fix: add is_auto_credential and input_field_name to auto credentials schema

Post-refactor fix: these fields were moved from data/block.py to blocks/_base.py in #12068

autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/dummy.py

@@ -0,0 +1,154 @@
+"""Dummy Agent Generator for testing.
+
+Returns mock responses matching the format expected from the external service.
+Enable via AGENTGENERATOR_USE_DUMMY=true in settings.
+
+WARNING: This is for testing only. Do not use in production.
+"""
+
+import asyncio
+import logging
+import uuid
+from typing import Any
+
+logger = logging.getLogger(__name__)
+
+# Dummy decomposition result (instructions type)
+DUMMY_DECOMPOSITION_RESULT: dict[str, Any] = {
+    "type": "instructions",
+    "steps": [
+        {
+            "description": "Get input from user",
+            "action": "input",
+            "block_name": "AgentInputBlock",
+        },
+        {
+            "description": "Process the input",
+            "action": "process",
+            "block_name": "TextFormatterBlock",
+        },
+        {
+            "description": "Return output to user",
+            "action": "output",
+            "block_name": "AgentOutputBlock",
+        },
+    ],
+}
+
+# Block IDs from backend/blocks/io.py
+AGENT_INPUT_BLOCK_ID = "c0a8e994-ebf1-4a9c-a4d8-89d09c86741b"
+AGENT_OUTPUT_BLOCK_ID = "363ae599-353e-4804-937e-b2ee3cef3da4"
+
+
+def _generate_dummy_agent_json() -> dict[str, Any]:
+    """Generate a minimal valid agent JSON for testing."""
+    input_node_id = str(uuid.uuid4())
+    output_node_id = str(uuid.uuid4())
+
+    return {
+        "id": str(uuid.uuid4()),
+        "version": 1,
+        "is_active": True,
+        "name": "Dummy Test Agent",
+        "description": "A dummy agent generated for testing purposes",
+        "nodes": [
+            {
+                "id": input_node_id,
+                "block_id": AGENT_INPUT_BLOCK_ID,
+                "input_default": {
+                    "name": "input",
+                    "title": "Input",
+                    "description": "Enter your input",
+                    "placeholder_values": [],
+                },
+                "metadata": {"position": {"x": 0, "y": 0}},
+            },
+            {
+                "id": output_node_id,
+                "block_id": AGENT_OUTPUT_BLOCK_ID,
+                "input_default": {
+                    "name": "output",
+                    "title": "Output",
+                    "description": "Agent output",
+                    "format": "{output}",
+                },
+                "metadata": {"position": {"x": 400, "y": 0}},
+            },
+        ],
+        "links": [
+            {
+                "id": str(uuid.uuid4()),
+                "source_id": input_node_id,
+                "sink_id": output_node_id,
+                "source_name": "result",
+                "sink_name": "value",
+                "is_static": False,
+            },
+        ],
+    }
+
+
+async def decompose_goal_dummy(
+    description: str,
+    context: str = "",
+    library_agents: list[dict[str, Any]] | None = None,
+) -> dict[str, Any]:
+    """Return dummy decomposition result."""
+    logger.info("Using dummy agent generator for decompose_goal")
+    return DUMMY_DECOMPOSITION_RESULT.copy()
+
+
+async def generate_agent_dummy(
+    instructions: dict[str, Any],
+    library_agents: list[dict[str, Any]] | None = None,
+    operation_id: str | None = None,
+    task_id: str | None = None,
+) -> dict[str, Any]:
+    """Return dummy agent JSON after a simulated delay."""
+    logger.info("Using dummy agent generator for generate_agent (30s delay)")
+    await asyncio.sleep(30)
+    return _generate_dummy_agent_json()
+
+
+async def generate_agent_patch_dummy(
+    update_request: str,
+    current_agent: dict[str, Any],
+    library_agents: list[dict[str, Any]] | None = None,
+    operation_id: str | None = None,
+    task_id: str | None = None,
+) -> dict[str, Any]:
+    """Return dummy patched agent (returns the current agent with updated description)."""
+    logger.info("Using dummy agent generator for generate_agent_patch")
+    patched = current_agent.copy()
+    patched["description"] = (
+        f"{current_agent.get('description', '')} (updated: {update_request})"
+    )
+    return patched
+
+
+async def customize_template_dummy(
+    template_agent: dict[str, Any],
+    modification_request: str,
+    context: str = "",
+) -> dict[str, Any]:
+    """Return dummy customized template (returns template with updated description)."""
+    logger.info("Using dummy agent generator for customize_template")
+    customized = template_agent.copy()
+    customized["description"] = (
+        f"{template_agent.get('description', '')} (customized: {modification_request})"
+    )
+    return customized
+
+
+async def get_blocks_dummy() -> list[dict[str, Any]]:
+    """Return dummy blocks list."""
+    logger.info("Using dummy agent generator for get_blocks")
+    return [
+        {"id": AGENT_INPUT_BLOCK_ID, "name": "AgentInputBlock"},
+        {"id": AGENT_OUTPUT_BLOCK_ID, "name": "AgentOutputBlock"},
+    ]
+
+
+async def health_check_dummy() -> bool:
+    """Always returns healthy for dummy service."""
+    return True

autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/service.py

@@ -12,8 +12,19 @@ import httpx
 
 from backend.util.settings import Settings
 
+from .dummy import (
+    customize_template_dummy,
+    decompose_goal_dummy,
+    generate_agent_dummy,
+    generate_agent_patch_dummy,
+    get_blocks_dummy,
+    health_check_dummy,
+)
+
 logger = logging.getLogger(__name__)
 
+_dummy_mode_warned = False
+
 
 def _create_error_response(
     error_message: str,
@@ -90,10 +101,26 @@ def _get_settings() -> Settings:
     return _settings
 
 
-def is_external_service_configured() -> bool:
-    """Check if external Agent Generator service is configured."""
+def _is_dummy_mode() -> bool:
+    """Check if dummy mode is enabled for testing."""
+    global _dummy_mode_warned
     settings = _get_settings()
-    return bool(settings.config.agentgenerator_host)
+    is_dummy = bool(settings.config.agentgenerator_use_dummy)
+    if is_dummy and not _dummy_mode_warned:
+        logger.warning(
+            "Agent Generator running in DUMMY MODE - returning mock responses. "
+            "Do not use in production!"
+        )
+        _dummy_mode_warned = True
+    return is_dummy
+
+
+def is_external_service_configured() -> bool:
+    """Check if external Agent Generator service is configured (or dummy mode)."""
+    settings = _get_settings()
+    return bool(settings.config.agentgenerator_host) or bool(
+        settings.config.agentgenerator_use_dummy
+    )
 
 
 def _get_base_url() -> str:
@@ -137,6 +164,9 @@ async def decompose_goal_external(
         - {"type": "error", "error": "...", "error_type": "..."} on error
         Or None on unexpected error
     """
+    if _is_dummy_mode():
+        return await decompose_goal_dummy(description, context, library_agents)
+
     client = _get_client()
 
     if context:
@@ -226,6 +256,11 @@ async def generate_agent_external(
     Returns:
         Agent JSON dict, {"status": "accepted"} for async, or error dict {"type": "error", ...} on error
     """
+    if _is_dummy_mode():
+        return await generate_agent_dummy(
+            instructions, library_agents, operation_id, task_id
+        )
+
     client = _get_client()
 
     # Build request payload
@@ -297,6 +332,11 @@ async def generate_agent_patch_external(
     Returns:
         Updated agent JSON, clarifying questions dict, {"status": "accepted"} for async, or error dict on error
     """
+    if _is_dummy_mode():
+        return await generate_agent_patch_dummy(
+            update_request, current_agent, library_agents, operation_id, task_id
+        )
+
     client = _get_client()
 
     # Build request payload
@@ -383,6 +423,11 @@ async def customize_template_external(
     Returns:
         Customized agent JSON, clarifying questions dict, or error dict on error
     """
+    if _is_dummy_mode():
+        return await customize_template_dummy(
+            template_agent, modification_request, context
+        )
+
     client = _get_client()
 
     request = modification_request
@@ -445,6 +490,9 @@ async def get_blocks_external() -> list[dict[str, Any]] | None:
     Returns:
         List of block info dicts or None on error
     """
+    if _is_dummy_mode():
+        return await get_blocks_dummy()
+
     client = _get_client()
 
     try:
@@ -478,6 +526,9 @@ async def health_check() -> bool:
     if not is_external_service_configured():
         return False
 
+    if _is_dummy_mode():
+        return await health_check_dummy()
+
     client = _get_client()
 
     try:

autogpt_platform/backend/backend/api/features/chat/tools/utils.py

@@ -118,7 +118,7 @@ def build_missing_credentials_from_graph(
     preserving all supported credential types for each field.
     """
     matched_keys = set(matched_credentials.keys()) if matched_credentials else set()
-    aggregated_fields = graph.aggregate_credentials_inputs()
+    aggregated_fields = graph.regular_credentials_inputs
 
     return {
         field_key: _serialize_missing_credential(field_key, field_info)
@@ -338,7 +338,7 @@ async def match_user_credentials_to_graph(
     missing_creds: list[str] = []
 
     # Get aggregated credentials requirements from the graph
-    aggregated_creds = graph.aggregate_credentials_inputs()
+    aggregated_creds = graph.regular_credentials_inputs
     logger.debug(
         f"Matching credentials for graph {graph.id}: {len(aggregated_creds)} required"
     )

autogpt_platform/backend/backend/api/features/chat/tools/utils_test.py

@@ -0,0 +1,78 @@
+"""Tests for chat tools utility functions."""
+
+from unittest.mock import AsyncMock, MagicMock, patch
+
+import pytest
+
+from backend.data.model import CredentialsFieldInfo
+
+
+def _make_regular_field() -> CredentialsFieldInfo:
+    return CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["github"],
+            "credentials_types": ["api_key"],
+            "is_auto_credential": False,
+        },
+        by_alias=True,
+    )
+
+
+def test_build_missing_credentials_excludes_auto_creds():
+    """
+    build_missing_credentials_from_graph() should use regular_credentials_inputs
+    and thus exclude auto_credentials from the "missing" set.
+    """
+    from backend.api.features.chat.tools.utils import (
+        build_missing_credentials_from_graph,
+    )
+
+    regular_field = _make_regular_field()
+
+    mock_graph = MagicMock()
+    # regular_credentials_inputs should only return the non-auto field
+    mock_graph.regular_credentials_inputs = {
+        "github_api_key": (regular_field, {("node-1", "credentials")}, True),
+    }
+
+    result = build_missing_credentials_from_graph(mock_graph, matched_credentials=None)
+
+    # Should include the regular credential
+    assert "github_api_key" in result
+    # Should NOT include the auto_credential (not in regular_credentials_inputs)
+    assert "google_oauth2" not in result
+
+
+@pytest.mark.asyncio
+async def test_match_user_credentials_excludes_auto_creds():
+    """
+    match_user_credentials_to_graph() should use regular_credentials_inputs
+    and thus exclude auto_credentials from matching.
+    """
+    from backend.api.features.chat.tools.utils import match_user_credentials_to_graph
+
+    regular_field = _make_regular_field()
+
+    mock_graph = MagicMock()
+    mock_graph.id = "test-graph"
+    # regular_credentials_inputs returns only non-auto fields
+    mock_graph.regular_credentials_inputs = {
+        "github_api_key": (regular_field, {("node-1", "credentials")}, True),
+    }
+
+    # Mock the credentials manager to return no credentials
+    with patch(
+        "backend.api.features.chat.tools.utils.IntegrationCredentialsManager"
+    ) as MockCredsMgr:
+        mock_store = AsyncMock()
+        mock_store.get_all_creds.return_value = []
+        MockCredsMgr.return_value.store = mock_store
+
+        matched, missing = await match_user_credentials_to_graph(
+            user_id="test-user", graph=mock_graph
+        )
+
+    # No credentials available, so github should be missing
+    assert len(matched) == 0
+    assert len(missing) == 1
+    assert "github_api_key" in missing[0]

autogpt_platform/backend/backend/api/features/library/db.py

@@ -1102,7 +1102,7 @@ async def create_preset_from_graph_execution(
             raise NotFoundError(
                 f"Graph #{graph_execution.graph_id} not found or accessible"
             )
-        elif len(graph.aggregate_credentials_inputs()) > 0:
+        elif len(graph.regular_credentials_inputs) > 0:
             raise ValueError(
                 f"Graph execution #{graph_exec_id} can't be turned into a preset "
                 "because it was run before this feature existed "

autogpt_platform/backend/backend/blocks/_base.py

@@ -309,6 +309,8 @@ class BlockSchema(BaseModel):
                 "credentials_provider": [config.get("provider", "google")],
                 "credentials_types": [config.get("type", "oauth2")],
                 "credentials_scopes": config.get("scopes"),
+                "is_auto_credential": True,
+                "input_field_name": info["field_name"],
             }
             result[kwarg_name] = CredentialsFieldInfo.model_validate(
                 auto_schema, by_alias=True

autogpt_platform/backend/backend/blocks/claude_code.py

@@ -1,10 +1,10 @@
 import json
 import shlex
 import uuid
-from typing import Literal, Optional
+from typing import TYPE_CHECKING, Literal, Optional
 
 from e2b import AsyncSandbox as BaseAsyncSandbox
-from pydantic import BaseModel, SecretStr
+from pydantic import SecretStr
 
 from backend.blocks._base import (
     Block,
@@ -20,6 +20,13 @@ from backend.data.model import (
     SchemaField,
 )
 from backend.integrations.providers import ProviderName
+from backend.util.sandbox_files import (
+    SandboxFileOutput,
+    extract_and_store_sandbox_files,
+)
+
+if TYPE_CHECKING:
+    from backend.executor.utils import ExecutionContext
 
 
 class ClaudeCodeExecutionError(Exception):
@@ -174,22 +181,15 @@ class ClaudeCodeBlock(Block):
             advanced=True,
         )
 
-    class FileOutput(BaseModel):
-        """A file extracted from the sandbox."""
-
-        path: str
-        relative_path: str  # Path relative to working directory (for GitHub, etc.)
-        name: str
-        content: str
-
     class Output(BlockSchemaOutput):
         response: str = SchemaField(
             description="The output/response from Claude Code execution"
         )
-        files: list["ClaudeCodeBlock.FileOutput"] = SchemaField(
+        files: list[SandboxFileOutput] = SchemaField(
             description=(
                 "List of text files created/modified by Claude Code during this execution. "
-                "Each file has 'path', 'relative_path', 'name', and 'content' fields."
+                "Each file has 'path', 'relative_path', 'name', 'content', and 'workspace_ref' fields. "
+                "workspace_ref contains a workspace:// URI if the file was stored to workspace."
             )
         )
         conversation_history: str = SchemaField(
@@ -252,6 +252,7 @@ class ClaudeCodeBlock(Block):
                             "relative_path": "index.html",
                             "name": "index.html",
                             "content": "<html>Hello World</html>",
+                            "workspace_ref": None,
                         }
                     ],
                 ),
@@ -267,11 +268,12 @@ class ClaudeCodeBlock(Block):
                 "execute_claude_code": lambda *args, **kwargs: (
                     "Created index.html with hello world content",  # response
                     [
-                        ClaudeCodeBlock.FileOutput(
+                        SandboxFileOutput(
                             path="/home/user/index.html",
                             relative_path="index.html",
                             name="index.html",
                             content="<html>Hello World</html>",
+                            workspace_ref=None,
                         )
                     ],  # files
                     "User: Create a hello world HTML file\n"
@@ -294,7 +296,8 @@ class ClaudeCodeBlock(Block):
         existing_sandbox_id: str,
         conversation_history: str,
         dispose_sandbox: bool,
-    ) -> tuple[str, list["ClaudeCodeBlock.FileOutput"], str, str, str]:
+        execution_context: "ExecutionContext",
+    ) -> tuple[str, list[SandboxFileOutput], str, str, str]:
         """
         Execute Claude Code in an E2B sandbox.
 
