Merge branch 'dev' into make-old-work

chore(branchlet): Remove docs pip install from postCreateCmd (#11883 )
### Changes 🏗️ - Removed `cd docs && pip install -r requirements.txt` from `postCreateCmd` in `.branchlet.json` - Docs dependencies will no longer be auto-installed during branchlet worktree creation ### Rationale The docs setup step was adding unnecessary overhead to the worktree creation process. Developers who need to work on documentation can manually install the docs requirements when needed. ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Verified branchlet worktree creation still works without the docs pip install step #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**)
2026-01-31 09:58:19 -05:00 · 2026-01-29 19:32:34 -06:00 · 2026-01-30 00:31:34 +00:00 · 2026-01-29 14:31:11 -06:00 · 2026-01-29 19:53:40 +00:00 · 2026-01-29 17:33:02 +00:00
2349 changed files with 42927 additions and 819238 deletions
--- a/.branchlet.json
+++ b/.branchlet.json
@@ -29,8 +29,7 @@
  "postCreateCmd": [
    "cd autogpt_platform/autogpt_libs && poetry install",
    "cd autogpt_platform/backend && poetry install && poetry run prisma generate",
-    "cd autogpt_platform/frontend && pnpm install",
+    "cd autogpt_platform/frontend && pnpm install"
    "cd docs && pip install -r requirements.txt"
  ],
  "terminalCommand": "code .",
  "deleteBranchWithWorktree": false
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -160,7 +160,7 @@ pnpm storybook                      # Start component development server
 **Backend Entry Points:**
- `backend/backend/server/server.py` - FastAPI application setup
+- `backend/backend/api/rest_api.py` - FastAPI application setup
 - `backend/backend/data/` - Database models and user management
 - `backend/blocks/` - Agent execution blocks and logic
@@ -219,7 +219,7 @@ Agents are built using a visual block-based system where each block performs a s
 ### API Development
-1. Update routes in `/backend/backend/server/routers/`
+1. Update routes in `/backend/backend/api/features/`
 2. Add/update Pydantic models in same directory
 3. Write tests alongside route files
 4. For `data/*.py` changes, validate user ID checks
@@ -285,7 +285,7 @@ Agents are built using a visual block-based system where each block performs a s
 ### Security Guidelines
-**Cache Protection Middleware** (`/backend/backend/server/middleware/security.py`):
+**Cache Protection Middleware** (`/backend/backend/api/middleware/security.py`):
 - Default: Disables caching for ALL endpoints with `Cache-Control: no-store, no-cache, must-revalidate, private`
 - Uses allow list approach for cacheable paths (static assets, health checks, public pages)
--- a/.github/workflows/classic-autogpt-ci.yml
+++ b/.github/workflows/classic-autogpt-ci.yml
@@ -6,11 +6,15 @@ on:
    paths:
      - '.github/workflows/classic-autogpt-ci.yml'
      - 'classic/original_autogpt/**'
      - 'classic/direct_benchmark/**'
      - 'classic/forge/**'
  pull_request:
    branches: [ master, dev, release-* ]
    paths:
      - '.github/workflows/classic-autogpt-ci.yml'
      - 'classic/original_autogpt/**'
      - 'classic/direct_benchmark/**'
      - 'classic/forge/**'
 concurrency:
  group: ${{ format('classic-autogpt-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
@@ -19,47 +23,22 @@ concurrency:
 defaults:
  run:
    shell: bash
-    working-directory: classic/original_autogpt
+    working-directory: classic
 jobs:
  test:
    permissions:
      contents: read
    timeout-minutes: 30
-    strategy:
+    runs-on: ubuntu-latest
      fail-fast: false
      matrix:
        python-version: ["3.10"]
        platform-os: [ubuntu, macos, macos-arm64, windows]
    runs-on: ${{ matrix.platform-os != 'macos-arm64' && format('{0}-latest', matrix.platform-os) || 'macos-14' }}
    steps:
-      # Quite slow on macOS (2~4 minutes to set up Docker)
+      - name: Start MinIO service
      # - name: Set up Docker (macOS)
      #   if: runner.os == 'macOS'
      #   uses: crazy-max/ghaction-setup-docker@v3
      - name: Start MinIO service (Linux)
        if: runner.os == 'Linux'
        working-directory: '.'
        run: |
          docker pull minio/minio:edge-cicd
          docker run -d -p 9000:9000 minio/minio:edge-cicd
      - name: Start MinIO service (macOS)
        if: runner.os == 'macOS'
        working-directory: ${{ runner.temp }}
        run: |
          brew install minio/stable/minio
          mkdir data
          minio server ./data &
      # No MinIO on Windows:
      # - Windows doesn't support running Linux Docker containers
      # - It doesn't seem possible to start background processes on Windows. They are
      #   killed after the step returns.
      #   See: https://github.com/actions/runner/issues/598#issuecomment-2011890429
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
@@ -71,41 +50,23 @@ jobs:
          git config --global user.name "Auto-GPT-Bot"
          git config --global user.email "github-bot@agpt.co"
-      - name: Set up Python ${{ matrix.python-version }}
+      - name: Set up Python 3.12
        uses: actions/setup-python@v5
        with:
-          python-version: ${{ matrix.python-version }}
+          python-version: "3.12"
      - id: get_date
        name: Get date
        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
      - name: Set up Python dependency cache
        # On Windows, unpacking cached dependencies takes longer than just installing them
        if: runner.os != 'Windows'
        uses: actions/cache@v4
        with:
-          path: ${{ runner.os == 'macOS' && '~/Library/Caches/pypoetry' || '~/.cache/pypoetry' }}
+          path: ~/.cache/pypoetry
-          key: poetry-${{ runner.os }}-${{ hashFiles('classic/original_autogpt/poetry.lock') }}
+          key: poetry-${{ runner.os }}-${{ hashFiles('classic/poetry.lock') }}
-      - name: Install Poetry (Unix)
+      - name: Install Poetry
-        if: runner.os != 'Windows'
+        run: curl -sSL https://install.python-poetry.org | python3 -
        run: |
          curl -sSL https://install.python-poetry.org | python3 -
          if [ "${{ runner.os }}" = "macOS" ]; then
            PATH="$HOME/.local/bin:$PATH"
            echo "$HOME/.local/bin" >> $GITHUB_PATH
          fi
      - name: Install Poetry (Windows)
        if: runner.os == 'Windows'
        shell: pwsh
        run: |
          (Invoke-WebRequest -Uri https://install.python-poetry.org -UseBasicParsing).Content | python -
          $env:PATH += ";$env:APPDATA\Python\Scripts"
          echo "$env:APPDATA\Python\Scripts" >> $env:GITHUB_PATH
      - name: Install Python dependencies
        run: poetry install
@@ -116,12 +77,12 @@ jobs:
            --cov=autogpt --cov-branch --cov-report term-missing --cov-report xml \
            --numprocesses=logical --durations=10 \
            --junitxml=junit.xml -o junit_family=legacy \
-            tests/unit tests/integration
+            original_autogpt/tests/unit original_autogpt/tests/integration
        env:
          CI: true
          PLAIN_OUTPUT: True
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          S3_ENDPOINT_URL: ${{ runner.os != 'Windows' && 'http://127.0.0.1:9000' || '' }}
