feat(platform): add beta invite provisioning

autogpt_platform/backend/backend/api/features/admin/model.py

@@ -1,4 +1,8 @@
-from pydantic import BaseModel
+from datetime import datetime
+from typing import Any, Literal, Optional
+
+import prisma.enums
+from pydantic import BaseModel, EmailStr
 
 from backend.data.model import UserTransaction
 from backend.util.models import Pagination
@@ -14,3 +18,42 @@ class UserHistoryResponse(BaseModel):
 class AddUserCreditsResponse(BaseModel):
     new_balance: int
     transaction_key: str
+
+
+class CreateInvitedUserRequest(BaseModel):
+    email: EmailStr
+    name: Optional[str] = None
+
+
+class InvitedUserResponse(BaseModel):
+    id: str
+    email: str
+    status: prisma.enums.InvitedUserStatus
+    auth_user_id: Optional[str] = None
+    name: Optional[str] = None
+    tally_understanding: Optional[dict[str, Any]] = None
+    tally_status: prisma.enums.TallyComputationStatus
+    tally_computed_at: Optional[datetime] = None
+    tally_error: Optional[str] = None
+    created_at: datetime
+    updated_at: datetime
+
+
+class InvitedUsersResponse(BaseModel):
+    invited_users: list[InvitedUserResponse]
+
+
+class BulkInvitedUserRowResponse(BaseModel):
+    row_number: int
+    email: Optional[str] = None
+    name: Optional[str] = None
+    status: Literal["CREATED", "SKIPPED", "ERROR"]
+    message: str
+    invited_user: Optional[InvitedUserResponse] = None
+
+
+class BulkInvitedUsersResponse(BaseModel):
+    created_count: int
+    skipped_count: int
+    error_count: int
+    results: list[BulkInvitedUserRowResponse]

autogpt_platform/backend/backend/api/features/admin/user_admin_routes.py

@@ -0,0 +1,143 @@
+import logging
+
+from autogpt_libs.auth import get_user_id, requires_admin_user
+from fastapi import APIRouter, File, Security, UploadFile
+
+from backend.data.invited_user import (
+    BulkInvitedUsersResult,
+    InvitedUserRecord,
+    bulk_create_invited_users_from_file,
+    create_invited_user,
+    list_invited_users,
+    retry_invited_user_tally,
+    revoke_invited_user,
+)
+
+from .model import (
+    BulkInvitedUserRowResponse,
+    BulkInvitedUsersResponse,
+    CreateInvitedUserRequest,
+    InvitedUserResponse,
+    InvitedUsersResponse,
+)
+
+logger = logging.getLogger(__name__)
+
+
+router = APIRouter(
+    prefix="/admin",
+    tags=["users", "admin"],
+    dependencies=[Security(requires_admin_user)],
+)
+
+
+def _to_response(invited_user: InvitedUserRecord) -> InvitedUserResponse:
+    return InvitedUserResponse(**invited_user.model_dump())
+
+
+def _to_bulk_response(result: BulkInvitedUsersResult) -> BulkInvitedUsersResponse:
+    return BulkInvitedUsersResponse(
+        created_count=result.created_count,
+        skipped_count=result.skipped_count,
+        error_count=result.error_count,
+        results=[
+            BulkInvitedUserRowResponse(
+                row_number=row.row_number,
+                email=row.email,
+                name=row.name,
+                status=row.status,
+                message=row.message,
+                invited_user=(
+                    _to_response(row.invited_user)
+                    if row.invited_user is not None
+                    else None
+                ),
+            )
+            for row in result.results
+        ],
+    )
+
+
+@router.get(
+    "/invited-users",
+    response_model=InvitedUsersResponse,
+    summary="List Invited Users",
+)
+async def get_invited_users(
+    admin_user_id: str = Security(get_user_id),
+) -> InvitedUsersResponse:
+    logger.info("Admin user %s requested invited users", admin_user_id)
+    invited_users = await list_invited_users()
+    return InvitedUsersResponse(
+        invited_users=[_to_response(invited_user) for invited_user in invited_users]
+    )
+
+
+@router.post(
+    "/invited-users",
+    response_model=InvitedUserResponse,
+    summary="Create Invited User",
+)
+async def create_invited_user_route(
+    request: CreateInvitedUserRequest,
+    admin_user_id: str = Security(get_user_id),
+) -> InvitedUserResponse:
+    logger.info(
+        "Admin user %s created invited user for %s",
+        admin_user_id,
+        request.email,
+    )
+    invited_user = await create_invited_user(request.email, request.name)
+    return _to_response(invited_user)
+
+
+@router.post(
+    "/invited-users/bulk",
+    response_model=BulkInvitedUsersResponse,
+    summary="Bulk Create Invited Users",
+    operation_id="postV2BulkCreateInvitedUsers",
+)
+async def bulk_create_invited_users_route(
+    file: UploadFile = File(...),
+    admin_user_id: str = Security(get_user_id),
+) -> BulkInvitedUsersResponse:
+    logger.info(
+        "Admin user %s bulk invited users from %s",
+        admin_user_id,
+        file.filename or "<unnamed>",
+    )
+    content = await file.read()
+    result = await bulk_create_invited_users_from_file(file.filename, content)
+    return _to_bulk_response(result)
+
+
+@router.post(
+    "/invited-users/{invited_user_id}/revoke",
+    response_model=InvitedUserResponse,
+    summary="Revoke Invited User",
+)
+async def revoke_invited_user_route(
+    invited_user_id: str,
+    admin_user_id: str = Security(get_user_id),
+) -> InvitedUserResponse:
+    logger.info("Admin user %s revoked invited user %s", admin_user_id, invited_user_id)
+    invited_user = await revoke_invited_user(invited_user_id)
+    return _to_response(invited_user)
+
+
+@router.post(
+    "/invited-users/{invited_user_id}/retry-tally",
+    response_model=InvitedUserResponse,
+    summary="Retry Invited User Tally",
+)
+async def retry_invited_user_tally_route(
+    invited_user_id: str,
+    admin_user_id: str = Security(get_user_id),
+) -> InvitedUserResponse:
+    logger.info(
+        "Admin user %s retried Tally seed for invited user %s",
+        admin_user_id,
+        invited_user_id,
+    )
+    invited_user = await retry_invited_user_tally(invited_user_id)
+    return _to_response(invited_user)

autogpt_platform/backend/backend/api/features/admin/user_admin_routes_test.py

@@ -0,0 +1,165 @@
+from datetime import datetime, timezone
+from unittest.mock import AsyncMock
+
+import fastapi
+import fastapi.testclient
+import prisma.enums
+import pytest
+import pytest_mock
+from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+from backend.data.invited_user import (
+    BulkInvitedUserRowResult,
+    BulkInvitedUsersResult,
+    InvitedUserRecord,
+)
+
+from .user_admin_routes import router as user_admin_router
+
+app = fastapi.FastAPI()
+app.include_router(user_admin_router)
+
+client = fastapi.testclient.TestClient(app)
+
+
+@pytest.fixture(autouse=True)
+def setup_app_admin_auth(mock_jwt_admin):
+    app.dependency_overrides[get_jwt_payload] = mock_jwt_admin["get_jwt_payload"]
+    yield
+    app.dependency_overrides.clear()
+
+
+def _sample_invited_user() -> InvitedUserRecord:
+    now = datetime.now(timezone.utc)
+    return InvitedUserRecord(
+        id="invite-1",
+        email="invited@example.com",
+        status=prisma.enums.InvitedUserStatus.INVITED,
+        auth_user_id=None,
+        name="Invited User",
+        tally_understanding=None,
+        tally_status=prisma.enums.TallyComputationStatus.PENDING,
+        tally_computed_at=None,
+        tally_error=None,
+        created_at=now,
+        updated_at=now,
+    )
+
+
+def _sample_bulk_invited_users_result() -> BulkInvitedUsersResult:
+    return BulkInvitedUsersResult(
+        created_count=1,
+        skipped_count=1,
+        error_count=0,
+        results=[
+            BulkInvitedUserRowResult(
+                row_number=1,
+                email="invited@example.com",
+                name=None,
+                status="CREATED",
+                message="Invite created",
+                invited_user=_sample_invited_user(),
+            ),
+            BulkInvitedUserRowResult(
+                row_number=2,
+                email="duplicate@example.com",
+                name=None,
+                status="SKIPPED",
+                message="An invited user with this email already exists",
+                invited_user=None,
+            ),
+        ],
+    )
+
+
+def test_get_invited_users(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.list_invited_users",
+        AsyncMock(return_value=[_sample_invited_user()]),
+    )
+
+    response = client.get("/admin/invited-users")
+
+    assert response.status_code == 200
+    data = response.json()
+    assert len(data["invited_users"]) == 1
+    assert data["invited_users"][0]["email"] == "invited@example.com"
+    assert data["invited_users"][0]["status"] == "INVITED"
+
+
+def test_create_invited_user(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.create_invited_user",
+        AsyncMock(return_value=_sample_invited_user()),
+    )
+
+    response = client.post(
+        "/admin/invited-users",
+        json={"email": "invited@example.com", "name": "Invited User"},
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert data["email"] == "invited@example.com"
+    assert data["name"] == "Invited User"
+
+
+def test_bulk_create_invited_users(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.bulk_create_invited_users_from_file",
+        AsyncMock(return_value=_sample_bulk_invited_users_result()),
+    )
+
+    response = client.post(
+        "/admin/invited-users/bulk",
+        files={
+            "file": ("invites.txt", b"invited@example.com\nduplicate@example.com\n")
+        },
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert data["created_count"] == 1
+    assert data["skipped_count"] == 1
+    assert data["results"][0]["status"] == "CREATED"
+    assert data["results"][1]["status"] == "SKIPPED"
+
+
+def test_revoke_invited_user(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    revoked = _sample_invited_user().model_copy(
+        update={"status": prisma.enums.InvitedUserStatus.REVOKED}
+    )
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.revoke_invited_user",
+        AsyncMock(return_value=revoked),
+    )
+
+    response = client.post("/admin/invited-users/invite-1/revoke")
+
+    assert response.status_code == 200
+    assert response.json()["status"] == "REVOKED"
+
+
+def test_retry_invited_user_tally(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    retried = _sample_invited_user().model_copy(
+        update={"tally_status": prisma.enums.TallyComputationStatus.RUNNING}
+    )
+    mocker.patch(
+        "backend.api.features.admin.user_admin_routes.retry_invited_user_tally",
+        AsyncMock(return_value=retried),
+    )
+
+    response = client.post("/admin/invited-users/invite-1/retry-tally")
+
+    assert response.status_code == 200
+    assert response.json()["tally_status"] == "RUNNING"

autogpt_platform/backend/backend/api/features/v1.py

@@ -55,6 +55,7 @@ from backend.data.credit import (
     set_auto_top_up,
 )
 from backend.data.graph import GraphSettings
+from backend.data.invited_user import get_or_activate_user
 from backend.data.model import CredentialsMetaInput, UserOnboarding
 from backend.data.notifications import NotificationPreference, NotificationPreferenceDTO
 from backend.data.onboarding import (
@@ -70,7 +71,6 @@ from backend.data.onboarding import (
     update_user_onboarding,
 )
 from backend.data.user import (
-    get_or_create_user,
     get_user_by_id,
     get_user_notification_preference,
     update_user_email,
@@ -136,12 +136,10 @@ _tally_background_tasks: set[asyncio.Task] = set()
     dependencies=[Security(requires_user)],
 )
 async def get_or_create_user_route(user_data: dict = Security(get_jwt_payload)):
-    user = await get_or_create_user(user_data)
+    user = await get_or_activate_user(user_data)
 
-    # Fire-and-forget: populate business understanding from Tally form.
-    # We use created_at proximity instead of an is_new flag because
-    # get_or_create_user is cached — a separate is_new return value would be
-    # unreliable on repeated calls within the cache TTL.
+    # Fire-and-forget: backfill Tally understanding when invite pre-seeding did
+    # not produce a stored result before first activation.
     age_seconds = (datetime.now(timezone.utc) - user.created_at).total_seconds()
     if age_seconds < 30:
         try:
@@ -165,8 +163,11 @@ async def get_or_create_user_route(user_data: dict = Security(get_jwt_payload)):
     dependencies=[Security(requires_user)],
 )
 async def update_user_email_route(
-    user_id: Annotated[str, Security(get_user_id)], email: str = Body(...)
+    user_id: Annotated[str, Security(get_user_id)],
+    email: str = Body(...),
+    user_data: dict = Security(get_jwt_payload),
 ) -> dict[str, str]:
+    await get_or_activate_user(user_data)
     await update_user_email(user_id, email)
 
     return {"email": email}
@@ -182,7 +183,7 @@ async def get_user_timezone_route(
     user_data: dict = Security(get_jwt_payload),
 ) -> TimezoneResponse:
     """Get user timezone setting."""
-    user = await get_or_create_user(user_data)
+    user = await get_or_activate_user(user_data)
     return TimezoneResponse(timezone=user.timezone)
 
