+    )
+
+    # Test missing key
+    with pytest.raises(HTTPException) as exc_info:
+        await auth(mock_request)
+
+    assert exc_info.value.status_code == HTTP_403_FORBIDDEN
+    assert exc_info.value.detail == "No API key in request"
+
+    # Test invalid key
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value="invalid-token"
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+    assert exc_info.value.status_code == HTTP_403_FORBIDDEN
+    assert exc_info.value.detail == "Access forbidden"
+
+
+@pytest.mark.asyncio
+async def test_custom_sync_validator(api_key_auth_custom_validator, mock_request):
+    """Test with custom synchronous validator."""
+    # Mock the parent class to return the API key
+    with patch.object(
+        api_key_auth_custom_validator.__class__.__bases__[0],
+        "__call__",
+        return_value="custom-valid-key",
+    ):
+        result = await api_key_auth_custom_validator(mock_request)
+
+    assert result is True
+
+
+@pytest.mark.asyncio
+async def test_custom_sync_validator_invalid(
+    api_key_auth_custom_validator, mock_request
+):
+    """Test custom synchronous validator with invalid key."""
+    with patch.object(
+        api_key_auth_custom_validator.__class__.__bases__[0],
+        "__call__",
+        return_value="invalid-key",
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await api_key_auth_custom_validator(mock_request)
+
+    assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+    assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_custom_async_validator(api_key_auth_async_validator, mock_request):
+    """Test with custom async validator."""
+    with patch.object(
+        api_key_auth_async_validator.__class__.__bases__[0],
+        "__call__",
+        return_value="async-valid-key",
+    ):
+        result = await api_key_auth_async_validator(mock_request)
+
+    assert result is True
+
+
+@pytest.mark.asyncio
+async def test_custom_async_validator_invalid(
+    api_key_auth_async_validator, mock_request
+):
+    """Test custom async validator with invalid key."""
+    with patch.object(
+        api_key_auth_async_validator.__class__.__bases__[0],
+        "__call__",
+        return_value="invalid-key",
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await api_key_auth_async_validator(mock_request)
+
+    assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+    assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_validator_returns_object(api_key_auth_object_validator, mock_request):
+    """Test validator that returns an object instead of boolean."""
+    with patch.object(
+        api_key_auth_object_validator.__class__.__bases__[0],
+        "__call__",
+        return_value="user-key",
+    ):
+        result = await api_key_auth_object_validator(mock_request)
+
+    expected_result = {"user_id": "123", "permissions": ["read", "write"]}
+    assert result == expected_result
+    # Verify the object is stored in request state
+    assert mock_request.state.api_key == expected_result
+
+
+@pytest.mark.asyncio
+async def test_validator_returns_none(api_key_auth_object_validator, mock_request):
+    """Test validator that returns None (falsy)."""
+    with patch.object(
+        api_key_auth_object_validator.__class__.__bases__[0],
+        "__call__",
+        return_value="invalid-key",
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await api_key_auth_object_validator(mock_request)
+
+    assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+    assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_validator_database_lookup_simulation(mock_request):
+    """Test simulation of database lookup validator."""
+    # Simulate database records
+    valid_api_keys = {
+        "key123": {"user_id": "user1", "active": True},
+        "key456": {"user_id": "user2", "active": False},
+    }
+
+    async def db_validator(api_key: str):
+        record = valid_api_keys.get(api_key)
+        return record if record and record["active"] else None
+
+    auth = APIKeyAuthenticator(header_name="X-API-Key", validator=db_validator)
+
+    # Test valid active key
+    with patch.object(auth.__class__.__bases__[0], "__call__", return_value="key123"):
+        result = await auth(mock_request)
+        assert result == {"user_id": "user1", "active": True}
+        assert mock_request.state.api_key == {"user_id": "user1", "active": True}
+
+    # Test inactive key
+    mock_request.state = Mock()  # Reset state
+    with patch.object(auth.__class__.__bases__[0], "__call__", return_value="key456"):
+        with pytest.raises(HTTPException):
+            await auth(mock_request)
+
+    # Test non-existent key
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value="nonexistent"
+    ):
+        with pytest.raises(HTTPException):
+            await auth(mock_request)
+
+
+# ========== Default Validator Tests ========== #
+
+
+@pytest.mark.asyncio
+async def test_default_validator_key_valid(api_key_auth):
+    """Test default validator with valid token."""
+    result = await api_key_auth.default_validator("test-secret-token")
+    assert result is True
+
+
+@pytest.mark.asyncio
+async def test_default_validator_key_invalid(api_key_auth):
+    """Test default validator with invalid token."""
+    result = await api_key_auth.default_validator("wrong-token")
+    assert result is False
+
+
+@pytest.mark.asyncio
+async def test_default_validator_missing_expected_token():
+    """Test default validator when expected_token is not set."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key")
+
+    with pytest.raises(MissingConfigError) as exc_info:
+        await auth.default_validator("any-token")
+
+    assert "expected_token is not set" in str(exc_info.value)
+    assert "either specify it or provide a custom validator" in str(exc_info.value)
+
+
+@pytest.mark.asyncio
+async def test_default_validator_uses_constant_time_comparison(api_key_auth):
+    """
+    Test that default validator uses secrets.compare_digest for timing attack protection
+    """
+    with patch("secrets.compare_digest") as mock_compare:
+        mock_compare.return_value = True
+
+        await api_key_auth.default_validator("test-token")
+
+        mock_compare.assert_called_once_with("test-token", "test-secret-token")
+
+
+@pytest.mark.asyncio
+async def test_api_key_empty(mock_request):
+    """Test behavior with empty string API key."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    with patch.object(auth.__class__.__bases__[0], "__call__", return_value=""):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_key_whitespace_only(mock_request):
+    """Test behavior with whitespace-only API key."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value="   \t\n  "
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_key_very_long(mock_request):
+    """Test behavior with extremely long API key (potential DoS protection)."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    # Create a very long API key (10MB)
+    long_api_key = "a" * (10 * 1024 * 1024)
+
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value=long_api_key
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_key_with_null_bytes(mock_request):
+    """Test behavior with API key containing null bytes."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    api_key_with_null = "valid\x00token"
+
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value=api_key_with_null
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_key_with_control_characters(mock_request):
+    """Test behavior with API key containing control characters."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    # API key with various control characters
+    api_key_with_control = "valid\r\n\t\x1b[31mtoken"
+
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value=api_key_with_control
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_key_with_unicode_characters(mock_request):
+    """Test behavior with Unicode characters in API key."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    # API key with Unicode characters
+    unicode_api_key = "validтокен🔑"
+
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value=unicode_api_key
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_key_with_unicode_characters_normalization_attack(mock_request):
+    """Test that Unicode normalization doesn't bypass validation."""
+    # Create auth with composed Unicode character
+    auth = APIKeyAuthenticator(
+        header_name="X-API-Key", expected_token="café"  # é is composed
+    )
+
+    # Try with decomposed version (c + a + f + e + ´)
+    decomposed_key = "cafe\u0301"  # é as combining character
+
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value=decomposed_key
+    ):
+        # Should fail because secrets.compare_digest doesn't normalize
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_key_with_binary_data(mock_request):
+    """Test behavior with binary data in API key."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    # Binary data that might cause encoding issues
+    binary_api_key = bytes([0xFF, 0xFE, 0xFD, 0xFC, 0x80, 0x81]).decode(
+        "latin1", errors="ignore"
+    )
+
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value=binary_api_key
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_key_with_regex_dos_attack_pattern(mock_request):
+    """Test behavior with API key of repeated characters (pattern attack)."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    # Pattern that might cause regex DoS in poorly implemented validators
+    repeated_key = "a" * 1000 + "b" * 1000 + "c" * 1000
+
+    with patch.object(
+        auth.__class__.__bases__[0], "__call__", return_value=repeated_key
+    ):
+        with pytest.raises(HTTPException) as exc_info:
+            await auth(mock_request)
+
+        assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+        assert exc_info.value.detail == "Invalid API key"
+
+
+@pytest.mark.asyncio
+async def test_api_keys_with_newline_variations(mock_request):
+    """Test different newline characters in API key."""
+    auth = APIKeyAuthenticator(header_name="X-API-Key", expected_token="valid-token")
+
+    newline_variations = [
+        "valid\ntoken",  # Unix newline
+        "valid\r\ntoken",  # Windows newline
+        "valid\rtoken",  # Mac newline
+        "valid\x85token",  # NEL (Next Line)
+        "valid\x0Btoken",  # Vertical Tab
+        "valid\x0Ctoken",  # Form Feed
+    ]
+
+    for api_key in newline_variations:
+        with patch.object(
+            auth.__class__.__bases__[0], "__call__", return_value=api_key
+        ):
+            with pytest.raises(HTTPException) as exc_info:
+                await auth(mock_request)
+
+            assert exc_info.value.status_code == HTTP_401_UNAUTHORIZED
+            assert exc_info.value.detail == "Invalid API key"

autogpt_platform/backend/backend/server/v2/builder/db.py

@@ -7,12 +7,10 @@ import prisma
 import backend.data.block
 from backend.blocks import load_all_blocks
 from backend.blocks.llm import LlmModel
-from backend.data.block import Block, BlockCategory, BlockSchema
-from backend.data.credit import get_block_costs
+from backend.data.block import Block, BlockCategory, BlockInfo, BlockSchema
 from backend.integrations.providers import ProviderName
 from backend.server.v2.builder.model import (
     BlockCategoryResponse,
-    BlockData,
     BlockResponse,
     BlockType,
     CountResponse,
@@ -25,7 +23,7 @@ from backend.util.models import Pagination
 logger = logging.getLogger(__name__)
 llm_models = [name.name.lower().replace("_", " ") for name in LlmModel]
 _static_counts_cache: dict | None = None
-_suggested_blocks: list[BlockData] | None = None
+_suggested_blocks: list[BlockInfo] | None = None
 
 
 def get_block_categories(category_blocks: int = 3) -> list[BlockCategoryResponse]:
@@ -53,7 +51,7 @@ def get_block_categories(category_blocks: int = 3) -> list[BlockCategoryResponse
 
             # Append if the category has less than the specified number of blocks
             if len(categories[category].blocks) < category_blocks:
-                categories[category].blocks.append(block.to_dict())
+                categories[category].blocks.append(block.get_info())
 
     # Sort categories by name
     return sorted(categories.values(), key=lambda x: x.name)
@@ -109,10 +107,8 @@ def get_blocks(
             take -= 1
             blocks.append(block)
 
-    costs = get_block_costs()
-
     return BlockResponse(
-        blocks=[{**b.to_dict(), "costs": costs.get(b.id, [])} for b in blocks],
+        blocks=[b.get_info() for b in blocks],
         pagination=Pagination(
             total_items=total,
             total_pages=(total + page_size - 1) // page_size,
@@ -174,11 +170,9 @@ def search_blocks(
             take -= 1
             blocks.append(block)
 
-    costs = get_block_costs()
-
     return SearchBlocksResponse(
         blocks=BlockResponse(
-            blocks=[{**b.to_dict(), "costs": costs.get(b.id, [])} for b in blocks],
+            blocks=[b.get_info() for b in blocks],
             pagination=Pagination(
                 total_items=total,
                 total_pages=(total + page_size - 1) // page_size,
@@ -323,7 +317,7 @@ def _get_all_providers() -> dict[ProviderName, Provider]:
     return providers
 
 
-async def get_suggested_blocks(count: int = 5) -> list[BlockData]:
+async def get_suggested_blocks(count: int = 5) -> list[BlockInfo]:
     global _suggested_blocks
 
     if _suggested_blocks is not None and len(_suggested_blocks) >= count:
@@ -351,7 +345,7 @@ async def get_suggested_blocks(count: int = 5) -> list[BlockData]:
 