+          S3_ENDPOINT_URL: http://127.0.0.1:9000
          AWS_ACCESS_KEY_ID: minioadmin
          AWS_SECRET_ACCESS_KEY: minioadmin
@@ -135,11 +96,11 @@ jobs:
        uses: codecov/codecov-action@v5
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
-          flags: autogpt-agent,${{ runner.os }}
+          flags: autogpt-agent
      - name: Upload logs to artifact
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: test-logs
-          path: classic/original_autogpt/logs/
+          path: classic/logs/
--- a/.github/workflows/classic-autogpts-ci.yml
+++ b/.github/workflows/classic-autogpts-ci.yml
@@ -11,9 +11,6 @@ on:
      - 'classic/original_autogpt/**'
      - 'classic/forge/**'
      - 'classic/benchmark/**'
      - 'classic/run'
      - 'classic/cli.py'
      - 'classic/setup.py'
      - '!**/*.md'
  pull_request:
    branches: [ master, dev, release-* ]
@@ -22,9 +19,6 @@ on:
      - 'classic/original_autogpt/**'
      - 'classic/forge/**'
      - 'classic/benchmark/**'
      - 'classic/run'
      - 'classic/cli.py'
      - 'classic/setup.py'
      - '!**/*.md'
 defaults:
@@ -35,13 +29,9 @@ defaults:
 jobs:
  serve-agent-protocol:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        agent-name: [ original_autogpt ]
      fail-fast: false
    timeout-minutes: 20
    env:
-      min-python-version: '3.10'
+      min-python-version: '3.12'
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
@@ -55,22 +45,22 @@ jobs:
          python-version: ${{ env.min-python-version }}
      - name: Install Poetry
        working-directory: ./classic/${{ matrix.agent-name }}/
        run: |
          curl -sSL https://install.python-poetry.org | python -
-      - name: Run regression tests
+      - name: Install dependencies
        run: poetry install
      - name: Run smoke tests with direct-benchmark
        run: |
-          ./run agent start ${{ matrix.agent-name }}
+          poetry run direct-benchmark run \
-          cd ${{ matrix.agent-name }}
+            --strategies one_shot \
-          poetry run agbenchmark --mock --test=BasicRetrieval --test=Battleship --test=WebArenaTask_0
+            --models claude \
-          poetry run agbenchmark --test=WriteFile
+            --tests ReadFile,WriteFile \
            --json
        env:
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          AGENT_NAME: ${{ matrix.agent-name }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
-          HELICONE_CACHE_ENABLED: false
+          NONINTERACTIVE_MODE: "true"
-          HELICONE_PROPERTY_AGENT: ${{ matrix.agent-name }}
+          CI: true
          REPORTS_FOLDER: ${{ format('../../reports/{0}', matrix.agent-name) }}
          TELEMETRY_ENVIRONMENT: autogpt-ci
          TELEMETRY_OPT_IN: ${{ github.ref_name == 'master' }}
--- a/.github/workflows/classic-benchmark-ci.yml
+++ b/.github/workflows/classic-benchmark-ci.yml
@@ -1,17 +1,21 @@
-name: Classic - AGBenchmark CI
+name: Classic - Direct Benchmark CI
 on:
  push:
    branches: [ master, dev, ci-test* ]
    paths:
-      - 'classic/benchmark/**'
+      - 'classic/direct_benchmark/**'
-      - '!classic/benchmark/reports/**'
+      - 'classic/benchmark/agbenchmark/challenges/**'
      - 'classic/original_autogpt/**'
      - 'classic/forge/**'
      - .github/workflows/classic-benchmark-ci.yml
  pull_request:
    branches: [ master, dev, release-* ]
    paths:
-      - 'classic/benchmark/**'
+      - 'classic/direct_benchmark/**'
-      - '!classic/benchmark/reports/**'
+      - 'classic/benchmark/agbenchmark/challenges/**'
      - 'classic/original_autogpt/**'
      - 'classic/forge/**'
      - .github/workflows/classic-benchmark-ci.yml
 concurrency:
@@ -23,23 +27,16 @@ defaults:
    shell: bash
 env:
-  min-python-version: '3.10'
+  min-python-version: '3.12'
 jobs:
-  test:
+  benchmark-tests:
-    permissions:
+    runs-on: ubuntu-latest
      contents: read
    timeout-minutes: 30
    strategy:
      fail-fast: false
      matrix:
        python-version: ["3.10"]
        platform-os: [ubuntu, macos, macos-arm64, windows]
    runs-on: ${{ matrix.platform-os != 'macos-arm64' && format('{0}-latest', matrix.platform-os) || 'macos-14' }}
    defaults:
      run:
        shell: bash
-        working-directory: classic/benchmark
+        working-directory: classic
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
@@ -47,71 +44,88 @@ jobs:
          fetch-depth: 0
          submodules: true
-      - name: Set up Python ${{ matrix.python-version }}
+      - name: Set up Python ${{ env.min-python-version }}
        uses: actions/setup-python@v5
        with:
-          python-version: ${{ matrix.python-version }}
+          python-version: ${{ env.min-python-version }}
      - name: Set up Python dependency cache
        # On Windows, unpacking cached dependencies takes longer than just installing them
        if: runner.os != 'Windows'
        uses: actions/cache@v4
        with:
-          path: ${{ runner.os == 'macOS' && '~/Library/Caches/pypoetry' || '~/.cache/pypoetry' }}
+          path: ~/.cache/pypoetry
-          key: poetry-${{ runner.os }}-${{ hashFiles('classic/benchmark/poetry.lock') }}
+          key: poetry-${{ runner.os }}-${{ hashFiles('classic/poetry.lock') }}
-      - name: Install Poetry (Unix)
+      - name: Install Poetry
        if: runner.os != 'Windows'
        run: |
          curl -sSL https://install.python-poetry.org | python3 -
-          if [ "${{ runner.os }}" = "macOS" ]; then
+      - name: Install dependencies
            PATH="$HOME/.local/bin:$PATH"
            echo "$HOME/.local/bin" >> $GITHUB_PATH
          fi
      - name: Install Poetry (Windows)
        if: runner.os == 'Windows'
        shell: pwsh
        run: |
          (Invoke-WebRequest -Uri https://install.python-poetry.org -UseBasicParsing).Content | python -
          $env:PATH += ";$env:APPDATA\Python\Scripts"
          echo "$env:APPDATA\Python\Scripts" >> $env:GITHUB_PATH
      - name: Install Python dependencies
        run: poetry install
-      - name: Run pytest with coverage
+      - name: Run basic benchmark tests
        run: |
-          poetry run pytest -vv \
+          echo "Testing ReadFile challenge with one_shot strategy..."
-            --cov=agbenchmark --cov-branch --cov-report term-missing --cov-report xml \
+          poetry run direct-benchmark run \
-            --durations=10 \
+            --fresh \
-            --junitxml=junit.xml -o junit_family=legacy \
+            --strategies one_shot \
-            tests
+            --models claude \
            --tests ReadFile \
            --json
          echo "Testing WriteFile challenge..."
          poetry run direct-benchmark run \
            --fresh \
            --strategies one_shot \
            --models claude \
            --tests WriteFile \
            --json
        env:
          CI: true
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
          NONINTERACTIVE_MODE: "true"
-      - name: Upload test results to Codecov
+      - name: Test category filtering
-        if: ${{ !cancelled() }}  # Run even if tests fail
+        run: |
-        uses: codecov/test-results-action@v1
+          echo "Testing coding category..."