 
@@ -193,9 +194,12 @@ async def get_user_timezone_route(
     dependencies=[Security(requires_user)],
 )
 async def update_user_timezone_route(
-    user_id: Annotated[str, Security(get_user_id)], request: UpdateTimezoneRequest
+    user_id: Annotated[str, Security(get_user_id)],
+    request: UpdateTimezoneRequest,
+    user_data: dict = Security(get_jwt_payload),
 ) -> TimezoneResponse:
     """Update user timezone. The timezone should be a valid IANA timezone identifier."""
+    await get_or_activate_user(user_data)
     user = await update_user_timezone(user_id, str(request.timezone))
     return TimezoneResponse(timezone=user.timezone)
 
@@ -208,7 +212,9 @@ async def update_user_timezone_route(
 )
 async def get_preferences(
     user_id: Annotated[str, Security(get_user_id)],
+    user_data: dict = Security(get_jwt_payload),
 ) -> NotificationPreference:
+    await get_or_activate_user(user_data)
     preferences = await get_user_notification_preference(user_id)
     return preferences
 
@@ -222,7 +228,9 @@ async def get_preferences(
 async def update_preferences(
     user_id: Annotated[str, Security(get_user_id)],
     preferences: NotificationPreferenceDTO = Body(...),
+    user_data: dict = Security(get_jwt_payload),
 ) -> NotificationPreference:
+    await get_or_activate_user(user_data)
     output = await update_user_notification_preference(user_id, preferences)
     return output
 

autogpt_platform/backend/backend/api/features/v1_test.py

@@ -51,7 +51,7 @@ def test_get_or_create_user_route(
     }
 
     mocker.patch(
-        "backend.api.features.v1.get_or_create_user",
+        "backend.api.features.v1.get_or_activate_user",
         return_value=mock_user,
     )
 

autogpt_platform/backend/backend/api/rest_api.py

@@ -19,6 +19,7 @@ from prisma.errors import PrismaError
 import backend.api.features.admin.credit_admin_routes
 import backend.api.features.admin.execution_analytics_routes
 import backend.api.features.admin.store_admin_routes
+import backend.api.features.admin.user_admin_routes
 import backend.api.features.builder
 import backend.api.features.builder.routes
 import backend.api.features.chat.routes as chat_routes
@@ -311,6 +312,11 @@ app.include_router(
     tags=["v2", "admin"],
     prefix="/api/executions",
 )
+app.include_router(
+    backend.api.features.admin.user_admin_routes.router,
+    tags=["v2", "admin"],
+    prefix="/api/users",
+)
 app.include_router(
     backend.api.features.executions.review.routes.router,
     tags=["v2", "executions", "review"],

autogpt_platform/backend/backend/data/invited_user.py

@@ -0,0 +1,601 @@
+import asyncio
+import csv
+import io
+import logging
+import re
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from typing import Any, Literal, Optional
+from uuid import uuid4
+
+import prisma.enums
+import prisma.models
+import prisma.types
+from pydantic import BaseModel, EmailStr, TypeAdapter, ValidationError
+
+from backend.data.db import transaction
+from backend.data.model import User
+from backend.data.tally import get_business_understanding_input_from_tally
+from backend.data.understanding import (
+    BusinessUnderstandingInput,
+    merge_business_understanding_data,
+)
+from backend.util.exceptions import (
+    NotAuthorizedError,
+    NotFoundError,
+    PreconditionFailed,
+)
+from backend.util.json import SafeJson
+
+logger = logging.getLogger(__name__)
+
+_tally_seed_tasks: set[asyncio.Task] = set()
+_email_adapter = TypeAdapter(EmailStr)
+
+MAX_BULK_INVITE_FILE_BYTES = 1024 * 1024
+MAX_BULK_INVITE_ROWS = 500
+
+
+class InvitedUserRecord(BaseModel):
+    id: str
+    email: str
+    status: prisma.enums.InvitedUserStatus
+    auth_user_id: Optional[str] = None
+    name: Optional[str] = None
+    tally_understanding: Optional[dict[str, Any]] = None
+    tally_status: prisma.enums.TallyComputationStatus
+    tally_computed_at: Optional[datetime] = None
+    tally_error: Optional[str] = None
+    created_at: datetime
+    updated_at: datetime
+
+    @classmethod
+    def from_db(cls, invited_user: "prisma.models.InvitedUser") -> "InvitedUserRecord":
+        payload = (
+            invited_user.tallyUnderstanding
+            if isinstance(invited_user.tallyUnderstanding, dict)
+            else None
+        )
+        return cls(
+            id=invited_user.id,
+            email=invited_user.email,
+            status=invited_user.status,
+            auth_user_id=invited_user.authUserId,
+            name=invited_user.name,
+            tally_understanding=payload,
+            tally_status=invited_user.tallyStatus,
+            tally_computed_at=invited_user.tallyComputedAt,
+            tally_error=invited_user.tallyError,
+            created_at=invited_user.createdAt,
+            updated_at=invited_user.updatedAt,
+        )
+
+
+class BulkInvitedUserRowResult(BaseModel):
+    row_number: int
+    email: Optional[str] = None
+    name: Optional[str] = None
+    status: Literal["CREATED", "SKIPPED", "ERROR"]
+    message: str
+    invited_user: Optional[InvitedUserRecord] = None
+
+
+class BulkInvitedUsersResult(BaseModel):
+    created_count: int
+    skipped_count: int
+    error_count: int
+    results: list[BulkInvitedUserRowResult]
+
+
+@dataclass(frozen=True)
+class _ParsedInviteRow:
+    row_number: int
+    email: str
+    name: Optional[str]
+
+
+def normalize_email(email: str) -> str:
+    return email.strip().lower()
+
+
+def _normalize_name(name: Optional[str]) -> Optional[str]:
+    if name is None:
+        return None
+    normalized = name.strip()
+    return normalized or None
+
+
+def _default_profile_name(email: str, preferred_name: Optional[str]) -> str:
+    if preferred_name:
+        return preferred_name
+    local_part = email.split("@", 1)[0].strip()
+    return local_part or "user"
+
+
+def _sanitize_username_base(email: str) -> str:
+    local_part = email.split("@", 1)[0].lower()
+    sanitized = re.sub(r"[^a-z0-9-]", "", local_part)
+    sanitized = sanitized.strip("-")
+    return sanitized[:40] or "user"
+
+
+async def _generate_unique_profile_username(email: str, tx) -> str:
+    base = _sanitize_username_base(email)
+
+    for attempt in range(10):
+        candidate = base if attempt == 0 else f"{base}-{uuid4().hex[:6]}"
+        existing = await prisma.models.Profile.prisma(tx).find_unique(
+            where={"username": candidate}
+        )
+        if existing is None:
+            return candidate
+
+    raise RuntimeError(f"Unable to generate unique username for {email}")
+
+
+async def _ensure_default_profile(
+    user_id: str,
+    email: str,
+    preferred_name: Optional[str],
+    tx,
+) -> None:
+    existing_profile = await prisma.models.Profile.prisma(tx).find_unique(
+        where={"userId": user_id}
+    )
+    if existing_profile is not None:
+        return
+
+    username = await _generate_unique_profile_username(email, tx)
+    await prisma.models.Profile.prisma(tx).create(
+        data=prisma.types.ProfileCreateInput(
+            userId=user_id,
+            name=_default_profile_name(email, preferred_name),
+            username=username,
+            description="I'm new here",
+            links=[],
+            avatarUrl="",
+        )
+    )
+
+
+async def _ensure_default_onboarding(user_id: str, tx) -> None:
+    await prisma.models.UserOnboarding.prisma(tx).upsert(
+        where={"userId": user_id},
+        data={
+            "create": prisma.types.UserOnboardingCreateInput(userId=user_id),
+            "update": {},
+        },
+    )
+
+
+async def _apply_tally_understanding(
+    user_id: str,
+    invited_user: "prisma.models.InvitedUser",
+    tx,
+) -> None:
+    if not isinstance(invited_user.tallyUnderstanding, dict):
+        return
+
+    input_data = BusinessUnderstandingInput.model_validate(
+        invited_user.tallyUnderstanding
+    )
+    payload = merge_business_understanding_data({}, input_data)
+    await prisma.models.CoPilotUnderstanding.prisma(tx).upsert(
+        where={"userId": user_id},
+        data={
+            "create": {"userId": user_id, "data": SafeJson(payload)},
+            "update": {"data": SafeJson(payload)},
+        },
+    )
+
+
+async def list_invited_users() -> list[InvitedUserRecord]:
+    invited_users = await prisma.models.InvitedUser.prisma().find_many(
+        order={"createdAt": "desc"}
+    )
+    return [InvitedUserRecord.from_db(invited_user) for invited_user in invited_users]
+
+
+async def create_invited_user(
+    email: str, name: Optional[str] = None
+) -> InvitedUserRecord:
+    normalized_email = normalize_email(email)
+    normalized_name = _normalize_name(name)
+
+    existing_user = await prisma.models.User.prisma().find_unique(
+        where={"email": normalized_email}
+    )
+    if existing_user is not None:
+        raise PreconditionFailed("An active user with this email already exists")
+
+    existing_invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"email": normalized_email}
+    )
+    if existing_invited_user is not None:
+        raise PreconditionFailed("An invited user with this email already exists")
+
+    invited_user = await prisma.models.InvitedUser.prisma().create(
+        data={
+            "email": normalized_email,
+            "name": normalized_name,
+            "status": prisma.enums.InvitedUserStatus.INVITED,
+            "tallyStatus": prisma.enums.TallyComputationStatus.PENDING,
+        }
+    )
+    schedule_invited_user_tally_precompute(invited_user.id)
+    return InvitedUserRecord.from_db(invited_user)
+
+
+async def revoke_invited_user(invited_user_id: str) -> InvitedUserRecord:
+    invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"id": invited_user_id}
+    )
+    if invited_user is None:
+        raise NotFoundError(f"Invited user {invited_user_id} not found")
+
+    if invited_user.status == prisma.enums.InvitedUserStatus.CLAIMED:
+        raise PreconditionFailed("Claimed invited users cannot be revoked")
+
+    if invited_user.status == prisma.enums.InvitedUserStatus.REVOKED:
+        return InvitedUserRecord.from_db(invited_user)
+
+    revoked_user = await prisma.models.InvitedUser.prisma().update(
+        where={"id": invited_user_id},
+        data={"status": prisma.enums.InvitedUserStatus.REVOKED},
+    )
+    if revoked_user is None:
+        raise NotFoundError(f"Invited user {invited_user_id} not found")
+    return InvitedUserRecord.from_db(revoked_user)
+
+
+async def retry_invited_user_tally(invited_user_id: str) -> InvitedUserRecord:
+    invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"id": invited_user_id}
+    )
+    if invited_user is None:
+        raise NotFoundError(f"Invited user {invited_user_id} not found")
+
+    if invited_user.status == prisma.enums.InvitedUserStatus.REVOKED:
+        raise PreconditionFailed("Revoked invited users cannot retry Tally seeding")
+
+    refreshed_user = await prisma.models.InvitedUser.prisma().update(
+        where={"id": invited_user_id},
+        data={
+            "tallyUnderstanding": None,