     # Get the top blocks based on execution count
     # But ignore Input and Output blocks
-    blocks: list[tuple[BlockData, int]] = []
+    blocks: list[tuple[BlockInfo, int]] = []
 
     for block_type in load_all_blocks().values():
         block: Block[BlockSchema, BlockSchema] = block_type()
@@ -366,7 +360,7 @@ async def get_suggested_blocks(count: int = 5) -> list[BlockData]:
             (row["execution_count"] for row in results if row["block_id"] == block.id),
             0,
         )
-        blocks.append((block.to_dict(), execution_count))
+        blocks.append((block.get_info(), execution_count))
     # Sort blocks by execution count
     blocks.sort(key=lambda x: x[1], reverse=True)
 

autogpt_platform/backend/backend/server/v2/builder/model.py

@@ -1,9 +1,10 @@
-from typing import Any, Literal
+from typing import Literal
 
 from pydantic import BaseModel
 
 import backend.server.v2.library.model as library_model
 import backend.server.v2.store.model as store_model
+from backend.data.block import BlockInfo
 from backend.integrations.providers import ProviderName
 from backend.util.models import Pagination
 
@@ -16,29 +17,27 @@ FilterType = Literal[
 
 BlockType = Literal["all", "input", "action", "output"]
 
-BlockData = dict[str, Any]
-
 
 # Suggestions
 class SuggestionsResponse(BaseModel):
     otto_suggestions: list[str]
     recent_searches: list[str]
     providers: list[ProviderName]
-    top_blocks: list[BlockData]
+    top_blocks: list[BlockInfo]
 
 
 # All blocks
 class BlockCategoryResponse(BaseModel):
     name: str
     total_blocks: int
-    blocks: list[BlockData]
+    blocks: list[BlockInfo]
 
     model_config = {"use_enum_values": False}  # <== use enum names like "AI"
 
 
 # Input/Action/Output and see all for block categories
 class BlockResponse(BaseModel):
-    blocks: list[BlockData]
+    blocks: list[BlockInfo]
     pagination: Pagination
 
 
@@ -71,7 +70,7 @@ class SearchBlocksResponse(BaseModel):
 
 
 class SearchResponse(BaseModel):
-    items: list[BlockData | library_model.LibraryAgent | store_model.StoreAgent]
+    items: list[BlockInfo | library_model.LibraryAgent | store_model.StoreAgent]
     total_items: dict[FilterType, int]
     page: int
     more_pages: bool

autogpt_platform/backend/backend/server/v2/library/db.py

@@ -16,7 +16,7 @@ import backend.server.v2.store.media as store_media
 from backend.data.block import BlockInput
 from backend.data.db import transaction
 from backend.data.execution import get_graph_execution
-from backend.data.includes import library_agent_include
+from backend.data.includes import AGENT_PRESET_INCLUDE, library_agent_include
 from backend.data.model import CredentialsMetaInput
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.webhooks.graph_lifecycle_hooks import on_graph_activate
@@ -617,7 +617,7 @@ async def list_presets(
             where=query_filter,
             skip=(page - 1) * page_size,
             take=page_size,
-            include={"InputPresets": True},
+            include=AGENT_PRESET_INCLUDE,
         )
         total_items = await prisma.models.AgentPreset.prisma().count(where=query_filter)
         total_pages = (total_items + page_size - 1) // page_size
@@ -662,7 +662,7 @@ async def get_preset(
     try:
         preset = await prisma.models.AgentPreset.prisma().find_unique(
             where={"id": preset_id},
-            include={"InputPresets": True},
+            include=AGENT_PRESET_INCLUDE,
         )
         if not preset or preset.userId != user_id or preset.isDeleted:
             return None
@@ -717,7 +717,7 @@ async def create_preset(
                     ]
                 },
             ),
-            include={"InputPresets": True},
+            include=AGENT_PRESET_INCLUDE,
         )
         return library_model.LibraryAgentPreset.from_db(new_preset)
     except prisma.errors.PrismaError as e:
@@ -747,6 +747,25 @@ async def create_preset_from_graph_execution(
     if not graph_execution:
         raise NotFoundError(f"Graph execution #{graph_exec_id} not found")
 
+    # Sanity check: credential inputs must be available if required for this preset
+    if graph_execution.credential_inputs is None:
+        graph = await graph_db.get_graph(
+            graph_id=graph_execution.graph_id,
+            version=graph_execution.graph_version,
+            user_id=graph_execution.user_id,
+            include_subgraphs=True,
+        )
+        if not graph:
+            raise NotFoundError(
+                f"Graph #{graph_execution.graph_id} not found or accessible"
+            )
+        elif len(graph.aggregate_credentials_inputs()) > 0:
+            raise ValueError(
+                f"Graph execution #{graph_exec_id} can't be turned into a preset "
+                "because it was run before this feature existed "
+                "and so the input credentials were not saved."
+            )
+
     logger.debug(
         f"Creating preset for user #{user_id} from graph execution #{graph_exec_id}",
     )
@@ -754,7 +773,7 @@ async def create_preset_from_graph_execution(
         user_id=user_id,
         preset=library_model.LibraryAgentPresetCreatable(
             inputs=graph_execution.inputs,
-            credentials={},  # FIXME
+            credentials=graph_execution.credential_inputs or {},
             graph_id=graph_execution.graph_id,
             graph_version=graph_execution.graph_version,
             name=create_request.name,
@@ -834,7 +853,7 @@ async def update_preset(
             updated = await prisma.models.AgentPreset.prisma(tx).update(
                 where={"id": preset_id},
                 data=update_data,
-                include={"InputPresets": True},
+                include=AGENT_PRESET_INCLUDE,
             )
         if not updated:
             raise RuntimeError(f"AgentPreset #{preset_id} vanished while updating")
@@ -849,7 +868,7 @@ async def set_preset_webhook(
 ) -> library_model.LibraryAgentPreset:
     current = await prisma.models.AgentPreset.prisma().find_unique(
         where={"id": preset_id},
-        include={"InputPresets": True},
+        include=AGENT_PRESET_INCLUDE,
     )
     if not current or current.userId != user_id:
         raise NotFoundError(f"Preset #{preset_id} not found")
@@ -861,7 +880,7 @@ async def set_preset_webhook(
             if webhook_id
             else {"Webhook": {"disconnect": True}}
         ),
-        include={"InputPresets": True},
+        include=AGENT_PRESET_INCLUDE,
     )
     if not updated:
         raise RuntimeError(f"AgentPreset #{preset_id} vanished while updating")

autogpt_platform/backend/backend/server/v2/library/model.py

@@ -1,6 +1,6 @@
 import datetime
 from enum import Enum
-from typing import Any, Optional
+from typing import TYPE_CHECKING, Any, Optional
 
 import prisma.enums
 import prisma.models
@@ -9,9 +9,11 @@ import pydantic
 import backend.data.block as block_model
 import backend.data.graph as graph_model
 from backend.data.model import CredentialsMetaInput, is_credentials_field_name
-from backend.integrations.providers import ProviderName
 from backend.util.models import Pagination
 
+if TYPE_CHECKING:
+    from backend.data.integrations import Webhook
+
 
 class LibraryAgentStatus(str, Enum):
     COMPLETED = "COMPLETED"  # All runs completed
@@ -20,14 +22,6 @@ class LibraryAgentStatus(str, Enum):
     ERROR = "ERROR"  # Agent is in an error state
 
 
-class LibraryAgentTriggerInfo(pydantic.BaseModel):
-    provider: ProviderName
-    config_schema: dict[str, Any] = pydantic.Field(
-        description="Input schema for the trigger block"
-    )
-    credentials_input_name: Optional[str]
-
-
 class LibraryAgent(pydantic.BaseModel):
     """
     Represents an agent in the library, including metadata for display and
@@ -59,7 +53,7 @@ class LibraryAgent(pydantic.BaseModel):
     has_external_trigger: bool = pydantic.Field(
         description="Whether the agent has an external trigger (e.g. webhook) node"
     )
-    trigger_setup_info: Optional[LibraryAgentTriggerInfo] = None
+    trigger_setup_info: Optional[graph_model.GraphTriggerInfo] = None
 
     # Indicates whether there's a new output (based on recent runs)
     new_output: bool
@@ -70,6 +64,9 @@ class LibraryAgent(pydantic.BaseModel):
     # Indicates if this agent is the latest version
     is_latest_version: bool
 
+    # Recommended schedule cron (from marketplace agents)
+    recommended_schedule_cron: str | None = None
+
     @staticmethod
     def from_db(
         agent: prisma.models.LibraryAgent,
@@ -132,33 +129,11 @@ class LibraryAgent(pydantic.BaseModel):
                 graph.credentials_input_schema if sub_graphs is not None else None
             ),
             has_external_trigger=graph.has_external_trigger,
-            trigger_setup_info=(
-                LibraryAgentTriggerInfo(
-                    provider=trigger_block.webhook_config.provider,
-                    config_schema={
-                        **(json_schema := trigger_block.input_schema.jsonschema()),
-                        "properties": {
-                            pn: sub_schema
-                            for pn, sub_schema in json_schema["properties"].items()
-                            if not is_credentials_field_name(pn)
-                        },
-                        "required": [
-                            pn
-                            for pn in json_schema.get("required", [])
-                            if not is_credentials_field_name(pn)
-                        ],
-                    },
-                    credentials_input_name=next(
-                        iter(trigger_block.input_schema.get_credentials_fields()), None
-                    ),
-                )
-                if graph.webhook_input_node
-                and (trigger_block := graph.webhook_input_node.block).webhook_config
-                else None
-            ),
+            trigger_setup_info=graph.trigger_setup_info,
             new_output=new_output,
             can_access_graph=can_access_graph,
             is_latest_version=is_latest_version,
+            recommended_schedule_cron=agent.AgentGraph.recommendedScheduleCron,
         )
 
 
@@ -284,10 +259,18 @@ class LibraryAgentPreset(LibraryAgentPresetCreatable):
     user_id: str
     updated_at: datetime.datetime
 
+    webhook: "Webhook | None"
+
     @classmethod
     def from_db(cls, preset: prisma.models.AgentPreset) -> "LibraryAgentPreset":
+        from backend.data.integrations import Webhook
+
         if preset.InputPresets is None:
             raise ValueError("InputPresets must be included in AgentPreset query")
+        if preset.webhookId and preset.Webhook is None:
+            raise ValueError(
+                "Webhook must be included in AgentPreset query when webhookId is set"
+            )
 
         input_data: block_model.BlockInput = {}
         input_credentials: dict[str, CredentialsMetaInput] = {}
@@ -312,6 +295,7 @@ class LibraryAgentPreset(LibraryAgentPresetCreatable):
             inputs=input_data,
             credentials=input_credentials,
             webhook_id=preset.webhookId,
+            webhook=Webhook.from_db(preset.Webhook) if preset.Webhook else None,
         )
 
 

autogpt_platform/backend/backend/server/v2/library/routes/presets.py

@@ -6,8 +6,10 @@ from fastapi import APIRouter, Body, HTTPException, Query, Security, status
 
 import backend.server.v2.library.db as db
 import backend.server.v2.library.model as models
+from backend.data.execution import GraphExecutionMeta
 from backend.data.graph import get_graph
 from backend.data.integrations import get_webhook
+from backend.data.model import CredentialsMetaInput
 from backend.executor.utils import add_graph_execution, make_node_credentials_input_map
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.webhooks import get_webhook_manager
@@ -369,48 +371,41 @@ async def execute_preset(
     preset_id: str,
     user_id: str = Security(autogpt_auth_lib.get_user_id),
     inputs: dict[str, Any] = Body(..., embed=True, default_factory=dict),
-) -> dict[str, Any]:  # FIXME: add proper return type
+    credential_inputs: dict[str, CredentialsMetaInput] = Body(
+        ..., embed=True, default_factory=dict
+    ),
+) -> GraphExecutionMeta:
     """
     Execute a preset given graph parameters, returning the execution ID on success.
 