@@ -449,14 +452,18 @@ class ClaudeCodeBlock(Block):
                 else:
                     new_conversation_history = turn_entry
 
-            # Extract files created/modified during this run
-            files = await self._extract_files(
-                sandbox, working_directory, start_timestamp
+            # Extract files created/modified during this run and store to workspace
+            sandbox_files = await extract_and_store_sandbox_files(
+                sandbox=sandbox,
+                working_directory=working_directory,
+                execution_context=execution_context,
+                since_timestamp=start_timestamp,
+                text_only=True,
             )
 
             return (
                 response,
-                files,
+                sandbox_files,  # Already SandboxFileOutput objects
                 new_conversation_history,
                 current_session_id,
                 sandbox_id,
@@ -471,140 +478,6 @@ class ClaudeCodeBlock(Block):
             if dispose_sandbox and sandbox:
                 await sandbox.kill()
 
-    async def _extract_files(
-        self,
-        sandbox: BaseAsyncSandbox,
-        working_directory: str,
-        since_timestamp: str | None = None,
-    ) -> list["ClaudeCodeBlock.FileOutput"]:
-        """
-        Extract text files created/modified during this Claude Code execution.
-
-        Args:
-            sandbox: The E2B sandbox instance
-            working_directory: Directory to search for files
-            since_timestamp: ISO timestamp - only return files modified after this time
-
-        Returns:
-            List of FileOutput objects with path, relative_path, name, and content
-        """
-        files: list[ClaudeCodeBlock.FileOutput] = []
-
-        # Text file extensions we can safely read as text
-        text_extensions = {
-            ".txt",
-            ".md",
-            ".html",
-            ".htm",
-            ".css",
-            ".js",
-            ".ts",
-            ".jsx",
-            ".tsx",
-            ".json",
-            ".xml",
-            ".yaml",
-            ".yml",
-            ".toml",
-            ".ini",
-            ".cfg",
-            ".conf",
-            ".py",
-            ".rb",
-            ".php",
-            ".java",
-            ".c",
-            ".cpp",
-            ".h",
-            ".hpp",
-            ".cs",
-            ".go",
-            ".rs",
-            ".swift",
-            ".kt",
-            ".scala",
-            ".sh",
-            ".bash",
-            ".zsh",
-            ".sql",
-            ".graphql",
-            ".env",
-            ".gitignore",
-            ".dockerfile",
-            "Dockerfile",
-            ".vue",
-            ".svelte",
-            ".astro",
-            ".mdx",
-            ".rst",
-            ".tex",
-            ".csv",
-            ".log",
-        }
-
-        try:
-            # List files recursively using find command
-            # Exclude node_modules and .git directories, but allow hidden files
-            # like .env and .gitignore (they're filtered by text_extensions later)
-            # Filter by timestamp to only get files created/modified during this run
-            safe_working_dir = shlex.quote(working_directory)
-            timestamp_filter = ""
-            if since_timestamp:
-                timestamp_filter = f"-newermt {shlex.quote(since_timestamp)} "
-            find_result = await sandbox.commands.run(
-                f"find {safe_working_dir} -type f "
-                f"{timestamp_filter}"
-                f"-not -path '*/node_modules/*' "
-                f"-not -path '*/.git/*' "
-                f"2>/dev/null"
-            )
-
-            if find_result.stdout:
-                for file_path in find_result.stdout.strip().split("\n"):
-                    if not file_path:
-                        continue
-
-                    # Check if it's a text file we can read
-                    is_text = any(
-                        file_path.endswith(ext) for ext in text_extensions
-                    ) or file_path.endswith("Dockerfile")
-
-                    if is_text:
-                        try:
-                            content = await sandbox.files.read(file_path)
-                            # Handle bytes or string
-                            if isinstance(content, bytes):
-                                content = content.decode("utf-8", errors="replace")
-
-                            # Extract filename from path
-                            file_name = file_path.split("/")[-1]
-
-                            # Calculate relative path by stripping working directory
-                            relative_path = file_path
-                            if file_path.startswith(working_directory):
-                                relative_path = file_path[len(working_directory) :]
-                                # Remove leading slash if present
-                                if relative_path.startswith("/"):
-                                    relative_path = relative_path[1:]
-
-                            files.append(
-                                ClaudeCodeBlock.FileOutput(
-                                    path=file_path,
-                                    relative_path=relative_path,
-                                    name=file_name,
-                                    content=content,
-                                )
-                            )
-                        except Exception:
-                            # Skip files that can't be read
-                            pass
-
-        except Exception:
-            # If file extraction fails, return empty results
-            pass
-
-        return files
-
     def _escape_prompt(self, prompt: str) -> str:
         """Escape the prompt for safe shell execution."""
         # Use single quotes and escape any single quotes in the prompt
@@ -617,6 +490,7 @@ class ClaudeCodeBlock(Block):
         *,
         e2b_credentials: APIKeyCredentials,
         anthropic_credentials: APIKeyCredentials,
+        execution_context: "ExecutionContext",
         **kwargs,
     ) -> BlockOutput:
         try:
@@ -637,6 +511,7 @@ class ClaudeCodeBlock(Block):
                 existing_sandbox_id=input_data.sandbox_id,
                 conversation_history=input_data.conversation_history,
                 dispose_sandbox=input_data.dispose_sandbox,
+                execution_context=execution_context,
             )
 
             yield "response", response

autogpt_platform/backend/backend/blocks/code_executor.py

@@ -1,5 +1,5 @@
 from enum import Enum
-from typing import Any, Literal, Optional
+from typing import TYPE_CHECKING, Any, Literal, Optional
 
 from e2b_code_interpreter import AsyncSandbox
 from e2b_code_interpreter import Result as E2BExecutionResult
@@ -20,6 +20,13 @@ from backend.data.model import (
     SchemaField,
 )
 from backend.integrations.providers import ProviderName
+from backend.util.sandbox_files import (
+    SandboxFileOutput,
+    extract_and_store_sandbox_files,
+)
+
+if TYPE_CHECKING:
+    from backend.executor.utils import ExecutionContext
 
 TEST_CREDENTIALS = APIKeyCredentials(
     id="01234567-89ab-cdef-0123-456789abcdef",
@@ -85,6 +92,9 @@ class CodeExecutionResult(MainCodeExecutionResult):
 class BaseE2BExecutorMixin:
     """Shared implementation methods for E2B executor blocks."""
 
+    # Default working directory in E2B sandboxes
+    WORKING_DIR = "/home/user"
+
     async def execute_code(
         self,
         api_key: str,
@@ -95,14 +105,21 @@ class BaseE2BExecutorMixin:
         timeout: Optional[int] = None,
         sandbox_id: Optional[str] = None,
         dispose_sandbox: bool = False,
+        execution_context: Optional["ExecutionContext"] = None,
+        extract_files: bool = False,
     ):
         """
         Unified code execution method that handles all three use cases:
         1. Create new sandbox and execute (ExecuteCodeBlock)
         2. Create new sandbox, execute, and return sandbox_id (InstantiateCodeSandboxBlock)
         3. Connect to existing sandbox and execute (ExecuteCodeStepBlock)
+
+        Args:
+            extract_files: If True and execution_context provided, extract files
+                           created/modified during execution and store to workspace.
         """  # noqa
         sandbox = None
+        files: list[SandboxFileOutput] = []
         try:
             if sandbox_id:
                 # Connect to existing sandbox (ExecuteCodeStepBlock case)
@@ -118,6 +135,12 @@ class BaseE2BExecutorMixin:
                     for cmd in setup_commands:
                         await sandbox.commands.run(cmd)
 
+            # Capture timestamp before execution to scope file extraction
+            start_timestamp = None
+            if extract_files:
+                ts_result = await sandbox.commands.run("date -u +%Y-%m-%dT%H:%M:%S")
+                start_timestamp = ts_result.stdout.strip() if ts_result.stdout else None
+
             # Execute the code
             execution = await sandbox.run_code(
                 code,
@@ -133,7 +156,24 @@ class BaseE2BExecutorMixin:
             stdout_logs = "".join(execution.logs.stdout)
             stderr_logs = "".join(execution.logs.stderr)
 
-            return results, text_output, stdout_logs, stderr_logs, sandbox.sandbox_id
+            # Extract files created/modified during this execution
+            if extract_files and execution_context:
+                files = await extract_and_store_sandbox_files(
+                    sandbox=sandbox,
+                    working_directory=self.WORKING_DIR,
+                    execution_context=execution_context,
+                    since_timestamp=start_timestamp,
+                    text_only=False,  # Include binary files too
+                )
+
+            return (
+                results,
+                text_output,
+                stdout_logs,
+                stderr_logs,
+                sandbox.sandbox_id,
+                files,
+            )
         finally:
             # Dispose of sandbox if requested to reduce usage costs
             if dispose_sandbox and sandbox:
@@ -238,6 +278,12 @@ class ExecuteCodeBlock(Block, BaseE2BExecutorMixin):
             description="Standard output logs from execution"
         )
         stderr_logs: str = SchemaField(description="Standard error logs from execution")
+        files: list[SandboxFileOutput] = SchemaField(
+            description=(
+                "Files created or modified during execution. "
+                "Each file has path, name, content, and workspace_ref (if stored)."
+            ),
+        )
 
     def __init__(self):
         super().__init__(
@@ -259,23 +305,30 @@ class ExecuteCodeBlock(Block, BaseE2BExecutorMixin):
                 ("results", []),
                 ("response", "Hello World"),
                 ("stdout_logs", "Hello World\n"),
+                ("files", []),
             ],
             test_mock={
-                "execute_code": lambda api_key, code, language, template_id, setup_commands, timeout, dispose_sandbox: (  # noqa
+                "execute_code": lambda api_key, code, language, template_id, setup_commands, timeout, dispose_sandbox, execution_context, extract_files: (  # noqa
                     [],  # results
                     "Hello World",  # text_output
                     "Hello World\n",  # stdout_logs
                     "",  # stderr_logs
                     "sandbox_id",  # sandbox_id
+                    [],  # files
                 ),
             },
         )
 
     async def run(
-        self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
+        self,
+        input_data: Input,
+        *,
+        credentials: APIKeyCredentials,
+        execution_context: "ExecutionContext",
+        **kwargs,
     ) -> BlockOutput:
         try:
-            results, text_output, stdout, stderr, _ = await self.execute_code(
+            results, text_output, stdout, stderr, _, files = await self.execute_code(
                 api_key=credentials.api_key.get_secret_value(),
                 code=input_data.code,
                 language=input_data.language,
@@ -283,6 +336,8 @@ class ExecuteCodeBlock(Block, BaseE2BExecutorMixin):
                 setup_commands=input_data.setup_commands,
                 timeout=input_data.timeout,
                 dispose_sandbox=input_data.dispose_sandbox,
+                execution_context=execution_context,
+                extract_files=True,
             )
 
             # Determine result object shape & filter out empty formats
@@ -296,6 +351,8 @@ class ExecuteCodeBlock(Block, BaseE2BExecutorMixin):
                 yield "stdout_logs", stdout
             if stderr:
                 yield "stderr_logs", stderr
+            # Always yield files (empty list if none)
+            yield "files", [f.model_dump() for f in files]
         except Exception as e:
             yield "error", str(e)
 
@@ -393,6 +450,7 @@ class InstantiateCodeSandboxBlock(Block, BaseE2BExecutorMixin):
                     "Hello World\n",  # stdout_logs
                     "",  # stderr_logs
                     "sandbox_id",  # sandbox_id
+                    [],  # files
                 ),
             },
         )
@@ -401,7 +459,7 @@ class InstantiateCodeSandboxBlock(Block, BaseE2BExecutorMixin):
         self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
     ) -> BlockOutput:
         try:
-            _, text_output, stdout, stderr, sandbox_id = await self.execute_code(
+            _, text_output, stdout, stderr, sandbox_id, _ = await self.execute_code(
                 api_key=credentials.api_key.get_secret_value(),
                 code=input_data.setup_code,
                 language=input_data.language,
@@ -500,6 +558,7 @@ class ExecuteCodeStepBlock(Block, BaseE2BExecutorMixin):
                     "Hello World\n",  # stdout_logs
                     "",  # stderr_logs
                     sandbox_id,  # sandbox_id
+                    [],  # files
                 ),
             },
         )
@@ -508,7 +567,7 @@ class ExecuteCodeStepBlock(Block, BaseE2BExecutorMixin):
         self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
     ) -> BlockOutput:
         try:
-            results, text_output, stdout, stderr, _ = await self.execute_code(
+            results, text_output, stdout, stderr, _, _ = await self.execute_code(
                 api_key=credentials.api_key.get_secret_value(),
                 code=input_data.step_code,
                 language=input_data.language,

autogpt_platform/backend/backend/data/graph.py

@@ -434,8 +434,7 @@ class GraphModel(Graph, GraphMeta):
     @computed_field
     @property
     def credentials_input_schema(self) -> dict[str, Any]:
-        graph_credentials_inputs = self.aggregate_credentials_inputs()
-
+        graph_credentials_inputs = self.regular_credentials_inputs
         logger.debug(
             f"Combined credentials input fields for graph #{self.id} ({self.name}): "
             f"{graph_credentials_inputs}"
@@ -591,6 +590,28 @@ class GraphModel(Graph, GraphMeta):
             for key, (field_info, node_field_pairs) in combined.items()
         }
 