+            "tallyStatus": prisma.enums.TallyComputationStatus.PENDING,
+            "tallyComputedAt": None,
+            "tallyError": None,
+        },
+    )
+    if refreshed_user is None:
+        raise NotFoundError(f"Invited user {invited_user_id} not found")
+    schedule_invited_user_tally_precompute(invited_user_id)
+    return InvitedUserRecord.from_db(refreshed_user)
+
+
+def _decode_bulk_invite_file(content: bytes) -> str:
+    if len(content) > MAX_BULK_INVITE_FILE_BYTES:
+        raise ValueError("Invite file exceeds the maximum size of 1 MB")
+
+    try:
+        return content.decode("utf-8-sig")
+    except UnicodeDecodeError as exc:
+        raise ValueError("Invite file must be UTF-8 encoded") from exc
+
+
+def _parse_bulk_invite_csv(text: str) -> list[_ParsedInviteRow]:
+    indexed_rows: list[tuple[int, list[str]]] = []
+
+    for row_number, row in enumerate(csv.reader(io.StringIO(text)), start=1):
+        normalized_row = [cell.strip() for cell in row]
+        if any(normalized_row):
+            indexed_rows.append((row_number, normalized_row))
+
+    if not indexed_rows:
+        return []
+
+    header = [cell.lower() for cell in indexed_rows[0][1]]
+    has_header = "email" in header
+    email_index = header.index("email") if has_header else 0
+    name_index = header.index("name") if has_header and "name" in header else 1
+    data_rows = indexed_rows[1:] if has_header else indexed_rows
+
+    parsed_rows: list[_ParsedInviteRow] = []
+    for row_number, row in data_rows:
+        email = row[email_index].strip() if len(row) > email_index else ""
+        name = row[name_index].strip() if len(row) > name_index else ""
+        parsed_rows.append(
+            _ParsedInviteRow(
+                row_number=row_number,
+                email=email,
+                name=name or None,
+            )
+        )
+
+    return parsed_rows
+
+
+def _parse_bulk_invite_text(text: str) -> list[_ParsedInviteRow]:
+    parsed_rows: list[_ParsedInviteRow] = []
+
+    for row_number, raw_line in enumerate(text.splitlines(), start=1):
+        line = raw_line.strip()
+        if not line or line.startswith("#"):
+            continue
+
+        parsed_rows.append(
+            _ParsedInviteRow(
+                row_number=row_number,
+                email=line,
+                name=None,
+            )
+        )
+
+    return parsed_rows
+
+
+def _parse_bulk_invite_file(
+    filename: Optional[str],
+    content: bytes,
+) -> list[_ParsedInviteRow]:
+    text = _decode_bulk_invite_file(content)
+    file_name = filename.lower() if filename else ""
+    parsed_rows = (
+        _parse_bulk_invite_csv(text)
+        if file_name.endswith(".csv")
+        else _parse_bulk_invite_text(text)
+    )
+
+    if not parsed_rows:
+        raise ValueError("Invite file did not contain any emails")
+
+    if len(parsed_rows) > MAX_BULK_INVITE_ROWS:
+        raise ValueError(
+            f"Invite file contains too many rows. Maximum supported rows: {MAX_BULK_INVITE_ROWS}"
+        )
+
+    return parsed_rows
+
+
+async def bulk_create_invited_users_from_file(
+    filename: Optional[str],
+    content: bytes,
+) -> BulkInvitedUsersResult:
+    parsed_rows = _parse_bulk_invite_file(filename, content)
+
+    created_count = 0
+    skipped_count = 0
+    error_count = 0
+    results: list[BulkInvitedUserRowResult] = []
+    seen_emails: set[str] = set()
+
+    for row in parsed_rows:
+        row_name = _normalize_name(row.name)
+
+        try:
+            validated_email = _email_adapter.validate_python(row.email)
+        except ValidationError:
+            error_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=row.email or None,
+                    name=row_name,
+                    status="ERROR",
+                    message="Invalid email address",
+                )
+            )
+            continue
+
+        normalized_email = normalize_email(str(validated_email))
+        if normalized_email in seen_emails:
+            skipped_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=normalized_email,
+                    name=row_name,
+                    status="SKIPPED",
+                    message="Duplicate email in upload file",
+                )
+            )
+            continue
+
+        seen_emails.add(normalized_email)
+
+        try:
+            invited_user = await create_invited_user(normalized_email, row_name)
+        except PreconditionFailed as exc:
+            skipped_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=normalized_email,
+                    name=row_name,
+                    status="SKIPPED",
+                    message=str(exc),
+                )
+            )
+        except Exception:
+            logger.exception(
+                "Failed to create bulk invite for %s from row %s",
+                normalized_email,
+                row.row_number,
+            )
+            error_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=normalized_email,
+                    name=row_name,
+                    status="ERROR",
+                    message="Unexpected error creating invite",
+                )
+            )
+        else:
+            created_count += 1
+            results.append(
+                BulkInvitedUserRowResult(
+                    row_number=row.row_number,
+                    email=normalized_email,
+                    name=row_name,
+                    status="CREATED",
+                    message="Invite created",
+                    invited_user=invited_user,
+                )
+            )
+
+    return BulkInvitedUsersResult(
+        created_count=created_count,
+        skipped_count=skipped_count,
+        error_count=error_count,
+        results=results,
+    )
+
+
+async def _compute_invited_user_tally_seed(invited_user_id: str) -> None:
+    invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"id": invited_user_id}
+    )
+    if invited_user is None:
+        return
+
+    if invited_user.status == prisma.enums.InvitedUserStatus.REVOKED:
+        return
+
+    await prisma.models.InvitedUser.prisma().update(
+        where={"id": invited_user_id},
+        data={
+            "tallyStatus": prisma.enums.TallyComputationStatus.RUNNING,
+            "tallyError": None,
+        },
+    )
+
+    try:
+        input_data = await get_business_understanding_input_from_tally(
+            invited_user.email,
+            require_api_key=True,
+        )
+        payload = (
+            SafeJson(input_data.model_dump(exclude_none=True))
+            if input_data is not None
+            else None
+        )
+        await prisma.models.InvitedUser.prisma().update(
+            where={"id": invited_user_id},
+            data={
+                "tallyUnderstanding": payload,
+                "tallyStatus": prisma.enums.TallyComputationStatus.READY,
+                "tallyComputedAt": datetime.now(timezone.utc),
+                "tallyError": None,
+            },
+        )
+    except Exception as exc:
+        logger.exception(
+            "Failed to compute Tally understanding for invited user %s",
+            invited_user_id,
+        )
+        await prisma.models.InvitedUser.prisma().update(
+            where={"id": invited_user_id},
+            data={
+                "tallyStatus": prisma.enums.TallyComputationStatus.FAILED,
+                "tallyError": str(exc),
+            },
+        )
+
+
+def schedule_invited_user_tally_precompute(invited_user_id: str) -> None:
+    task = asyncio.create_task(_compute_invited_user_tally_seed(invited_user_id))
+    _tally_seed_tasks.add(task)
+    task.add_done_callback(_tally_seed_tasks.discard)
+
+
+async def get_or_activate_user(user_data: dict) -> User:
+    auth_user_id = user_data.get("sub")
+    if not auth_user_id:
+        raise NotAuthorizedError("User ID not found in token")
+
+    auth_email = user_data.get("email")
+    if not auth_email:
+        raise NotAuthorizedError("Email not found in token")
+
+    normalized_email = normalize_email(auth_email)
+    user_metadata = user_data.get("user_metadata")
+    metadata_name = (
+        user_metadata.get("name") if isinstance(user_metadata, dict) else None
+    )
+
+    existing_user = await prisma.models.User.prisma().find_unique(
+        where={"id": auth_user_id}
+    )
+    if existing_user is not None:
+        return User.from_db(existing_user)
+
+    invited_user = await prisma.models.InvitedUser.prisma().find_unique(
+        where={"email": normalized_email}
+    )
+    if invited_user is None:
+        raise NotAuthorizedError("Your email is not allowed to access the platform")
+
+    if invited_user.status != prisma.enums.InvitedUserStatus.INVITED:
+        raise NotAuthorizedError("Your invitation is no longer active")
+
+    async with transaction() as tx:
+        current_user = await prisma.models.User.prisma(tx).find_unique(
+            where={"id": auth_user_id}
+        )
+        if current_user is not None:
+            return User.from_db(current_user)
+
+        current_invited_user = await prisma.models.InvitedUser.prisma(tx).find_unique(
+            where={"email": normalized_email}
+        )
+        if current_invited_user is None:
+            raise NotAuthorizedError("Your email is not allowed to access the platform")
+
+        if current_invited_user.status != prisma.enums.InvitedUserStatus.INVITED:
+            raise NotAuthorizedError("Your invitation is no longer active")
+
+        if current_invited_user.authUserId not in (None, auth_user_id):
+            raise NotAuthorizedError("Your invitation has already been claimed")
+
+        preferred_name = current_invited_user.name or _normalize_name(metadata_name)
+        await prisma.models.User.prisma(tx).create(
+            data=prisma.types.UserCreateInput(
+                id=auth_user_id,
+                email=normalized_email,
+                name=preferred_name,
+            )
+        )
+
+        await prisma.models.InvitedUser.prisma(tx).update(
+            where={"id": current_invited_user.id},
+            data={
+                "status": prisma.enums.InvitedUserStatus.CLAIMED,
+                "authUserId": auth_user_id,
+            },
+        )
+
+        await _ensure_default_profile(
+            auth_user_id,
+            normalized_email,
+            preferred_name,
+            tx,
+        )
+        await _ensure_default_onboarding(auth_user_id, tx)
+        await _apply_tally_understanding(auth_user_id, current_invited_user, tx)
+
+    from backend.data.user import get_user_by_email, get_user_by_id
+
+    get_user_by_id.cache_delete(auth_user_id)
+    get_user_by_email.cache_delete(normalized_email)
+
+    activated_user = await prisma.models.User.prisma().find_unique(
+        where={"id": auth_user_id}
+    )
+    if activated_user is None:
+        raise RuntimeError(
+            f"Activated user {auth_user_id} was not found after creation"
+        )
+
+    return User.from_db(activated_user)