     Args:
-        preset_id (str): ID of the preset to execute.
-        user_id (str): ID of the authenticated user.
-        inputs (dict[str, Any]): Optionally, additional input data for the graph execution.
+        preset_id: ID of the preset to execute.
+        user_id: ID of the authenticated user.
+        inputs: Optionally, inputs to override the preset for execution.
+        credential_inputs: Optionally, credentials to override the preset for execution.
 
     Returns:
-        {id: graph_exec_id}: A response containing the execution ID.
+        GraphExecutionMeta: Object representing the created execution.
 
     Raises:
         HTTPException: If the preset is not found or an error occurs while executing the preset.
     """
-    try:
-        preset = await db.get_preset(user_id, preset_id)
-        if not preset:
-            raise HTTPException(
-                status_code=status.HTTP_404_NOT_FOUND,
-                detail=f"Preset #{preset_id} not found",
-            )
-
-        # Merge input overrides with preset inputs
-        merged_node_input = preset.inputs | inputs
-
-        execution = await add_graph_execution(
-            user_id=user_id,
-            graph_id=preset.graph_id,
-            graph_version=preset.graph_version,
-            preset_id=preset_id,
-            inputs=merged_node_input,
-        )
-
-        logger.debug(f"Execution added: {execution} with input: {merged_node_input}")
-
-        return {"id": execution.id}
-    except HTTPException:
-        raise
-    except Exception as e:
-        logger.exception("Preset execution failed for user %s: %s", user_id, e)
+    preset = await db.get_preset(user_id, preset_id)
+    if not preset:
         raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail=str(e),
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Preset #{preset_id} not found",
         )
+
+    # Merge input overrides with preset inputs
+    merged_node_input = preset.inputs | inputs
+    merged_credential_inputs = preset.credentials | credential_inputs
+
+    return await add_graph_execution(
+        user_id=user_id,
+        graph_id=preset.graph_id,
+        graph_version=preset.graph_version,
+        preset_id=preset_id,
+        inputs=merged_node_input,
+        graph_credentials_inputs=merged_credential_inputs,
+    )

autogpt_platform/backend/backend/server/v2/library/routes_test.py

@@ -50,6 +50,7 @@ async def test_get_library_agents_success(
                 credentials_input_schema={"type": "object", "properties": {}},
                 has_external_trigger=False,
                 status=library_model.LibraryAgentStatus.COMPLETED,
+                recommended_schedule_cron=None,
                 new_output=False,
                 can_access_graph=True,
                 is_latest_version=True,
@@ -69,6 +70,7 @@ async def test_get_library_agents_success(
                 credentials_input_schema={"type": "object", "properties": {}},
                 has_external_trigger=False,
                 status=library_model.LibraryAgentStatus.COMPLETED,
+                recommended_schedule_cron=None,
                 new_output=False,
                 can_access_graph=False,
                 is_latest_version=True,

autogpt_platform/backend/backend/server/v2/store/db.py

@@ -1,3 +1,4 @@
+import asyncio
 import logging
 from datetime import datetime, timezone
 
@@ -9,6 +10,7 @@ import prisma.types
 
 import backend.server.v2.store.exceptions
 import backend.server.v2.store.model
+from backend.data.db import transaction
 from backend.data.graph import (
     GraphMeta,
     GraphModel,
@@ -70,7 +72,7 @@ async def get_store_agents(
     )
     sanitized_query = sanitize_query(search_query)
 
-    where_clause = {}
+    where_clause: prisma.types.StoreAgentWhereInput = {"is_available": True}
     if featured:
         where_clause["featured"] = featured
     if creators:
@@ -94,15 +96,13 @@ async def get_store_agents(
 
     try:
         agents = await prisma.models.StoreAgent.prisma().find_many(
-            where=prisma.types.StoreAgentWhereInput(**where_clause),
+            where=where_clause,
             order=order_by,
             skip=(page - 1) * page_size,
             take=page_size,
         )
 
-        total = await prisma.models.StoreAgent.prisma().count(
-            where=prisma.types.StoreAgentWhereInput(**where_clause)
-        )
+        total = await prisma.models.StoreAgent.prisma().count(where=where_clause)
         total_pages = (total + page_size - 1) // page_size
 
         store_agents: list[backend.server.v2.store.model.StoreAgent] = []
@@ -183,6 +183,13 @@ async def get_store_agent_details(
             store_listing.hasApprovedVersion if store_listing else False
         )
 
+        if store_listing and store_listing.ActiveVersion:
+            recommended_schedule_cron = (
+                store_listing.ActiveVersion.recommendedScheduleCron
+            )
+        else:
+            recommended_schedule_cron = None
+
         logger.debug(f"Found agent details for {username}/{agent_name}")
         return backend.server.v2.store.model.StoreAgentDetails(
             store_listing_version_id=agent.storeListingVersionId,
@@ -190,8 +197,8 @@ async def get_store_agent_details(
             agent_name=agent.agent_name,
             agent_video=agent.agent_video or "",
             agent_image=agent.agent_image,
-            creator=agent.creator_username,
-            creator_avatar=agent.creator_avatar,
+            creator=agent.creator_username or "",
+            creator_avatar=agent.creator_avatar or "",
             sub_heading=agent.sub_heading,
             description=agent.description,
             categories=agent.categories,
@@ -201,6 +208,7 @@ async def get_store_agent_details(
             last_updated=agent.updated_at,
             active_version_id=active_version_id,
             has_approved_version=has_approved_version,
+            recommended_schedule_cron=recommended_schedule_cron,
         )
     except backend.server.v2.store.exceptions.AgentNotFoundError:
         raise
@@ -263,8 +271,8 @@ async def get_store_agent_by_version_id(
             agent_name=agent.agent_name,
             agent_video=agent.agent_video or "",
             agent_image=agent.agent_image,
-            creator=agent.creator_username,
-            creator_avatar=agent.creator_avatar,
+            creator=agent.creator_username or "",
+            creator_avatar=agent.creator_avatar or "",
             sub_heading=agent.sub_heading,
             description=agent.description,
             categories=agent.categories,
@@ -562,6 +570,7 @@ async def create_store_submission(
     sub_heading: str = "",
     categories: list[str] = [],
     changes_summary: str | None = "Initial Submission",
+    recommended_schedule_cron: str | None = None,
 ) -> backend.server.v2.store.model.StoreSubmission:
     """
     Create the first (and only) store listing and thus submission as a normal user
@@ -655,6 +664,7 @@ async def create_store_submission(
                         submissionStatus=prisma.enums.SubmissionStatus.PENDING,
                         submittedAt=datetime.now(tz=timezone.utc),
                         changesSummary=changes_summary,
+                        recommendedScheduleCron=recommended_schedule_cron,
                     )
                 ]
             },
@@ -710,6 +720,7 @@ async def edit_store_submission(
     sub_heading: str = "",
     categories: list[str] = [],
     changes_summary: str | None = "Update submission",
+    recommended_schedule_cron: str | None = None,
 ) -> backend.server.v2.store.model.StoreSubmission:
     """
     Edit an existing store listing submission.
@@ -789,6 +800,7 @@ async def edit_store_submission(
                 sub_heading=sub_heading,
                 categories=categories,
                 changes_summary=changes_summary,
+                recommended_schedule_cron=recommended_schedule_cron,
             )
 
         # For PENDING submissions, we can update the existing version
@@ -804,6 +816,7 @@ async def edit_store_submission(
                     categories=categories,
                     subHeading=sub_heading,
                     changesSummary=changes_summary,
+                    recommendedScheduleCron=recommended_schedule_cron,
                 ),
             )
 
@@ -866,6 +879,7 @@ async def create_store_version(
     sub_heading: str = "",
     categories: list[str] = [],
     changes_summary: str | None = "Initial submission",
+    recommended_schedule_cron: str | None = None,
 ) -> backend.server.v2.store.model.StoreSubmission:
     """
     Create a new version for an existing store listing
@@ -935,6 +949,7 @@ async def create_store_version(
                 submissionStatus=prisma.enums.SubmissionStatus.PENDING,
                 submittedAt=datetime.now(),
                 changesSummary=changes_summary,
+                recommendedScheduleCron=recommended_schedule_cron,
                 storeListingId=store_listing_id,
             )
         )
@@ -1150,6 +1165,7 @@ async def get_my_agents(
                 last_edited=graph.updatedAt or graph.createdAt,
                 description=graph.description or "",
                 agent_image=library_agent.imageUrl,
+                recommended_schedule_cron=graph.recommendedScheduleCron,
             )
             for library_agent in library_agents
             if (graph := library_agent.AgentGraph)
@@ -1200,40 +1216,103 @@ async def get_agent(store_listing_version_id: str) -> GraphModel:
 #####################################################
 
 
-async def _get_missing_sub_store_listing(
-    graph: prisma.models.AgentGraph,
-) -> list[prisma.models.AgentGraph]:
-    """
-    Agent graph can have sub-graphs, and those sub-graphs also need to be store listed.
-    This method fetches the sub-graphs, and returns the ones not listed in the store.
-    """
-    sub_graphs = await get_sub_graphs(graph)
-    if not sub_graphs:
-        return []
+async def _approve_sub_agent(
+    tx,
+    sub_graph: prisma.models.AgentGraph,
+    main_agent_name: str,
+    main_agent_version: int,
+    main_agent_user_id: str,
+) -> None:
+    """Approve a single sub-agent by creating/updating store listings as needed"""
+    heading = f"Sub-agent of {main_agent_name} v{main_agent_version}"
 
-    # Fetch all the sub-graphs that are listed, and return the ones missing.
-    store_listed_sub_graphs = {
-        (listing.agentGraphId, listing.agentGraphVersion)
-        for listing in await prisma.models.StoreListingVersion.prisma().find_many(
-            where={
-                "OR": [
-                    {
-                        "agentGraphId": sub_graph.id,
-                        "agentGraphVersion": sub_graph.version,
-                    }
-                    for sub_graph in sub_graphs
-                ],
-                "submissionStatus": prisma.enums.SubmissionStatus.APPROVED,
-                "isDeleted": False,
-            }
+    # Find existing listing for this sub-agent
+    listing = await prisma.models.StoreListing.prisma(tx).find_first(
+        where={"agentGraphId": sub_graph.id, "isDeleted": False},
+        include={"Versions": True},
+    )
+
+    # Early return: Create new listing if none exists
+    if not listing:
+        await prisma.models.StoreListing.prisma(tx).create(
+            data=prisma.types.StoreListingCreateInput(
+                slug=f"sub-agent-{sub_graph.id[:8]}",
+                agentGraphId=sub_graph.id,
+                agentGraphVersion=sub_graph.version,
+                owningUserId=main_agent_user_id,
+                hasApprovedVersion=True,
+                Versions={
+                    "create": [
+                        _create_sub_agent_version_data(
+                            sub_graph, heading, main_agent_name
+                        )
+                    ]
+                },
+            )
         )
-    }
+        return
 