+    @property
+    def regular_credentials_inputs(
+        self,
+    ) -> dict[str, tuple[CredentialsFieldInfo, set[tuple[str, str]], bool]]:
+        """Credentials that need explicit user mapping (CredentialsMetaInput fields)."""
+        return {
+            k: v
+            for k, v in self.aggregate_credentials_inputs().items()
+            if not v[0].is_auto_credential
+        }
+
+    @property
+    def auto_credentials_inputs(
+        self,
+    ) -> dict[str, tuple[CredentialsFieldInfo, set[tuple[str, str]], bool]]:
+        """Credentials embedded in file fields (_credentials_id), resolved at execution time."""
+        return {
+            k: v
+            for k, v in self.aggregate_credentials_inputs().items()
+            if v[0].is_auto_credential
+        }
+
     def reassign_ids(self, user_id: str, reassign_graph_id: bool = False):
         """
         Reassigns all IDs in the graph to new UUIDs.
@@ -641,6 +662,16 @@ class GraphModel(Graph, GraphMeta):
             ) and graph_id in graph_id_map:
                 node.input_default["graph_id"] = graph_id_map[graph_id]
 
+        # Clear auto-credentials references (e.g., _credentials_id in
+        # GoogleDriveFile fields) so the new user must re-authenticate
+        # with their own account
+        for node in graph.nodes:
+            if not node.input_default:
+                continue
+            for key, value in node.input_default.items():
+                if isinstance(value, dict) and "_credentials_id" in value:
+                    del value["_credentials_id"]
+
     def validate_graph(
         self,
         for_run: bool = False,

autogpt_platform/backend/backend/data/graph_test.py

@@ -462,3 +462,329 @@ def test_node_credentials_optional_with_other_metadata():
     assert node.credentials_optional is True
     assert node.metadata["position"] == {"x": 100, "y": 200}
     assert node.metadata["customized_name"] == "My Custom Node"
+
+
+# ============================================================================
+# Tests for CredentialsFieldInfo.combine() field propagation
+def test_combine_preserves_is_auto_credential_flag():
+    """
+    CredentialsFieldInfo.combine() must propagate is_auto_credential and
+    input_field_name to the combined result. Regression test for reviewer
+    finding that combine() dropped these fields.
+    """
+    from backend.data.model import CredentialsFieldInfo
+
+    auto_field = CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["google"],
+            "credentials_types": ["oauth2"],
+            "credentials_scopes": ["drive.readonly"],
+            "is_auto_credential": True,
+            "input_field_name": "spreadsheet",
+        },
+        by_alias=True,
+    )
+
+    # combine() takes *args of (field_info, key) tuples
+    combined = CredentialsFieldInfo.combine(
+        (auto_field, ("node-1", "credentials")),
+        (auto_field, ("node-2", "credentials")),
+    )
+
+    assert len(combined) == 1
+    group_key = next(iter(combined))
+    combined_info, combined_keys = combined[group_key]
+
+    assert combined_info.is_auto_credential is True
+    assert combined_info.input_field_name == "spreadsheet"
+    assert combined_keys == {("node-1", "credentials"), ("node-2", "credentials")}
+
+
+def test_combine_preserves_regular_credential_defaults():
+    """Regular credentials should have is_auto_credential=False after combine()."""
+    from backend.data.model import CredentialsFieldInfo
+
+    regular_field = CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["github"],
+            "credentials_types": ["api_key"],
+            "is_auto_credential": False,
+        },
+        by_alias=True,
+    )
+
+    combined = CredentialsFieldInfo.combine(
+        (regular_field, ("node-1", "credentials")),
+    )
+
+    group_key = next(iter(combined))
+    combined_info, _ = combined[group_key]
+
+    assert combined_info.is_auto_credential is False
+    assert combined_info.input_field_name is None
+
+
+# ============================================================================
+# Tests for _reassign_ids credential clearing (Fix 3: SECRT-1772)
+
+
+def test_reassign_ids_clears_credentials_id():
+    """
+    [SECRT-1772] _reassign_ids should clear _credentials_id from
+    GoogleDriveFile-style input_default fields so forked agents
+    don't retain the original creator's credential references.
+    """
+    from backend.data.graph import GraphModel
+
+    node = Node(
+        id="node-1",
+        block_id=StoreValueBlock().id,
+        input_default={
+            "spreadsheet": {
+                "_credentials_id": "original-cred-id",
+                "id": "file-123",
+                "name": "test.xlsx",
+                "mimeType": "application/vnd.google-apps.spreadsheet",
+                "url": "https://docs.google.com/spreadsheets/d/file-123",
+            },
+        },
+    )
+
+    graph = Graph(
+        id="test-graph",
+        name="Test",
+        description="Test",
+        nodes=[node],
+        links=[],
+    )
+
+    GraphModel._reassign_ids(graph, user_id="new-user", graph_id_map={})
+
+    # _credentials_id key should be removed (not set to None) so that
+    # _acquire_auto_credentials correctly errors instead of treating it as chained data
+    assert "_credentials_id" not in graph.nodes[0].input_default["spreadsheet"]
+
+
+def test_reassign_ids_preserves_non_credential_fields():
+    """
+    Regression guard: _reassign_ids should NOT modify non-credential fields
+    like name, mimeType, id, url.
+    """
+    from backend.data.graph import GraphModel
+
+    node = Node(
+        id="node-1",
+        block_id=StoreValueBlock().id,
+        input_default={
+            "spreadsheet": {
+                "_credentials_id": "cred-abc",
+                "id": "file-123",
+                "name": "test.xlsx",
+                "mimeType": "application/vnd.google-apps.spreadsheet",
+                "url": "https://docs.google.com/spreadsheets/d/file-123",
+            },
+        },
+    )
+
+    graph = Graph(
+        id="test-graph",
+        name="Test",
+        description="Test",
+        nodes=[node],
+        links=[],
+    )
+
+    GraphModel._reassign_ids(graph, user_id="new-user", graph_id_map={})
+
+    field = graph.nodes[0].input_default["spreadsheet"]
+    assert field["id"] == "file-123"
+    assert field["name"] == "test.xlsx"
+    assert field["mimeType"] == "application/vnd.google-apps.spreadsheet"
+    assert field["url"] == "https://docs.google.com/spreadsheets/d/file-123"
+
+
+def test_reassign_ids_handles_no_credentials():
+    """
+    Regression guard: _reassign_ids should not error when input_default
+    has no dict fields with _credentials_id.
+    """
+    from backend.data.graph import GraphModel
+
+    node = Node(
+        id="node-1",
+        block_id=StoreValueBlock().id,
+        input_default={
+            "input": "some value",
+            "another_input": 42,
+        },
+    )
+
+    graph = Graph(
+        id="test-graph",
+        name="Test",
+        description="Test",
+        nodes=[node],
+        links=[],
+    )
+
+    GraphModel._reassign_ids(graph, user_id="new-user", graph_id_map={})
+
+    # Should not error, fields unchanged
+    assert graph.nodes[0].input_default["input"] == "some value"
+    assert graph.nodes[0].input_default["another_input"] == 42
+
+
+def test_reassign_ids_handles_multiple_credential_fields():
+    """
+    [SECRT-1772] When a node has multiple dict fields with _credentials_id,
+    ALL of them should be cleared.
+    """
+    from backend.data.graph import GraphModel
+
+    node = Node(
+        id="node-1",
+        block_id=StoreValueBlock().id,
+        input_default={
+            "spreadsheet": {
+                "_credentials_id": "cred-1",
+                "id": "file-1",
+                "name": "file1.xlsx",
+            },
+            "doc_file": {
+                "_credentials_id": "cred-2",
+                "id": "file-2",
+                "name": "file2.docx",
+            },
+            "plain_input": "not a dict",
+        },
+    )
+
+    graph = Graph(
+        id="test-graph",
+        name="Test",
+        description="Test",
+        nodes=[node],
+        links=[],
+    )
+
+    GraphModel._reassign_ids(graph, user_id="new-user", graph_id_map={})
+
+    assert "_credentials_id" not in graph.nodes[0].input_default["spreadsheet"]
+    assert "_credentials_id" not in graph.nodes[0].input_default["doc_file"]
+    assert graph.nodes[0].input_default["plain_input"] == "not a dict"
+
+
+# ============================================================================
+# Tests for discriminate() field propagation
+def test_discriminate_preserves_is_auto_credential_flag():
+    """
+    CredentialsFieldInfo.discriminate() must propagate is_auto_credential and
+    input_field_name to the discriminated result. Regression test for
+    discriminate() dropping these fields (same class of bug as combine()).
+    """
+    from backend.data.model import CredentialsFieldInfo
+
+    auto_field = CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["google", "openai"],
+            "credentials_types": ["oauth2"],
+            "credentials_scopes": ["drive.readonly"],
+            "is_auto_credential": True,
+            "input_field_name": "spreadsheet",
+            "discriminator": "model",
+            "discriminator_mapping": {"gpt-4": "openai", "gemini": "google"},
+        },
+        by_alias=True,
+    )
+
+    discriminated = auto_field.discriminate("gemini")
+
+    assert discriminated.is_auto_credential is True
+    assert discriminated.input_field_name == "spreadsheet"
+    assert discriminated.provider == frozenset(["google"])
+
+
+def test_discriminate_preserves_regular_credential_defaults():
+    """Regular credentials should have is_auto_credential=False after discriminate()."""
+    from backend.data.model import CredentialsFieldInfo
+
+    regular_field = CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["google", "openai"],
+            "credentials_types": ["api_key"],
+            "is_auto_credential": False,
+            "discriminator": "model",
+            "discriminator_mapping": {"gpt-4": "openai", "gemini": "google"},
+        },
+        by_alias=True,
+    )
+
+    discriminated = regular_field.discriminate("gpt-4")
+
+    assert discriminated.is_auto_credential is False
+    assert discriminated.input_field_name is None
+    assert discriminated.provider == frozenset(["openai"])
+
+
+# ============================================================================
+# Tests for credentials_input_schema excluding auto_credentials
+def test_credentials_input_schema_excludes_auto_creds():
+    """
+    GraphModel.credentials_input_schema should exclude auto_credentials
+    (is_auto_credential=True) from the schema. Auto_credentials are
+    transparently resolved at execution time via file picker data.
+    """
+    from datetime import datetime, timezone
+    from unittest.mock import PropertyMock, patch
+
+    from backend.data.graph import GraphModel, NodeModel
+    from backend.data.model import CredentialsFieldInfo
+
+    regular_field_info = CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["github"],
+            "credentials_types": ["api_key"],
+            "is_auto_credential": False,
+        },
+        by_alias=True,
+    )
+
+    graph = GraphModel(
+        id="test-graph",
+        version=1,
+        name="Test",
+        description="Test",
+        user_id="test-user",
+        created_at=datetime.now(timezone.utc),
+        nodes=[
+            NodeModel(
+                id="node-1",
+                block_id=StoreValueBlock().id,
+                input_default={},
+                graph_id="test-graph",
+                graph_version=1,
+            ),
+        ],
+        links=[],
+    )
+
+    # Mock regular_credentials_inputs to return only the non-auto field (3-tuple)
+    regular_only = {
+        "github_credentials": (
+            regular_field_info,
+            {("node-1", "credentials")},
+            True,
+        ),
+    }
+
+    with patch.object(
+        type(graph),
+        "regular_credentials_inputs",
+        new_callable=PropertyMock,
+        return_value=regular_only,
+    ):
+        schema = graph.credentials_input_schema
+        field_names = set(schema.get("properties", {}).keys())
+        # Should include regular credential but NOT auto_credential
+        assert "github_credentials" in field_names
+        assert "google_credentials" not in field_names

autogpt_platform/backend/backend/data/model.py

@@ -574,6 +574,8 @@ class CredentialsFieldInfo(BaseModel, Generic[CP, CT]):
     discriminator: Optional[str] = None
     discriminator_mapping: Optional[dict[str, CP]] = None
     discriminator_values: set[Any] = Field(default_factory=set)
+    is_auto_credential: bool = False
+    input_field_name: Optional[str] = None
 
     @classmethod
     def combine(
@@ -654,6 +656,9 @@ class CredentialsFieldInfo(BaseModel, Generic[CP, CT]):
                 + "_credentials"
             )
 
+            # Propagate is_auto_credential from the combined field.
+            # All fields in a group should share the same is_auto_credential
+            # value since auto and regular credentials serve different purposes.
             result[group_key] = (
                 CredentialsFieldInfo[CP, CT](
                     credentials_provider=combined.provider,
@@ -662,6 +667,8 @@ class CredentialsFieldInfo(BaseModel, Generic[CP, CT]):
                     discriminator=combined.discriminator,
                     discriminator_mapping=combined.discriminator_mapping,
                     discriminator_values=set(all_discriminator_values),
+                    is_auto_credential=combined.is_auto_credential,
+                    input_field_name=combined.input_field_name,
                 ),
                 combined_keys,
             )
@@ -687,6 +694,8 @@ class CredentialsFieldInfo(BaseModel, Generic[CP, CT]):
             discriminator=self.discriminator,
             discriminator_mapping=self.discriminator_mapping,
             discriminator_values=self.discriminator_values,
+            is_auto_credential=self.is_auto_credential,
+            input_field_name=self.input_field_name,
         )
 
 

autogpt_platform/backend/backend/executor/manager.py

@@ -168,6 +168,81 @@ def execute_graph(
 T = TypeVar("T")
 