-        with:
+          poetry run direct-benchmark run \
-          token: ${{ secrets.CODECOV_TOKEN }}
+            --fresh \
            --strategies one_shot \
            --models claude \
            --categories coding \
            --tests ReadFile,WriteFile \
            --json
        env:
          CI: true
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
          NONINTERACTIVE_MODE: "true"
-      - name: Upload coverage reports to Codecov
+      - name: Test multiple strategies
-        uses: codecov/codecov-action@v5
+        run: |
-        with:
+          echo "Testing multiple strategies..."
-          token: ${{ secrets.CODECOV_TOKEN }}
+          poetry run direct-benchmark run \
-          flags: agbenchmark,${{ runner.os }}
+            --fresh \
            --strategies one_shot,plan_execute \
            --models claude \
            --tests ReadFile \
            --parallel 2 \
            --json
        env:
          CI: true
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
          NONINTERACTIVE_MODE: "true"
-  self-test-with-agent:
+  # Run regression tests on maintain challenges
  regression-tests:
    runs-on: ubuntu-latest
-    strategy:
+    timeout-minutes: 45
-      matrix:
+    if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev'
-        agent-name: [forge]
+    defaults:
-      fail-fast: false
+      run:
-    timeout-minutes: 20
+        shell: bash
        working-directory: classic
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
@@ -126,51 +140,23 @@ jobs:
      - name: Install Poetry
        run: |
-          curl -sSL https://install.python-poetry.org | python -
+          curl -sSL https://install.python-poetry.org | python3 -
      - name: Install dependencies
        run: poetry install
      - name: Run regression tests
        working-directory: classic
        run: |
-          ./run agent start ${{ matrix.agent-name }}
+          echo "Running regression tests (previously beaten challenges)..."
-          cd ${{ matrix.agent-name }}
+          poetry run direct-benchmark run \
-
+            --fresh \
-          set +e # Ignore non-zero exit codes and continue execution
+            --strategies one_shot \
-          echo "Running the following command: poetry run agbenchmark --maintain --mock"
+            --models claude \
-          poetry run agbenchmark --maintain --mock
+            --maintain \
-          EXIT_CODE=$?
+            --parallel 4 \
-          set -e  # Stop ignoring non-zero exit codes
+            --json
          # Check if the exit code was 5, and if so, exit with 0 instead
          if [ $EXIT_CODE -eq 5 ]; then
            echo "regression_tests.json is empty."
          fi
          echo "Running the following command: poetry run agbenchmark --mock"
          poetry run agbenchmark --mock
          echo "Running the following command: poetry run agbenchmark --mock --category=data"
          poetry run agbenchmark --mock --category=data
          echo "Running the following command: poetry run agbenchmark --mock --category=coding"
          poetry run agbenchmark --mock --category=coding
          # echo "Running the following command: poetry run agbenchmark --test=WriteFile"
          # poetry run agbenchmark --test=WriteFile
          cd ../benchmark
          poetry install
          echo "Adding the BUILD_SKILL_TREE environment variable. This will attempt to add new elements in the skill tree. If new elements are added, the CI fails because they should have been pushed"
          export BUILD_SKILL_TREE=true
          # poetry run agbenchmark --mock
          # CHANGED=$(git diff --name-only | grep -E '(agbenchmark/challenges)|(../classic/frontend/assets)') || echo "No diffs"
          # if [ ! -z "$CHANGED" ]; then
          #   echo "There are unstaged changes please run agbenchmark and commit those changes since they are needed."
          #   echo "$CHANGED"
          #   exit 1
          # else
          #   echo "No unstaged changes."
          # fi
        env:
          CI: true
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          TELEMETRY_ENVIRONMENT: autogpt-benchmark-ci
+          NONINTERACTIVE_MODE: "true"
          TELEMETRY_OPT_IN: ${{ github.ref_name == 'master' }}
--- a/.github/workflows/classic-forge-ci.yml
+++ b/.github/workflows/classic-forge-ci.yml
@@ -6,13 +6,11 @@ on:
    paths:
      - '.github/workflows/classic-forge-ci.yml'
      - 'classic/forge/**'
      - '!classic/forge/tests/vcr_cassettes'
  pull_request:
    branches: [ master, dev, release-* ]
    paths:
      - '.github/workflows/classic-forge-ci.yml'
      - 'classic/forge/**'
      - '!classic/forge/tests/vcr_cassettes'
 concurrency:
  group: ${{ format('forge-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
@@ -21,115 +19,38 @@ concurrency:
 defaults:
  run:
    shell: bash
-    working-directory: classic/forge
+    working-directory: classic
 jobs:
  test:
    permissions:
      contents: read
    timeout-minutes: 30
-    strategy:
+    runs-on: ubuntu-latest
      fail-fast: false
      matrix:
        python-version: ["3.10"]
        platform-os: [ubuntu, macos, macos-arm64, windows]
    runs-on: ${{ matrix.platform-os != 'macos-arm64' && format('{0}-latest', matrix.platform-os) || 'macos-14' }}
    steps:
-      # Quite slow on macOS (2~4 minutes to set up Docker)
+      - name: Start MinIO service
      # - name: Set up Docker (macOS)
      #   if: runner.os == 'macOS'
      #   uses: crazy-max/ghaction-setup-docker@v3
      - name: Start MinIO service (Linux)
        if: runner.os == 'Linux'
        working-directory: '.'
        run: |
          docker pull minio/minio:edge-cicd
          docker run -d -p 9000:9000 minio/minio:edge-cicd
      - name: Start MinIO service (macOS)
        if: runner.os == 'macOS'
        working-directory: ${{ runner.temp }}
        run: |
          brew install minio/stable/minio
          mkdir data
          minio server ./data &
      # No MinIO on Windows:
      # - Windows doesn't support running Linux Docker containers
      # - It doesn't seem possible to start background processes on Windows. They are
      #   killed after the step returns.
      #   See: https://github.com/actions/runner/issues/598#issuecomment-2011890429
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: true
-      - name: Checkout cassettes
+      - name: Set up Python 3.12
        if: ${{ startsWith(github.event_name, 'pull_request') }}
        env:
          PR_BASE: ${{ github.event.pull_request.base.ref }}
          PR_BRANCH: ${{ github.event.pull_request.head.ref }}
          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
        run: |
          cassette_branch="${PR_AUTHOR}-${PR_BRANCH}"
          cassette_base_branch="${PR_BASE}"
          cd tests/vcr_cassettes
          if ! git ls-remote --exit-code --heads origin $cassette_base_branch ; then
            cassette_base_branch="master"
          fi
          if git ls-remote --exit-code --heads origin $cassette_branch ; then
            git fetch origin $cassette_branch
            git fetch origin $cassette_base_branch
            git checkout $cassette_branch
            # Pick non-conflicting cassette updates from the base branch
            git merge --no-commit --strategy-option=ours origin/$cassette_base_branch
            echo "Using cassettes from mirror branch '$cassette_branch'," \
              "synced to upstream branch '$cassette_base_branch'."
          else
            git checkout -b $cassette_branch
            echo "Branch '$cassette_branch' does not exist in cassette submodule." \
              "Using cassettes from '$cassette_base_branch'."