-    return [
-        sub_graph
-        for sub_graph in sub_graphs
-        if (sub_graph.id, sub_graph.version) not in store_listed_sub_graphs
-    ]
+    # Find version matching this sub-graph
+    matching_version = next(
+        (
+            v
+            for v in listing.Versions or []
+            if v.agentGraphId == sub_graph.id
+            and v.agentGraphVersion == sub_graph.version
+        ),
+        None,
+    )
+
+    # Early return: Approve existing version if found and not already approved
+    if matching_version:
+        if matching_version.submissionStatus == prisma.enums.SubmissionStatus.APPROVED:
+            return  # Already approved, nothing to do
+
+        await prisma.models.StoreListingVersion.prisma(tx).update(
+            where={"id": matching_version.id},
+            data={
+                "submissionStatus": prisma.enums.SubmissionStatus.APPROVED,
+                "reviewedAt": datetime.now(tz=timezone.utc),
+            },
+        )
+        await prisma.models.StoreListing.prisma(tx).update(
+            where={"id": listing.id}, data={"hasApprovedVersion": True}
+        )
+        return
+
+    # Create new version if no matching version found
+    next_version = max((v.version for v in listing.Versions or []), default=0) + 1
+    await prisma.models.StoreListingVersion.prisma(tx).create(
+        data={
+            **_create_sub_agent_version_data(sub_graph, heading, main_agent_name),
+            "version": next_version,
+            "storeListingId": listing.id,
+        }
+    )
+    await prisma.models.StoreListing.prisma(tx).update(
+        where={"id": listing.id}, data={"hasApprovedVersion": True}
+    )
+
+
+def _create_sub_agent_version_data(
+    sub_graph: prisma.models.AgentGraph, heading: str, main_agent_name: str
+) -> prisma.types.StoreListingVersionCreateInput:
+    """Create store listing version data for a sub-agent"""
+    return prisma.types.StoreListingVersionCreateInput(
+        agentGraphId=sub_graph.id,
+        agentGraphVersion=sub_graph.version,
+        name=sub_graph.name or heading,
+        submissionStatus=prisma.enums.SubmissionStatus.APPROVED,
+        subHeading=heading,
+        description=(
+            f"{heading}: {sub_graph.description}" if sub_graph.description else heading
+        ),
+        changesSummary=f"Auto-approved as sub-agent of {main_agent_name}",
+        isAvailable=False,
+        submittedAt=datetime.now(tz=timezone.utc),
+        imageUrls=[],  # Sub-agents don't need images
+        categories=[],  # Sub-agents don't need categories
+    )
 
 
 async def review_store_submission(
@@ -1271,33 +1350,45 @@ async def review_store_submission(
 
         # If approving, update the listing to indicate it has an approved version
         if is_approved and store_listing_version.AgentGraph:
-            heading = f"Sub-graph of {store_listing_version.name}v{store_listing_version.agentGraphVersion}"
-
-            sub_store_listing_versions = [
-                prisma.types.StoreListingVersionCreateWithoutRelationsInput(
-                    agentGraphId=sub_graph.id,
-                    agentGraphVersion=sub_graph.version,
-                    name=sub_graph.name or heading,
-                    submissionStatus=prisma.enums.SubmissionStatus.APPROVED,
-                    subHeading=heading,
-                    description=f"{heading}: {sub_graph.description}",
-                    changesSummary=f"This listing is added as a {heading} / #{store_listing_version.agentGraphId}.",
-                    isAvailable=False,  # Hide sub-graphs from the store by default.
-                    submittedAt=datetime.now(tz=timezone.utc),
+            async with transaction() as tx:
+                # Handle sub-agent approvals in transaction
+                await asyncio.gather(
+                    *[
+                        _approve_sub_agent(
+                            tx,
+                            sub_graph,
+                            store_listing_version.name,
+                            store_listing_version.agentGraphVersion,
+                            store_listing_version.StoreListing.owningUserId,
+                        )
+                        for sub_graph in await get_sub_graphs(
+                            store_listing_version.AgentGraph
+                        )
+                    ]
                 )
-                for sub_graph in await _get_missing_sub_store_listing(
-                    store_listing_version.AgentGraph
-                )
-            ]
 
-            await prisma.models.StoreListing.prisma().update(
-                where={"id": store_listing_version.StoreListing.id},
-                data={
-                    "hasApprovedVersion": True,
-                    "ActiveVersion": {"connect": {"id": store_listing_version_id}},
-                    "Versions": {"create": sub_store_listing_versions},
-                },
-            )
+                # Update the AgentGraph with store listing data
+                await prisma.models.AgentGraph.prisma().update(
+                    where={
+                        "graphVersionId": {
+                            "id": store_listing_version.agentGraphId,
+                            "version": store_listing_version.agentGraphVersion,
+                        }
+                    },
+                    data={
+                        "name": store_listing_version.name,
+                        "description": store_listing_version.description,
+                        "recommendedScheduleCron": store_listing_version.recommendedScheduleCron,
+                    },
+                )
+
+                await prisma.models.StoreListing.prisma(tx).update(
+                    where={"id": store_listing_version.StoreListing.id},
+                    data={
+                        "hasApprovedVersion": True,
+                        "ActiveVersion": {"connect": {"id": store_listing_version_id}},
+                    },
+                )
 
         # If rejecting an approved agent, update the StoreListing accordingly
         if is_rejecting_approved:

autogpt_platform/backend/backend/server/v2/store/db_test.py

@@ -41,6 +41,7 @@ async def test_get_store_agents(mocker):
             rating=4.5,
             versions=["1.0"],
             updated_at=datetime.now(),
+            is_available=False,
         )
     ]
 
@@ -82,12 +83,15 @@ async def test_get_store_agent_details(mocker):
         rating=4.5,
         versions=["1.0"],
         updated_at=datetime.now(),
+        is_available=False,
     )
 
     # Create a mock StoreListing result
     mock_store_listing = mocker.MagicMock()
     mock_store_listing.activeVersionId = "active-version-id"
     mock_store_listing.hasApprovedVersion = True
+    mock_store_listing.ActiveVersion = mocker.MagicMock()
+    mock_store_listing.ActiveVersion.recommendedScheduleCron = None
 
     # Mock StoreAgent prisma call
     mock_store_agent = mocker.patch("prisma.models.StoreAgent.prisma")

autogpt_platform/backend/backend/server/v2/store/model.py

@@ -14,6 +14,7 @@ class MyAgent(pydantic.BaseModel):
     agent_image: str | None = None
     description: str
     last_edited: datetime.datetime
+    recommended_schedule_cron: str | None = None
 
 
 class MyAgentsResponse(pydantic.BaseModel):
@@ -53,6 +54,7 @@ class StoreAgentDetails(pydantic.BaseModel):
     rating: float
     versions: list[str]
     last_updated: datetime.datetime
+    recommended_schedule_cron: str | None = None
 
     active_version_id: str | None = None
     has_approved_version: bool = False
@@ -157,6 +159,7 @@ class StoreSubmissionRequest(pydantic.BaseModel):
     description: str = ""
     categories: list[str] = []
     changes_summary: str | None = None
+    recommended_schedule_cron: str | None = None
 
 
 class StoreSubmissionEditRequest(pydantic.BaseModel):
@@ -167,6 +170,7 @@ class StoreSubmissionEditRequest(pydantic.BaseModel):
     description: str = ""
     categories: list[str] = []
     changes_summary: str | None = None
+    recommended_schedule_cron: str | None = None
 
 
 class ProfileDetails(pydantic.BaseModel):

autogpt_platform/backend/backend/server/v2/store/routes.py

@@ -535,6 +535,7 @@ async def create_submission(
             sub_heading=submission_request.sub_heading,
             categories=submission_request.categories,
             changes_summary=submission_request.changes_summary or "Initial Submission",
+            recommended_schedule_cron=submission_request.recommended_schedule_cron,
         )
     except Exception:
         logger.exception("Exception occurred whilst creating store submission")
@@ -580,6 +581,7 @@ async def edit_submission(
         sub_heading=submission_request.sub_heading,
         categories=submission_request.categories,
         changes_summary=submission_request.changes_summary,
+        recommended_schedule_cron=submission_request.recommended_schedule_cron,
     )
 
 

autogpt_platform/backend/backend/server/ws_api.py

@@ -295,14 +295,17 @@ async def health():
 
 class WebsocketServer(AppProcess):
     def run(self):
-        logger.info(f"CORS allow origins: {settings.config.backend_cors_allow_origins}")
-        server_app = CORSMiddleware(
-            app=app,
-            allow_origins=settings.config.backend_cors_allow_origins,
-            allow_credentials=True,
-            allow_methods=["*"],
-            allow_headers=["*"],
-        )
+        if settings.config.enable_cors_all_origins:
+            server_app = CORSMiddleware(
+                app=app,
+                allow_origins=settings.config.backend_cors_allow_origins,
+                allow_credentials=True,
+                allow_methods=["*"],
+                allow_headers=["*"],
+            )
+        else:
+            logger.info("CORS is disabled")
+            server_app = app
 
         uvicorn.run(
             server_app,

autogpt_platform/backend/backend/usecases/block_autogen.py

@@ -251,14 +251,14 @@ async def block_autogen_agent():
         test_user = await create_test_user()
         test_graph = await create_graph(create_test_graph(), user_id=test_user.id)
         input_data = {"input": "Write me a block that writes a string into a file."}
-        response = await server.agent_server.test_execute_graph(
+        graph_exec = await server.agent_server.test_execute_graph(
             graph_id=test_graph.id,
             user_id=test_user.id,
             node_input=input_data,
         )
-        print(response)
+        print(graph_exec)
         result = await wait_execution(
-            graph_exec_id=response.graph_exec_id,
+            graph_exec_id=graph_exec.id,
             timeout=1200,
             user_id=test_user.id,
         )

autogpt_platform/backend/backend/usecases/reddit_marketing.py

@@ -155,13 +155,13 @@ async def reddit_marketing_agent():
         test_user = await create_test_user()
         test_graph = await create_graph(create_test_graph(), user_id=test_user.id)
         input_data = {"subreddit": "AutoGPT"}
-        response = await server.agent_server.test_execute_graph(
+        graph_exec = await server.agent_server.test_execute_graph(
             graph_id=test_graph.id,
             user_id=test_user.id,
             node_input=input_data,
         )
-        print(response)
-        result = await wait_execution(test_user.id, response.graph_exec_id, 120)
+        print(graph_exec)
+        result = await wait_execution(test_user.id, graph_exec.id, 120)
         print(result)
 
 

autogpt_platform/backend/backend/usecases/sample.py

@@ -88,12 +88,12 @@ async def sample_agent():
         test_user = await create_test_user()
         test_graph = await create_graph(create_test_graph(), test_user.id)
         input_data = {"input_1": "Hello", "input_2": "World"}
-        response = await server.agent_server.test_execute_graph(
+        graph_exec = await server.agent_server.test_execute_graph(
             graph_id=test_graph.id,
             user_id=test_user.id,
             node_input=input_data,
         )
-        await wait_execution(test_user.id, response.graph_exec_id, 10)
+        await wait_execution(test_user.id, graph_exec.id, 10)
 
 
 if __name__ == "__main__":

autogpt_platform/backend/backend/util/exceptions.py

@@ -1,3 +1,6 @@
+from typing import Mapping
+
+
 class MissingConfigError(Exception):
     """The attempted operation requires configuration which is not available"""
 
@@ -69,7 +72,7 @@ class GraphValidationError(ValueError):
     """Structured validation error for graph validation failures"""
 
     def __init__(
-        self, message: str, node_errors: dict[str, dict[str, str]] | None = None
+        self, message: str, node_errors: Mapping[str, Mapping[str, str]] | None = None
     ):
         super().__init__(message)
         self.message = message

autogpt_platform/backend/backend/util/metrics.py

@@ -33,7 +33,7 @@ def sentry_init():
     )
 