 
+async def _acquire_auto_credentials(
+    input_model: type[BlockSchema],
+    input_data: dict[str, Any],
+    creds_manager: "IntegrationCredentialsManager",
+    user_id: str,
+) -> tuple[dict[str, Any], list[AsyncRedisLock]]:
+    """
+    Resolve auto_credentials from GoogleDriveFileField-style inputs.
+
+    Returns:
+        (extra_exec_kwargs, locks): kwargs to inject into block execution, and
+        credential locks to release after execution completes.
+    """
+    extra_exec_kwargs: dict[str, Any] = {}
+    locks: list[AsyncRedisLock] = []
+
+    # NOTE: If a block ever has multiple auto-credential fields, a ValueError
+    # on a later field will strand locks acquired for earlier fields. They'll
+    # auto-expire via Redis TTL, but add a try/except to release partial locks
+    # if that becomes a real scenario.
+    for kwarg_name, info in input_model.get_auto_credentials_fields().items():
+        field_name = info["field_name"]
+        field_data = input_data.get(field_name)
+
+        if field_data and isinstance(field_data, dict):
+            # Check if _credentials_id key exists in the field data
+            if "_credentials_id" in field_data:
+                cred_id = field_data["_credentials_id"]
+                if cred_id:
+                    # Credential ID provided - acquire credentials
+                    provider = info.get("config", {}).get(
+                        "provider", "external service"
+                    )
+                    file_name = field_data.get("name", "selected file")
+                    try:
+                        credentials, lock = await creds_manager.acquire(
+                            user_id, cred_id
+                        )
+                        locks.append(lock)
+                        extra_exec_kwargs[kwarg_name] = credentials
+                    except ValueError:
+                        raise ValueError(
+                            f"{provider.capitalize()} credentials for "
+                            f"'{file_name}' in field '{field_name}' are not "
+                            f"available in your account. "
+                            f"This can happen if the agent was created by another "
+                            f"user or the credentials were deleted. "
+                            f"Please open the agent in the builder and re-select "
+                            f"the file to authenticate with your own account."
+                        )
+                # else: _credentials_id is explicitly None, skip (chained data)
+            else:
+                # _credentials_id key missing entirely - this is an error
+                provider = info.get("config", {}).get("provider", "external service")
+                file_name = field_data.get("name", "selected file")
+                raise ValueError(
+                    f"Authentication missing for '{file_name}' in field "
+                    f"'{field_name}'. Please re-select the file to authenticate "
+                    f"with {provider.capitalize()}."
+                )
+        elif field_data is None and field_name not in input_data:
+            # Field not in input_data at all = connected from upstream block, skip
+            pass
+        else:
+            # field_data is None/empty but key IS in input_data = user didn't select
+            provider = info.get("config", {}).get("provider", "external service")
+            raise ValueError(
+                f"No file selected for '{field_name}'. "
+                f"Please select a file to provide "
+                f"{provider.capitalize()} authentication."
+            )
+
+    return extra_exec_kwargs, locks
+
+
 async def execute_node(
     node: Node,
     data: NodeExecutionEntry,
@@ -270,41 +345,14 @@ async def execute_node(
         extra_exec_kwargs[field_name] = credentials
 
     # Handle auto-generated credentials (e.g., from GoogleDriveFileInput)
-    for kwarg_name, info in input_model.get_auto_credentials_fields().items():
-        field_name = info["field_name"]
-        field_data = input_data.get(field_name)
-        if field_data and isinstance(field_data, dict):
-            # Check if _credentials_id key exists in the field data
-            if "_credentials_id" in field_data:
-                cred_id = field_data["_credentials_id"]
-                if cred_id:
-                    # Credential ID provided - acquire credentials
-                    provider = info.get("config", {}).get(
-                        "provider", "external service"
-                    )
-                    file_name = field_data.get("name", "selected file")
-                    try:
-                        credentials, lock = await creds_manager.acquire(
-                            user_id, cred_id
-                        )
-                        creds_locks.append(lock)
-                        extra_exec_kwargs[kwarg_name] = credentials
-                    except ValueError:
-                        # Credential was deleted or doesn't exist
-                        raise ValueError(
-                            f"Authentication expired for '{file_name}' in field '{field_name}'. "
-                            f"The saved {provider.capitalize()} credentials no longer exist. "
-                            f"Please re-select the file to re-authenticate."
-                        )
-                # else: _credentials_id is explicitly None, skip credentials (for chained data)
-            else:
-                # _credentials_id key missing entirely - this is an error
-                provider = info.get("config", {}).get("provider", "external service")
-                file_name = field_data.get("name", "selected file")
-                raise ValueError(
-                    f"Authentication missing for '{file_name}' in field '{field_name}'. "
-                    f"Please re-select the file to authenticate with {provider.capitalize()}."
-                )
+    auto_extra_kwargs, auto_locks = await _acquire_auto_credentials(
+        input_model=input_model,
+        input_data=input_data,
+        creds_manager=creds_manager,
+        user_id=user_id,
+    )
+    extra_exec_kwargs.update(auto_extra_kwargs)
+    creds_locks.extend(auto_locks)
 
     output_size = 0
 

autogpt_platform/backend/backend/executor/manager_auto_credentials_test.py

@@ -0,0 +1,320 @@
+"""
+Tests for auto_credentials handling in execute_node().
+
+These test the _acquire_auto_credentials() helper function extracted from
+execute_node() (manager.py lines 273-308).
+"""
+
+import pytest
+from pytest_mock import MockerFixture
+
+
+@pytest.fixture
+def google_drive_file_data():
+    return {
+        "valid": {
+            "_credentials_id": "cred-id-123",
+            "id": "file-123",
+            "name": "test.xlsx",
+            "mimeType": "application/vnd.google-apps.spreadsheet",
+        },
+        "chained": {
+            "_credentials_id": None,
+            "id": "file-456",
+            "name": "chained.xlsx",
+            "mimeType": "application/vnd.google-apps.spreadsheet",
+        },
+        "missing_key": {
+            "id": "file-789",
+            "name": "bad.xlsx",
+            "mimeType": "application/vnd.google-apps.spreadsheet",
+        },
+    }
+
+
+@pytest.fixture
+def mock_input_model(mocker: MockerFixture):
+    """Create a mock input model with get_auto_credentials_fields() returning one field."""
+    input_model = mocker.MagicMock()
+    input_model.get_auto_credentials_fields.return_value = {
+        "credentials": {
+            "field_name": "spreadsheet",
+            "config": {
+                "provider": "google",
+                "type": "oauth2",
+                "scopes": ["https://www.googleapis.com/auth/drive.readonly"],
+            },
+        }
+    }
+    return input_model
+
+
+@pytest.fixture
+def mock_creds_manager(mocker: MockerFixture):
+    manager = mocker.AsyncMock()
+    mock_lock = mocker.AsyncMock()
+    mock_creds = mocker.MagicMock()
+    mock_creds.id = "cred-id-123"
+    mock_creds.provider = "google"
+    manager.acquire.return_value = (mock_creds, mock_lock)
+    return manager, mock_creds, mock_lock
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_happy_path(
+    mocker: MockerFixture,
+    google_drive_file_data,
+    mock_input_model,
+    mock_creds_manager,
+):
+    """When field_data has a valid _credentials_id, credentials should be acquired."""
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, mock_creds, mock_lock = mock_creds_manager
+    input_data = {"spreadsheet": google_drive_file_data["valid"]}
+
+    extra_kwargs, locks = await _acquire_auto_credentials(
+        input_model=mock_input_model,
+        input_data=input_data,
+        creds_manager=manager,
+        user_id="user-1",
+    )
+
+    manager.acquire.assert_called_once_with("user-1", "cred-id-123")
+    assert extra_kwargs["credentials"] == mock_creds
+    assert mock_lock in locks
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_field_none_static_raises(
+    mocker: MockerFixture,
+    mock_input_model,
+    mock_creds_manager,
+):
+    """
+    [THE BUG FIX TEST — OPEN-2895]
+    When field_data is None and the key IS in input_data (user didn't select a file),
+    should raise ValueError instead of silently skipping.
+    """
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, _, _ = mock_creds_manager
+    # Key is present but value is None = user didn't select a file
+    input_data = {"spreadsheet": None}
+
+    with pytest.raises(ValueError, match="No file selected"):
+        await _acquire_auto_credentials(
+            input_model=mock_input_model,
+            input_data=input_data,
+            creds_manager=manager,
+            user_id="user-1",
+        )
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_field_absent_skips(
+    mocker: MockerFixture,
+    mock_input_model,
+    mock_creds_manager,
+):
+    """
+    When the field key is NOT in input_data at all (upstream connection),
+    should skip without error.
+    """
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, _, _ = mock_creds_manager
+    # Key not present = connected from upstream block
+    input_data = {}
+
+    extra_kwargs, locks = await _acquire_auto_credentials(
+        input_model=mock_input_model,
+        input_data=input_data,
+        creds_manager=manager,
+        user_id="user-1",
+    )
+
+    manager.acquire.assert_not_called()
+    assert "credentials" not in extra_kwargs
+    assert locks == []
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_chained_cred_id_none(
+    mocker: MockerFixture,
+    google_drive_file_data,
+    mock_input_model,
+    mock_creds_manager,
+):
+    """
+    When _credentials_id is explicitly None (chained data from upstream),
+    should skip credential acquisition.
+    """
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, _, _ = mock_creds_manager
+    input_data = {"spreadsheet": google_drive_file_data["chained"]}
+
+    extra_kwargs, locks = await _acquire_auto_credentials(
+        input_model=mock_input_model,
+        input_data=input_data,
+        creds_manager=manager,
+        user_id="user-1",
+    )
+
+    manager.acquire.assert_not_called()
+    assert "credentials" not in extra_kwargs
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_missing_cred_id_key_raises(
+    mocker: MockerFixture,
+    google_drive_file_data,
+    mock_input_model,
+    mock_creds_manager,
+):
+    """
+    When _credentials_id key is missing entirely from field_data dict,
+    should raise ValueError.
+    """
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, _, _ = mock_creds_manager
+    input_data = {"spreadsheet": google_drive_file_data["missing_key"]}
+
+    with pytest.raises(ValueError, match="Authentication missing"):
+        await _acquire_auto_credentials(
+            input_model=mock_input_model,
+            input_data=input_data,
+            creds_manager=manager,
+            user_id="user-1",
+        )
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_ownership_mismatch_error(
+    mocker: MockerFixture,
+    google_drive_file_data,
+    mock_input_model,
+    mock_creds_manager,
+):
+    """
+    [SECRT-1772] When acquire() raises ValueError (credential belongs to another user),
+    the error message should mention 'not available' (not 'expired').
+    """
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, _, _ = mock_creds_manager
+    manager.acquire.side_effect = ValueError(
+        "Credentials #cred-id-123 for user #user-2 not found"
+    )
+    input_data = {"spreadsheet": google_drive_file_data["valid"]}
+
+    with pytest.raises(ValueError, match="not available in your account"):
+        await _acquire_auto_credentials(
+            input_model=mock_input_model,
+            input_data=input_data,
+            creds_manager=manager,
+            user_id="user-2",
+        )
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_deleted_credential_error(
+    mocker: MockerFixture,
+    google_drive_file_data,
+    mock_input_model,
+    mock_creds_manager,
+):
+    """
+    [SECRT-1772] When acquire() raises ValueError (credential was deleted),
+    the error message should mention 'not available' (not 'expired').
+    """
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, _, _ = mock_creds_manager
+    manager.acquire.side_effect = ValueError(
+        "Credentials #cred-id-123 for user #user-1 not found"
+    )
+    input_data = {"spreadsheet": google_drive_file_data["valid"]}
+
+    with pytest.raises(ValueError, match="not available in your account"):
+        await _acquire_auto_credentials(
+            input_model=mock_input_model,
+            input_data=input_data,
+            creds_manager=manager,
+            user_id="user-1",
+        )
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_lock_appended(
+    mocker: MockerFixture,
+    google_drive_file_data,
+    mock_input_model,
+    mock_creds_manager,
+):
+    """Lock from acquire() should be included in returned locks list."""
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, _, mock_lock = mock_creds_manager
+    input_data = {"spreadsheet": google_drive_file_data["valid"]}
+
+    extra_kwargs, locks = await _acquire_auto_credentials(
+        input_model=mock_input_model,
+        input_data=input_data,
+        creds_manager=manager,
+        user_id="user-1",
+    )
+
+    assert len(locks) == 1
+    assert locks[0] is mock_lock
+
+
+@pytest.mark.asyncio
+async def test_auto_credentials_multiple_fields(
+    mocker: MockerFixture,
+    mock_creds_manager,
+):
+    """When there are multiple auto_credentials fields, only valid ones should acquire."""
+    from backend.executor.manager import _acquire_auto_credentials
+
+    manager, mock_creds, mock_lock = mock_creds_manager
+
+    input_model = mocker.MagicMock()
+    input_model.get_auto_credentials_fields.return_value = {
+        "credentials": {
+            "field_name": "spreadsheet",
+            "config": {"provider": "google", "type": "oauth2"},
+        },
+        "credentials2": {
+            "field_name": "doc_file",
+            "config": {"provider": "google", "type": "oauth2"},
+        },
+    }
+
+    input_data = {
+        "spreadsheet": {
+            "_credentials_id": "cred-id-123",
+            "id": "file-1",
+            "name": "file1.xlsx",
+        },
+        "doc_file": {
+            "_credentials_id": None,
+            "id": "file-2",
+            "name": "chained.doc",
+        },
+    }
+
+    extra_kwargs, locks = await _acquire_auto_credentials(
+        input_model=input_model,
+        input_data=input_data,
+        creds_manager=manager,
+        user_id="user-1",
+    )
+
+    # Only the first field should have acquired credentials
+    manager.acquire.assert_called_once_with("user-1", "cred-id-123")
+    assert "credentials" in extra_kwargs
+    assert "credentials2" not in extra_kwargs
+    assert len(locks) == 1

autogpt_platform/backend/backend/executor/utils.py

@@ -254,7 +254,8 @@ async def _validate_node_input_credentials(
 
         # Find any fields of type CredentialsMetaInput
         credentials_fields = block.input_schema.get_credentials_fields()
-        if not credentials_fields:
+        auto_credentials_fields = block.input_schema.get_auto_credentials_fields()
+        if not credentials_fields and not auto_credentials_fields:
             continue
 
         # Track if any credential field is missing for this node
@@ -334,6 +335,47 @@ async def _validate_node_input_credentials(
                 ] = "Invalid credentials: type/provider mismatch"
                 continue
 
+        # Validate auto-credentials (GoogleDriveFileField-based)
+        # These have _credentials_id embedded in the file field data
+        if auto_credentials_fields:
+            for _kwarg_name, info in auto_credentials_fields.items():
+                field_name = info["field_name"]
+                # Check input_default and nodes_input_masks for the field value
+                field_value = node.input_default.get(field_name)
+                if nodes_input_masks and node.id in nodes_input_masks:
+                    field_value = nodes_input_masks[node.id].get(
+                        field_name, field_value
+                    )
+
+                if field_value and isinstance(field_value, dict):
+                    if "_credentials_id" not in field_value:
+                        # Key removed (e.g., on fork) — needs re-auth
+                        has_missing_credentials = True
+                        credential_errors[node.id][field_name] = (
+                            "Authentication missing for the selected file. "
+                            "Please re-select the file to authenticate with "
+                            "your own account."
+                        )
+                        continue
+                    cred_id = field_value.get("_credentials_id")
+                    if cred_id and isinstance(cred_id, str):
+                        try:
+                            creds_store = get_integration_credentials_store()
+                            creds = await creds_store.get_creds_by_id(user_id, cred_id)
+                        except Exception as e:
+                            has_missing_credentials = True
+                            credential_errors[node.id][
+                                field_name
+                            ] = f"Credentials not available: {e}"
+                            continue
+                        if not creds:
+                            has_missing_credentials = True
+                            credential_errors[node.id][field_name] = (
+                                "The saved credentials are not available "
+                                "for your account. Please re-select the file to "
+                                "authenticate with your own account."
+                            )
+
         # If node has optional credentials and any are missing, mark for skipping
         # But only if there are no other errors for this node
         if (
@@ -365,8 +407,9 @@ def make_node_credentials_input_map(
     """
     result: dict[str, dict[str, JsonValue]] = {}
 