          fi
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v5
        with:
-          python-version: ${{ matrix.python-version }}
+          python-version: "3.12"
      - name: Set up Python dependency cache
        # On Windows, unpacking cached dependencies takes longer than just installing them
        if: runner.os != 'Windows'
        uses: actions/cache@v4
        with:
-          path: ${{ runner.os == 'macOS' && '~/Library/Caches/pypoetry' || '~/.cache/pypoetry' }}
+          path: ~/.cache/pypoetry
-          key: poetry-${{ runner.os }}-${{ hashFiles('classic/forge/poetry.lock') }}
+          key: poetry-${{ runner.os }}-${{ hashFiles('classic/poetry.lock') }}
-      - name: Install Poetry (Unix)
+      - name: Install Poetry
-        if: runner.os != 'Windows'
+        run: curl -sSL https://install.python-poetry.org | python3 -
        run: |
          curl -sSL https://install.python-poetry.org | python3 -
          if [ "${{ runner.os }}" = "macOS" ]; then
            PATH="$HOME/.local/bin:$PATH"
            echo "$HOME/.local/bin" >> $GITHUB_PATH
          fi
      - name: Install Poetry (Windows)
        if: runner.os == 'Windows'
        shell: pwsh
        run: |
          (Invoke-WebRequest -Uri https://install.python-poetry.org -UseBasicParsing).Content | python -
          $env:PATH += ";$env:APPDATA\Python\Scripts"
          echo "$env:APPDATA\Python\Scripts" >> $env:GITHUB_PATH
      - name: Install Python dependencies
        run: poetry install
@@ -140,12 +61,15 @@ jobs:
            --cov=forge --cov-branch --cov-report term-missing --cov-report xml \
            --durations=10 \
            --junitxml=junit.xml -o junit_family=legacy \
-            forge
+            forge/forge forge/tests
        env:
          CI: true
          PLAIN_OUTPUT: True
          # API keys - tests that need these will skip if not available
          # Secrets are not available to fork PRs (GitHub security feature)
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          S3_ENDPOINT_URL: ${{ runner.os != 'Windows' && 'http://127.0.0.1:9000' || '' }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          S3_ENDPOINT_URL: http://127.0.0.1:9000
          AWS_ACCESS_KEY_ID: minioadmin
          AWS_SECRET_ACCESS_KEY: minioadmin
@@ -159,85 +83,11 @@ jobs:
        uses: codecov/codecov-action@v5
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
-          flags: forge,${{ runner.os }}
+          flags: forge
      - id: setup_git_auth
        name: Set up git token authentication
        # Cassettes may be pushed even when tests fail
        if: success() || failure()
        run: |
          config_key="http.${{ github.server_url }}/.extraheader"
          if [ "${{ runner.os }}" = 'macOS' ]; then
            base64_pat=$(echo -n "pat:${{ secrets.PAT_REVIEW }}" | base64)
          else
            base64_pat=$(echo -n "pat:${{ secrets.PAT_REVIEW }}" | base64 -w0)
          fi
          git config "$config_key" \
            "Authorization: Basic $base64_pat"
          cd tests/vcr_cassettes
          git config "$config_key" \
            "Authorization: Basic $base64_pat"
          echo "config_key=$config_key" >> $GITHUB_OUTPUT
      - id: push_cassettes
        name: Push updated cassettes
        # For pull requests, push updated cassettes even when tests fail
        if: github.event_name == 'push' || (! github.event.pull_request.head.repo.fork && (success() || failure()))
        env:
          PR_BRANCH: ${{ github.event.pull_request.head.ref }}
          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
        run: |
          if [ "${{ startsWith(github.event_name, 'pull_request') }}" = "true" ]; then
            is_pull_request=true
            cassette_branch="${PR_AUTHOR}-${PR_BRANCH}"
          else
            cassette_branch="${{ github.ref_name }}"
          fi
          cd tests/vcr_cassettes
          # Commit & push changes to cassettes if any
          if ! git diff --quiet; then
            git add .
            git commit -m "Auto-update cassettes"
            git push origin HEAD:$cassette_branch
            if [ ! $is_pull_request ]; then
              cd ../..
              git add tests/vcr_cassettes
              git commit -m "Update cassette submodule"
              git push origin HEAD:$cassette_branch
            fi
            echo "updated=true" >> $GITHUB_OUTPUT
          else
            echo "updated=false" >> $GITHUB_OUTPUT
            echo "No cassette changes to commit"
          fi
      - name: Post Set up git token auth
        if: steps.setup_git_auth.outcome == 'success'
        run: |
          git config --unset-all '${{ steps.setup_git_auth.outputs.config_key }}'
          git submodule foreach git config --unset-all '${{ steps.setup_git_auth.outputs.config_key }}'
      - name: Apply "behaviour change" label and comment on PR
        if: ${{ startsWith(github.event_name, 'pull_request') }}
        run: |
          PR_NUMBER="${{ github.event.pull_request.number }}"
          TOKEN="${{ secrets.PAT_REVIEW }}"
          REPO="${{ github.repository }}"
          if [[ "${{ steps.push_cassettes.outputs.updated }}" == "true" ]]; then
            echo "Adding label and comment..."
            echo $TOKEN | gh auth login --with-token
            gh issue edit $PR_NUMBER --add-label "behaviour change"
            gh issue comment $PR_NUMBER --body "You changed AutoGPT's behaviour on ${{ runner.os }}. The cassettes have been updated and will be merged to the submodule when this Pull Request gets merged."
          fi
      - name: Upload logs to artifact
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: test-logs
-          path: classic/forge/logs/
+          path: classic/logs/
--- a/.github/workflows/classic-frontend-ci.yml
+++ b/.github/workflows/classic-frontend-ci.yml
@@ -1,60 +0,0 @@
 name: Classic - Frontend CI/CD
 on:
  push:
    branches:
      - master
      - dev
      - 'ci-test*' # This will match any branch that starts with "ci-test"
    paths:
      - 'classic/frontend/**'
      - '.github/workflows/classic-frontend-ci.yml'
  pull_request:
    paths:
      - 'classic/frontend/**'
      - '.github/workflows/classic-frontend-ci.yml'
 jobs:
  build:
    permissions:
      contents: write
      pull-requests: write
    runs-on: ubuntu-latest
    env:
      BUILD_BRANCH: ${{ format('classic-frontend-build/{0}', github.ref_name) }}
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v4
      - name: Setup Flutter
        uses: subosito/flutter-action@v2
        with:
          flutter-version: '3.13.2'
      - name: Build Flutter to Web
        run: |
          cd classic/frontend
          flutter build web --base-href /app/
      # - name: Commit and Push to ${{ env.BUILD_BRANCH }}
      #   if: github.event_name == 'push'
      #   run: |
      #     git config --local user.email "action@github.com"
      #     git config --local user.name "GitHub Action"
      #     git add classic/frontend/build/web
      #     git checkout -B ${{ env.BUILD_BRANCH }}
      #     git commit -m "Update frontend build to ${GITHUB_SHA:0:7}" -a
      #     git push -f origin ${{ env.BUILD_BRANCH }}
      - name: Create PR ${{ env.BUILD_BRANCH }} -> ${{ github.ref_name }}
        if: github.event_name == 'push'
        uses: peter-evans/create-pull-request@v7
        with:
          add-paths: classic/frontend/build/web
          base: ${{ github.ref_name }}
          branch: ${{ env.BUILD_BRANCH }}
          delete-branch: true
          title: "Update frontend build in `${{ github.ref_name }}`"
          body: "This PR updates the frontend build based on commit ${{ github.sha }}."