 
-def sentry_capture_error(error: Exception):
+def sentry_capture_error(error: BaseException):
     sentry_sdk.capture_exception(error)
     sentry_sdk.flush()
 

autogpt_platform/backend/backend/util/process.py

@@ -76,6 +76,14 @@ class AppProcess(ABC):
             logger.warning(
                 f"[{self.service_name}] Termination request: {type(e).__name__}; {e} executing cleanup."
             )
+            # Send error to Sentry before cleanup
+            if not isinstance(e, (KeyboardInterrupt, SystemExit)):
+                try:
+                    from backend.util.metrics import sentry_capture_error
+
+                    sentry_capture_error(e)
+                except Exception:
+                    pass  # Silently ignore if Sentry isn't available
         finally:
             self.cleanup()
             logger.info(f"[{self.service_name}] Terminated.")

autogpt_platform/backend/backend/util/settings.py

@@ -368,6 +368,11 @@ class Config(UpdateTrackingModel["Config"], BaseSettings):
         description="Maximum message size limit for communication with the message bus",
     )
 
+    enable_cors_all_origins: bool = Field(
+        default=True,
+        description="Whether to enable all CORS origins",
+    )
+
     backend_cors_allow_origins: List[str] = Field(default=["http://localhost:3000"])
 
     @field_validator("backend_cors_allow_origins")

autogpt_platform/backend/migrations/20250901104517_fix_api_key_table/migration.sql

@@ -0,0 +1,10 @@
+-- These changes are part of improvements to our API key system.
+-- See https://github.com/Significant-Gravitas/AutoGPT/pull/10796 for context.
+
+-- Add 'salt' column for Scrypt hashing
+ALTER TABLE "APIKey" ADD COLUMN     "salt" TEXT;
+
+-- Rename columns for clarity
+ALTER TABLE "APIKey" RENAME COLUMN "key" TO "hash";
+ALTER TABLE "APIKey" RENAME COLUMN "prefix" TO "head";
+ALTER TABLE "APIKey" RENAME COLUMN "postfix" TO "tail";

autogpt_platform/backend/migrations/20250902171554_add_credentials_to_graph_execution/migration.sql

@@ -0,0 +1,5 @@
+-- Add 'credentialInputs', 'inputs', and 'nodesInputMasks' columns to the AgentGraphExecution table
+ALTER TABLE "AgentGraphExecution"
+  ADD COLUMN "credentialInputs" JSONB,
+  ADD COLUMN "inputs"           JSONB,
+  ADD COLUMN "nodesInputMasks"  JSONB;

autogpt_platform/backend/migrations/20250904171522_update_store_agent_view_with_availability/migration.sql

@@ -0,0 +1,53 @@
+-- Update StoreAgent view to include is_available field and fix creator field nullability
+
+BEGIN;
+
+-- Drop and recreate the StoreAgent view with isAvailable field
+DROP VIEW IF EXISTS "StoreAgent";
+
+CREATE OR REPLACE VIEW "StoreAgent" AS
+WITH agent_versions AS (
+    SELECT 
+        "storeListingId",
+        array_agg(DISTINCT version::text ORDER BY version::text) AS versions
+    FROM "StoreListingVersion"
+    WHERE "submissionStatus" = 'APPROVED'
+    GROUP BY "storeListingId"
+)
+SELECT
+    sl.id AS listing_id,
+    slv.id AS "storeListingVersionId",
+    slv."createdAt" AS updated_at,
+    sl.slug,
+    COALESCE(slv.name, '') AS agent_name,
+    slv."videoUrl" AS agent_video,
+    COALESCE(slv."imageUrls", ARRAY[]::text[]) AS agent_image,
+    slv."isFeatured" AS featured,
+    p.username AS creator_username,  -- Allow NULL for malformed sub-agents
+    p."avatarUrl" AS creator_avatar,  -- Allow NULL for malformed sub-agents
+    slv."subHeading" AS sub_heading,
+    slv.description,
+    slv.categories,
+    COALESCE(ar.run_count, 0::bigint) AS runs,
+    COALESCE(rs.avg_rating, 0.0)::double precision AS rating,
+    COALESCE(av.versions, ARRAY[slv.version::text]) AS versions,
+    slv."isAvailable" AS is_available  -- Add isAvailable field to filter sub-agents
+FROM "StoreListing" sl
+INNER JOIN "StoreListingVersion" slv 
+    ON slv."storeListingId" = sl.id 
+    AND slv."submissionStatus" = 'APPROVED'
+JOIN "AgentGraph" a 
+    ON slv."agentGraphId" = a.id 
+    AND slv."agentGraphVersion" = a.version
+LEFT JOIN "Profile" p 
+    ON sl."owningUserId" = p."userId"
+LEFT JOIN "mv_review_stats" rs 
+    ON sl.id = rs."storeListingId"
+LEFT JOIN "mv_agent_run_counts" ar 
+    ON a.id = ar."agentGraphId"
+LEFT JOIN agent_versions av 
+    ON sl.id = av."storeListingId"
+WHERE sl."isDeleted" = false
+  AND sl."hasApprovedVersion" = true;
+
+COMMIT;

autogpt_platform/backend/migrations/20250905130657_add_recommended_schedule_cron/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "StoreListingVersion" ADD COLUMN "recommendedScheduleCron" TEXT;
+ALTER TABLE "AgentGraph" ADD COLUMN "recommendedScheduleCron" TEXT;

autogpt_platform/backend/poetry.lock

@@ -403,6 +403,7 @@ develop = true
 
 [package.dependencies]
 colorama = "^0.4.6"
+cryptography = "^45.0"
 expiringdict = "^1.2.2"
 fastapi = "^0.116.1"
 google-cloud-logging = "^3.12.1"
@@ -898,52 +899,62 @@ pytz = ">2021.1"
 
 [[package]]
 name = "cryptography"
-version = "43.0.3"
+version = "45.0.7"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
-python-versions = ">=3.7"
+python-versions = "!=3.9.0,!=3.9.1,>=3.7"
 groups = ["main"]
 files = [
-    {file = "cryptography-43.0.3-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"},
-    {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:63efa177ff54aec6e1c0aefaa1a241232dcd37413835a9b674b6e3f0ae2bfd3e"},
-    {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7e1ce50266f4f70bf41a2c6dc4358afadae90e2a1e5342d3c08883df1675374f"},
-    {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:443c4a81bb10daed9a8f334365fe52542771f25aedaf889fd323a853ce7377d6"},
-    {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:74f57f24754fe349223792466a709f8e0c093205ff0dca557af51072ff47ab18"},
-    {file = "cryptography-43.0.3-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9762ea51a8fc2a88b70cf2995e5675b38d93bf36bd67d91721c309df184f49bd"},
-    {file = "cryptography-43.0.3-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:81ef806b1fef6b06dcebad789f988d3b37ccaee225695cf3e07648eee0fc6b73"},
-    {file = "cryptography-43.0.3-cp37-abi3-win32.whl", hash = "sha256:cbeb489927bd7af4aa98d4b261af9a5bc025bd87f0e3547e11584be9e9427be2"},
-    {file = "cryptography-43.0.3-cp37-abi3-win_amd64.whl", hash = "sha256:f46304d6f0c6ab8e52770addfa2fc41e6629495548862279641972b6215451cd"},
-    {file = "cryptography-43.0.3-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:8ac43ae87929a5982f5948ceda07001ee5e83227fd69cf55b109144938d96984"},
-    {file = "cryptography-43.0.3-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:846da004a5804145a5f441b8530b4bf35afbf7da70f82409f151695b127213d5"},
-    {file = "cryptography-43.0.3-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f996e7268af62598f2fc1204afa98a3b5712313a55c4c9d434aef49cadc91d4"},
-    {file = "cryptography-43.0.3-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:f7b178f11ed3664fd0e995a47ed2b5ff0a12d893e41dd0494f406d1cf555cab7"},
-    {file = "cryptography-43.0.3-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:c2e6fc39c4ab499049df3bdf567f768a723a5e8464816e8f009f121a5a9f4405"},
-    {file = "cryptography-43.0.3-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:e1be4655c7ef6e1bbe6b5d0403526601323420bcf414598955968c9ef3eb7d16"},
-    {file = "cryptography-43.0.3-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:df6b6c6d742395dd77a23ea3728ab62f98379eff8fb61be2744d4679ab678f73"},
-    {file = "cryptography-43.0.3-cp39-abi3-win32.whl", hash = "sha256:d56e96520b1020449bbace2b78b603442e7e378a9b3bd68de65c782db1507995"},
-    {file = "cryptography-43.0.3-cp39-abi3-win_amd64.whl", hash = "sha256:0c580952eef9bf68c4747774cde7ec1d85a6e61de97281f2dba83c7d2c806362"},
-    {file = "cryptography-43.0.3-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:d03b5621a135bffecad2c73e9f4deb1a0f977b9a8ffe6f8e002bf6c9d07b918c"},
-    {file = "cryptography-43.0.3-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a2a431ee15799d6db9fe80c82b055bae5a752bef645bba795e8e52687c69efe3"},
-    {file = "cryptography-43.0.3-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:281c945d0e28c92ca5e5930664c1cefd85efe80e5c0d2bc58dd63383fda29f83"},
-    {file = "cryptography-43.0.3-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:f18c716be16bc1fea8e95def49edf46b82fccaa88587a45f8dc0ff6ab5d8e0a7"},
-    {file = "cryptography-43.0.3-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:4a02ded6cd4f0a5562a8887df8b3bd14e822a90f97ac5e544c162899bc467664"},
-    {file = "cryptography-43.0.3-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:53a583b6637ab4c4e3591a15bc9db855b8d9dee9a669b550f311480acab6eb08"},
-    {file = "cryptography-43.0.3-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:1ec0bcf7e17c0c5669d881b1cd38c4972fade441b27bda1051665faaa89bdcaa"},
-    {file = "cryptography-43.0.3-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:2ce6fae5bdad59577b44e4dfed356944fbf1d925269114c28be377692643b4ff"},
-    {file = "cryptography-43.0.3.tar.gz", hash = "sha256:315b9001266a492a6ff443b61238f956b214dbec9910a081ba5b6646a055a805"},
+    {file = "cryptography-45.0.7-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:3be4f21c6245930688bd9e162829480de027f8bf962ede33d4f8ba7d67a00cee"},
+    {file = "cryptography-45.0.7-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:67285f8a611b0ebc0857ced2081e30302909f571a46bfa7a3cc0ad303fe015c6"},
+    {file = "cryptography-45.0.7-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:577470e39e60a6cd7780793202e63536026d9b8641de011ed9d8174da9ca5339"},
+    {file = "cryptography-45.0.7-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:4bd3e5c4b9682bc112d634f2c6ccc6736ed3635fc3319ac2bb11d768cc5a00d8"},
+    {file = "cryptography-45.0.7-cp311-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:465ccac9d70115cd4de7186e60cfe989de73f7bb23e8a7aa45af18f7412e75bf"},
+    {file = "cryptography-45.0.7-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:16ede8a4f7929b4b7ff3642eba2bf79aa1d71f24ab6ee443935c0d269b6bc513"},
+    {file = "cryptography-45.0.7-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:8978132287a9d3ad6b54fcd1e08548033cc09dc6aacacb6c004c73c3eb5d3ac3"},
+    {file = "cryptography-45.0.7-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:b6a0e535baec27b528cb07a119f321ac024592388c5681a5ced167ae98e9fff3"},
+    {file = "cryptography-45.0.7-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:a24ee598d10befaec178efdff6054bc4d7e883f615bfbcd08126a0f4931c83a6"},
+    {file = "cryptography-45.0.7-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:fa26fa54c0a9384c27fcdc905a2fb7d60ac6e47d14bc2692145f2b3b1e2cfdbd"},
+    {file = "cryptography-45.0.7-cp311-abi3-win32.whl", hash = "sha256:bef32a5e327bd8e5af915d3416ffefdbe65ed975b646b3805be81b23580b57b8"},
+    {file = "cryptography-45.0.7-cp311-abi3-win_amd64.whl", hash = "sha256:3808e6b2e5f0b46d981c24d79648e5c25c35e59902ea4391a0dcb3e667bf7443"},
+    {file = "cryptography-45.0.7-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:bfb4c801f65dd61cedfc61a83732327fafbac55a47282e6f26f073ca7a41c3b2"},
+    {file = "cryptography-45.0.7-cp37-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:81823935e2f8d476707e85a78a405953a03ef7b7b4f55f93f7c2d9680e5e0691"},
+    {file = "cryptography-45.0.7-cp37-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:3994c809c17fc570c2af12c9b840d7cea85a9fd3e5c0e0491f4fa3c029216d59"},
+    {file = "cryptography-45.0.7-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:dad43797959a74103cb59c5dac71409f9c27d34c8a05921341fb64ea8ccb1dd4"},
+    {file = "cryptography-45.0.7-cp37-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:ce7a453385e4c4693985b4a4a3533e041558851eae061a58a5405363b098fcd3"},
+    {file = "cryptography-45.0.7-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:b04f85ac3a90c227b6e5890acb0edbaf3140938dbecf07bff618bf3638578cf1"},
+    {file = "cryptography-45.0.7-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:48c41a44ef8b8c2e80ca4527ee81daa4c527df3ecbc9423c41a420a9559d0e27"},
+    {file = "cryptography-45.0.7-cp37-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:f3df7b3d0f91b88b2106031fd995802a2e9ae13e02c36c1fc075b43f420f3a17"},
+    {file = "cryptography-45.0.7-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:dd342f085542f6eb894ca00ef70236ea46070c8a13824c6bde0dfdcd36065b9b"},
+    {file = "cryptography-45.0.7-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:1993a1bb7e4eccfb922b6cd414f072e08ff5816702a0bdb8941c247a6b1b287c"},
+    {file = "cryptography-45.0.7-cp37-abi3-win32.whl", hash = "sha256:18fcf70f243fe07252dcb1b268a687f2358025ce32f9f88028ca5c364b123ef5"},
+    {file = "cryptography-45.0.7-cp37-abi3-win_amd64.whl", hash = "sha256:7285a89df4900ed3bfaad5679b1e668cb4b38a8de1ccbfc84b05f34512da0a90"},
+    {file = "cryptography-45.0.7-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:de58755d723e86175756f463f2f0bddd45cc36fbd62601228a3f8761c9f58252"},
+    {file = "cryptography-45.0.7-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a20e442e917889d1a6b3c570c9e3fa2fdc398c20868abcea268ea33c024c4083"},
+    {file = "cryptography-45.0.7-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:258e0dff86d1d891169b5af222d362468a9570e2532923088658aa866eb11130"},
+    {file = "cryptography-45.0.7-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:d97cf502abe2ab9eff8bd5e4aca274da8d06dd3ef08b759a8d6143f4ad65d4b4"},
+    {file = "cryptography-45.0.7-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:c987dad82e8c65ebc985f5dae5e74a3beda9d0a2a4daf8a1115f3772b59e5141"},
+    {file = "cryptography-45.0.7-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:c13b1e3afd29a5b3b2656257f14669ca8fa8d7956d509926f0b130b600b50ab7"},
+    {file = "cryptography-45.0.7-pp311-pypy311_pp73-macosx_10_9_x86_64.whl", hash = "sha256:4a862753b36620af6fc54209264f92c716367f2f0ff4624952276a6bbd18cbde"},
+    {file = "cryptography-45.0.7-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:06ce84dc14df0bf6ea84666f958e6080cdb6fe1231be2a51f3fc1267d9f3fb34"},
+    {file = "cryptography-45.0.7-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:d0c5c6bac22b177bf8da7435d9d27a6834ee130309749d162b26c3105c0795a9"},
+    {file = "cryptography-45.0.7-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:2f641b64acc00811da98df63df7d59fd4706c0df449da71cb7ac39a0732b40ae"},
+    {file = "cryptography-45.0.7-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:f5414a788ecc6ee6bc58560e85ca624258a55ca434884445440a810796ea0e0b"},
+    {file = "cryptography-45.0.7-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:1f3d56f73595376f4244646dd5c5870c14c196949807be39e79e7bd9bac3da63"},
+    {file = "cryptography-45.0.7.tar.gz", hash = "sha256:4b1654dfc64ea479c242508eb8c724044f1e964a47d1d1cacc5132292d851971"},
 ]
 