-    # Get aggregated credentials fields for the graph
-    graph_cred_inputs = graph.aggregate_credentials_inputs()
+    # Only map regular credentials (not auto_credentials, which are resolved
+    # at execution time from _credentials_id in file field data)
+    graph_cred_inputs = graph.regular_credentials_inputs
 
     for graph_input_name, (_, compatible_node_fields, _) in graph_cred_inputs.items():
         # Best-effort map: skip missing items

autogpt_platform/backend/backend/executor/utils_test.py

@@ -907,3 +907,335 @@ async def test_stop_graph_execution_cascades_to_child_with_reviews(
 
     # Verify both parent and child status updates
     assert mock_execution_db.update_graph_execution_stats.call_count >= 1
+
+
+# ============================================================================
+# Tests for auto_credentials validation in _validate_node_input_credentials
+# (Fix 3: SECRT-1772 + Fix 4: Path 4)
+# ============================================================================
+
+
+@pytest.mark.asyncio
+async def test_validate_node_input_credentials_auto_creds_valid(
+    mocker: MockerFixture,
+):
+    """
+    [SECRT-1772] When a node has auto_credentials with a valid _credentials_id
+    that exists in the store, validation should pass without errors.
+    """
+    from backend.executor.utils import _validate_node_input_credentials
+
+    mock_node = mocker.MagicMock()
+    mock_node.id = "node-with-auto-creds"
+    mock_node.credentials_optional = False
+    mock_node.input_default = {
+        "spreadsheet": {
+            "_credentials_id": "valid-cred-id",
+            "id": "file-123",
+            "name": "test.xlsx",
+        }
+    }
+
+    mock_block = mocker.MagicMock()
+    # No regular credentials fields
+    mock_block.input_schema.get_credentials_fields.return_value = {}
+    # Has auto_credentials fields
+    mock_block.input_schema.get_auto_credentials_fields.return_value = {
+        "credentials": {
+            "field_name": "spreadsheet",
+            "config": {"provider": "google", "type": "oauth2"},
+        }
+    }
+    mock_node.block = mock_block
+
+    mock_graph = mocker.MagicMock()
+    mock_graph.nodes = [mock_node]
+
+    # Mock the credentials store to return valid credentials
+    mock_store = mocker.MagicMock()
+    mock_creds = mocker.MagicMock()
+    mock_creds.id = "valid-cred-id"
+    mock_store.get_creds_by_id = mocker.AsyncMock(return_value=mock_creds)
+    mocker.patch(
+        "backend.executor.utils.get_integration_credentials_store",
+        return_value=mock_store,
+    )
+
+    errors, nodes_to_skip = await _validate_node_input_credentials(
+        graph=mock_graph,
+        user_id="test-user",
+        nodes_input_masks=None,
+    )
+
+    assert mock_node.id not in errors
+    assert mock_node.id not in nodes_to_skip
+
+
+@pytest.mark.asyncio
+async def test_validate_node_input_credentials_auto_creds_missing(
+    mocker: MockerFixture,
+):
+    """
+    [SECRT-1772] When a node has auto_credentials with a _credentials_id
+    that doesn't exist for the current user, validation should report an error.
+    """
+    from backend.executor.utils import _validate_node_input_credentials
+
+    mock_node = mocker.MagicMock()
+    mock_node.id = "node-with-bad-auto-creds"
+    mock_node.credentials_optional = False
+    mock_node.input_default = {
+        "spreadsheet": {
+            "_credentials_id": "other-users-cred-id",
+            "id": "file-123",
+            "name": "test.xlsx",
+        }
+    }
+
+    mock_block = mocker.MagicMock()
+    mock_block.input_schema.get_credentials_fields.return_value = {}
+    mock_block.input_schema.get_auto_credentials_fields.return_value = {
+        "credentials": {
+            "field_name": "spreadsheet",
+            "config": {"provider": "google", "type": "oauth2"},
+        }
+    }
+    mock_node.block = mock_block
+
+    mock_graph = mocker.MagicMock()
+    mock_graph.nodes = [mock_node]
+
+    # Mock the credentials store to return None (cred not found for this user)
+    mock_store = mocker.MagicMock()
+    mock_store.get_creds_by_id = mocker.AsyncMock(return_value=None)
+    mocker.patch(
+        "backend.executor.utils.get_integration_credentials_store",
+        return_value=mock_store,
+    )
+
+    errors, nodes_to_skip = await _validate_node_input_credentials(
+        graph=mock_graph,
+        user_id="different-user",
+        nodes_input_masks=None,
+    )
+
+    assert mock_node.id in errors
+    assert "spreadsheet" in errors[mock_node.id]
+    assert "not available" in errors[mock_node.id]["spreadsheet"].lower()
+
+
+@pytest.mark.asyncio
+async def test_validate_node_input_credentials_both_regular_and_auto(
+    mocker: MockerFixture,
+):
+    """
+    [SECRT-1772] A node that has BOTH regular credentials AND auto_credentials
+    should have both validated.
+    """
+    from backend.executor.utils import _validate_node_input_credentials
+
+    mock_node = mocker.MagicMock()
+    mock_node.id = "node-with-both-creds"
+    mock_node.credentials_optional = False
+    mock_node.input_default = {
+        "credentials": {
+            "id": "regular-cred-id",
+            "provider": "github",
+            "type": "api_key",
+        },
+        "spreadsheet": {
+            "_credentials_id": "auto-cred-id",
+            "id": "file-123",
+            "name": "test.xlsx",
+        },
+    }
+
+    mock_credentials_field_type = mocker.MagicMock()
+    mock_credentials_meta = mocker.MagicMock()
+    mock_credentials_meta.id = "regular-cred-id"
+    mock_credentials_meta.provider = "github"
+    mock_credentials_meta.type = "api_key"
+    mock_credentials_field_type.model_validate.return_value = mock_credentials_meta
+
+    mock_block = mocker.MagicMock()
+    # Regular credentials field
+    mock_block.input_schema.get_credentials_fields.return_value = {
+        "credentials": mock_credentials_field_type,
+    }
+    # Auto-credentials field
+    mock_block.input_schema.get_auto_credentials_fields.return_value = {
+        "auto_credentials": {
+            "field_name": "spreadsheet",
+            "config": {"provider": "google", "type": "oauth2"},
+        }
+    }
+    mock_node.block = mock_block
+
+    mock_graph = mocker.MagicMock()
+    mock_graph.nodes = [mock_node]
+
+    # Mock the credentials store to return valid credentials for both
+    mock_store = mocker.MagicMock()
+    mock_regular_creds = mocker.MagicMock()
+    mock_regular_creds.id = "regular-cred-id"
+    mock_regular_creds.provider = "github"
+    mock_regular_creds.type = "api_key"
+
+    mock_auto_creds = mocker.MagicMock()
+    mock_auto_creds.id = "auto-cred-id"
+
+    def get_creds_side_effect(user_id, cred_id):
+        if cred_id == "regular-cred-id":
+            return mock_regular_creds
+        elif cred_id == "auto-cred-id":
+            return mock_auto_creds
+        return None
+
+    mock_store.get_creds_by_id = mocker.AsyncMock(side_effect=get_creds_side_effect)
+    mocker.patch(
+        "backend.executor.utils.get_integration_credentials_store",
+        return_value=mock_store,
+    )
+
+    errors, nodes_to_skip = await _validate_node_input_credentials(
+        graph=mock_graph,
+        user_id="test-user",
+        nodes_input_masks=None,
+    )
+
+    # Both should validate successfully - no errors
+    assert mock_node.id not in errors
+    assert mock_node.id not in nodes_to_skip
+
+
+@pytest.mark.asyncio
+async def test_validate_node_input_credentials_auto_creds_skipped_when_none(
+    mocker: MockerFixture,
+):
+    """
+    When a node has auto_credentials but the field value has _credentials_id=None
+    (e.g., from upstream connection), validation should skip it without error.
+    """
+    from backend.executor.utils import _validate_node_input_credentials
+
+    mock_node = mocker.MagicMock()
+    mock_node.id = "node-with-chained-auto-creds"
+    mock_node.credentials_optional = False
+    mock_node.input_default = {
+        "spreadsheet": {
+            "_credentials_id": None,
+            "id": "file-123",
+            "name": "test.xlsx",
+        }
+    }
+
+    mock_block = mocker.MagicMock()
+    mock_block.input_schema.get_credentials_fields.return_value = {}
+    mock_block.input_schema.get_auto_credentials_fields.return_value = {
+        "credentials": {
+            "field_name": "spreadsheet",
+            "config": {"provider": "google", "type": "oauth2"},
+        }
+    }
+    mock_node.block = mock_block
+
+    mock_graph = mocker.MagicMock()
+    mock_graph.nodes = [mock_node]
+
+    errors, nodes_to_skip = await _validate_node_input_credentials(
+        graph=mock_graph,
+        user_id="test-user",
+        nodes_input_masks=None,
+    )
+
+    # No error - chained data with None cred_id is valid
+    assert mock_node.id not in errors
+
+
+# ============================================================================
+# Tests for CredentialsFieldInfo auto_credential tag (Fix 4: Path 4)
+# ============================================================================
+
+
+def test_credentials_field_info_auto_credential_tag():
+    """
+    [Path 4] CredentialsFieldInfo should support is_auto_credential and
+    input_field_name fields for distinguishing auto from regular credentials.
+    """
+    from backend.data.model import CredentialsFieldInfo
+
+    # Regular credential should have is_auto_credential=False by default
+    regular = CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["github"],
+            "credentials_types": ["api_key"],
+        },
+        by_alias=True,
+    )
+    assert regular.is_auto_credential is False
+    assert regular.input_field_name is None
+
+    # Auto credential should have is_auto_credential=True
+    auto = CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["google"],
+            "credentials_types": ["oauth2"],
+            "is_auto_credential": True,
+            "input_field_name": "spreadsheet",
+        },
+        by_alias=True,
+    )
+    assert auto.is_auto_credential is True
+    assert auto.input_field_name == "spreadsheet"
+
+
+def test_make_node_credentials_input_map_excludes_auto_creds(
+    mocker: MockerFixture,
+):
+    """
+    [Path 4] make_node_credentials_input_map should only include regular credentials,
+    not auto_credentials (which are resolved at execution time).
+    """
+    from backend.data.model import CredentialsFieldInfo, CredentialsMetaInput
+    from backend.executor.utils import make_node_credentials_input_map
+    from backend.integrations.providers import ProviderName
+
+    # Create a mock graph with aggregate_credentials_inputs that returns
+    # both regular and auto credentials
+    mock_graph = mocker.MagicMock()
+
+    regular_field_info = CredentialsFieldInfo.model_validate(
+        {
+            "credentials_provider": ["github"],
+            "credentials_types": ["api_key"],
+            "is_auto_credential": False,
+        },
+        by_alias=True,
+    )
+
+    # Mock regular_credentials_inputs property (auto_credentials are excluded)
+    mock_graph.regular_credentials_inputs = {
+        "github_creds": (regular_field_info, {("node-1", "credentials")}, True),
+    }
+
+    graph_credentials_input = {
+        "github_creds": CredentialsMetaInput(
+            id="cred-123",
+            provider=ProviderName("github"),
+            type="api_key",
+        ),
+    }
+
+    result = make_node_credentials_input_map(mock_graph, graph_credentials_input)
+
+    # Regular credentials should be mapped
+    assert "node-1" in result
+    assert "credentials" in result["node-1"]
+
+    # Auto credentials should NOT appear in the result
+    # (they would have been mapped to the kwarg_name "credentials" not "spreadsheet")
+    for node_id, fields in result.items():
+        for field_name, value in fields.items():
+            # Verify no auto-credential phantom entries
+            if isinstance(value, dict):
+                assert "_credentials_id" not in value