          commit-message: "Update frontend build based on commit ${{ github.sha }}"
--- a/.github/workflows/classic-python-checks.yml
+++ b/.github/workflows/classic-python-checks.yml
@@ -7,7 +7,9 @@ on:
      - '.github/workflows/classic-python-checks-ci.yml'
      - 'classic/original_autogpt/**'
      - 'classic/forge/**'
-      - 'classic/benchmark/**'
+      - 'classic/direct_benchmark/**'
      - 'classic/pyproject.toml'
      - 'classic/poetry.lock'
      - '**.py'
      - '!classic/forge/tests/vcr_cassettes'
  pull_request:
@@ -16,7 +18,9 @@ on:
      - '.github/workflows/classic-python-checks-ci.yml'
      - 'classic/original_autogpt/**'
      - 'classic/forge/**'
-      - 'classic/benchmark/**'
+      - 'classic/direct_benchmark/**'
      - 'classic/pyproject.toml'
      - 'classic/poetry.lock'
      - '**.py'
      - '!classic/forge/tests/vcr_cassettes'
@@ -27,44 +31,13 @@ concurrency:
 defaults:
  run:
    shell: bash
    working-directory: classic
 jobs:
  get-changed-parts:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - id: changes-in
        name: Determine affected subprojects
        uses: dorny/paths-filter@v3
        with:
          filters: |
            original_autogpt:
              - classic/original_autogpt/autogpt/**
              - classic/original_autogpt/tests/**
              - classic/original_autogpt/poetry.lock
            forge:
              - classic/forge/forge/**
              - classic/forge/tests/**
              - classic/forge/poetry.lock
            benchmark:
              - classic/benchmark/agbenchmark/**
              - classic/benchmark/tests/**
              - classic/benchmark/poetry.lock
    outputs:
      changed-parts: ${{ steps.changes-in.outputs.changes }}
  lint:
    needs: get-changed-parts
    runs-on: ubuntu-latest
    env:
-      min-python-version: "3.10"
+      min-python-version: "3.12"
    strategy:
      matrix:
        sub-package: ${{ fromJson(needs.get-changed-parts.outputs.changed-parts) }}
      fail-fast: false
    steps:
      - name: Checkout repository
@@ -81,42 +54,31 @@ jobs:
        uses: actions/cache@v4
        with:
          path: ~/.cache/pypoetry
-          key: ${{ runner.os }}-poetry-${{ hashFiles(format('{0}/poetry.lock', matrix.sub-package)) }}
+          key: ${{ runner.os }}-poetry-${{ hashFiles('classic/poetry.lock') }}
      - name: Install Poetry
        run: curl -sSL https://install.python-poetry.org | python3 -
      # Install dependencies
      - name: Install Python dependencies
-        run: poetry -C classic/${{ matrix.sub-package }} install
+        run: poetry install
      # Lint
      - name: Lint (isort)
        run: poetry run isort --check .
        working-directory: classic/${{ matrix.sub-package }}
      - name: Lint (Black)
        if: success() || failure()
        run: poetry run black --check .
        working-directory: classic/${{ matrix.sub-package }}
      - name: Lint (Flake8)
        if: success() || failure()
        run: poetry run flake8 .
        working-directory: classic/${{ matrix.sub-package }}
  types:
    needs: get-changed-parts
    runs-on: ubuntu-latest
    env:
-      min-python-version: "3.10"
+      min-python-version: "3.12"
    strategy:
      matrix:
        sub-package: ${{ fromJson(needs.get-changed-parts.outputs.changed-parts) }}
      fail-fast: false
    steps:
      - name: Checkout repository
@@ -133,19 +95,16 @@ jobs:
        uses: actions/cache@v4
        with:
          path: ~/.cache/pypoetry
-          key: ${{ runner.os }}-poetry-${{ hashFiles(format('{0}/poetry.lock', matrix.sub-package)) }}
+          key: ${{ runner.os }}-poetry-${{ hashFiles('classic/poetry.lock') }}
      - name: Install Poetry
        run: curl -sSL https://install.python-poetry.org | python3 -
      # Install dependencies
      - name: Install Python dependencies
-        run: poetry -C classic/${{ matrix.sub-package }} install
+        run: poetry install
      # Typecheck
      - name: Typecheck
        if: success() || failure()
        run: poetry run pyright
        working-directory: classic/${{ matrix.sub-package }}
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@
 classic/original_autogpt/keys.py
 classic/original_autogpt/*.json
 auto_gpt_workspace/*
 .autogpt/
 *.mpeg
 .env
 # Root .env files
@@ -159,6 +160,10 @@ CURRENT_BULLETIN.md
 # AgBenchmark
 classic/benchmark/agbenchmark/reports/
 classic/reports/
 classic/direct_benchmark/reports/
 classic/.benchmark_workspaces/
 classic/direct_benchmark/.benchmark_workspaces/
 # Nodejs
 package-lock.json
@@ -177,6 +182,10 @@ autogpt_platform/backend/settings.py
 *.ign.*
 .test-contents
 **/.claude/settings.local.json
 .claude/settings.local.json
 CLAUDE.local.md
 /autogpt_platform/backend/logs
-.next
+
 # Test database
 test.db
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +0,0 @@
 [submodule "classic/forge/tests/vcr_cassettes"]
 	path = classic/forge/tests/vcr_cassettes
 	url = https://github.com/Significant-Gravitas/Auto-GPT-test-cassettes
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -43,29 +43,10 @@ repos:
        pass_filenames: false
      - id: poetry-install
-        name: Check & Install dependencies - Classic - AutoGPT
+        name: Check & Install dependencies - Classic
-        alias: poetry-install-classic-autogpt
+        alias: poetry-install-classic
-        entry: poetry -C classic/original_autogpt install
+        entry: poetry -C classic install
-        # include forge source (since it's a path dependency)
+        files: ^classic/poetry\.lock$
        files: ^classic/(original_autogpt|forge)/poetry\.lock$
        types: [file]
        language: system
        pass_filenames: false
      - id: poetry-install
        name: Check & Install dependencies - Classic - Forge
        alias: poetry-install-classic-forge
        entry: poetry -C classic/forge install
        files: ^classic/forge/poetry\.lock$
        types: [file]
        language: system
        pass_filenames: false
      - id: poetry-install
        name: Check & Install dependencies - Classic - Benchmark
        alias: poetry-install-classic-benchmark
        entry: poetry -C classic/benchmark install
        files: ^classic/benchmark/poetry\.lock$
        types: [file]
        language: system
        pass_filenames: false
@@ -116,26 +97,10 @@ repos:
        language: system
      - id: isort
-        name: Lint (isort) - Classic - AutoGPT
+        name: Lint (isort) - Classic
-        alias: isort-classic-autogpt
+        alias: isort-classic
-        entry: poetry -P classic/original_autogpt run isort -p autogpt
+        entry: bash -c 'cd classic && poetry run isort $(echo "$@" | sed "s|classic/||g")' --
-        files: ^classic/original_autogpt/
+        files: ^classic/(original_autogpt|forge|direct_benchmark)/
        types: [file, python]
        language: system
      - id: isort
        name: Lint (isort) - Classic - Forge
        alias: isort-classic-forge
        entry: poetry -P classic/forge run isort -p forge
        files: ^classic/forge/
        types: [file, python]
        language: system
      - id: isort
        name: Lint (isort) - Classic - Benchmark
        alias: isort-classic-benchmark
        entry: poetry -P classic/benchmark run isort -p agbenchmark
        files: ^classic/benchmark/
        types: [file, python]
        language: system
@@ -149,26 +114,13 @@ repos:
  - repo: https://github.com/PyCQA/flake8
    rev: 7.0.0
-    # To have flake8 load the config of the individual subprojects, we have to call
+    # Use consolidated flake8 config at classic/.flake8
    # them separately.
    hooks:
      - id: flake8
-        name: Lint (Flake8) - Classic - AutoGPT
+        name: Lint (Flake8) - Classic
-        alias: flake8-classic-autogpt
+        alias: flake8-classic
-        files: ^classic/original_autogpt/(autogpt|scripts|tests)/
+        files: ^classic/(original_autogpt|forge|direct_benchmark)/
-        args: [--config=classic/original_autogpt/.flake8]
+        args: [--config=classic/.flake8]
      - id: flake8
        name: Lint (Flake8) - Classic - Forge
        alias: flake8-classic-forge
        files: ^classic/forge/(forge|tests)/
        args: [--config=classic/forge/.flake8]
      - id: flake8
        name: Lint (Flake8) - Classic - Benchmark
        alias: flake8-classic-benchmark
        files: ^classic/benchmark/(agbenchmark|tests)/((?!reports).)*[/.]