autogpt_platform/backend/backend/data/invited_user_test.py

@@ -0,0 +1,297 @@
+from contextlib import asynccontextmanager
+from datetime import datetime, timezone
+from types import SimpleNamespace
+from unittest.mock import AsyncMock, Mock
+
+import prisma.enums
+import pytest
+import pytest_mock
+
+from backend.util.exceptions import NotAuthorizedError, PreconditionFailed
+
+from .invited_user import (
+    bulk_create_invited_users_from_file,
+    create_invited_user,
+    get_or_activate_user,
+    retry_invited_user_tally,
+)
+
+
+def _invited_user_db_record(
+    *,
+    status: prisma.enums.InvitedUserStatus = prisma.enums.InvitedUserStatus.INVITED,
+    tally_understanding: dict | None = None,
+):
+    now = datetime.now(timezone.utc)
+    return SimpleNamespace(
+        id="invite-1",
+        email="invited@example.com",
+        status=status,
+        authUserId=None,
+        name="Invited User",
+        tallyUnderstanding=tally_understanding,
+        tallyStatus=prisma.enums.TallyComputationStatus.PENDING,
+        tallyComputedAt=None,
+        tallyError=None,
+        createdAt=now,
+        updatedAt=now,
+    )
+
+
+def _user_db_record():
+    now = datetime.now(timezone.utc)
+    return SimpleNamespace(
+        id="auth-user-1",
+        email="invited@example.com",
+        emailVerified=True,
+        name="Invited User",
+        createdAt=now,
+        updatedAt=now,
+        metadata={},
+        integrations="",
+        stripeCustomerId=None,
+        topUpConfig=None,
+        maxEmailsPerDay=3,
+        notifyOnAgentRun=True,
+        notifyOnZeroBalance=True,
+        notifyOnLowBalance=True,
+        notifyOnBlockExecutionFailed=True,
+        notifyOnContinuousAgentError=True,
+        notifyOnDailySummary=True,
+        notifyOnWeeklySummary=True,
+        notifyOnMonthlySummary=True,
+        notifyOnAgentApproved=True,
+        notifyOnAgentRejected=True,
+        timezone="not-set",
+    )
+
+
+@pytest.mark.asyncio
+async def test_create_invited_user_rejects_existing_active_user(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    user_repo = Mock()
+    user_repo.find_unique = AsyncMock(return_value=_user_db_record())
+    invited_user_repo = Mock()
+    invited_user_repo.find_unique = AsyncMock()
+
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.User.prisma", return_value=user_repo
+    )
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        return_value=invited_user_repo,
+    )
+
+    with pytest.raises(PreconditionFailed):
+        await create_invited_user("Invited@example.com")
+
+
+@pytest.mark.asyncio
+async def test_create_invited_user_schedules_tally_seed(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    user_repo = Mock()
+    user_repo.find_unique = AsyncMock(return_value=None)
+    invited_user_repo = Mock()
+    invited_user_repo.find_unique = AsyncMock(return_value=None)
+    invited_user_repo.create = AsyncMock(return_value=_invited_user_db_record())
+    schedule = mocker.patch(
+        "backend.data.invited_user.schedule_invited_user_tally_precompute"
+    )
+
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.User.prisma", return_value=user_repo
+    )
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        return_value=invited_user_repo,
+    )
+
+    invited_user = await create_invited_user("Invited@example.com", "Invited User")
+
+    assert invited_user.email == "invited@example.com"
+    invited_user_repo.create.assert_awaited_once()
+    schedule.assert_called_once_with("invite-1")
+
+
+@pytest.mark.asyncio
+async def test_retry_invited_user_tally_resets_state_and_schedules(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    invited_user_repo = Mock()
+    invited_user_repo.find_unique = AsyncMock(return_value=_invited_user_db_record())
+    invited_user_repo.update = AsyncMock(return_value=_invited_user_db_record())
+    schedule = mocker.patch(
+        "backend.data.invited_user.schedule_invited_user_tally_precompute"
+    )
+
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        return_value=invited_user_repo,
+    )
+
+    invited_user = await retry_invited_user_tally("invite-1")
+
+    assert invited_user.id == "invite-1"
+    invited_user_repo.update.assert_awaited_once()
+    schedule.assert_called_once_with("invite-1")
+
+
+@pytest.mark.asyncio
+async def test_get_or_activate_user_requires_invite(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    user_repo = Mock()
+    user_repo.find_unique = AsyncMock(return_value=None)
+    invited_user_repo = Mock()
+    invited_user_repo.find_unique = AsyncMock(return_value=None)
+
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.User.prisma", return_value=user_repo
+    )
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        return_value=invited_user_repo,
+    )
+
+    with pytest.raises(NotAuthorizedError):
+        await get_or_activate_user(
+            {"sub": "auth-user-1", "email": "invited@example.com"}
+        )
+
+
+@pytest.mark.asyncio
+async def test_get_or_activate_user_creates_user_from_invite(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    tx = object()
+    invited_user = _invited_user_db_record(
+        tally_understanding={"user_name": "Invited User", "industry": "Automation"}
+    )
+    created_user = _user_db_record()
+
+    outside_user_repo = Mock()
+    outside_user_repo.find_unique = AsyncMock(side_effect=[None, created_user])
+
+    inside_user_repo = Mock()
+    inside_user_repo.find_unique = AsyncMock(return_value=None)
+    inside_user_repo.create = AsyncMock(return_value=created_user)
+
+    outside_invited_repo = Mock()
+    outside_invited_repo.find_unique = AsyncMock(return_value=invited_user)
+
+    inside_invited_repo = Mock()
+    inside_invited_repo.find_unique = AsyncMock(return_value=invited_user)
+    inside_invited_repo.update = AsyncMock(return_value=invited_user)
+
+    def user_prisma(client=None):
+        return inside_user_repo if client is tx else outside_user_repo
+
+    def invited_user_prisma(client=None):
+        return inside_invited_repo if client is tx else outside_invited_repo
+
+    @asynccontextmanager
+    async def fake_transaction():
+        yield tx
+
+    ensure_profile = mocker.patch(
+        "backend.data.invited_user._ensure_default_profile",
+        AsyncMock(),
+    )
+    ensure_onboarding = mocker.patch(
+        "backend.data.invited_user._ensure_default_onboarding",
+        AsyncMock(),
+    )
+    apply_tally = mocker.patch(
+        "backend.data.invited_user._apply_tally_understanding",
+        AsyncMock(),
+    )
+    mocker.patch("backend.data.invited_user.transaction", fake_transaction)
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.User.prisma", side_effect=user_prisma
+    )
+    mocker.patch(
+        "backend.data.invited_user.prisma.models.InvitedUser.prisma",
+        side_effect=invited_user_prisma,
+    )
+    mocker.patch("backend.data.user.get_user_by_id.cache_delete", Mock())
+    mocker.patch("backend.data.user.get_user_by_email.cache_delete", Mock())
+
+    user = await get_or_activate_user(
+        {
+            "sub": "auth-user-1",
+            "email": "Invited@example.com",
+            "user_metadata": {"name": "Invited User"},
+        }
+    )
+
+    assert user.id == "auth-user-1"
+    inside_user_repo.create.assert_awaited_once()
+    inside_invited_repo.update.assert_awaited_once()
+    ensure_profile.assert_awaited_once()
+    ensure_onboarding.assert_awaited_once_with("auth-user-1", tx)
+    apply_tally.assert_awaited_once_with("auth-user-1", invited_user, tx)
+
+
+@pytest.mark.asyncio
+async def test_bulk_create_invited_users_from_text_file(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    create_invited = mocker.patch(
+        "backend.data.invited_user.create_invited_user",
+        AsyncMock(
+            side_effect=[
+                _invited_user_db_record(),
+                _invited_user_db_record(),
+            ]
+        ),
+    )
+
+    result = await bulk_create_invited_users_from_file(
+        "invites.txt",
+        b"Invited@example.com\nsecond@example.com\n",
+    )
+
+    assert result.created_count == 2
+    assert result.skipped_count == 0
+    assert result.error_count == 0
+    assert [row.status for row in result.results] == ["CREATED", "CREATED"]
+    assert create_invited.await_count == 2
+
+
+@pytest.mark.asyncio
+async def test_bulk_create_invited_users_handles_csv_duplicates_and_invalid_rows(
+    mocker: pytest_mock.MockerFixture,
+) -> None:
+    create_invited = mocker.patch(
+        "backend.data.invited_user.create_invited_user",
+        AsyncMock(
+            side_effect=[
+                _invited_user_db_record(),
+                PreconditionFailed("An invited user with this email already exists"),
+            ]
+        ),
+    )
+
+    result = await bulk_create_invited_users_from_file(
+        "invites.csv",
+        (
+            "email,name\n"
+            "valid@example.com,Valid User\n"
+            "not-an-email,Bad Row\n"
+            "valid@example.com,Duplicate In File\n"
+            "existing@example.com,Existing User\n"
+        ).encode("utf-8"),
+    )
+
+    assert result.created_count == 1
+    assert result.skipped_count == 2
+    assert result.error_count == 1
+    assert [row.status for row in result.results] == [
+        "CREATED",
+        "ERROR",
+        "SKIPPED",
+        "SKIPPED",
+    ]
+    assert create_invited.await_count == 2

autogpt_platform/backend/backend/data/tally.py

@@ -380,6 +380,35 @@ async def extract_business_understanding(
     return BusinessUnderstandingInput(**cleaned)
 
 
+async def get_business_understanding_input_from_tally(
+    email: str,
+    *,
+    require_api_key: bool = False,
+) -> Optional[BusinessUnderstandingInput]:
+    settings = Settings()
+    if not settings.secrets.tally_api_key:
+        if require_api_key:
+            raise RuntimeError("Tally API key is not configured")
+        logger.debug("Tally: no API key configured, skipping")
+        return None
+
+    masked = _mask_email(email)
+    result = await find_submission_by_email(TALLY_FORM_ID, email)
+    if result is None:
+        logger.debug(f"Tally: no submission found for {masked}")
+        return None
+
+    submission, questions = result
+    logger.info(f"Tally: found submission for {masked}, extracting understanding")
+
+    formatted = format_submission_for_llm(submission, questions)
+    if not formatted.strip():
+        logger.warning("Tally: formatted submission was empty, skipping")
+        return None
+
+    return await extract_business_understanding(formatted)
+
+
 async def populate_understanding_from_tally(user_id: str, email: str) -> None:
     """Main orchestrator: check Tally for a matching submission and populate understanding.
 
@@ -394,30 +423,10 @@ async def populate_understanding_from_tally(user_id: str, email: str) -> None:
             )
             return
 
-        # Check API key is configured
-        settings = Settings()
-        if not settings.secrets.tally_api_key:
-            logger.debug("Tally: no API key configured, skipping")
+        understanding_input = await get_business_understanding_input_from_tally(email)
+        if understanding_input is None:
             return
 
-        # Look up submission by email
-        masked = _mask_email(email)
-        result = await find_submission_by_email(TALLY_FORM_ID, email)
-        if result is None:
-            logger.debug(f"Tally: no submission found for {masked}")
-            return
-
-        submission, questions = result
-        logger.info(f"Tally: found submission for {masked}, extracting understanding")
-
-        # Format and extract
-        formatted = format_submission_for_llm(submission, questions)
-        if not formatted.strip():
-            logger.warning("Tally: formatted submission was empty, skipping")
-            return
-
-        understanding_input = await extract_business_understanding(formatted)
-
         # Upsert into database
         await upsert_business_understanding(user_id, understanding_input)
         logger.info(f"Tally: successfully populated understanding for user {user_id}")

autogpt_platform/backend/backend/data/understanding.py

@@ -166,6 +166,56 @@ def _merge_lists(existing: list | None, new: list | None) -> list | None:
     return merged
 
 
+def merge_business_understanding_data(
+    existing_data: dict[str, Any],
+    input_data: BusinessUnderstandingInput,
+) -> dict[str, Any]:
+    merged_data = dict(existing_data)
+
+    merged_business: dict[str, Any] = {}
+    if isinstance(merged_data.get("business"), dict):
+        merged_business = dict(merged_data["business"])
+
+    business_string_fields = [
+        "job_title",
+        "business_name",
+        "industry",
+        "business_size",
+        "user_role",
+        "additional_notes",
+    ]
+    business_list_fields = [
+        "key_workflows",
+        "daily_activities",
+        "pain_points",
+        "bottlenecks",
+        "manual_tasks",
+        "automation_goals",
+        "current_software",
+        "existing_automation",
+    ]
+
+    if input_data.user_name is not None:
+        merged_data["name"] = input_data.user_name
+
+    for field in business_string_fields:
+        value = getattr(input_data, field)
+        if value is not None:
+            merged_business[field] = value
+
+    for field in business_list_fields:
+        value = getattr(input_data, field)
+        if value is not None:
+            existing_list = _json_to_list(merged_business.get(field))
+            merged_list = _merge_lists(existing_list, value)
+            merged_business[field] = merged_list
+
+    merged_business["version"] = 1
+    merged_data["business"] = merged_business
+
+    return merged_data
+
+
 async def _get_from_cache(user_id: str) -> Optional[BusinessUnderstanding]:
     """Get business understanding from Redis cache."""
     try:
@@ -245,63 +295,18 @@ async def upsert_business_understanding(
         where={"userId": user_id}
     )
 
-    # Get existing data structure or start fresh
     existing_data: dict[str, Any] = {}
     if existing and isinstance(existing.data, dict):
         existing_data = dict(existing.data)
 
-    existing_business: dict[str, Any] = {}
-    if isinstance(existing_data.get("business"), dict):
-        existing_business = dict(existing_data["business"])
-
-    # Business fields (stored inside business object)
-    business_string_fields = [
-        "job_title",
-        "business_name",
-        "industry",
-        "business_size",
-        "user_role",
-        "additional_notes",
-    ]
-    business_list_fields = [
-        "key_workflows",
-        "daily_activities",
-        "pain_points",
-        "bottlenecks",
-        "manual_tasks",
-        "automation_goals",
-        "current_software",
-        "existing_automation",
-    ]
-
-    # Handle top-level name field
-    if input_data.user_name is not None:
-        existing_data["name"] = input_data.user_name
-
-    # Business string fields - overwrite if provided
-    for field in business_string_fields:
-        value = getattr(input_data, field)
-        if value is not None:
-            existing_business[field] = value
-
-    # Business list fields - merge with existing
-    for field in business_list_fields:
-        value = getattr(input_data, field)
-        if value is not None:
-            existing_list = _json_to_list(existing_business.get(field))
-            merged = _merge_lists(existing_list, value)
-            existing_business[field] = merged
-
-    # Set version and nest business data
-    existing_business["version"] = 1
-    existing_data["business"] = existing_business
+    merged_data = merge_business_understanding_data(existing_data, input_data)
 
     # Upsert with the merged data
     record = await CoPilotUnderstanding.prisma().upsert(
         where={"userId": user_id},
         data={
-            "create": {"userId": user_id, "data": SafeJson(existing_data)},
-            "update": {"data": SafeJson(existing_data)},
+            "create": {"userId": user_id, "data": SafeJson(merged_data)},
+            "update": {"data": SafeJson(merged_data)},
         },
     )
 

autogpt_platform/backend/migrations/20260309154718_add_invited_users/migration.sql