autogpt_platform/backend/backend/util/sandbox_files.py

@@ -0,0 +1,288 @@
+"""
+Shared utilities for extracting and storing files from E2B sandboxes.
+
+This module provides common file extraction and workspace storage functionality
+for blocks that run code in E2B sandboxes (Claude Code, Code Executor, etc.).
+"""
+
+import base64
+import logging
+import mimetypes
+import shlex
+from dataclasses import dataclass
+from typing import TYPE_CHECKING
+
+from pydantic import BaseModel
+
+from backend.util.file import store_media_file
+from backend.util.type import MediaFileType
+
+if TYPE_CHECKING:
+    from e2b import AsyncSandbox as BaseAsyncSandbox
+
+    from backend.executor.utils import ExecutionContext
+
+logger = logging.getLogger(__name__)
+
+# Text file extensions that can be safely read and stored as text
+TEXT_EXTENSIONS = {
+    ".txt",
+    ".md",
+    ".html",
+    ".htm",
+    ".css",
+    ".js",
+    ".ts",
+    ".jsx",
+    ".tsx",
+    ".json",
+    ".xml",
+    ".yaml",
+    ".yml",
+    ".toml",
+    ".ini",
+    ".cfg",
+    ".conf",
+    ".py",
+    ".rb",
+    ".php",
+    ".java",
+    ".c",
+    ".cpp",
+    ".h",
+    ".hpp",
+    ".cs",
+    ".go",
+    ".rs",
+    ".swift",
+    ".kt",
+    ".scala",
+    ".sh",
+    ".bash",
+    ".zsh",
+    ".sql",
+    ".graphql",
+    ".env",
+    ".gitignore",
+    ".dockerfile",
+    "Dockerfile",
+    ".vue",
+    ".svelte",
+    ".astro",
+    ".mdx",
+    ".rst",
+    ".tex",
+    ".csv",
+    ".log",
+}
+
+
+class SandboxFileOutput(BaseModel):
+    """A file extracted from a sandbox and optionally stored in workspace."""
+
+    path: str
+    """Full path in the sandbox."""
+
+    relative_path: str
+    """Path relative to the working directory."""
+
+    name: str
+    """Filename only."""
+
+    content: str
+    """File content as text (for backward compatibility)."""
+
+    workspace_ref: str | None = None
+    """Workspace reference (workspace://{id}#mime) if stored, None otherwise."""
+
+
+@dataclass
+class ExtractedFile:
+    """Internal representation of an extracted file before storage."""
+
+    path: str
+    relative_path: str
+    name: str
+    content: bytes
+    is_text: bool
+
+
+async def extract_sandbox_files(
+    sandbox: "BaseAsyncSandbox",
+    working_directory: str,
+    since_timestamp: str | None = None,
+    text_only: bool = True,
+) -> list[ExtractedFile]:
+    """
+    Extract files from an E2B sandbox.
+
+    Args:
+        sandbox: The E2B sandbox instance
+        working_directory: Directory to search for files
+        since_timestamp: ISO timestamp - only return files modified after this time
+        text_only: If True, only extract text files (default). If False, extract all files.
+
+    Returns:
+        List of ExtractedFile objects with path, content, and metadata
+    """
+    files: list[ExtractedFile] = []
+
+    try:
+        # Build find command
+        safe_working_dir = shlex.quote(working_directory)
+        timestamp_filter = ""
+        if since_timestamp:
+            timestamp_filter = f"-newermt {shlex.quote(since_timestamp)} "
+
+        find_result = await sandbox.commands.run(
+            f"find {safe_working_dir} -type f "
+            f"{timestamp_filter}"
+            f"-not -path '*/node_modules/*' "
+            f"-not -path '*/.git/*' "
+            f"2>/dev/null"
+        )
+
+        if not find_result.stdout:
+            return files
+
+        for file_path in find_result.stdout.strip().split("\n"):
+            if not file_path:
+                continue
+
+            # Check if it's a text file
+            is_text = any(file_path.endswith(ext) for ext in TEXT_EXTENSIONS)
+
+            # Skip non-text files if text_only mode
+            if text_only and not is_text:
+                continue
+
+            try:
+                # Read file content as bytes
+                content = await sandbox.files.read(file_path, format="bytes")
+                if isinstance(content, str):
+                    content = content.encode("utf-8")
+                elif isinstance(content, bytearray):
+                    content = bytes(content)
+
+                # Extract filename from path
+                file_name = file_path.split("/")[-1]
+
+                # Calculate relative path
+                relative_path = file_path
+                if file_path.startswith(working_directory):
+                    relative_path = file_path[len(working_directory) :]
+                    if relative_path.startswith("/"):
+                        relative_path = relative_path[1:]
+
+                files.append(
+                    ExtractedFile(
+                        path=file_path,
+                        relative_path=relative_path,
+                        name=file_name,
+                        content=content,
+                        is_text=is_text,
+                    )
+                )
+            except Exception as e:
+                logger.debug(f"Failed to read file {file_path}: {e}")
+                continue
+
+    except Exception as e:
+        logger.warning(f"File extraction failed: {e}")
+
+    return files
+
+
+async def store_sandbox_files(
+    extracted_files: list[ExtractedFile],
+    execution_context: "ExecutionContext",
+) -> list[SandboxFileOutput]:
+    """
+    Store extracted sandbox files to workspace and return output objects.
+
+    Args:
+        extracted_files: List of files extracted from sandbox
+        execution_context: Execution context for workspace storage
+
+    Returns:
+        List of SandboxFileOutput objects with workspace refs
+    """
+    outputs: list[SandboxFileOutput] = []
+
+    for file in extracted_files:
+        # Decode content for text files (for backward compat content field)
+        if file.is_text:
+            try:
+                content_str = file.content.decode("utf-8", errors="replace")
+            except Exception:
+                content_str = ""
+        else:
+            content_str = f"[Binary file: {len(file.content)} bytes]"
+
+        # Build data URI (needed for storage and as binary fallback)
+        mime_type = mimetypes.guess_type(file.name)[0] or "application/octet-stream"
+        data_uri = f"data:{mime_type};base64,{base64.b64encode(file.content).decode()}"
+
+        # Try to store in workspace
+        workspace_ref: str | None = None
+        try:
+            result = await store_media_file(
+                file=MediaFileType(data_uri),
+                execution_context=execution_context,
+                return_format="for_block_output",
+            )
+            if result.startswith("workspace://"):
+                workspace_ref = result
+            elif not file.is_text:
+                # Non-workspace context (graph execution): store_media_file
+                # returned a data URI — use it as content so binary data isn't lost.
+                content_str = result
+        except Exception as e:
+            logger.warning(f"Failed to store file {file.name} to workspace: {e}")
+            # For binary files, fall back to data URI to prevent data loss
+            if not file.is_text:
+                content_str = data_uri
+
+        outputs.append(
+            SandboxFileOutput(
+                path=file.path,
+                relative_path=file.relative_path,
+                name=file.name,
+                content=content_str,
+                workspace_ref=workspace_ref,
+            )
+        )
+
+    return outputs
+
+
+async def extract_and_store_sandbox_files(
+    sandbox: "BaseAsyncSandbox",
+    working_directory: str,
+    execution_context: "ExecutionContext",
+    since_timestamp: str | None = None,
+    text_only: bool = True,
+) -> list[SandboxFileOutput]:
+    """
+    Extract files from sandbox and store them in workspace.
+
+    This is the main entry point combining extraction and storage.
+
+    Args:
+        sandbox: The E2B sandbox instance
+        working_directory: Directory to search for files
+        execution_context: Execution context for workspace storage
+        since_timestamp: ISO timestamp - only return files modified after this time
+        text_only: If True, only extract text files
+
+    Returns:
+        List of SandboxFileOutput objects with content and workspace refs
+    """
+    extracted = await extract_sandbox_files(
+        sandbox=sandbox,
+        working_directory=working_directory,
+        since_timestamp=since_timestamp,
+        text_only=text_only,
+    )
+
+    return await store_sandbox_files(extracted, execution_context)

autogpt_platform/backend/backend/util/settings.py

@@ -368,6 +368,10 @@ class Config(UpdateTrackingModel["Config"], BaseSettings):
         default=600,
         description="The timeout in seconds for Agent Generator service requests (includes retries for rate limits)",
     )
+    agentgenerator_use_dummy: bool = Field(
+        default=False,
+        description="Use dummy agent generator responses for testing (bypasses external service)",
+    )
 
     enable_example_blocks: bool = Field(
         default=False,

autogpt_platform/backend/test/agent_generator/test_service.py

@@ -25,6 +25,7 @@ class TestServiceConfiguration:
         """Test that external service is not configured when host is empty."""
         mock_settings = MagicMock()
         mock_settings.config.agentgenerator_host = ""
+        mock_settings.config.agentgenerator_use_dummy = False
 
         with patch.object(service, "_get_settings", return_value=mock_settings):
             assert service.is_external_service_configured() is False

autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/ChatMessagesContainer.tsx

@@ -159,7 +159,7 @@ export const ChatMessagesContainer = ({
 
   return (
     <Conversation className="min-h-0 flex-1">
-      <ConversationContent className="flex min-h-screen flex-1 flex-col gap-6 px-3 py-6">
+      <ConversationContent className="flex flex-1 flex-col gap-6 px-3 py-6">
         {isLoading && messages.length === 0 && (
           <div className="flex min-h-full flex-1 items-center justify-center">
             <LoadingSpinner className="text-neutral-600" />

autogpt_platform/frontend/src/app/(platform)/copilot/hooks/Untitled

@@ -1,10 +0,0 @@
-import { parseAsString, useQueryState } from "nuqs";
-
-export function useCopilotSessionId() {
-  const [urlSessionId, setUrlSessionId] = useQueryState(
-    "sessionId",
-    parseAsString,
-  );
-
-  return { urlSessionId, setUrlSessionId };
-}

autogpt_platform/frontend/src/app/(platform)/copilot/hooks/useLongRunningToolPolling.ts

@@ -0,0 +1,126 @@
+import { getGetV2GetSessionQueryKey } from "@/app/api/__generated__/endpoints/chat/chat";
+import { useQueryClient } from "@tanstack/react-query";
+import type { UIDataTypes, UIMessage, UITools } from "ai";
+import { useCallback, useEffect, useRef } from "react";
+import { convertChatSessionMessagesToUiMessages } from "../helpers/convertChatSessionToUiMessages";
+
+const OPERATING_TYPES = new Set([
+  "operation_started",
+  "operation_pending",
+  "operation_in_progress",
+]);
+
+const POLL_INTERVAL_MS = 1_500;
+
+/**
+ * Detects whether any message contains a tool part whose output indicates
+ * a long-running operation is still in progress.
+ */
+function hasOperatingTool(
+  messages: UIMessage<unknown, UIDataTypes, UITools>[],
+) {
+  for (const msg of messages) {
+    for (const part of msg.parts) {
+      if (!part.type.startsWith("tool-")) continue;
+      const toolPart = part as { output?: unknown };
+      if (!toolPart.output) continue;
+      const output =
+        typeof toolPart.output === "string"
+          ? safeParse(toolPart.output)
+          : toolPart.output;
+      if (
+        output &&
+        typeof output === "object" &&
+        "type" in output &&
+        OPERATING_TYPES.has((output as { type: string }).type)
+      ) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
+function safeParse(value: string): unknown {
+  try {
+    return JSON.parse(value);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Polls the session endpoint while any tool is in an "operating" state
+ * (operation_started / operation_pending / operation_in_progress).
+ *
+ * When the session data shows the tool output has changed (e.g. to
+ * agent_saved), it calls `setMessages` with the updated messages.
+ */
+export function useLongRunningToolPolling(
+  sessionId: string | null,
+  messages: UIMessage<unknown, UIDataTypes, UITools>[],
+  setMessages: (
+    updater: (
+      prev: UIMessage<unknown, UIDataTypes, UITools>[],
+    ) => UIMessage<unknown, UIDataTypes, UITools>[],
+  ) => void,
+) {
+  const queryClient = useQueryClient();
+  const intervalRef = useRef<ReturnType<typeof setInterval> | null>(null);
+
+  const stopPolling = useCallback(() => {
+    if (intervalRef.current) {
+      clearInterval(intervalRef.current);
+      intervalRef.current = null;
+    }
+  }, []);
+
+  const poll = useCallback(async () => {
+    if (!sessionId) return;
+
+    // Invalidate the query cache so the next fetch gets fresh data
+    await queryClient.invalidateQueries({
+      queryKey: getGetV2GetSessionQueryKey(sessionId),
+    });
+
+    // Fetch fresh session data
+    const data = queryClient.getQueryData<{
+      status: number;
+      data: { messages?: unknown[] };
+    }>(getGetV2GetSessionQueryKey(sessionId));
+
+    if (data?.status !== 200 || !data.data.messages) return;
+
+    const freshMessages = convertChatSessionMessagesToUiMessages(
+      sessionId,
+      data.data.messages,
+    );
+
+    if (!freshMessages || freshMessages.length === 0) return;
+
+    // Update when the long-running tool completed
+    if (!hasOperatingTool(freshMessages)) {
+      setMessages(() => freshMessages);
+      stopPolling();
+    }
+  }, [sessionId, queryClient, setMessages, stopPolling]);
+
+  useEffect(() => {
+    const shouldPoll = hasOperatingTool(messages);
+
+    // Always clear any previous interval first so we never leak timers
+    // when the effect re-runs due to dependency changes (e.g. messages
+    // updating as the LLM streams text after the tool call).
+    stopPolling();
+
+    if (shouldPoll && sessionId) {
+      intervalRef.current = setInterval(() => {
+        poll();
+      }, POLL_INTERVAL_MS);
+    }
+
+    return () => {
+      stopPolling();
+    };
+  }, [messages, sessionId, poll, stopPolling]);
+}

autogpt_platform/frontend/src/app/(platform)/copilot/tools/CreateAgent/CreateAgent.tsx

@@ -1,24 +1,30 @@
 "use client";
 
-import { WarningDiamondIcon } from "@phosphor-icons/react";
+import { Button } from "@/components/atoms/Button/Button";
+import { Text } from "@/components/atoms/Text/Text";
+import {
+  BookOpenIcon,
+  CheckFatIcon,
+  PencilSimpleIcon,
+  WarningDiamondIcon,
+} from "@phosphor-icons/react";
 import type { ToolUIPart } from "ai";
+import NextLink from "next/link";
 import { useCopilotChatActions } from "../../components/CopilotChatActionsProvider/useCopilotChatActions";
 import { MorphingTextAnimation } from "../../components/MorphingTextAnimation/MorphingTextAnimation";
-import { ProgressBar } from "../../components/ProgressBar/ProgressBar";
 import {
   ContentCardDescription,
   ContentCodeBlock,
   ContentGrid,
   ContentHint,
-  ContentLink,
   ContentMessage,
 } from "../../components/ToolAccordion/AccordionContent";
 import { ToolAccordion } from "../../components/ToolAccordion/ToolAccordion";
-import { useAsymptoticProgress } from "../../hooks/useAsymptoticProgress";
 import {
   ClarificationQuestionsCard,
   ClarifyingQuestion,
 } from "./components/ClarificationQuestionsCard";
+import { MiniGame } from "./components/MiniGame/MiniGame";
 import {
   AccordionIcon,
   formatMaybeJson,
@@ -52,7 +58,7 @@ function getAccordionMeta(output: CreateAgentToolOutput) {
   const icon = <AccordionIcon />;
 
   if (isAgentSavedOutput(output)) {
-    return { icon, title: output.agent_name };
+    return { icon, title: output.agent_name, expanded: true };
   }
   if (isAgentPreviewOutput(output)) {
     return {
@@ -78,6 +84,7 @@ function getAccordionMeta(output: CreateAgentToolOutput) {
     return {
       icon,
       title: "Creating agent, this may take a few minutes. Sit back and relax.",
+      expanded: true,
     };
   }
   return {
@@ -107,8 +114,6 @@ export function CreateAgentTool({ part }: Props) {
       isOperationPendingOutput(output) ||
       isOperationInProgressOutput(output));
 
-  const progress = useAsymptoticProgress(isOperating);
-
   const hasExpandableContent =
     part.state === "output-available" &&
     !!output &&
@@ -152,31 +157,53 @@ export function CreateAgentTool({ part }: Props) {
         <ToolAccordion {...getAccordionMeta(output)}>
           {isOperating && (
             <ContentGrid>
-              <ProgressBar value={progress} />
+              <MiniGame />
               <ContentHint>
-                This could take a few minutes, grab a coffee ☕
+                This could take a few minutes — play while you wait!
               </ContentHint>
             </ContentGrid>
           )}
 