        args: [--config=classic/benchmark/.flake8]
  - repo: local
    hooks:
@@ -204,29 +156,10 @@ repos:
        pass_filenames: false
      - id: pyright
-        name: Typecheck - Classic - AutoGPT
+        name: Typecheck - Classic
-        alias: pyright-classic-autogpt
+        alias: pyright-classic
-        entry: poetry -C classic/original_autogpt run pyright
+        entry: poetry -C classic run pyright
-        # include forge source (since it's a path dependency) but exclude *_test.py files:
+        files: ^classic/(original_autogpt|forge|direct_benchmark)/.*\.py$|^classic/poetry\.lock$
        files: ^(classic/original_autogpt/((autogpt|scripts|tests)/|poetry\.lock$)|classic/forge/(forge/.*(?<!_test)\.py|poetry\.lock)$)
        types: [file]
        language: system
        pass_filenames: false
      - id: pyright
        name: Typecheck - Classic - Forge
        alias: pyright-classic-forge
        entry: poetry -C classic/forge run pyright
        files: ^classic/forge/(forge/|poetry\.lock$)
        types: [file]
        language: system
        pass_filenames: false
      - id: pyright
        name: Typecheck - Classic - Benchmark
        alias: pyright-classic-benchmark
        entry: poetry -C classic/benchmark run pyright
        files: ^classic/benchmark/(agbenchmark/|tests/|poetry\.lock$)
        types: [file]
        language: system
        pass_filenames: false
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -16,7 +16,6 @@ See `docs/content/platform/getting-started.md` for setup instructions.
 - Format Python code with `poetry run format`.
 - Format frontend code using `pnpm format`.
 ## Frontend guidelines:
 See `/frontend/CONTRIBUTING.md` for complete patterns. Quick reference:
@@ -33,14 +32,17 @@ See `/frontend/CONTRIBUTING.md` for complete patterns. Quick reference:
 4. **Styling**: Tailwind CSS only, use design tokens, Phosphor Icons only
 5. **Testing**: Add Storybook stories for new components, Playwright for E2E
 6. **Code conventions**: Function declarations (not arrow functions) for components/handlers
 - Component props should be `interface Props { ... }` (not exported) unless the interface needs to be used outside the component
 - Separate render logic from business logic (component.tsx + useComponent.ts + helpers.ts)
 - Colocate state when possible and avoid creating large components, use sub-components ( local `/components` folder next to the parent component ) when sensible
 - Avoid large hooks, abstract logic into `helpers.ts` files when sensible
 - Use function declarations for components, arrow functions only for callbacks
 - No barrel files or `index.ts` re-exports
 - Do not use `useCallback` or `useMemo` unless strictly needed
 - Avoid comments at all times unless the code is very complex
 - Do not use `useCallback` or `useMemo` unless asked to optimise a given function
 - Do not type hook returns, let Typescript infer as much as possible
 - Never type with `any`, if not types available use `unknown`
 ## Testing
@@ -49,22 +51,8 @@ See `/frontend/CONTRIBUTING.md` for complete patterns. Quick reference:
 Always run the relevant linters and tests before committing.
 Use conventional commit messages for all commits (e.g. `feat(backend): add API`).
-  Types:
+Types: - feat - fix - refactor - ci - dx (developer experience)
-    - feat
+Scopes: - platform - platform/library - platform/marketplace - backend - backend/executor - frontend - frontend/library - frontend/marketplace - blocks
    - fix
    - refactor
    - ci
    - dx (developer experience)
  Scopes:
    - platform
      - platform/library
      - platform/marketplace
      - backend
        - backend/executor
      - frontend
        - frontend/library
        - frontend/marketplace
      - blocks
 ## Pull requests
--- a/README.md
+++ b/README.md
@@ -54,7 +54,7 @@ Before proceeding with the installation, ensure your system meets the following
 ### Updated Setup Instructions:
 We've moved to a fully maintained and regularly updated documentation site.
-👉 [Follow the official self-hosting guide here](https://agpt.co/docs/platform/getting-started/getting-started)
+👉 [Follow the official self-hosting guide here](https://docs.agpt.co/platform/getting-started/)
 This tutorial assumes you have Docker, VSCode, git and npm installed.
--- a/autogpt_platform/CLAUDE.md
+++ b/autogpt_platform/CLAUDE.md
@@ -6,152 +6,30 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 AutoGPT Platform is a monorepo containing:
- **Backend** (`/backend`): Python FastAPI server with async support
+- **Backend** (`backend`): Python FastAPI server with async support
- **Frontend** (`/frontend`): Next.js React application
+- **Frontend** (`frontend`): Next.js React application
- **Shared Libraries** (`/autogpt_libs`): Common Python utilities
+- **Shared Libraries** (`autogpt_libs`): Common Python utilities
-## Essential Commands
+## Component Documentation
-### Backend Development
+- **Backend**: See @backend/CLAUDE.md for backend-specific commands, architecture, and development tasks
 - **Frontend**: See @frontend/CLAUDE.md for frontend-specific commands, architecture, and development patterns
-```bash
+## Key Concepts
 # Install dependencies
 cd backend && poetry install
 # Run database migrations
 poetry run prisma migrate dev
 # Start all services (database, redis, rabbitmq, clamav)
 docker compose up -d
 # Run the backend server
 poetry run serve
 # Run tests
 poetry run test
 # Run specific test
 poetry run pytest path/to/test_file.py::test_function_name
 # Run block tests (tests that validate all blocks work correctly)
 poetry run pytest backend/blocks/test/test_block.py -xvs
 # Run tests for a specific block (e.g., GetCurrentTimeBlock)
 poetry run pytest 'backend/blocks/test/test_block.py::test_available_blocks[GetCurrentTimeBlock]' -xvs
 # Lint and format
 # prefer format if you want to just "fix" it and only get the errors that can't be autofixed
 poetry run format  # Black + isort
 poetry run lint    # ruff
 ```
 More details can be found in TESTING.md
 #### Creating/Updating Snapshots
 When you first write a test or when the expected output changes:
 ```bash
 poetry run pytest path/to/test.py --snapshot-update
 ```
 ⚠️ **Important**: Always review snapshot changes before committing! Use `git diff` to verify the changes are expected.