@@ -0,0 +1,114 @@
+-- CreateEnum
+CREATE TYPE "InvitedUserStatus" AS ENUM ('INVITED', 'CLAIMED', 'REVOKED');
+
+-- CreateEnum
+CREATE TYPE "TallyComputationStatus" AS ENUM ('PENDING', 'RUNNING', 'READY', 'FAILED');
+
+-- CreateTable
+CREATE TABLE "InvitedUser" (
+    "id" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+    "email" TEXT NOT NULL,
+    "status" "InvitedUserStatus" NOT NULL DEFAULT 'INVITED',
+    "authUserId" TEXT,
+    "name" TEXT,
+    "tallyUnderstanding" JSONB,
+    "tallyStatus" "TallyComputationStatus" NOT NULL DEFAULT 'PENDING',
+    "tallyComputedAt" TIMESTAMP(3),
+    "tallyError" TEXT,
+
+    CONSTRAINT "InvitedUser_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "InvitedUser_email_key" ON "InvitedUser"("email");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "InvitedUser_authUserId_key" ON "InvitedUser"("authUserId");
+
+-- CreateIndex
+CREATE INDEX "InvitedUser_status_idx" ON "InvitedUser"("status");
+
+-- CreateIndex
+CREATE INDEX "InvitedUser_tallyStatus_idx" ON "InvitedUser"("tallyStatus");
+
+-- AddForeignKey
+ALTER TABLE "InvitedUser" ADD CONSTRAINT "InvitedUser_authUserId_fkey"
+FOREIGN KEY ("authUserId") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+DO $$
+DECLARE
+    allowed_users_schema TEXT;
+BEGIN
+    SELECT table_schema
+      INTO allowed_users_schema
+      FROM information_schema.columns
+     WHERE table_name = 'allowed_users'
+       AND column_name = 'email'
+     ORDER BY CASE
+        WHEN table_schema = 'platform' THEN 0
+        WHEN table_schema = 'public' THEN 1
+        ELSE 2
+     END
+     LIMIT 1;
+
+    IF allowed_users_schema IS NOT NULL THEN
+        EXECUTE format(
+            'INSERT INTO platform."InvitedUser" ("id", "email", "status", "tallyStatus", "createdAt", "updatedAt")
+             SELECT gen_random_uuid()::text,
+                    lower(email),
+                    ''INVITED''::platform."InvitedUserStatus",
+                    ''PENDING''::platform."TallyComputationStatus",
+                    now(),
+                    now()
+               FROM %I.allowed_users
+              WHERE email IS NOT NULL
+             ON CONFLICT ("email") DO NOTHING',
+            allowed_users_schema
+        );
+    END IF;
+END $$;
+
+CREATE OR REPLACE FUNCTION platform.ensure_invited_user_can_register()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.email IS NULL THEN
+        RAISE EXCEPTION 'The email address "%" is not allowed to register. Please contact support for assistance.', NEW.email
+            USING ERRCODE = 'P0001';
+    END IF;
+
+    IF lower(split_part(NEW.email, '@', 2)) = 'agpt.co' THEN
+        RETURN NEW;
+    END IF;
+
+    IF EXISTS (
+        SELECT 1
+          FROM platform."InvitedUser" invited_user
+         WHERE lower(invited_user.email) = lower(NEW.email)
+           AND invited_user.status = 'INVITED'::platform."InvitedUserStatus"
+    ) THEN
+        RETURN NEW;
+    END IF;
+
+    RAISE EXCEPTION 'The email address "%" is not allowed to register. Please contact support for assistance.', NEW.email
+        USING ERRCODE = 'P0001';
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+DO $$
+BEGIN
+    IF EXISTS (
+        SELECT 1
+          FROM information_schema.tables
+         WHERE table_schema = 'auth'
+           AND table_name = 'users'
+    ) THEN
+        DROP TRIGGER IF EXISTS user_added_to_platform ON auth.users;
+        DROP TRIGGER IF EXISTS invited_user_signup_gate ON auth.users;
+
+        CREATE TRIGGER invited_user_signup_gate
+        BEFORE INSERT ON auth.users
+        FOR EACH ROW EXECUTE FUNCTION platform.ensure_invited_user_can_register();
+    END IF;
+END $$;

autogpt_platform/backend/schema.prisma

@@ -65,6 +65,7 @@ model User {
   NotificationBatches   UserNotificationBatch[]
   PendingHumanReviews   PendingHumanReview[]
   Workspace             UserWorkspace?
+  ClaimedInvite         InvitedUser?        @relation("InvitedUserAuthUser")
 
   // OAuth Provider relations
   OAuthApplications       OAuthApplication[]
@@ -73,6 +74,39 @@ model User {
   OAuthRefreshTokens      OAuthRefreshToken[]
 }
 
+enum InvitedUserStatus {
+  INVITED
+  CLAIMED
+  REVOKED
+}
+
+enum TallyComputationStatus {
+  PENDING
+  RUNNING
+  READY
+  FAILED
+}
+
+model InvitedUser {
+  id        String   @id @default(uuid())
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  email      String             @unique
+  status     InvitedUserStatus  @default(INVITED)
+  authUserId String?            @unique
+  AuthUser   User?              @relation("InvitedUserAuthUser", fields: [authUserId], references: [id], onDelete: SetNull)
+  name       String?
+
+  tallyUnderstanding Json?
+  tallyStatus        TallyComputationStatus @default(PENDING)
+  tallyComputedAt    DateTime?
+  tallyError         String?
+
+  @@index([status])
+  @@index([tallyStatus])
+}
+
 enum OnboardingStep {
   // Introductory onboarding (Library)
   WELCOME

autogpt_platform/docs/beta-invite-design.md

@@ -0,0 +1,393 @@
+# Beta Invite Pre-Provisioning Design
+
+## Problem
+
+The current signup path is split across three places:
+
+- Supabase creates the auth user and password.
+- The backend lazily creates `platform.User` on first authenticated request in [`backend/backend/data/user.py`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/backend/backend/data/user.py).
+- A Postgres trigger creates `platform.Profile` after `auth.users` insert in [`backend/migrations/20250205100104_add_profile_trigger/migration.sql`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/backend/migrations/20250205100104_add_profile_trigger/migration.sql).
+
+That works for open signup plus a DB-level allowlist, but it does not give the platform a durable object representing:
+
+- a beta invite before the person signs up
+- pre-computed onboarding data tied to an email before auth exists
+- the distinction between "invited", "claimed", "active", and "revoked"
+
+It also makes first-login setup racey because `User`, `Profile`, `UserOnboarding`, and `CoPilotUnderstanding` are not created from one source of truth.
+
+## Goals
+
+- Allow staff to invite a user before they have a Supabase account.
+- Pre-create the platform-side user record and related data before first login.
+- Keep Supabase responsible for password entry, email verification, sessions, and OAuth providers.
+- Support both password signup and magic-link / OAuth signup for invited users.
+- Preserve the existing ability to populate Tally-derived understanding and onboarding defaults.
+- Make first login idempotent and safe if the user retries or signs in with a different method.
+
+## Non-goals
+
+- Replacing Supabase Auth.
+- Building a full enterprise identity management system.
+- Solving general-purpose team/org invites in this change.
+
+## Proposed model
+
+Introduce invite-backed pre-provisioning with email as the pre-auth identity key, then bind the invite to the Supabase `auth.users.id` when the user claims it.
+
+### New tables
+
+#### `BetaInvite`
+
+Represents an invitation sent to a person before they create credentials.
+
+Suggested fields:
+
+- `id`
+- `email` unique
+- `status` enum: `PENDING`, `CLAIMED`, `EXPIRED`, `REVOKED`
+- `inviteTokenHash` nullable
+- `invitedByUserId` nullable
+- `expiresAt` nullable
+- `claimedAt` nullable
+- `claimedAuthUserId` nullable unique
+- `metadata` jsonb
+- `createdAt`
+- `updatedAt`
+
+`metadata` should hold operational fields only, for example:
+
+- source: manual import, admin UI, CSV
+- cohort: beta wave name
+- notes
+- original tally email if normalization differs
+
+#### `PreProvisionedUser`
+
+Represents the platform-side user state that exists before Supabase auth is bound.
+
+Suggested fields:
+
+- `id`
+- `inviteId` unique
+- `email` unique
+- `authUserId` nullable unique
+- `status` enum: `PENDING_CLAIM`, `ACTIVE`, `MERGE_REQUIRED`, `DISABLED`
+- `name` nullable
+- `timezone` default `not-set`
+- `emailVerified` default `false`
+- `metadata` jsonb
+- `createdAt`
+- `updatedAt`
+
+This is the durable record staff can enrich before login.
+
+#### `PreProvisionedUserSeed`
+
+Stores structured seed data that should become first-class user records on claim.
+
+Suggested fields:
+
+- `id`
+- `preProvisionedUserId` unique
+- `profile` jsonb nullable
+- `onboarding` jsonb nullable
+- `businessUnderstanding` jsonb nullable
+- `promptContext` jsonb nullable
+- `createdAt`
+- `updatedAt`
+
+This avoids polluting the main `User.metadata` blob and gives explicit ownership over what is seed data versus ongoing user-authored data.
+
+## Why not pre-create `platform.User` directly?
+
+`platform.User.id` is currently designed to equal the Supabase user id in [`backend/schema.prisma`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/backend/schema.prisma). Pre-creating `User` with a fake UUID would ripple through every FK and complicate the eventual bind. Reusing email as the join key inside `User` is also not safe enough because the rest of the system assumes `User.id` is the canonical identity.
+
+A separate pre-provisioning layer is lower risk:
+
+- it avoids breaking every relation off `User`
+- it keeps the existing auth token model intact
+- it gives a clean migration path to merge into `User` once a Supabase identity exists
+
+## Claim flow
+
+### 1. Staff creates invite
+
+Admin API or script:
+
+1. Create `BetaInvite`.
+2. Create `PreProvisionedUser`.
+3. Create `PreProvisionedUserSeed`.
+4. Optionally fetch and store Tally-derived understanding immediately by email.
+5. Optionally send invite email containing a claim link.
+
+### 2. User opens signup page
+
+Two supported modes:
+
+- direct signup with invited email
+- invite-link signup with a short-lived token
+
+Preferred UX:
+
+- `/signup?invite=<token>`
+- frontend resolves token to masked email and invite status
+- email field is prefilled and locked by default
+
+### 3. User creates Supabase account
+
+Frontend still calls Supabase `signUp`, but include invite context in user metadata:
+
+- `invite_id`
+- `invite_email`
+
+This is useful for debugging but should not be the source of truth.
+
+### 4. First authenticated backend call activates invite
+
+Replace the current pure `get_or_create_user` behavior with:
+
+1. Read JWT `sub` and `email`.
+2. Look for existing `platform.User` by `id`.
+3. If found, return it.
+4. Else look for `PreProvisionedUser` by normalized email and `status = PENDING_CLAIM`.
+5. In one transaction:
+   - create `platform.User` with `id = auth sub`
+   - bind `PreProvisionedUser.authUserId = auth sub`
+   - mark `PreProvisionedUser.status = ACTIVE`
+   - mark `BetaInvite.status = CLAIMED`
+   - create or upsert `Profile`
+   - create or upsert `UserOnboarding`
+   - create or upsert `CoPilotUnderstanding`
+   - create `UserWorkspace` if required for the product experience
+6. If no pre-provisioned record exists, either:
+   - reject access for closed beta, or
+   - fall back to normal creation if a feature flag allows open signup
+
+This activation logic should live in the backend service, not a Postgres trigger, because it needs to coordinate across multiple platform tables and apply merge rules.
+
+## Data merge rules
+
+When activating a pre-provisioned invite:
+
+- `User`
+  - source of truth for `id` is Supabase JWT `sub`
+  - source of truth for `email` is Supabase auth email
+  - `name` prefers pre-provisioned value, falls back to auth metadata name
+
+- `Profile`
+  - if seed profile exists, use it
+  - else create the current generated default
+  - never overwrite an existing profile if activation is retried
+
+- `UserOnboarding`
+  - seed values are initial defaults only
+  - use `upsert` with create-on-missing semantics
+
+- `CoPilotUnderstanding`
+  - seed from stored Tally extraction if present
+  - skip Tally backfill on first login if this already exists
+
+- prompt/tally-specific context
+  - do not jam this into `User.metadata` unless no better typed model exists
+  - use `PreProvisionedUserSeed.promptContext` now, migrate to typed tables later if product solidifies
+
+## Invite enforcement
+
+The current closed-beta gate appears to rely on a Supabase-side DB error surfaced as "not allowed" in [`frontend/src/app/api/auth/utils.ts`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/frontend/src/app/api/auth/utils.ts).
+
+That should evolve to:
+
+### Short term
+
+Keep the current Supabase signup restriction, but have it check `BetaInvite`/`PreProvisionedUser` instead of a raw allowlist.
+
+### Medium term
+
+Stop using a generic DB exception as the main product signal and expose a backend endpoint:
+
+- `POST /internal/beta-invites/validate`
+- `GET /internal/beta-invites/:token`
+
+Then the frontend can fail earlier with a specific state:
+
+- invited and ready
+- invite expired
+- already claimed
+- not invited
+
+Supabase should still remain the hard gate for credential creation, but the UI should stop depending on opaque trigger failures for normal control flow.
+
+## Trigger changes
+
+The `auth.users` trigger that creates `platform.User` and `platform.Profile` should be removed once activation logic is live.
+
+Reason:
+
+- it cannot see or safely apply pre-provisioned seed data
+- it only handles create, not merge/bind
+- it duplicates responsibility already present in `get_or_create_user`
+
+Interim state during rollout:
+
+- keep trigger disabled for production once backend activation ships
+- keep a backfill script for any auth users created during the transition
+
+## API surface
+
+### Admin APIs
+
+- `POST /admin/beta-invites`
+  - create invite + pre-provisioned user + seed data
+- `POST /admin/beta-invites/bulk`
+  - CSV import for beta cohorts
+- `POST /admin/beta-invites/:id/resend`
+- `POST /admin/beta-invites/:id/revoke`
+- `GET /admin/beta-invites`
+
+### Public/auth-adjacent APIs
+
+- `GET /beta-invites/lookup?token=...`
+  - return safe invite info for signup page
+- `POST /beta-invites/claim-preview`
+  - optional: check whether an email is invited before attempting Supabase signup
+
+### Internal service function changes
+
+- Replace `get_or_create_user` with `get_or_activate_user`
+- keep a compatibility wrapper if needed to limit churn
+
+## Suggested backend implementation
+
+### New module
+
+- `backend/backend/data/beta_invite.py`
+
+Responsibilities:
+
+- create invite
+- resolve invite token
+- normalize email
+- activate pre-provisioned user
+- revoke / expire invite
+
+### Existing module changes
+
+- [`backend/backend/data/user.py`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/backend/backend/data/user.py)
+  - move lazy creation logic into activation-aware flow
+
+- [`backend/backend/api/features/v1.py`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/backend/backend/api/features/v1.py)
+  - `/auth/user` should call activation-aware function
+  - only run background Tally population if no seeded understanding exists
+
+- [`backend/backend/data/tally.py`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/backend/backend/data/tally.py)
+  - add a reusable "seed from email" function for invite creation time
+
+## Suggested frontend implementation
+
+### Signup
+
+- read invite token from URL
+- call invite lookup endpoint
+- prefill locked email when token is valid
+- if invite is invalid, show specific error, not generic waitlist modal
+
+Files likely affected:
+
+- [`frontend/src/app/(platform)/signup/page.tsx`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/frontend/src/app/(platform)/signup/page.tsx)
+- [`frontend/src/app/(platform)/signup/actions.ts`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/frontend/src/app/(platform)/signup/actions.ts)
+- [`frontend/src/components/auth/WaitlistErrorContent.tsx`](/Users/swifty/work/agpt/AutoGPT/autogpt_platform/frontend/src/components/auth/WaitlistErrorContent.tsx)
+
+### Admin UI
+
+Add a simple internal page for beta invites instead of manually editing allowlists.
+
+Possible location:
+
+- `frontend/src/app/(platform)/admin/users/invites/page.tsx`
+
+## Rollout plan
+
+### Phase 1: schema and service layer
+
+- add `BetaInvite`, `PreProvisionedUser`, `PreProvisionedUserSeed`
+- implement activation transaction
+- keep existing trigger/allowlist in place
+
+### Phase 2: admin creation path
+
+- add admin API or CLI script
+- support single invite and CSV bulk upload
+- seed Tally/business understanding during invite creation
+
+### Phase 3: signup UX
+
+- invite token lookup
+- better invite state messaging
+- preserve existing closed beta modal for non-invited traffic
+
+### Phase 4: remove legacy coupling
+
+- disable `auth.users` profile trigger
+- simplify `get_or_create_user`
+- migrate allowlist logic to invite tables
+
+## Edge cases
+
+### Existing auth user, no platform user
+
+This already happens today. Activation flow should treat it as:
+
+- if auth email matches a pending pre-provisioned invite, bind and activate
+- else create a plain `User` only if open-signup feature flag is enabled
+
+### Existing platform user, invited again
+
+Do not create another `PreProvisionedUser`. Create a second invite only if product explicitly wants re-invites. Otherwise reject as duplicate.
+
+### Email changed after invite
+
+Support admin-side reissue:
+
+- revoke old invite
+- create new invite with new email
+- move seed data forward
+
+Do not automatically bind across unrelated email addresses.
+
+### OAuth signup
+
+OAuth provider signups still work as long as the resulting Supabase email matches the invited email. If the provider returns a different email, activation should fail with a clear UI message.
+
+### Tally data arrives after invite creation
+
+Allow re-seeding before claim if `CoPilotUnderstanding` has not yet been created on activation.
+
+## Migration notes
+
+### Existing beta users
+
+No immediate migration required for already-active users. This system is mainly for future invited users.
+
+### Existing allowlist entries
+
+Backfill them into `BetaInvite` plus `PreProvisionedUser`, then swap the Supabase gating logic to consult invite tables instead of the legacy allowlist table/trigger.
+
+## Recommendation
+
+Implement the pre-provisioning layer first and keep `platform.User` bound to Supabase `auth.users.id`. That is the lowest-risk design because it respects the existing identity model while giving the business exactly what it needs:
+
+- invite someone before signup
+- compute and store Tally/onboarding/prompt defaults before first login
+- activate those defaults atomically when the user actually creates credentials
+
+## First implementation slice
+
+The smallest useful slice is:
+
+1. Add `BetaInvite`, `PreProvisionedUser`, and `PreProvisionedUserSeed`.
+2. Add a backend admin endpoint to create an invite from email plus optional seed payload.
+3. Change `/auth/user` activation logic to bind and materialize seeded `Profile`, `UserOnboarding`, and `CoPilotUnderstanding`.
+4. Keep the existing signup UI, but validate invite membership before or during signup.
+
+That delivers the core behavior without needing the full admin UI on day one.