           {isAgentSavedOutput(output) && (
-            <ContentGrid>
-              <ContentMessage>{output.message}</ContentMessage>
-              <div className="flex flex-wrap gap-2">
-                <ContentLink href={output.library_agent_link}>
-                  Open in library
-                </ContentLink>
-                <ContentLink href={output.agent_page_link}>
-                  Open in builder
-                </ContentLink>
+            <div className="rounded-xl border border-border/60 bg-card p-4 shadow-sm">
+              <div className="flex items-baseline gap-2">
+                <CheckFatIcon
+                  size={18}
+                  weight="regular"
+                  className="relative top-1 text-green-500"
+                />
+                <Text
+                  variant="body-medium"
+                  className="text-blacks mb-2 text-[16px]"
+                >
+                  {output.message}
+                </Text>
               </div>
-              <ContentCodeBlock>
-                {truncateText(
-                  formatMaybeJson({ agent_id: output.agent_id }),
-                  800,
-                )}
-              </ContentCodeBlock>
-            </ContentGrid>
+              <div className="mt-3 flex flex-wrap gap-4">
+                <Button variant="outline" size="small">
+                  <NextLink
+                    href={output.library_agent_link}
+                    className="inline-flex items-center gap-1.5"
+                    target="_blank"
+                    rel="noopener noreferrer"
+                  >
+                    <BookOpenIcon size={14} weight="regular" />
+                    Open in library
+                  </NextLink>
+                </Button>
+                <Button variant="outline" size="small">
+                  <NextLink
+                    href={output.agent_page_link}
+                    target="_blank"
+                    rel="noopener noreferrer"
+                    className="inline-flex items-center gap-1.5"
+                  >
+                    <PencilSimpleIcon size={14} weight="regular" />
+                    Open in builder
+                  </NextLink>
+                </Button>
+              </div>
+            </div>
           )}
 
           {isAgentPreviewOutput(output) && (

autogpt_platform/frontend/src/app/(platform)/copilot/tools/CreateAgent/components/MiniGame/MiniGame.tsx

@@ -0,0 +1,21 @@
+"use client";
+
+import { useMiniGame } from "./useMiniGame";
+
+export function MiniGame() {
+  const { canvasRef } = useMiniGame();
+
+  return (
+    <div
+      className="w-full overflow-hidden rounded-md bg-background text-foreground"
+      style={{ border: "1px solid #d17fff" }}
+    >
+      <canvas
+        ref={canvasRef}
+        tabIndex={0}
+        className="block w-full outline-none"
+        style={{ imageRendering: "pixelated" }}
+      />
+    </div>
+  );
+}

autogpt_platform/frontend/src/app/(platform)/copilot/tools/CreateAgent/components/MiniGame/useMiniGame.ts

@@ -0,0 +1,579 @@
+import { useEffect, useRef } from "react";
+
+/* ------------------------------------------------------------------ */
+/*  Constants                                                         */
+/* ------------------------------------------------------------------ */
+
+const CANVAS_HEIGHT = 150;
+const GRAVITY = 0.55;
+const JUMP_FORCE = -9.5;
+const BASE_SPEED = 3;
+const SPEED_INCREMENT = 0.0008;
+const SPAWN_MIN = 70;
+const SPAWN_MAX = 130;
+const CHAR_SIZE = 18;
+const CHAR_X = 50;
+const GROUND_PAD = 20;
+const STORAGE_KEY = "copilot-minigame-highscore";
+
+// Colors
+const COLOR_BG = "#E8EAF6";
+const COLOR_CHAR = "#263238";
+const COLOR_BOSS = "#F50057";
+
+// Boss
+const BOSS_SIZE = 36;
+const BOSS_ENTER_SPEED = 2;
+const BOSS_LEAVE_SPEED = 3;
+const BOSS_SHOOT_COOLDOWN = 90;
+const BOSS_SHOTS_TO_EVADE = 5;
+const BOSS_INTERVAL = 20; // every N score
+const PROJ_SPEED = 4.5;
+const PROJ_SIZE = 12;
+
+/* ------------------------------------------------------------------ */
+/*  Types                                                             */
+/* ------------------------------------------------------------------ */
+
+interface Obstacle {
+  x: number;
+  width: number;
+  height: number;
+  scored: boolean;
+}
+
+interface Projectile {
+  x: number;
+  y: number;
+  speed: number;
+  evaded: boolean;
+  type: "low" | "high";
+}
+
+interface BossState {
+  phase: "inactive" | "entering" | "fighting" | "leaving";
+  x: number;
+  targetX: number;
+  shotsEvaded: number;
+  cooldown: number;
+  projectiles: Projectile[];
+  bob: number;
+}
+
+interface GameState {
+  charY: number;
+  vy: number;
+  obstacles: Obstacle[];
+  score: number;
+  highScore: number;
+  speed: number;
+  frame: number;
+  nextSpawn: number;
+  running: boolean;
+  over: boolean;
+  groundY: number;
+  boss: BossState;
+  bossThreshold: number;
+}
+
+/* ------------------------------------------------------------------ */
+/*  Helpers                                                           */
+/* ------------------------------------------------------------------ */
+
+function randInt(min: number, max: number) {
+  return Math.floor(Math.random() * (max - min + 1)) + min;
+}
+
+function readHighScore(): number {
+  try {
+    return parseInt(localStorage.getItem(STORAGE_KEY) || "0", 10) || 0;
+  } catch {
+    return 0;
+  }
+}
+
+function writeHighScore(score: number) {
+  try {
+    localStorage.setItem(STORAGE_KEY, String(score));
+  } catch {
+    /* noop */
+  }
+}
+
+function makeBoss(): BossState {
+  return {
+    phase: "inactive",
+    x: 0,
+    targetX: 0,
+    shotsEvaded: 0,
+    cooldown: 0,
+    projectiles: [],
+    bob: 0,
+  };
+}
+
+function makeState(groundY: number): GameState {
+  return {
+    charY: groundY - CHAR_SIZE,
+    vy: 0,
+    obstacles: [],
+    score: 0,
+    highScore: readHighScore(),
+    speed: BASE_SPEED,
+    frame: 0,
+    nextSpawn: randInt(SPAWN_MIN, SPAWN_MAX),
+    running: false,
+    over: false,
+    groundY,
+    boss: makeBoss(),
+    bossThreshold: BOSS_INTERVAL,
+  };
+}
+
+function gameOver(s: GameState) {
+  s.running = false;
+  s.over = true;
+  if (s.score > s.highScore) {
+    s.highScore = s.score;
+    writeHighScore(s.score);
+  }
+}
+
+/* ------------------------------------------------------------------ */
+/*  Projectile collision — shared between fighting & leaving phases   */
+/* ------------------------------------------------------------------ */
+
+/** Returns true if the player died. */
+function tickProjectiles(s: GameState): boolean {
+  const boss = s.boss;
+
+  for (const p of boss.projectiles) {
+    p.x -= p.speed;
+
+    if (!p.evaded && p.x + PROJ_SIZE < CHAR_X) {
+      p.evaded = true;
+      boss.shotsEvaded++;
+    }
+
+    // Collision
+    if (
+      !p.evaded &&
+      CHAR_X + CHAR_SIZE > p.x &&
+      CHAR_X < p.x + PROJ_SIZE &&
+      s.charY + CHAR_SIZE > p.y &&
+      s.charY < p.y + PROJ_SIZE
+    ) {
+      gameOver(s);
+      return true;
+    }
+  }
+
+  boss.projectiles = boss.projectiles.filter((p) => p.x + PROJ_SIZE > -20);
+  return false;
+}
+
+/* ------------------------------------------------------------------ */
+/*  Update                                                            */
+/* ------------------------------------------------------------------ */
+
+function update(s: GameState, canvasWidth: number) {
+  if (!s.running) return;
+
+  s.frame++;
+
+  // Speed only ramps during regular play
+  if (s.boss.phase === "inactive") {
+    s.speed = BASE_SPEED + s.frame * SPEED_INCREMENT;
+  }
+
+  // ---- Character physics (always active) ---- //
+  s.vy += GRAVITY;
+  s.charY += s.vy;
+  if (s.charY + CHAR_SIZE >= s.groundY) {
+    s.charY = s.groundY - CHAR_SIZE;
+    s.vy = 0;
+  }
+
+  // ---- Trigger boss ---- //
+  if (s.boss.phase === "inactive" && s.score >= s.bossThreshold) {
+    s.boss.phase = "entering";
+    s.boss.x = canvasWidth + 10;
+    s.boss.targetX = canvasWidth - BOSS_SIZE - 40;
+    s.boss.shotsEvaded = 0;
+    s.boss.cooldown = BOSS_SHOOT_COOLDOWN;
+    s.boss.projectiles = [];
+    s.obstacles = [];
+  }
+
+  // ---- Boss: entering ---- //
+  if (s.boss.phase === "entering") {
+    s.boss.bob = Math.sin(s.frame * 0.05) * 3;
+    s.boss.x -= BOSS_ENTER_SPEED;
+    if (s.boss.x <= s.boss.targetX) {
+      s.boss.x = s.boss.targetX;
+      s.boss.phase = "fighting";
+    }
+    return; // no obstacles while entering
+  }
+
+  // ---- Boss: fighting ---- //
+  if (s.boss.phase === "fighting") {
+    s.boss.bob = Math.sin(s.frame * 0.05) * 3;
+
+    // Shoot
+    s.boss.cooldown--;
+    if (s.boss.cooldown <= 0) {
+      const isLow = Math.random() < 0.5;
+      s.boss.projectiles.push({
+        x: s.boss.x - PROJ_SIZE,
+        y: isLow ? s.groundY - 14 : s.groundY - 70,
+        speed: PROJ_SPEED,
+        evaded: false,
+        type: isLow ? "low" : "high",
+      });
+      s.boss.cooldown = BOSS_SHOOT_COOLDOWN;
+    }
+
+    if (tickProjectiles(s)) return;
+
+    // Boss defeated?
+    if (s.boss.shotsEvaded >= BOSS_SHOTS_TO_EVADE) {
+      s.boss.phase = "leaving";
+      s.score += 5; // bonus
+      s.bossThreshold = s.score + BOSS_INTERVAL;
+    }
+    return;
+  }
+
+  // ---- Boss: leaving ---- //
+  if (s.boss.phase === "leaving") {
+    s.boss.bob = Math.sin(s.frame * 0.05) * 3;
+    s.boss.x += BOSS_LEAVE_SPEED;
+
+    // Still check in-flight projectiles
+    if (tickProjectiles(s)) return;
+
+    if (s.boss.x > canvasWidth + 50) {
+      s.boss = makeBoss();
+      s.nextSpawn = s.frame + randInt(SPAWN_MIN / 2, SPAWN_MAX / 2);
+    }
+    return;
+  }
+
+  // ---- Regular obstacle play ---- //
+  if (s.frame >= s.nextSpawn) {
+    s.obstacles.push({
+      x: canvasWidth + 10,
+      width: randInt(10, 16),
+      height: randInt(20, 48),
+      scored: false,
+    });
+    s.nextSpawn = s.frame + randInt(SPAWN_MIN, SPAWN_MAX);
+  }
+
+  for (const o of s.obstacles) {
+    o.x -= s.speed;
+    if (!o.scored && o.x + o.width < CHAR_X) {
+      o.scored = true;
+      s.score++;
+    }
+  }
+
+  s.obstacles = s.obstacles.filter((o) => o.x + o.width > -20);
+
+  for (const o of s.obstacles) {
+    const oY = s.groundY - o.height;
+    if (
+      CHAR_X + CHAR_SIZE > o.x &&
+      CHAR_X < o.x + o.width &&
+      s.charY + CHAR_SIZE > oY
+    ) {
+      gameOver(s);
+      return;
+    }
+  }
+}
+
+/* ------------------------------------------------------------------ */
+/*  Drawing                                                           */
+/* ------------------------------------------------------------------ */
+
+function drawBoss(ctx: CanvasRenderingContext2D, s: GameState, bg: string) {
+  const bx = s.boss.x;
+  const by = s.groundY - BOSS_SIZE + s.boss.bob;
+
+  // Body
+  ctx.save();
+  ctx.fillStyle = COLOR_BOSS;
+  ctx.globalAlpha = 0.9;
+  ctx.beginPath();
+  ctx.roundRect(bx, by, BOSS_SIZE, BOSS_SIZE, 4);
+  ctx.fill();
+  ctx.restore();
+
+  // Eyes
+  ctx.save();
+  ctx.fillStyle = bg;
+  const eyeY = by + 13;
+  ctx.beginPath();
+  ctx.arc(bx + 10, eyeY, 4, 0, Math.PI * 2);
+  ctx.fill();
+  ctx.beginPath();
+  ctx.arc(bx + 26, eyeY, 4, 0, Math.PI * 2);
+  ctx.fill();
+  ctx.restore();
+
+  // Angry eyebrows
+  ctx.save();
+  ctx.strokeStyle = bg;
+  ctx.lineWidth = 2;
+  ctx.beginPath();
+  ctx.moveTo(bx + 5, eyeY - 7);
+  ctx.lineTo(bx + 14, eyeY - 4);
+  ctx.stroke();
+  ctx.beginPath();
+  ctx.moveTo(bx + 31, eyeY - 7);
+  ctx.lineTo(bx + 22, eyeY - 4);
+  ctx.stroke();
+  ctx.restore();
+
+  // Zigzag mouth
+  ctx.save();
+  ctx.strokeStyle = bg;
+  ctx.lineWidth = 1.5;
+  ctx.beginPath();
+  ctx.moveTo(bx + 10, by + 27);
+  ctx.lineTo(bx + 14, by + 24);
+  ctx.lineTo(bx + 18, by + 27);
+  ctx.lineTo(bx + 22, by + 24);
+  ctx.lineTo(bx + 26, by + 27);
+  ctx.stroke();
+  ctx.restore();
+}
+
+function drawProjectiles(ctx: CanvasRenderingContext2D, boss: BossState) {
+  ctx.save();
+  ctx.fillStyle = COLOR_BOSS;
+  ctx.globalAlpha = 0.8;
+  for (const p of boss.projectiles) {
+    if (p.evaded) continue;
+    ctx.beginPath();
+    ctx.arc(
+      p.x + PROJ_SIZE / 2,
+      p.y + PROJ_SIZE / 2,
+      PROJ_SIZE / 2,
+      0,
+      Math.PI * 2,
+    );
+    ctx.fill();
+  }
+  ctx.restore();
+}
+
+function draw(
+  ctx: CanvasRenderingContext2D,
+  s: GameState,
+  w: number,
+  h: number,
+  fg: string,
+  started: boolean,
+) {
+  ctx.fillStyle = COLOR_BG;
+  ctx.fillRect(0, 0, w, h);
+
+  // Ground
+  ctx.save();
+  ctx.strokeStyle = fg;
+  ctx.globalAlpha = 0.15;
+  ctx.setLineDash([4, 4]);
+  ctx.beginPath();
+  ctx.moveTo(0, s.groundY);
+  ctx.lineTo(w, s.groundY);
+  ctx.stroke();
+  ctx.restore();
+
+  // Character
+  ctx.save();
+  ctx.fillStyle = COLOR_CHAR;
+  ctx.globalAlpha = 0.85;
+  ctx.beginPath();
+  ctx.roundRect(CHAR_X, s.charY, CHAR_SIZE, CHAR_SIZE, 3);
+  ctx.fill();
+  ctx.restore();
+
+  // Eyes
+  ctx.save();
+  ctx.fillStyle = COLOR_BG;
+  ctx.beginPath();
+  ctx.arc(CHAR_X + 6, s.charY + 7, 2.5, 0, Math.PI * 2);
+  ctx.fill();
+  ctx.beginPath();
+  ctx.arc(CHAR_X + 12, s.charY + 7, 2.5, 0, Math.PI * 2);
+  ctx.fill();
+  ctx.restore();
+
+  // Obstacles
+  ctx.save();
+  ctx.fillStyle = fg;
+  ctx.globalAlpha = 0.55;
+  for (const o of s.obstacles) {
+    ctx.fillRect(o.x, s.groundY - o.height, o.width, o.height);
+  }
+  ctx.restore();
+
+  // Boss + projectiles
+  if (s.boss.phase !== "inactive") {
+    drawBoss(ctx, s, COLOR_BG);
+    drawProjectiles(ctx, s.boss);
+  }
+
+  // Score HUD
+  ctx.save();
+  ctx.fillStyle = fg;
+  ctx.globalAlpha = 0.5;
+  ctx.font = "bold 11px monospace";
+  ctx.textAlign = "right";
+  ctx.fillText(`Score: ${s.score}`, w - 12, 20);
+  ctx.fillText(`Best: ${s.highScore}`, w - 12, 34);
+  if (s.boss.phase === "fighting") {
+    ctx.fillText(
+      `Evade: ${s.boss.shotsEvaded}/${BOSS_SHOTS_TO_EVADE}`,
+      w - 12,
+      48,
+    );
+  }
+  ctx.restore();
+
+  // Prompts
+  if (!started && !s.running && !s.over) {
+    ctx.save();
+    ctx.fillStyle = fg;
+    ctx.globalAlpha = 0.5;
+    ctx.font = "12px sans-serif";
+    ctx.textAlign = "center";
+    ctx.fillText("Click or press Space to play while you wait", w / 2, h / 2);
+    ctx.restore();
+  }
+
+  if (s.over) {
+    ctx.save();
+    ctx.fillStyle = fg;
+    ctx.globalAlpha = 0.7;
+    ctx.font = "bold 13px sans-serif";
+    ctx.textAlign = "center";
+    ctx.fillText("Game Over", w / 2, h / 2 - 8);
+    ctx.font = "11px sans-serif";
+    ctx.fillText("Click or Space to restart", w / 2, h / 2 + 10);
+    ctx.restore();
+  }
+}
+
+/* ------------------------------------------------------------------ */
+/*  Hook                                                              */
+/* ------------------------------------------------------------------ */
+
+export function useMiniGame() {
+  const canvasRef = useRef<HTMLCanvasElement>(null);
+  const stateRef = useRef<GameState | null>(null);
+  const rafRef = useRef(0);
+  const startedRef = useRef(false);
+
+  useEffect(() => {
+    const canvas = canvasRef.current;
+    if (!canvas) return;
+
+    const container = canvas.parentElement;
+    if (container) {
+      canvas.width = container.clientWidth;
+      canvas.height = CANVAS_HEIGHT;
+    }
+
+    const groundY = canvas.height - GROUND_PAD;
+    stateRef.current = makeState(groundY);
+
+    const style = getComputedStyle(canvas);
+    let fg = style.color || "#71717a";
+
+    // -------------------------------------------------------------- //
+    //  Jump                                                           //
+    // -------------------------------------------------------------- //
+    function jump() {
+      const s = stateRef.current;
+      if (!s) return;
+
+      if (s.over) {
+        const hs = s.highScore;
+        const gy = s.groundY;
+        stateRef.current = makeState(gy);
+        stateRef.current.highScore = hs;
+        stateRef.current.running = true;
+        startedRef.current = true;
+        return;
+      }
+
+      if (!s.running) {
+        s.running = true;
+        startedRef.current = true;
+        return;
+      }
+
+      // Only jump when on the ground
+      if (s.charY + CHAR_SIZE >= s.groundY) {
+        s.vy = JUMP_FORCE;
+      }
+    }
+
+    function onKey(e: KeyboardEvent) {
+      if (e.code === "Space" || e.key === " ") {
+        e.preventDefault();
+        jump();
+      }
+    }
+
+    function onClick() {
+      canvas?.focus();
+      jump();
+    }
+
+    // -------------------------------------------------------------- //
+    //  Loop                                                           //
+    // -------------------------------------------------------------- //
+    function loop() {
+      const s = stateRef.current;
+      if (!canvas || !s) return;
+      const ctx = canvas.getContext("2d");
+      if (!ctx) return;
+
+      update(s, canvas.width);
+      draw(ctx, s, canvas.width, canvas.height, fg, startedRef.current);
+      rafRef.current = requestAnimationFrame(loop);
+    }
+
+    rafRef.current = requestAnimationFrame(loop);
+
+    canvas.addEventListener("click", onClick);
+    canvas.addEventListener("keydown", onKey);
+
+    const observer = new ResizeObserver((entries) => {
+      for (const entry of entries) {
+        canvas.width = entry.contentRect.width;
+        canvas.height = CANVAS_HEIGHT;
+        if (stateRef.current) {
+          stateRef.current.groundY = canvas.height - GROUND_PAD;
+        }
+        const cs = getComputedStyle(canvas);
+        fg = cs.color || fg;
+      }
+    });
+    if (container) observer.observe(container);
+
+    return () => {
+      cancelAnimationFrame(rafRef.current);
+      canvas.removeEventListener("click", onClick);
+      canvas.removeEventListener("keydown", onKey);
+      observer.disconnect();
+    };
+  }, []);
+
+  return { canvasRef };
+}