 [package.dependencies]
-cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""}
+cffi = {version = ">=1.14", markers = "platform_python_implementation != \"PyPy\""}
 
 [package.extras]
-docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"]
-docstest = ["pyenchant (>=1.6.11)", "readme-renderer", "sphinxcontrib-spelling (>=4.0.1)"]
-nox = ["nox"]
-pep8test = ["check-sdist", "click", "mypy", "ruff"]
-sdist = ["build"]
+docs = ["sphinx (>=5.3.0)", "sphinx-inline-tabs ; python_full_version >= \"3.8.0\"", "sphinx-rtd-theme (>=3.0.0) ; python_full_version >= \"3.8.0\""]
+docstest = ["pyenchant (>=3)", "readme-renderer (>=30.0)", "sphinxcontrib-spelling (>=7.3.1)"]
+nox = ["nox (>=2024.4.15)", "nox[uv] (>=2024.3.2) ; python_full_version >= \"3.8.0\""]
+pep8test = ["check-sdist ; python_full_version >= \"3.8.0\"", "click (>=8.0.1)", "mypy (>=1.4)", "ruff (>=0.3.6)"]
+sdist = ["build (>=1.0.0)"]
 ssh = ["bcrypt (>=3.1.5)"]
-test = ["certifi", "cryptography-vectors (==43.0.3)", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"]
+test = ["certifi (>=2024)", "cryptography-vectors (==45.0.7)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]
 
 [[package]]
@@ -7132,4 +7143,4 @@ cffi = ["cffi (>=1.11)"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<3.14"
-content-hash = "892daa57d7126d9a9d5308005b07328a39b8c4cd7fe198f9b5ab10f957787c48"
+content-hash = "80d4dc2cbcd1ae33b2fa3920db5dcb1f82ad252d1e4a8bfeba8b2f2eebbdda0d"

autogpt_platform/backend/pyproject.toml

@@ -17,7 +17,7 @@ apscheduler = "^3.11.0"
 autogpt-libs = { path = "../autogpt_libs", develop = true }
 bleach = { extras = ["css"], version = "^6.2.0" }
 click = "^8.2.0"
-cryptography = "^43.0"
+cryptography = "^45.0"
 discord-py = "^2.5.2"
 e2b-code-interpreter = "^1.5.2"
 fastapi = "^0.116.1"

autogpt_platform/backend/schema.prisma

@@ -36,7 +36,7 @@ model User {
   notifyOnAgentApproved        Boolean @default(true)
   notifyOnAgentRejected        Boolean @default(true)
 
-  timezone                     String  @default("not-set")
+  timezone String @default("not-set")
 
   // Relations
 
@@ -110,6 +110,7 @@ model AgentGraph {
 
   name        String?
   description String?
+  recommendedScheduleCron String?
 
   isActive Boolean @default(true)
 
@@ -354,15 +355,20 @@ model AgentGraphExecution {
   agentGraphVersion Int        @default(1)
   AgentGraph        AgentGraph @relation(fields: [agentGraphId, agentGraphVersion], references: [id, version], onDelete: Cascade)
 
+  agentPresetId String?
+  AgentPreset   AgentPreset? @relation(fields: [agentPresetId], references: [id])
+
+  inputs           Json?
+  credentialInputs Json?
+  nodesInputMasks  Json?
+
   NodeExecutions AgentNodeExecution[]
 
   // Link to User model -- Executed by this user
   userId String
   User   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
 
-  stats         Json?
-  agentPresetId String?
-  AgentPreset   AgentPreset? @relation(fields: [agentPresetId], references: [id])
+  stats Json?
 
   @@index([agentGraphId, agentGraphVersion])
   @@index([userId])
@@ -625,14 +631,15 @@ view StoreAgent {
   agent_image String[]
 
   featured         Boolean  @default(false)
-  creator_username String
-  creator_avatar   String
+  creator_username String?
+  creator_avatar   String?
   sub_heading      String
   description      String
   categories       String[]
   runs             Int
   rating           Float
   versions         String[]
+  is_available     Boolean  @default(true)
 
   // Materialized views used (refreshed every 15 minutes via pg_cron):
   // - mv_agent_run_counts - Pre-aggregated agent execution counts by agentGraphId
@@ -779,6 +786,8 @@ model StoreListingVersion {
   reviewComments   String? // Comments visible to creator
   reviewedAt       DateTime?
 
+  recommendedScheduleCron String? // cron expression like "0 9 * * *"
+
   // Reviews for this specific version
   Reviews StoreListingReview[]
 
@@ -822,11 +831,13 @@ enum APIKeyPermission {
 }
 
 model APIKey {
-  id          String             @id @default(uuid())
-  name        String
-  prefix      String // First 8 chars for identification
-  postfix     String
-  key         String             @unique // Hashed key
+  id   String  @id @default(uuid())
+  name String
+  head String // First few chars for identification
+  tail String
+  hash String  @unique
+  salt String? // null for legacy unsalted keys
+
   status      APIKeyStatus       @default(ACTIVE)
   permissions APIKeyPermission[]
 
@@ -840,7 +851,7 @@ model APIKey {
   userId String
   User   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
 
-  @@index([prefix, name])
+  @@index([head, name])
   @@index([userId, status])
 }
 

autogpt_platform/backend/snapshots/agt_details

@@ -22,6 +22,7 @@
     "1.1.0"
   ],
   "last_updated": "2023-01-01T00:00:00",
+  "recommended_schedule_cron": null,
   "active_version_id": null,
   "has_approved_version": false
 }

autogpt_platform/backend/snapshots/grph_single

@@ -23,7 +23,9 @@
     "required": [],
     "type": "object"
   },
+  "recommended_schedule_cron": null,
   "sub_graphs": [],
+  "trigger_setup_info": null,
   "user_id": "test-user-id",
   "version": 1
 }

autogpt_platform/backend/snapshots/grphs_all

@@ -22,7 +22,9 @@
       "required": [],
       "type": "object"
     },
+    "recommended_schedule_cron": null,
     "sub_graphs": [],
+    "trigger_setup_info": null,
     "user_id": "test-user-id",
     "version": 1
   }

autogpt_platform/backend/snapshots/lib_agts_search

@@ -27,7 +27,8 @@
       "trigger_setup_info": null,
       "new_output": false,
       "can_access_graph": true,
-      "is_latest_version": true
+      "is_latest_version": true,
+      "recommended_schedule_cron": null
     },
     {
       "id": "test-agent-2",
@@ -56,7 +57,8 @@
       "trigger_setup_info": null,
       "new_output": false,
       "can_access_graph": false,
-      "is_latest_version": true
+      "is_latest_version": true,
+      "recommended_schedule_cron": null
     }
   ],
   "pagination": {