autogpt_platform/frontend/src/app/(platform)/admin/layout.tsx

@@ -1,5 +1,11 @@
 import { Sidebar } from "@/components/__legacy__/Sidebar";
-import { Users, DollarSign, UserSearch, FileText } from "lucide-react";
+import {
+  Users,
+  DollarSign,
+  UserSearch,
+  FileText,
+  UserPlus,
+} from "lucide-react";
 
 import { IconSliders } from "@/components/__legacy__/ui/icons";
 
@@ -16,6 +22,11 @@ const sidebarLinkGroups = [
         href: "/admin/spending",
         icon: <DollarSign className="h-6 w-6" />,
       },
+      {
+        text: "Beta Invites",
+        href: "/admin/users",
+        icon: <UserPlus className="h-6 w-6" />,
+      },
       {
         text: "User Impersonation",
         href: "/admin/impersonation",

autogpt_platform/frontend/src/app/(platform)/admin/users/components/AdminUsersPage/AdminUsersPage.tsx

@@ -0,0 +1,80 @@
+"use client";
+
+import { Card } from "@/components/atoms/Card/Card";
+import { BulkInviteForm } from "../BulkInviteForm/BulkInviteForm";
+import { InviteUserForm } from "../InviteUserForm/InviteUserForm";
+import { InvitedUsersTable } from "../InvitedUsersTable/InvitedUsersTable";
+import { useAdminUsersPage } from "../../useAdminUsersPage";
+
+export function AdminUsersPage() {
+  const {
+    email,
+    name,
+    bulkInviteFile,
+    bulkInviteInputKey,
+    lastBulkInviteResult,
+    invitedUsers,
+    isLoadingInvitedUsers,
+    isRefreshingInvitedUsers,
+    isCreatingInvite,
+    isBulkInviting,
+    pendingInviteAction,
+    setEmail,
+    setName,
+    handleBulkInviteFileChange,
+    handleBulkInviteSubmit,
+    handleCreateInvite,
+    handleRetryTally,
+    handleRevoke,
+  } = useAdminUsersPage();
+
+  return (
+    <div className="mx-auto flex max-w-7xl flex-col gap-6 p-6">
+      <div className="flex flex-col gap-2">
+        <h1 className="text-3xl font-bold text-zinc-900">Beta Invites</h1>
+        <p className="max-w-3xl text-sm text-zinc-600">
+          Pre-provision beta users before they sign up. Invites store the
+          platform-side record, run Tally understanding extraction, and activate
+          the real account on the user&apos;s first authenticated request.
+        </p>
+      </div>
+
+      <div className="grid gap-6 xl:grid-cols-[24rem,1fr]">
+        <div className="flex flex-col gap-6">
+          <Card className="border border-zinc-200 shadow-sm">
+            <InviteUserForm
+              email={email}
+              name={name}
+              isSubmitting={isCreatingInvite}
+              onEmailChange={setEmail}
+              onNameChange={setName}
+              onSubmit={handleCreateInvite}
+            />
+          </Card>
+
+          <Card className="border border-zinc-200 shadow-sm">
+            <BulkInviteForm
+              selectedFile={bulkInviteFile}
+              inputKey={bulkInviteInputKey}
+              isSubmitting={isBulkInviting}
+              lastResult={lastBulkInviteResult}
+              onFileChange={handleBulkInviteFileChange}
+              onSubmit={handleBulkInviteSubmit}
+            />
+          </Card>
+        </div>
+
+        <Card className="border border-zinc-200 shadow-sm">
+          <InvitedUsersTable
+            invitedUsers={invitedUsers}
+            isLoading={isLoadingInvitedUsers}
+            isRefreshing={isRefreshingInvitedUsers}
+            pendingInviteAction={pendingInviteAction}
+            onRetryTally={handleRetryTally}
+            onRevoke={handleRevoke}
+          />
+        </Card>
+      </div>
+    </div>
+  );
+}

autogpt_platform/frontend/src/app/(platform)/admin/users/components/BulkInviteForm/BulkInviteForm.tsx

@@ -0,0 +1,131 @@
+"use client";
+
+import type { BulkInvitedUsersResponse } from "@/app/api/__generated__/models/bulkInvitedUsersResponse";
+import { Badge } from "@/components/atoms/Badge/Badge";
+import { Button } from "@/components/atoms/Button/Button";
+import type { FormEvent } from "react";
+
+interface Props {
+  selectedFile: File | null;
+  inputKey: number;
+  isSubmitting: boolean;
+  lastResult: BulkInvitedUsersResponse | null;
+  onFileChange: (file: File | null) => void;
+  onSubmit: (event: FormEvent<HTMLFormElement>) => void;
+}
+
+function getStatusVariant(status: "CREATED" | "SKIPPED" | "ERROR") {
+  if (status === "CREATED") {
+    return "success";
+  }
+
+  if (status === "ERROR") {
+    return "error";
+  }
+
+  return "info";
+}
+
+export function BulkInviteForm({
+  selectedFile,
+  inputKey,
+  isSubmitting,
+  lastResult,
+  onFileChange,
+  onSubmit,
+}: Props) {
+  return (
+    <form className="flex flex-col gap-4" onSubmit={onSubmit}>
+      <div className="flex flex-col gap-1">
+        <h2 className="text-xl font-semibold text-zinc-900">Bulk invite</h2>
+        <p className="text-sm text-zinc-600">
+          Upload a <span className="font-medium text-zinc-800">.txt</span> file
+          with one email per line, or a{" "}
+          <span className="font-medium text-zinc-800">.csv</span> with
+          <span className="font-medium text-zinc-800"> email</span> and optional
+          <span className="font-medium text-zinc-800"> name</span> columns.
+        </p>
+      </div>
+
+      <label className="flex cursor-pointer flex-col gap-2 rounded-2xl border border-dashed border-zinc-300 bg-zinc-50 px-4 py-5 text-sm text-zinc-600 transition-colors hover:border-zinc-400 hover:bg-zinc-100">
+        <span className="font-medium text-zinc-900">
+          {selectedFile ? selectedFile.name : "Choose invite file"}
+        </span>
+        <span>Maximum 500 rows, UTF-8 encoded.</span>
+        <input
+          key={inputKey}
+          type="file"
+          accept=".txt,.csv,text/plain,text/csv"
+          disabled={isSubmitting}
+          className="hidden"
+          onChange={(event) =>
+            onFileChange(event.target.files?.item(0) ?? null)
+          }
+        />
+      </label>
+
+      <Button
+        type="submit"
+        variant="primary"
+        loading={isSubmitting}
+        disabled={!selectedFile}
+        className="w-full"
+      >
+        {isSubmitting ? "Uploading invites..." : "Upload invite file"}
+      </Button>
+
+      {lastResult ? (
+        <div className="flex flex-col gap-3 rounded-2xl border border-zinc-200 bg-zinc-50 p-4">
+          <div className="grid grid-cols-3 gap-2 text-center">
+            <div className="rounded-xl bg-white px-3 py-2">
+              <div className="text-lg font-semibold text-zinc-900">
+                {lastResult.created_count}
+              </div>
+              <div className="text-xs uppercase tracking-[0.16em] text-zinc-500">
+                Created
+              </div>
+            </div>
+            <div className="rounded-xl bg-white px-3 py-2">
+              <div className="text-lg font-semibold text-zinc-900">
+                {lastResult.skipped_count}
+              </div>
+              <div className="text-xs uppercase tracking-[0.16em] text-zinc-500">
+                Skipped
+              </div>
+            </div>
+            <div className="rounded-xl bg-white px-3 py-2">
+              <div className="text-lg font-semibold text-zinc-900">
+                {lastResult.error_count}
+              </div>
+              <div className="text-xs uppercase tracking-[0.16em] text-zinc-500">
+                Errors
+              </div>
+            </div>
+          </div>
+
+          <div className="max-h-64 overflow-y-auto rounded-xl border border-zinc-200 bg-white">
+            <div className="flex flex-col divide-y divide-zinc-100">
+              {lastResult.results.map((row) => (
+                <div
+                  key={`${row.row_number}-${row.email ?? row.message}`}
+                  className="flex items-start gap-3 px-3 py-3"
+                >
+                  <Badge variant={getStatusVariant(row.status)} size="small">
+                    {row.status}
+                  </Badge>
+                  <div className="flex min-w-0 flex-1 flex-col gap-1">
+                    <span className="text-sm font-medium text-zinc-900">
+                      Row {row.row_number}
+                      {row.email ? ` · ${row.email}` : ""}
+                    </span>
+                    <span className="text-xs text-zinc-500">{row.message}</span>
+                  </div>
+                </div>
+              ))}
+            </div>
+          </div>
+        </div>
+      ) : null}
+    </form>
+  );
+}

autogpt_platform/frontend/src/app/(platform)/admin/users/components/InviteUserForm/InviteUserForm.tsx