autogpt_platform/frontend/src/app/(platform)/copilot/useCopilotPage.ts

@@ -1,10 +1,14 @@
 import { useGetV2ListSessions } from "@/app/api/__generated__/endpoints/chat/chat";
+import { toast } from "@/components/molecules/Toast/use-toast";
 import { useBreakpoint } from "@/lib/hooks/useBreakpoint";
 import { useSupabase } from "@/lib/supabase/hooks/useSupabase";
 import { useChat } from "@ai-sdk/react";
 import { DefaultChatTransport } from "ai";
-import { useEffect, useMemo, useState } from "react";
+import { useEffect, useMemo, useRef, useState } from "react";
 import { useChatSession } from "./useChatSession";
+import { useLongRunningToolPolling } from "./hooks/useLongRunningToolPolling";
+
+const STREAM_START_TIMEOUT_MS = 12_000;
 
 export function useCopilotPage() {
   const { isUserLoading, isLoggedIn } = useSupabase();
@@ -52,6 +56,24 @@ export function useCopilotPage() {
     transport: transport ?? undefined,
   });
 
+  // Abort the stream if the backend doesn't start sending data within 12s.
+  const stopRef = useRef(stop);
+  stopRef.current = stop;
+  useEffect(() => {
+    if (status !== "submitted") return;
+
+    const timer = setTimeout(() => {
+      stopRef.current();
+      toast({
+        title: "Stream timed out",
+        description: "The server took too long to respond. Please try again.",
+        variant: "destructive",
+      });
+    }, STREAM_START_TIMEOUT_MS);
+
+    return () => clearTimeout(timer);
+  }, [status]);
+
   useEffect(() => {
     if (!hydratedMessages || hydratedMessages.length === 0) return;
     setMessages((prev) => {
@@ -60,6 +82,11 @@ export function useCopilotPage() {
     });
   }, [hydratedMessages, setMessages]);
 
+  // Poll session endpoint when a long-running tool (create_agent, edit_agent)
+  // is in progress. When the backend completes, the session data will contain
+  // the final tool output — this hook detects the change and updates messages.
+  useLongRunningToolPolling(sessionId, messages, setMessages);
+
   // Clear messages when session is null
   useEffect(() => {
     if (!sessionId) setMessages([]);

autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/APIKeyCredentialsModal/APIKeyCredentialsModal.tsx

@@ -30,6 +30,7 @@ export function APIKeyCredentialsModal({
   const {
     form,
     isLoading,
+    isSubmitting,
     supportsApiKey,
     providerName,
     schemaDescription,
@@ -138,7 +139,12 @@ export function APIKeyCredentialsModal({
                 />
               )}
             />
-            <Button type="submit" className="min-w-68">
+            <Button
+              type="submit"
+              className="min-w-68"
+              loading={isSubmitting}
+              disabled={isSubmitting}
+            >
               Add API Key
             </Button>
           </form>

autogpt_platform/frontend/src/components/contextual/CredentialsInput/components/APIKeyCredentialsModal/useAPIKeyCredentialsModal.ts

@@ -4,6 +4,7 @@ import {
   CredentialsMetaInput,
 } from "@/lib/autogpt-server-api/types";
 import { zodResolver } from "@hookform/resolvers/zod";
+import { useState } from "react";
 import { useForm, type UseFormReturn } from "react-hook-form";
 import { z } from "zod";
 
@@ -26,6 +27,7 @@ export function useAPIKeyCredentialsModal({
 }: Args): {
   form: UseFormReturn<APIKeyFormValues>;
   isLoading: boolean;
+  isSubmitting: boolean;
   supportsApiKey: boolean;
   provider?: string;
   providerName?: string;
@@ -33,6 +35,7 @@ export function useAPIKeyCredentialsModal({
   onSubmit: (values: APIKeyFormValues) => Promise<void>;
 } {
   const credentials = useCredentials(schema, siblingInputs);
+  const [isSubmitting, setIsSubmitting] = useState(false);
 
   const formSchema = z.object({
     apiKey: z.string().min(1, "API Key is required"),
@@ -40,48 +43,42 @@ export function useAPIKeyCredentialsModal({
     expiresAt: z.string().optional(),
   });
 
-  function getDefaultExpirationDate(): string {
-    const tomorrow = new Date();
-    tomorrow.setDate(tomorrow.getDate() + 1);
-    tomorrow.setHours(0, 0, 0, 0);
-    const year = tomorrow.getFullYear();
-    const month = String(tomorrow.getMonth() + 1).padStart(2, "0");
-    const day = String(tomorrow.getDate()).padStart(2, "0");
-    const hours = String(tomorrow.getHours()).padStart(2, "0");
-    const minutes = String(tomorrow.getMinutes()).padStart(2, "0");
-    return `${year}-${month}-${day}T${hours}:${minutes}`;
-  }
-
   const form = useForm<APIKeyFormValues>({
     resolver: zodResolver(formSchema),
     defaultValues: {
       apiKey: "",
       title: "",
-      expiresAt: getDefaultExpirationDate(),
+      expiresAt: "",
     },
   });
 
   async function onSubmit(values: APIKeyFormValues) {
     if (!credentials || credentials.isLoading) return;
-    const expiresAt = values.expiresAt
-      ? new Date(values.expiresAt).getTime() / 1000
-      : undefined;
-    const newCredentials = await credentials.createAPIKeyCredentials({
-      api_key: values.apiKey,
-      title: values.title,
-      expires_at: expiresAt,
-    });
-    onCredentialsCreate({
-      provider: credentials.provider,
-      id: newCredentials.id,
-      type: "api_key",
-      title: newCredentials.title,
-    });
+    setIsSubmitting(true);
+    try {
+      const expiresAt = values.expiresAt
+        ? new Date(values.expiresAt).getTime() / 1000
+        : undefined;
+      const newCredentials = await credentials.createAPIKeyCredentials({
+        api_key: values.apiKey,
+        title: values.title,
+        expires_at: expiresAt,
+      });
+      onCredentialsCreate({
+        provider: credentials.provider,
+        id: newCredentials.id,
+        type: "api_key",
+        title: newCredentials.title,
+      });
+    } finally {
+      setIsSubmitting(false);
+    }
   }
 
   return {
     form,
     isLoading: !credentials || credentials.isLoading,
+    isSubmitting,
     supportsApiKey: !!credentials?.supportsApiKey,
     provider: credentials?.provider,
     providerName:

autogpt_platform/frontend/src/components/contextual/GoogleDrivePicker/helpers.ts

@@ -4,7 +4,9 @@ import { loadScript } from "@/services/scripts/scripts";
 export async function loadGoogleAPIPicker(): Promise<void> {
   validateWindow();
 
-  await loadScript("https://apis.google.com/js/api.js");
+  await loadScript("https://apis.google.com/js/api.js", {
+    referrerPolicy: "no-referrer-when-downgrade",
+  });
 
   const googleAPI = window.gapi;
   if (!googleAPI) {
@@ -27,7 +29,9 @@ export async function loadGoogleIdentityServices(): Promise<void> {
     throw new Error("Google Identity Services cannot load on server");
   }
 
-  await loadScript("https://accounts.google.com/gsi/client");
+  await loadScript("https://accounts.google.com/gsi/client", {
+    referrerPolicy: "no-referrer-when-downgrade",
+  });
 
   const google = window.google;
   if (!google?.accounts?.oauth2) {

docs/integrations/block-integrations/llm.md

@@ -563,7 +563,7 @@ The block supports conversation continuation through three mechanisms:
 |--------|-------------|------|
 | error | Error message if execution failed | str |
 | response | The output/response from Claude Code execution | str |
-| files | List of text files created/modified by Claude Code during this execution. Each file has 'path', 'relative_path', 'name', and 'content' fields. | List[FileOutput] |
+| files | List of text files created/modified by Claude Code during this execution. Each file has 'path', 'relative_path', 'name', 'content', and 'workspace_ref' fields. workspace_ref contains a workspace:// URI if the file was stored to workspace. | List[SandboxFileOutput] |
 | conversation_history | Full conversation history including this turn. Pass this to conversation_history input to continue on a fresh sandbox if the previous sandbox timed out. | str |
 | session_id | Session ID for this conversation. Pass this back along with sandbox_id to continue the conversation. | str |
 | sandbox_id | ID of the sandbox instance. Pass this back along with session_id to continue the conversation. This is None if dispose_sandbox was True (sandbox was disposed). | str |

docs/integrations/block-integrations/misc.md

@@ -215,6 +215,7 @@ The sandbox includes pip and npm pre-installed. Set timeout to limit execution t
 | response | Text output (if any) of the main execution result | str |
 | stdout_logs | Standard output logs from execution | str |
 | stderr_logs | Standard error logs from execution | str |
+| files | Files created or modified during execution. Each file has path, name, content, and workspace_ref (if stored). | List[SandboxFileOutput] |
 
 ### Possible use case
 <!-- MANUAL: use_case -->