autogpt_platform/backend/test/e2e_test_data.py

@@ -23,7 +23,7 @@ from typing import Any, Dict, List
 
 from faker import Faker
 
-from backend.data.api_key import generate_api_key
+from backend.data.api_key import create_api_key
 from backend.data.credit import get_user_credit_model
 from backend.data.db import prisma
 from backend.data.graph import Graph, Link, Node, create_graph
@@ -466,7 +466,7 @@ class TestDataCreator:
 
             try:
                 # Use the API function to create API key
-                api_key, _ = await generate_api_key(
+                api_key, _ = await create_api_key(
                     name=faker.word(),
                     user_id=user["id"],
                     permissions=[

autogpt_platform/backend/test/sdk/test_sdk_registry.py

@@ -370,7 +370,7 @@ class TestProviderBuilder:
 
     def test_provider_builder_with_base_cost(self):
         """Test building a provider with base costs."""
-        from backend.data.cost import BlockCostType
+        from backend.data.block import BlockCostType
 
         provider = (
             ProviderBuilder("cost_test")
@@ -411,7 +411,7 @@ class TestProviderBuilder:
 
     def test_provider_builder_complete_example(self):
         """Test building a complete provider with all features."""
-        from backend.data.cost import BlockCostType
+        from backend.data.block import BlockCostType
 
         class TestOAuth(BaseOAuthHandler):
             PROVIDER_NAME = ProviderName.GITHUB

autogpt_platform/backend/test/test_data_creator.py

@@ -21,6 +21,7 @@ import random
 from datetime import datetime
 
 import prisma.enums
+from autogpt_libs.api_key.keysmith import APIKeySmith
 from faker import Faker
 from prisma import Json, Prisma
 from prisma.types import (
@@ -30,7 +31,6 @@ from prisma.types import (
     AgentNodeLinkCreateInput,
     AnalyticsDetailsCreateInput,
     AnalyticsMetricsCreateInput,
-    APIKeyCreateInput,
     CreditTransactionCreateInput,
     IntegrationWebhookCreateInput,
     ProfileCreateInput,
@@ -544,20 +544,22 @@ async def main():
     # Insert APIKeys
     print(f"Inserting {NUM_USERS} api keys")
     for user in users:
+        api_key = APIKeySmith().generate_key()
         await db.apikey.create(
-            data=APIKeyCreateInput(
-                name=faker.word(),
-                prefix=str(faker.uuid4())[:8],
-                postfix=str(faker.uuid4())[-8:],
-                key=str(faker.sha256()),
-                status=prisma.enums.APIKeyStatus.ACTIVE,
-                permissions=[
+            data={
+                "name": faker.word(),
+                "head": api_key.head,
+                "tail": api_key.tail,
+                "hash": api_key.hash,
+                "salt": api_key.salt,
+                "status": prisma.enums.APIKeyStatus.ACTIVE,
+                "permissions": [
                     prisma.enums.APIKeyPermission.EXECUTE_GRAPH,
                     prisma.enums.APIKeyPermission.READ_GRAPH,
                 ],
-                description=faker.text(),
-                userId=user.id,
-            )
+                "description": faker.text(),
+                "userId": user.id,
+            }
         )
 
     # Refresh materialized views

autogpt_platform/db/docker/docker-compose.yml

@@ -25,83 +25,10 @@ x-supabase-env-files: &supabase-env-files
 
 # Common Supabase environment - hardcoded defaults to avoid variable substitution
 x-supabase-env: &supabase-env
-  # Core PostgreSQL settings
-  POSTGRES_PASSWORD: your-super-secret-and-long-postgres-password
-  POSTGRES_HOST: db
-  POSTGRES_PORT: "5432"
-  POSTGRES_DB: postgres
-  
-  # Authentication & Security
-  JWT_SECRET: your-super-secret-jwt-token-with-at-least-32-characters-long
-  ANON_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
-  SERVICE_ROLE_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
-  DASHBOARD_USERNAME: supabase
-  DASHBOARD_PASSWORD: this_password_is_insecure_and_should_be_updated
-  SECRET_KEY_BASE: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
-  VAULT_ENC_KEY: your-encryption-key-32-chars-min
-  
-  # URLs and Endpoints
-  SITE_URL: http://localhost:3000
-  API_EXTERNAL_URL: http://localhost:8000
-  SUPABASE_PUBLIC_URL: http://localhost:8000
-  ADDITIONAL_REDIRECT_URLS: ""
-  
-  # Feature Flags
-  DISABLE_SIGNUP: "false"
-  ENABLE_EMAIL_SIGNUP: "true"
-  ENABLE_EMAIL_AUTOCONFIRM: "false"
-  ENABLE_ANONYMOUS_USERS: "false"
-  ENABLE_PHONE_SIGNUP: "true"
-  ENABLE_PHONE_AUTOCONFIRM: "true"
-  FUNCTIONS_VERIFY_JWT: "false"
-  IMGPROXY_ENABLE_WEBP_DETECTION: "true"
-  
-  # Email/SMTP Configuration
-  SMTP_ADMIN_EMAIL: admin@example.com
-  SMTP_HOST: supabase-mail
-  SMTP_PORT: "2500"
-  SMTP_USER: fake_mail_user
-  SMTP_PASS: fake_mail_password
-  SMTP_SENDER_NAME: fake_sender
-  
-  # Mailer URLs
-  MAILER_URLPATHS_CONFIRMATION: /auth/v1/verify
-  MAILER_URLPATHS_INVITE: /auth/v1/verify
-  MAILER_URLPATHS_RECOVERY: /auth/v1/verify
-  MAILER_URLPATHS_EMAIL_CHANGE: /auth/v1/verify
-  
-  # JWT Settings
-  JWT_EXPIRY: "3600"
-  
-  # Database Schemas
-  PGRST_DB_SCHEMAS: public,storage,graphql_public
-  
-  # Studio Settings
-  STUDIO_DEFAULT_ORGANIZATION: Default Organization
-  STUDIO_DEFAULT_PROJECT: Default Project
-  
-  # Logging
-  LOGFLARE_API_KEY: your-super-secret-and-long-logflare-key
-  
-  # Pooler Settings
-  POOLER_DEFAULT_POOL_SIZE: "20"
-  POOLER_MAX_CLIENT_CONN: "100"
-  POOLER_TENANT_ID: your-tenant-id
-  POOLER_PROXY_PORT_TRANSACTION: "6543"
-  
-  # Kong Ports
-  KONG_HTTP_PORT: "8000"
-  KONG_HTTPS_PORT: "8443"
-  
-  # Docker
-  DOCKER_SOCKET_LOCATION: /var/run/docker.sock
-  
-  # Google Cloud (if needed)
-  GOOGLE_PROJECT_ID: GOOGLE_PROJECT_ID
-  GOOGLE_PROJECT_NUMBER: GOOGLE_PROJECT_NUMBER
+  SUPABASE_ANON_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
+  SUPABASE_SERVICE_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
 
 services:
-
   studio:
     container_name: supabase-studio
     image: supabase/studio:20250224-d10db0f
@@ -122,16 +49,9 @@ services:
       <<: *supabase-env
       # Keep any existing environment variables specific to that service
       STUDIO_PG_META_URL: http://meta:8080
-      POSTGRES_PASSWORD: your-super-secret-and-long-postgres-password
-
       DEFAULT_ORGANIZATION_NAME: Default Organization
       DEFAULT_PROJECT_NAME: Default Project
-      OPENAI_API_KEY: ""
-
       SUPABASE_URL: http://kong:8000
-      SUPABASE_PUBLIC_URL: http://localhost:8000
-      SUPABASE_ANON_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
-      SUPABASE_SERVICE_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
       AUTH_JWT_SECRET: your-super-secret-jwt-token-with-at-least-32-characters-long
 
       LOGFLARE_API_KEY: your-super-secret-and-long-logflare-key
@@ -163,10 +83,6 @@ services:
       KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth
       KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
       KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
-      SUPABASE_ANON_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
-      SUPABASE_SERVICE_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
-      DASHBOARD_USERNAME: supabase
-      DASHBOARD_PASSWORD: this_password_is_insecure_and_should_be_updated
     # https://unix.stackexchange.com/a/294837
     entrypoint: bash -c 'eval "echo \"$$(cat ~/temp.yml)\"" > ~/kong.yml && /docker-entrypoint.sh kong docker-start'
 
@@ -197,7 +113,6 @@ services:
       # Keep any existing environment variables specific to that service
       GOTRUE_API_HOST: 0.0.0.0
       GOTRUE_API_PORT: 9999
-      API_EXTERNAL_URL: http://localhost:8000
 
       GOTRUE_DB_DRIVER: postgres
       GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:your-super-secret-and-long-postgres-password@db:5432/postgres
@@ -425,9 +340,7 @@ services:
     environment:
       <<: *supabase-env
       # Keep any existing environment variables specific to that service
-      JWT_SECRET: your-super-secret-jwt-token-with-at-least-32-characters-long
       SUPABASE_URL: http://kong:8000
-      SUPABASE_ANON_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
       SUPABASE_SERVICE_ROLE_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
       SUPABASE_DB_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres
       # TODO: Allow configuring VERIFY_JWT per function. This PR might help: https://github.com/supabase/cli/pull/786
@@ -531,12 +444,8 @@ services:
       # Keep any existing environment variables specific to that service
       POSTGRES_HOST: /var/run/postgresql
       PGPORT: 5432
-      POSTGRES_PORT: 5432
       PGPASSWORD: your-super-secret-and-long-postgres-password
-      POSTGRES_PASSWORD: your-super-secret-and-long-postgres-password
       PGDATABASE: postgres
-      POSTGRES_DB: postgres
-      JWT_SECRET: your-super-secret-jwt-token-with-at-least-32-characters-long
       JWT_EXP: 3600
     command:
       [
@@ -570,8 +479,6 @@ services:
     <<: *supabase-env-files
     environment:
       <<: *supabase-env
-      # Keep any existing environment variables specific to that service
-      LOGFLARE_API_KEY: your-super-secret-and-long-logflare-key
     command:
       [
         "--config",
@@ -612,9 +519,6 @@ services:
       <<: *supabase-env
       # Keep any existing environment variables specific to that service
       PORT: 4000
-      POSTGRES_PORT: 5432
-      POSTGRES_DB: postgres
-      POSTGRES_PASSWORD: your-super-secret-and-long-postgres-password
       DATABASE_URL: ecto://supabase_admin:your-super-secret-and-long-postgres-password@db:5432/_supabase
       CLUSTER_POSTGRES: true
       SECRET_KEY_BASE: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq

autogpt_platform/docker-compose.platform.yml

@@ -6,8 +6,7 @@
 # 5. CLI arguments - docker compose run -e VAR=value
 
 # Common backend environment - Docker service names
-x-backend-env:
-  &backend-env # Docker internal service hostnames (override localhost defaults)
+x-backend-env: &backend-env # Docker internal service hostnames (override localhost defaults)
   PYRO_HOST: "0.0.0.0"
   AGENTSERVER_HOST: rest_server
   SCHEDULER_HOST: scheduler_server
@@ -20,6 +19,10 @@ x-backend-env:
   RABBITMQ_HOST: rabbitmq
   # Override Supabase URL for Docker network
   SUPABASE_URL: http://kong:8000
+  # Database connection string for Docker network
+  # This cannot be constructed like in .env because we cannot interpolate values set here (DB_HOST)
+  DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
+  DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
 