@@ -0,0 +1,66 @@
+"use client";
+
+import { Button } from "@/components/atoms/Button/Button";
+import { Input } from "@/components/atoms/Input/Input";
+import type { FormEvent } from "react";
+
+interface Props {
+  email: string;
+  name: string;
+  isSubmitting: boolean;
+  onEmailChange: (value: string) => void;
+  onNameChange: (value: string) => void;
+  onSubmit: (event: FormEvent<HTMLFormElement>) => void;
+}
+
+export function InviteUserForm({
+  email,
+  name,
+  isSubmitting,
+  onEmailChange,
+  onNameChange,
+  onSubmit,
+}: Props) {
+  return (
+    <form className="flex flex-col gap-4" onSubmit={onSubmit}>
+      <div className="flex flex-col gap-1">
+        <h2 className="text-xl font-semibold text-zinc-900">Create invite</h2>
+        <p className="text-sm text-zinc-600">
+          The invite is stored immediately, then Tally pre-seeding starts in the
+          background.
+        </p>
+      </div>
+
+      <Input
+        id="invite-email"
+        label="Email"
+        type="email"
+        value={email}
+        placeholder="jane@example.com"
+        autoComplete="email"
+        disabled={isSubmitting}
+        onChange={(event) => onEmailChange(event.target.value)}
+      />
+
+      <Input
+        id="invite-name"
+        label="Name"
+        type="text"
+        value={name}
+        placeholder="Jane Doe"
+        disabled={isSubmitting}
+        onChange={(event) => onNameChange(event.target.value)}
+      />
+
+      <Button
+        type="submit"
+        variant="primary"
+        loading={isSubmitting}
+        disabled={!email.trim()}
+        className="w-full"
+      >
+        {isSubmitting ? "Creating invite..." : "Create invite"}
+      </Button>
+    </form>
+  );
+}

autogpt_platform/frontend/src/app/(platform)/admin/users/components/InvitedUsersTable/InvitedUsersTable.tsx

@@ -0,0 +1,209 @@
+"use client";
+
+import type { InvitedUserResponse } from "@/app/api/__generated__/models/invitedUserResponse";
+import { Badge } from "@/components/atoms/Badge/Badge";
+import { Button } from "@/components/atoms/Button/Button";
+import {
+  Table,
+  TableBody,
+  TableCell,
+  TableHead,
+  TableHeader,
+  TableRow,
+} from "@/components/__legacy__/ui/table";
+
+interface Props {
+  invitedUsers: InvitedUserResponse[];
+  isLoading: boolean;
+  isRefreshing: boolean;
+  pendingInviteAction: string | null;
+  onRetryTally: (invitedUserId: string) => void;
+  onRevoke: (invitedUserId: string) => void;
+}
+
+function getInviteBadgeVariant(status: InvitedUserResponse["status"]) {
+  if (status === "CLAIMED") {
+    return "success";
+  }
+
+  if (status === "REVOKED") {
+    return "error";
+  }
+
+  return "info";
+}
+
+function getTallyBadgeVariant(status: InvitedUserResponse["tally_status"]) {
+  if (status === "READY") {
+    return "success";
+  }
+
+  if (status === "FAILED") {
+    return "error";
+  }
+
+  return "info";
+}
+
+function formatDate(value: Date | undefined) {
+  if (!value) {
+    return "-";
+  }
+
+  return value.toLocaleString();
+}
+
+function getTallySummary(invitedUser: InvitedUserResponse) {
+  if (invitedUser.tally_status === "FAILED" && invitedUser.tally_error) {
+    return invitedUser.tally_error;
+  }
+
+  if (invitedUser.tally_status === "READY" && invitedUser.tally_understanding) {
+    return "Stored and ready for activation";
+  }
+
+  if (invitedUser.tally_status === "READY") {
+    return "No matching Tally submission found";
+  }
+
+  if (invitedUser.tally_status === "RUNNING") {
+    return "Extraction in progress";
+  }
+
+  return "Waiting to run";
+}
+
+function isActionPending(
+  pendingInviteAction: string | null,
+  action: "retry" | "revoke",
+  invitedUserId: string,
+) {
+  return pendingInviteAction === `${action}:${invitedUserId}`;
+}
+
+export function InvitedUsersTable({
+  invitedUsers,
+  isLoading,
+  isRefreshing,
+  pendingInviteAction,
+  onRetryTally,
+  onRevoke,
+}: Props) {
+  return (
+    <div className="flex flex-col gap-4">
+      <div className="flex items-center justify-between gap-4">
+        <div className="flex flex-col gap-1">
+          <h2 className="text-xl font-semibold text-zinc-900">Invited users</h2>
+          <p className="text-sm text-zinc-600">
+            Live invite state, claim status, and Tally pre-seeding progress.
+          </p>
+        </div>
+        <span className="text-xs uppercase tracking-[0.18em] text-zinc-400">
+          {isRefreshing ? "Refreshing" : `${invitedUsers.length} total`}
+        </span>
+      </div>
+
+      <div className="overflow-hidden rounded-2xl border border-zinc-200">
+        <Table>
+          <TableHeader className="bg-zinc-50">
+            <TableRow>
+              <TableHead>Email</TableHead>
+              <TableHead>Name</TableHead>
+              <TableHead>Invite</TableHead>
+              <TableHead>Tally</TableHead>
+              <TableHead>Claimed User</TableHead>
+              <TableHead>Created</TableHead>
+              <TableHead className="text-right">Actions</TableHead>
+            </TableRow>
+          </TableHeader>
+          <TableBody>
+            {isLoading ? (
+              <TableRow>
+                <TableCell
+                  colSpan={7}
+                  className="py-10 text-center text-zinc-500"
+                >
+                  Loading invited users...
+                </TableCell>
+              </TableRow>
+            ) : invitedUsers.length === 0 ? (
+              <TableRow>
+                <TableCell
+                  colSpan={7}
+                  className="py-10 text-center text-zinc-500"
+                >
+                  No invited users yet
+                </TableCell>
+              </TableRow>
+            ) : (
+              invitedUsers.map((invitedUser) => (
+                <TableRow key={invitedUser.id} className="align-top">
+                  <TableCell className="font-medium text-zinc-900">
+                    {invitedUser.email}
+                  </TableCell>
+                  <TableCell>{invitedUser.name || "-"}</TableCell>
+                  <TableCell>
+                    <Badge variant={getInviteBadgeVariant(invitedUser.status)}>
+                      {invitedUser.status}
+                    </Badge>
+                  </TableCell>
+                  <TableCell>
+                    <div className="flex max-w-xs flex-col gap-2">
+                      <Badge
+                        variant={getTallyBadgeVariant(invitedUser.tally_status)}
+                      >
+                        {invitedUser.tally_status}
+                      </Badge>
+                      <span className="text-xs text-zinc-500">
+                        {getTallySummary(invitedUser)}
+                      </span>
+                      <span className="text-xs text-zinc-400">
+                        {formatDate(invitedUser.tally_computed_at ?? undefined)}
+                      </span>
+                    </div>
+                  </TableCell>
+                  <TableCell className="font-mono text-xs text-zinc-500">
+                    {invitedUser.auth_user_id || "-"}
+                  </TableCell>
+                  <TableCell className="text-sm text-zinc-500">
+                    {formatDate(invitedUser.created_at)}
+                  </TableCell>
+                  <TableCell>
+                    <div className="flex justify-end gap-2">
+                      <Button
+                        variant="outline"
+                        size="small"
+                        disabled={invitedUser.status === "REVOKED"}
+                        loading={isActionPending(
+                          pendingInviteAction,
+                          "retry",
+                          invitedUser.id,
+                        )}
+                        onClick={() => onRetryTally(invitedUser.id)}
+                      >
+                        Retry Tally
+                      </Button>
+                      <Button
+                        variant="secondary"
+                        size="small"
+                        disabled={invitedUser.status !== "INVITED"}
+                        loading={isActionPending(
+                          pendingInviteAction,
+                          "revoke",
+                          invitedUser.id,
+                        )}
+                        onClick={() => onRevoke(invitedUser.id)}
+                      >
+                        Revoke
+                      </Button>
+                    </div>
+                  </TableCell>
+                </TableRow>
+              ))
+            )}
+          </TableBody>
+        </Table>
+      </div>
+    </div>
+  );
+}

autogpt_platform/frontend/src/app/(platform)/admin/users/page.tsx

@@ -1,16 +1,11 @@
 import { withRoleAccess } from "@/lib/withRoleAccess";
-import React from "react";
+import { AdminUsersPage } from "./components/AdminUsersPage/AdminUsersPage";
 
 function AdminUsers() {
-  return (
-    <div>
-      <h1>Users Dashboard</h1>
-      {/* Add your admin-only content here */}
-    </div>
-  );
+  return <AdminUsersPage />;
 }
 
-export default async function AdminUsersPage() {
+export default async function AdminUsersRoute() {
   "use server";
   const withAdminAccess = await withRoleAccess(["admin"]);
   const ProtectedAdminUsers = await withAdminAccess(AdminUsers);