 ### Frontend Development
 ```bash
 # Install dependencies
 cd frontend && pnpm i
 # Generate API client from OpenAPI spec
 pnpm generate:api
 # Start development server
 pnpm dev
 # Run E2E tests
 pnpm test
 # Run Storybook for component development
 pnpm storybook
 # Build production
 pnpm build
 # Format and lint
 pnpm format
 # Type checking
 pnpm types
 ```
 **📖 Complete Guide**: See `/frontend/CONTRIBUTING.md` and `/frontend/.cursorrules` for comprehensive frontend patterns.
 **Key Frontend Conventions:**
 - Separate render logic from data/behavior in components
 - Use generated API hooks from `@/app/api/__generated__/endpoints/`
 - Use function declarations (not arrow functions) for components/handlers
 - Use design system components from `src/components/` (atoms, molecules, organisms)
 - Only use Phosphor Icons
 - Never use `src/components/__legacy__/*` or deprecated `BackendAPI`
 ## Architecture Overview
 ### Backend Architecture
 - **API Layer**: FastAPI with REST and WebSocket endpoints
 - **Database**: PostgreSQL with Prisma ORM, includes pgvector for embeddings
 - **Queue System**: RabbitMQ for async task processing
 - **Execution Engine**: Separate executor service processes agent workflows
 - **Authentication**: JWT-based with Supabase integration
 - **Security**: Cache protection middleware prevents sensitive data caching in browsers/proxies
 ### Frontend Architecture
 - **Framework**: Next.js 15 App Router (client-first approach)
 - **Data Fetching**: Type-safe generated API hooks via Orval + React Query
 - **State Management**: React Query for server state, co-located UI state in components/hooks
 - **Component Structure**: Separate render logic (`.tsx`) from business logic (`use*.ts` hooks)
 - **Workflow Builder**: Visual graph editor using @xyflow/react
 - **UI Components**: shadcn/ui (Radix UI primitives) with Tailwind CSS styling
 - **Icons**: Phosphor Icons only
 - **Feature Flags**: LaunchDarkly integration
 - **Error Handling**: ErrorCard for render errors, toast for mutations, Sentry for exceptions
 - **Testing**: Playwright for E2E, Storybook for component development
 ### Key Concepts
 1. **Agent Graphs**: Workflow definitions stored as JSON, executed by the backend
-2. **Blocks**: Reusable components in `/backend/blocks/` that perform specific tasks
+2. **Blocks**: Reusable components in `backend/backend/blocks/` that perform specific tasks
 3. **Integrations**: OAuth and API connections stored per user
 4. **Store**: Marketplace for sharing agent templates
 5. **Virus Scanning**: ClamAV integration for file upload security
 ### Testing Approach
 - Backend uses pytest with snapshot testing for API responses
 - Test files are colocated with source files (`*_test.py`)
 - Frontend uses Playwright for E2E tests
 - Component testing via Storybook
 ### Database Schema
 Key models (defined in `/backend/schema.prisma`):
 - `User`: Authentication and profile data
 - `AgentGraph`: Workflow definitions with version control
 - `AgentGraphExecution`: Execution history and results
 - `AgentNode`: Individual nodes in a workflow
 - `StoreListing`: Marketplace listings for sharing agents
 ### Environment Configuration
 #### Configuration Files
- **Backend**: `/backend/.env.default` (defaults) → `/backend/.env` (user overrides)
+- **Backend**: `backend/.env.default` (defaults) → `backend/.env` (user overrides)
- **Frontend**: `/frontend/.env.default` (defaults) → `/frontend/.env` (user overrides)
+- **Frontend**: `frontend/.env.default` (defaults) → `frontend/.env` (user overrides)
- **Platform**: `/.env.default` (Supabase/shared defaults) → `/.env` (user overrides)
+- **Platform**: `.env.default` (Supabase/shared defaults) → `.env` (user overrides)
 #### Docker Environment Loading Order
@@ -167,83 +45,12 @@ Key models (defined in `/backend/schema.prisma`):
 - Backend/Frontend services use YAML anchors for consistent configuration
 - Supabase services (`db/docker/docker-compose.yml`) follow the same pattern
 ### Common Development Tasks
 **Adding a new block:**
 Follow the comprehensive [Block SDK Guide](../../../docs/content/platform/block-sdk-guide.md) which covers:
 - Provider configuration with `ProviderBuilder`
 - Block schema definition
 - Authentication (API keys, OAuth, webhooks)
 - Testing and validation
 - File organization
 Quick steps:
 1. Create new file in `/backend/backend/blocks/`
 2. Configure provider using `ProviderBuilder` in `_config.py`
 3. Inherit from `Block` base class
 4. Define input/output schemas using `BlockSchema`
 5. Implement async `run` method
 6. Generate unique block ID using `uuid.uuid4()`
 7. Test with `poetry run pytest backend/blocks/test/test_block.py`
 Note: when making many new blocks analyze the interfaces for each of these blocks and picture if they would go well together in a graph based editor or would they struggle to connect productively?
 ex: do the inputs and outputs tie well together?
 If you get any pushback or hit complex block conditions check the new_blocks guide in the docs.
 **Modifying the API:**
 1. Update route in `/backend/backend/server/routers/`
 2. Add/update Pydantic models in same directory
 3. Write tests alongside the route file
 4. Run `poetry run test` to verify
 ### Frontend guidelines:
 See `/frontend/CONTRIBUTING.md` for complete patterns. Quick reference:
 1. **Pages**: Create in `src/app/(platform)/feature-name/page.tsx`
   - Add `usePageName.ts` hook for logic
   - Put sub-components in local `components/` folder
 2. **Components**: Structure as `ComponentName/ComponentName.tsx` + `useComponentName.ts` + `helpers.ts`
   - Use design system components from `src/components/` (atoms, molecules, organisms)
   - Never use `src/components/__legacy__/*`
 3. **Data fetching**: Use generated API hooks from `@/app/api/__generated__/endpoints/`
   - Regenerate with `pnpm generate:api`
   - Pattern: `use{Method}{Version}{OperationName}`
 4. **Styling**: Tailwind CSS only, use design tokens, Phosphor Icons only
 5. **Testing**: Add Storybook stories for new components, Playwright for E2E
 6. **Code conventions**: Function declarations (not arrow functions) for components/handlers
 - Component props should be `interface Props { ... }` (not exported) unless the interface needs to be used outside the component
 - Separate render logic from business logic (component.tsx + useComponent.ts + helpers.ts)
 - Colocate state when possible and avoid creating large components, use sub-components ( local `/components` folder next to the parent component ) when sensible
 - Avoid large hooks, abstract logic into `helpers.ts` files when sensible
 - Use function declarations for components, arrow functions only for callbacks
 - No barrel files or `index.ts` re-exports
 - Do not use `useCallback` or `useMemo` unless strictly needed
 - Avoid comments at all times unless the code is very complex
 ### Security Implementation
 **Cache Protection Middleware:**
 - Located in `/backend/backend/server/middleware/security.py`
 - Default behavior: Disables caching for ALL endpoints with `Cache-Control: no-store, no-cache, must-revalidate, private`
 - Uses an allow list approach - only explicitly permitted paths can be cached
 - Cacheable paths include: static assets (`/static/*`, `/_next/static/*`), health checks, public store pages, documentation
 - Prevents sensitive data (auth tokens, API keys, user data) from being cached by browsers/proxies
 - To allow caching for a new endpoint, add it to `CACHEABLE_PATHS` in the middleware
 - Applied to both main API server and external API applications
 ### Creating Pull Requests
- Create the PR aginst the `dev` branch of the repository.
+- Create the PR against the `dev` branch of the repository.
- Ensure the branch name is descriptive (e.g., `feature/add-new-block`)/
+- Ensure the branch name is descriptive (e.g., `feature/add-new-block`)
- Use conventional commit messages (see below)/
+- Use conventional commit messages (see below)
- Fill out the .github/PULL_REQUEST_TEMPLATE.md template as the PR description/
+- Fill out the .github/PULL_REQUEST_TEMPLATE.md template as the PR description
 - Run the github pre-commit hooks to ensure code quality.