 # Common env_file configuration for backend services
 x-backend-env-files: &backend-env-files
@@ -43,14 +46,18 @@ services:
     depends_on:
       db:
         condition: service_healthy
+    <<: *backend-env-files
     environment:
-      - DATABASE_URL=postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
-      - DIRECT_URL=postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
+      <<: *backend-env
     networks:
       - app-network
     restart: on-failure
     healthcheck:
-      test: ["CMD-SHELL", "poetry run prisma migrate status | grep -q 'No pending migrations' || exit 1"]
+      test:
+        [
+          "CMD-SHELL",
+          "poetry run prisma migrate status | grep -q 'No pending migrations' || exit 1",
+        ]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -77,9 +84,9 @@ services:
       timeout: 10s
       retries: 5
       start_period: 10s
+    <<: *backend-env-files
     environment:
-      - RABBITMQ_DEFAULT_USER=rabbitmq_user_default
-      - RABBITMQ_DEFAULT_PASS=k0VMxyIJF9S35f3x2uaw5IWAl6Y536O7 # CHANGE THIS TO A RANDOM PASSWORD IN PRODUCTION -- everywhere lol
+      <<: *backend-env
     ports:
       - "5672:5672"
       - "15672:15672"
@@ -107,9 +114,6 @@ services:
     <<: *backend-env-files
     environment:
       <<: *backend-env
-      # Service-specific overrides
-      DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
-      DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
     ports:
       - "8006:8006"
     networks:
@@ -140,9 +144,6 @@ services:
     <<: *backend-env-files
     environment:
       <<: *backend-env
-      # Service-specific overrides
-      DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
-      DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
     ports:
       - "8002:8002"
     networks:
@@ -171,9 +172,6 @@ services:
     <<: *backend-env-files
     environment:
       <<: *backend-env
-      # Service-specific overrides
-      DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
-      DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
     ports:
       - "8001:8001"
     networks:
@@ -198,9 +196,6 @@ services:
     <<: *backend-env-files
     environment:
       <<: *backend-env
-      # Service-specific overrides
-      DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
-      DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
     ports:
       - "8005:8005"
     networks:
@@ -244,9 +239,6 @@ services:
     <<: *backend-env-files
     environment:
       <<: *backend-env
-      # Service-specific overrides
-      DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
-      DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@db:5432/postgres?connect_timeout=60&schema=platform
     ports:
       - "8003:8003"
     networks:
@@ -284,6 +276,8 @@ services:
       context: ../
       dockerfile: autogpt_platform/frontend/Dockerfile
       target: prod
+      args:
+        NEXT_PUBLIC_PW_TEST: ${NEXT_PUBLIC_PW_TEST:-false}
     depends_on:
       db:
         condition: service_healthy

autogpt_platform/frontend/.env.default

@@ -16,5 +16,4 @@
     NEXT_PUBLIC_REACT_QUERY_DEVTOOL=true
 
     NEXT_PUBLIC_GA_MEASUREMENT_ID=G-FH2XK2W4GN
-    NEXT_PUBLIC_PW_TEST=true
     

autogpt_platform/frontend/.prettierignore

@@ -4,3 +4,5 @@ pnpm-lock.yaml
 .auth
 build
 public
+Dockerfile
+.prettierignore

autogpt_platform/frontend/Dockerfile

@@ -9,13 +9,24 @@ RUN --mount=type=cache,target=/root/.local/share/pnpm pnpm install --frozen-lock
 FROM base AS build
 
 COPY autogpt_platform/frontend/ .
-RUN if [ -f .env ]; then \
+# Allow CI to opt-in to Playwright test build-time flags
+ARG NEXT_PUBLIC_PW_TEST="false"
+ENV NEXT_PUBLIC_PW_TEST=$NEXT_PUBLIC_PW_TEST
+ENV NODE_ENV="production"
+# Merge env files appropriately based on environment
+RUN if [ -f .env.production ]; then \
+      # In CI/CD: merge defaults with production (production takes precedence)
+      cat .env.default .env.production > .env.merged && mv .env.merged .env.production; \
+    elif [ -f .env ]; then \
+      # Local with custom .env: merge defaults with .env
       cat .env.default .env > .env.merged && mv .env.merged .env; \
     else \
+      # Local without custom .env: use defaults
       cp .env.default .env; \
     fi
 RUN pnpm run generate:api
-RUN pnpm build
+# In CI, we want NEXT_PUBLIC_PW_TEST=true during build so Next.js inlines it
+RUN if [ "$NEXT_PUBLIC_PW_TEST" = "true" ]; then NEXT_PUBLIC_PW_TEST=true NODE_OPTIONS="--max-old-space-size=4096" pnpm build; else NODE_OPTIONS="--max-old-space-size=4096" pnpm build; fi
 
 # Prod stage - based on NextJS reference Dockerfile https://github.com/vercel/next.js/blob/64271354533ed16da51be5dce85f0dbd15f17517/examples/with-docker/Dockerfile
 FROM node:21-alpine AS prod

autogpt_platform/frontend/instrumentation-client.ts

@@ -2,18 +2,28 @@
 // The config you add here will be used whenever a users loads a page in their browser.
 // https://docs.sentry.io/platforms/javascript/guides/nextjs/
 
-import { BehaveAs, getBehaveAs, getEnvironmentStr } from "@/lib/utils";
+import {
+  AppEnv,
+  BehaveAs,
+  getAppEnv,
+  getBehaveAs,
+  getEnvironmentStr,
+} from "@/lib/utils";
 import * as Sentry from "@sentry/nextjs";
 
-const isProductionCloud =
-  process.env.NODE_ENV === "production" && getBehaveAs() === BehaveAs.CLOUD;
+const isProdOrDev = [AppEnv.PROD, AppEnv.DEV].includes(getAppEnv());
+
+const isCloud = getBehaveAs() === BehaveAs.CLOUD;
+const isDisabled = process.env.DISABLE_SENTRY === "true";
+
+const shouldEnable = !isDisabled && isProdOrDev && isCloud;
 
 Sentry.init({
   dsn: "https://fe4e4aa4a283391808a5da396da20159@o4505260022104064.ingest.us.sentry.io/4507946746380288",
 
   environment: getEnvironmentStr(),
 
-  enabled: isProductionCloud,
+  enabled: shouldEnable,
 
   // Add optional integrations for additional features
   integrations: [
@@ -56,10 +66,7 @@ Sentry.init({
   // For example, a tracesSampleRate of 0.5 and profilesSampleRate of 0.5 would
   // result in 25% of transactions being profiled (0.5*0.5=0.25)
   profilesSampleRate: 1.0,
-  _experiments: {
-    // Enable logs to be sent to Sentry.
-    enableLogs: true,
-  },
+  enableLogs: true,
 });
 
 export const onRouterTransitionStart = Sentry.captureRouterTransitionStart;

autogpt_platform/frontend/orval.config.ts

@@ -41,6 +41,26 @@ export default defineConfig({
               useInfiniteQueryParam: "page",
             },
           },
+          "getV2Get builder blocks": {
+            query: {
+              useInfinite: true,
+              useInfiniteQueryParam: "page",
+              useQuery: true,
+            },
+          },
+          "getV2Get builder integration providers": {
+            query: {
+              useInfinite: true,
+              useInfiniteQueryParam: "page",
+            },
+          },
+          "getV2List store agents": {
+            query: {
+              useInfinite: true,
+              useInfiniteQueryParam: "page",
+              useQuery: true,
+            },
+          },
         },
       },
     },

autogpt_platform/frontend/package.json

@@ -10,8 +10,8 @@
     "lint": "next lint && prettier --check .",
     "format": "next lint --fix; prettier --write .",
     "types": "tsc --noEmit",
-    "test": "next build --turbo && playwright test",
-    "test-ui": "next build --turbo && playwright test --ui",
+    "test": "NEXT_PUBLIC_PW_TEST=true next build --turbo && playwright test",
+    "test-ui": "NEXT_PUBLIC_PW_TEST=true next build --turbo && playwright test --ui",
     "test:no-build": "playwright test",
     "gentests": "playwright codegen http://localhost:3000",
     "storybook": "storybook dev -p 6006",
@@ -66,12 +66,14 @@
     "embla-carousel-react": "8.6.0",
     "framer-motion": "12.23.12",
     "geist": "1.4.2",
+    "highlight.js": "11.11.1",
     "jaro-winkler": "0.2.8",
+    "katex": "0.16.22",
     "launchdarkly-react-client-sdk": "3.8.1",
     "lodash": "4.17.21",
     "lucide-react": "0.539.0",
     "moment": "2.30.1",
-    "next": "15.4.6",
+    "next": "15.4.7",
     "next-themes": "0.4.6",
     "nuqs": "2.4.3",
     "party-js": "2.2.0",
@@ -85,42 +87,49 @@
     "react-modal": "3.16.3",
     "react-shepherd": "6.1.9",
     "react-window": "1.8.11",
-    "recharts": "2.15.3",
+    "recharts": "3.1.2",
+    "rehype-autolink-headings": "7.1.0",
+    "rehype-highlight": "7.0.2",
+    "rehype-katex": "7.0.1",
+    "rehype-slug": "6.0.0",
+    "remark-gfm": "4.0.1",
+    "remark-math": "6.0.0",
     "shepherd.js": "14.5.1",
     "sonner": "2.0.7",
     "tailwind-merge": "2.6.0",
+    "tailwind-scrollbar": "4.0.2",
     "tailwindcss-animate": "1.0.7",
     "uuid": "11.1.0",
     "vaul": "1.1.2",
     "zod": "3.25.76"
   },
   "devDependencies": {
-    "@chromatic-com/storybook": "4.1.0",
-    "@playwright/test": "1.54.2",
-    "@storybook/addon-a11y": "9.1.2",
-    "@storybook/addon-docs": "9.1.2",
-    "@storybook/addon-links": "9.1.2",
-    "@storybook/addon-onboarding": "9.1.2",
-    "@storybook/nextjs": "9.1.2",
-    "@tanstack/eslint-plugin-query": "5.83.1",
-    "@tanstack/react-query-devtools": "5.84.2",
+    "@chromatic-com/storybook": "4.1.1",
+    "@playwright/test": "1.55.0",
+    "@storybook/addon-a11y": "9.1.5",
+    "@storybook/addon-docs": "9.1.5",
+    "@storybook/addon-links": "9.1.5",
+    "@storybook/addon-onboarding": "9.1.5",
+    "@storybook/nextjs": "9.1.5",
+    "@tanstack/eslint-plugin-query": "5.86.0",
+    "@tanstack/react-query-devtools": "5.87.3",
     "@types/canvas-confetti": "1.9.0",
     "@types/lodash": "4.17.20",
     "@types/negotiator": "0.6.4",
-    "@types/node": "24.2.1",
+    "@types/node": "24.3.1",
     "@types/react": "18.3.17",
     "@types/react-dom": "18.3.5",
     "@types/react-modal": "3.16.3",
     "@types/react-window": "1.8.8",
     "axe-playwright": "2.1.0",
-    "chromatic": "13.1.3",
-    "concurrently": "9.2.0",
+    "chromatic": "13.1.4",
+    "concurrently": "9.2.1",
     "cross-env": "7.0.3",
     "eslint": "8.57.1",
-    "eslint-config-next": "15.4.6",
-    "eslint-plugin-storybook": "9.1.2",
+    "eslint-config-next": "15.5.2",
+    "eslint-plugin-storybook": "9.1.5",
     "import-in-the-middle": "1.14.2",
-    "msw": "2.10.4",
+    "msw": "2.11.1",
     "msw-storybook-addon": "2.0.5",
     "orval": "7.11.2",
     "pbkdf2": "3.1.3",
@@ -128,7 +137,7 @@
     "prettier": "3.6.2",
     "prettier-plugin-tailwindcss": "0.6.14",
     "require-in-the-middle": "7.5.2",
-    "storybook": "9.1.2",
+    "storybook": "9.1.5",
     "tailwindcss": "3.4.17",
     "typescript": "5.9.2"
   },