autogpt_platform/frontend/src/app/(platform)/admin/users/useAdminUsersPage.ts

@@ -0,0 +1,201 @@
+"use client";
+
+import type { BulkInvitedUsersResponse } from "@/app/api/__generated__/models/bulkInvitedUsersResponse";
+import { okData } from "@/app/api/helpers";
+import {
+  getGetV2ListInvitedUsersQueryKey,
+  useGetV2ListInvitedUsers,
+  usePostV2BulkCreateInvitedUsers,
+  usePostV2CreateInvitedUser,
+  usePostV2RetryInvitedUserTally,
+  usePostV2RevokeInvitedUser,
+} from "@/app/api/__generated__/endpoints/admin/admin";
+import { useToast } from "@/components/molecules/Toast/use-toast";
+import { ApiError } from "@/lib/autogpt-server-api/helpers";
+import { useQueryClient } from "@tanstack/react-query";
+import { type FormEvent, useState } from "react";
+
+function getErrorMessage(error: unknown) {
+  if (error instanceof ApiError) {
+    return error.message;
+  }
+
+  if (error instanceof Error) {
+    return error.message;
+  }
+
+  return "Something went wrong";
+}
+
+export function useAdminUsersPage() {
+  const queryClient = useQueryClient();
+  const { toast } = useToast();
+  const [email, setEmail] = useState("");
+  const [name, setName] = useState("");
+  const [bulkInviteFile, setBulkInviteFile] = useState<File | null>(null);
+  const [bulkInviteInputKey, setBulkInviteInputKey] = useState(0);
+  const [lastBulkInviteResult, setLastBulkInviteResult] =
+    useState<BulkInvitedUsersResponse | null>(null);
+  const [pendingInviteAction, setPendingInviteAction] = useState<string | null>(
+    null,
+  );
+
+  const invitedUsersQuery = useGetV2ListInvitedUsers({
+    query: {
+      select: okData,
+      refetchInterval: 5000,
+    },
+  });
+
+  const createInvitedUserMutation = usePostV2CreateInvitedUser({
+    mutation: {
+      onSuccess: async () => {
+        setEmail("");
+        setName("");
+        await queryClient.invalidateQueries({
+          queryKey: getGetV2ListInvitedUsersQueryKey(),
+        });
+        toast({
+          title: "Invited user created",
+          variant: "default",
+        });
+      },
+      onError: (error) => {
+        toast({
+          title: getErrorMessage(error),
+          variant: "destructive",
+        });
+      },
+    },
+  });
+
+  const bulkCreateInvitedUsersMutation = usePostV2BulkCreateInvitedUsers({
+    mutation: {
+      onSuccess: async (response) => {
+        const result = okData(response) ?? null;
+        setBulkInviteFile(null);
+        setBulkInviteInputKey((currentValue) => currentValue + 1);
+        setLastBulkInviteResult(result);
+        await queryClient.invalidateQueries({
+          queryKey: getGetV2ListInvitedUsersQueryKey(),
+        });
+        toast({
+          title: result
+            ? `${result.created_count} invites created`
+            : "Bulk invite upload complete",
+          variant: "default",
+        });
+      },
+      onError: (error) => {
+        toast({
+          title: getErrorMessage(error),
+          variant: "destructive",
+        });
+      },
+    },
+  });
+
+  const retryInvitedUserTallyMutation = usePostV2RetryInvitedUserTally({
+    mutation: {
+      onSuccess: async () => {
+        setPendingInviteAction(null);
+        await queryClient.invalidateQueries({
+          queryKey: getGetV2ListInvitedUsersQueryKey(),
+        });
+        toast({
+          title: "Tally pre-seeding restarted",
+          variant: "default",
+        });
+      },
+      onError: (error) => {
+        setPendingInviteAction(null);
+        toast({
+          title: getErrorMessage(error),
+          variant: "destructive",
+        });
+      },
+    },
+  });
+
+  const revokeInvitedUserMutation = usePostV2RevokeInvitedUser({
+    mutation: {
+      onSuccess: async () => {
+        setPendingInviteAction(null);
+        await queryClient.invalidateQueries({
+          queryKey: getGetV2ListInvitedUsersQueryKey(),
+        });
+        toast({
+          title: "Invite revoked",
+          variant: "default",
+        });
+      },
+      onError: (error) => {
+        setPendingInviteAction(null);
+        toast({
+          title: getErrorMessage(error),
+          variant: "destructive",
+        });
+      },
+    },
+  });
+
+  function handleCreateInvite(event: FormEvent<HTMLFormElement>) {
+    event.preventDefault();
+
+    createInvitedUserMutation.mutate({
+      data: {
+        email,
+        name: name.trim() || null,
+      },
+    });
+  }
+
+  function handleRetryTally(invitedUserId: string) {
+    setPendingInviteAction(`retry:${invitedUserId}`);
+    retryInvitedUserTallyMutation.mutate({ invitedUserId });
+  }
+
+  function handleBulkInviteFileChange(file: File | null) {
+    setBulkInviteFile(file);
+  }
+
+  function handleBulkInviteSubmit(event: FormEvent<HTMLFormElement>) {
+    event.preventDefault();
+
+    if (!bulkInviteFile) {
+      return;
+    }
+
+    bulkCreateInvitedUsersMutation.mutate({
+      data: {
+        file: bulkInviteFile,
+      },
+    });
+  }
+
+  function handleRevoke(invitedUserId: string) {
+    setPendingInviteAction(`revoke:${invitedUserId}`);
+    revokeInvitedUserMutation.mutate({ invitedUserId });
+  }
+
+  return {
+    email,
+    name,
+    bulkInviteFile,
+    bulkInviteInputKey,
+    lastBulkInviteResult,
+    invitedUsers: invitedUsersQuery.data?.invited_users ?? [],
+    isLoadingInvitedUsers: invitedUsersQuery.isLoading,
+    isRefreshingInvitedUsers: invitedUsersQuery.isFetching,
+    isCreatingInvite: createInvitedUserMutation.isPending,
+    isBulkInviting: bulkCreateInvitedUsersMutation.isPending,
+    pendingInviteAction,
+    setEmail,
+    setName,
+    handleBulkInviteFileChange,
+    handleBulkInviteSubmit,
+    handleCreateInvite,
+    handleRetryTally,
+    handleRevoke,
+  };
+}

autogpt_platform/frontend/src/app/api/openapi.json

@@ -6646,6 +6646,181 @@
         }
       }
     },
+    "/api/users/admin/invited-users": {
+      "get": {
+        "tags": ["v2", "admin", "users", "admin"],
+        "summary": "List Invited Users",
+        "operationId": "getV2List invited users",
+        "responses": {
+          "200": {
+            "description": "Successful Response",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/InvitedUsersResponse"
+                }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+          }
+        },
+        "security": [{ "HTTPBearerJWT": [] }]
+      },
+      "post": {
+        "tags": ["v2", "admin", "users", "admin"],
+        "summary": "Create Invited User",
+        "operationId": "postV2Create invited user",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/CreateInvitedUserRequest"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "200": {
+            "description": "Successful Response",
+            "content": {
+              "application/json": {
+                "schema": { "$ref": "#/components/schemas/InvitedUserResponse" }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+          },
+          "422": {
+            "description": "Validation Error",
+            "content": {
+              "application/json": {
+                "schema": { "$ref": "#/components/schemas/HTTPValidationError" }
+              }
+            }
+          }
+        },
+        "security": [{ "HTTPBearerJWT": [] }]
+      }
+    },
+    "/api/users/admin/invited-users/bulk": {
+      "post": {
+        "tags": ["v2", "admin", "users", "admin"],
+        "summary": "Bulk Create Invited Users",
+        "operationId": "postV2BulkCreateInvitedUsers",
+        "requestBody": {
+          "content": {
+            "multipart/form-data": {
+              "schema": {
+                "$ref": "#/components/schemas/Body_postV2BulkCreateInvitedUsers"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "200": {
+            "description": "Successful Response",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/BulkInvitedUsersResponse"
+                }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+          },
+          "422": {
+            "description": "Validation Error",
+            "content": {
+              "application/json": {
+                "schema": { "$ref": "#/components/schemas/HTTPValidationError" }
+              }
+            }
+          }
+        },
+        "security": [{ "HTTPBearerJWT": [] }]
+      }
+    },
+    "/api/users/admin/invited-users/{invited_user_id}/retry-tally": {
+      "post": {
+        "tags": ["v2", "admin", "users", "admin"],
+        "summary": "Retry Invited User Tally",
+        "operationId": "postV2Retry invited user tally",
+        "security": [{ "HTTPBearerJWT": [] }],
+        "parameters": [
+          {
+            "name": "invited_user_id",
+            "in": "path",
+            "required": true,
+            "schema": { "type": "string", "title": "Invited User Id" }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful Response",
+            "content": {
+              "application/json": {
+                "schema": { "$ref": "#/components/schemas/InvitedUserResponse" }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+          },
+          "422": {
+            "description": "Validation Error",
+            "content": {
+              "application/json": {
+                "schema": { "$ref": "#/components/schemas/HTTPValidationError" }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/api/users/admin/invited-users/{invited_user_id}/revoke": {
+      "post": {
+        "tags": ["v2", "admin", "users", "admin"],
+        "summary": "Revoke Invited User",
+        "operationId": "postV2Revoke invited user",
+        "security": [{ "HTTPBearerJWT": [] }],
+        "parameters": [
+          {
+            "name": "invited_user_id",
+            "in": "path",
+            "required": true,
+            "schema": { "type": "string", "title": "Invited User Id" }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful Response",
+            "content": {
+              "application/json": {
+                "schema": { "$ref": "#/components/schemas/InvitedUserResponse" }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+          },
+          "422": {
+            "description": "Validation Error",
+            "content": {
+              "application/json": {
+                "schema": { "$ref": "#/components/schemas/HTTPValidationError" }
+              }
+            }
+          }
+        }
+      }
+    },
     "/api/workspace/files/upload": {
       "post": {
         "tags": ["workspace"],
@@ -8006,6 +8181,14 @@
         "required": ["store_listing_version_id"],
         "title": "Body_postV2Add marketplace agent"
       },
+      "Body_postV2BulkCreateInvitedUsers": {
+        "properties": {
+          "file": { "type": "string", "format": "binary", "title": "File" }
+        },
+        "type": "object",
+        "required": ["file"],
+        "title": "Body_postV2BulkCreateInvitedUsers"
+      },
       "Body_postV2Execute_a_preset": {
         "properties": {
           "inputs": {
@@ -8040,6 +8223,56 @@
         "required": ["file"],
         "title": "Body_postWorkspaceUpload file to workspace"
       },
+      "BulkInvitedUserRowResponse": {
+        "properties": {
+          "row_number": { "type": "integer", "title": "Row Number" },
+          "email": {
+            "anyOf": [{ "type": "string" }, { "type": "null" }],
+            "title": "Email"
+          },
+          "name": {
+            "anyOf": [{ "type": "string" }, { "type": "null" }],
+            "title": "Name"
+          },
+          "status": {
+            "type": "string",
+            "enum": ["CREATED", "SKIPPED", "ERROR"],
+            "title": "Status"
+          },
+          "message": { "type": "string", "title": "Message" },
+          "invited_user": {
+            "anyOf": [
+              { "$ref": "#/components/schemas/InvitedUserResponse" },
+              { "type": "null" }
+            ]
+          }
+        },
+        "type": "object",
+        "required": ["row_number", "status", "message"],
+        "title": "BulkInvitedUserRowResponse"
+      },
+      "BulkInvitedUsersResponse": {
+        "properties": {
+          "created_count": { "type": "integer", "title": "Created Count" },
+          "skipped_count": { "type": "integer", "title": "Skipped Count" },
+          "error_count": { "type": "integer", "title": "Error Count" },
+          "results": {
+            "items": {
+              "$ref": "#/components/schemas/BulkInvitedUserRowResponse"
+            },
+            "type": "array",
+            "title": "Results"
+          }
+        },
+        "type": "object",
+        "required": [
+          "created_count",
+          "skipped_count",
+          "error_count",
+          "results"
+        ],
+        "title": "BulkInvitedUsersResponse"
+      },
       "BulkMoveAgentsRequest": {
         "properties": {
           "agent_ids": {
@@ -8216,6 +8449,18 @@
         "required": ["graph"],
         "title": "CreateGraph"
       },
+      "CreateInvitedUserRequest": {
+        "properties": {
+          "email": { "type": "string", "format": "email", "title": "Email" },
+          "name": {
+            "anyOf": [{ "type": "string" }, { "type": "null" }],
+            "title": "Name"
+          }
+        },
+        "type": "object",
+        "required": ["email"],
+        "title": "CreateInvitedUserRequest"
+      },
       "CreateSessionResponse": {
         "properties": {
           "id": { "type": "string", "title": "Id" },
@@ -9680,6 +9925,79 @@
         "title": "InputValidationErrorResponse",
         "description": "Response when run_agent receives unknown input fields."
       },
+      "InvitedUserResponse": {
+        "properties": {
+          "id": { "type": "string", "title": "Id" },
+          "email": { "type": "string", "title": "Email" },
+          "status": { "$ref": "#/components/schemas/InvitedUserStatus" },
+          "auth_user_id": {
+            "anyOf": [{ "type": "string" }, { "type": "null" }],
+            "title": "Auth User Id"
+          },
+          "name": {
+            "anyOf": [{ "type": "string" }, { "type": "null" }],
+            "title": "Name"
+          },
+          "tally_understanding": {
+            "anyOf": [
+              { "additionalProperties": true, "type": "object" },
+              { "type": "null" }
+            ],
+            "title": "Tally Understanding"
+          },
+          "tally_status": {
+            "$ref": "#/components/schemas/TallyComputationStatus"
+          },
+          "tally_computed_at": {
+            "anyOf": [
+              { "type": "string", "format": "date-time" },
+              { "type": "null" }
+            ],
+            "title": "Tally Computed At"
+          },
+          "tally_error": {
+            "anyOf": [{ "type": "string" }, { "type": "null" }],
+            "title": "Tally Error"
+          },
+          "created_at": {
+            "type": "string",
+            "format": "date-time",
+            "title": "Created At"
+          },
+          "updated_at": {
+            "type": "string",
+            "format": "date-time",
+            "title": "Updated At"
+          }
+        },
+        "type": "object",
+        "required": [
+          "id",
+          "email",
+          "status",
+          "tally_status",
+          "created_at",
+          "updated_at"
+        ],
+        "title": "InvitedUserResponse"
+      },
+      "InvitedUserStatus": {
+        "type": "string",
+        "enum": ["INVITED", "CLAIMED", "REVOKED"],
+        "title": "InvitedUserStatus"
+      },
+      "InvitedUsersResponse": {
+        "properties": {
+          "invited_users": {
+            "items": { "$ref": "#/components/schemas/InvitedUserResponse" },
+            "type": "array",
+            "title": "Invited Users"
+          }
+        },
+        "type": "object",
+        "required": ["invited_users"],
+        "title": "InvitedUsersResponse"
+      },
       "LibraryAgent": {
         "properties": {
           "id": { "type": "string", "title": "Id" },
@@ -12653,6 +12971,11 @@
         "required": ["recent_searches", "providers", "top_blocks"],
         "title": "SuggestionsResponse"
       },
+      "TallyComputationStatus": {
+        "type": "string",
+        "enum": ["PENDING", "RUNNING", "READY", "FAILED"],
+        "title": "TallyComputationStatus"
+      },
       "TimezoneResponse": {
         "properties": {
           "timezone": {