 ### Reviewing/Revising Pull Requests
--- a/autogpt_platform/backend/CLAUDE.md
+++ b/autogpt_platform/backend/CLAUDE.md
@@ -0,0 +1,170 @@
 # CLAUDE.md - Backend
 This file provides guidance to Claude Code when working with the backend.
 ## Essential Commands
 To run something with Python package dependencies you MUST use `poetry run ...`.
 ```bash
 # Install dependencies
 poetry install
 # Run database migrations
 poetry run prisma migrate dev
 # Start all services (database, redis, rabbitmq, clamav)
 docker compose up -d
 # Run the backend as a whole
 poetry run app
 # Run tests
 poetry run test
 # Run specific test
 poetry run pytest path/to/test_file.py::test_function_name
 # Run block tests (tests that validate all blocks work correctly)
 poetry run pytest backend/blocks/test/test_block.py -xvs
 # Run tests for a specific block (e.g., GetCurrentTimeBlock)
 poetry run pytest 'backend/blocks/test/test_block.py::test_available_blocks[GetCurrentTimeBlock]' -xvs
 # Lint and format
 # prefer format if you want to just "fix" it and only get the errors that can't be autofixed
 poetry run format  # Black + isort
 poetry run lint    # ruff
 ```
 More details can be found in @TESTING.md
 ### Creating/Updating Snapshots
 When you first write a test or when the expected output changes:
 ```bash
 poetry run pytest path/to/test.py --snapshot-update
 ```
 ⚠️ **Important**: Always review snapshot changes before committing! Use `git diff` to verify the changes are expected.
 ## Architecture
 - **API Layer**: FastAPI with REST and WebSocket endpoints
 - **Database**: PostgreSQL with Prisma ORM, includes pgvector for embeddings
 - **Queue System**: RabbitMQ for async task processing
 - **Execution Engine**: Separate executor service processes agent workflows
 - **Authentication**: JWT-based with Supabase integration
 - **Security**: Cache protection middleware prevents sensitive data caching in browsers/proxies
 ## Testing Approach
 - Uses pytest with snapshot testing for API responses
 - Test files are colocated with source files (`*_test.py`)
 ## Database Schema
 Key models (defined in `schema.prisma`):
 - `User`: Authentication and profile data
 - `AgentGraph`: Workflow definitions with version control
 - `AgentGraphExecution`: Execution history and results
 - `AgentNode`: Individual nodes in a workflow
 - `StoreListing`: Marketplace listings for sharing agents
 ## Environment Configuration
 - **Backend**: `.env.default` (defaults) → `.env` (user overrides)
 ## Common Development Tasks
 ### Adding a new block
 Follow the comprehensive [Block SDK Guide](@../../docs/content/platform/block-sdk-guide.md) which covers:
 - Provider configuration with `ProviderBuilder`
 - Block schema definition
 - Authentication (API keys, OAuth, webhooks)
 - Testing and validation
 - File organization
 Quick steps:
 1. Create new file in `backend/blocks/`
 2. Configure provider using `ProviderBuilder` in `_config.py`
 3. Inherit from `Block` base class
 4. Define input/output schemas using `BlockSchema`
 5. Implement async `run` method
 6. Generate unique block ID using `uuid.uuid4()`
 7. Test with `poetry run pytest backend/blocks/test/test_block.py`
 Note: when making many new blocks analyze the interfaces for each of these blocks and picture if they would go well together in a graph-based editor or would they struggle to connect productively?
 ex: do the inputs and outputs tie well together?
 If you get any pushback or hit complex block conditions check the new_blocks guide in the docs.
 #### Handling files in blocks with `store_media_file()`
 When blocks need to work with files (images, videos, documents), use `store_media_file()` from `backend.util.file`. The `return_format` parameter determines what you get back:
 | Format | Use When | Returns |
 |--------|----------|---------|
 | `"for_local_processing"` | Processing with local tools (ffmpeg, MoviePy, PIL) | Local file path (e.g., `"image.png"`) |
 | `"for_external_api"` | Sending content to external APIs (Replicate, OpenAI) | Data URI (e.g., `"data:image/png;base64,..."`) |
 | `"for_block_output"` | Returning output from your block | Smart: `workspace://` in CoPilot, data URI in graphs |
 **Examples:**
 ```python
 # INPUT: Need to process file locally with ffmpeg
 local_path = await store_media_file(
    file=input_data.video,
    execution_context=execution_context,
    return_format="for_local_processing",
 )
 # local_path = "video.mp4" - use with Path/ffmpeg/etc
 # INPUT: Need to send to external API like Replicate
 image_b64 = await store_media_file(
    file=input_data.image,
    execution_context=execution_context,
    return_format="for_external_api",
 )
 # image_b64 = "data:image/png;base64,iVBORw0..." - send to API
 # OUTPUT: Returning result from block
 result_url = await store_media_file(
    file=generated_image_url,
    execution_context=execution_context,
    return_format="for_block_output",
 )
 yield "image_url", result_url
 # In CoPilot: result_url = "workspace://abc123"
 # In graphs:  result_url = "data:image/png;base64,..."
 ```
 **Key points:**
 - `for_block_output` is the ONLY format that auto-adapts to execution context
 - Always use `for_block_output` for block outputs unless you have a specific reason not to
 - Never hardcode workspace checks - let `for_block_output` handle it
 ### Modifying the API
 1. Update route in `backend/api/features/`
 2. Add/update Pydantic models in same directory
 3. Write tests alongside the route file
 4. Run `poetry run test` to verify
 ## Security Implementation
 ### Cache Protection Middleware
 - Located in `backend/api/middleware/security.py`
 - Default behavior: Disables caching for ALL endpoints with `Cache-Control: no-store, no-cache, must-revalidate, private`
 - Uses an allow list approach - only explicitly permitted paths can be cached
 - Cacheable paths include: static assets (`static/*`, `_next/static/*`), health checks, public store pages, documentation
 - Prevents sensitive data (auth tokens, API keys, user data) from being cached by browsers/proxies
 - To allow caching for a new endpoint, add it to `CACHEABLE_PATHS` in the middleware
 - Applied to both main API server and external API applications
--- a/autogpt_platform/backend/TESTING.md
+++ b/autogpt_platform/backend/TESTING.md
@@ -138,7 +138,7 @@ If the test doesn't need the `user_id` specifically, mocking is not necessary as
 #### Using Global Auth Fixtures
-Two global auth fixtures are provided by `backend/server/conftest.py`:
+Two global auth fixtures are provided by `backend/api/conftest.py`:
 - `mock_jwt_user` - Regular user with `test_user_id` ("test-user-id")
 - `mock_jwt_admin` - Admin user with `admin_user_id` ("admin-user-id")
--- a/autogpt_platform/backend/backend/api/features/builder/routes.py
+++ b/autogpt_platform/backend/backend/api/features/builder/routes.py
@@ -17,7 +17,7 @@ router = fastapi.APIRouter(
 )
-# Taken from backend/server/v2/store/db.py
+# Taken from backend/api/features/store/db.py
 def sanitize_query(query: str | None) -> str | None:
    if query is None:
        return query
--- a/autogpt_platform/backend/backend/api/features/chat/tools/IDEAS.md
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/IDEAS.md
@@ -0,0 +1,79 @@
 # CoPilot Tools - Future Ideas
 ## Multimodal Image Support for CoPilot
 **Problem:** CoPilot uses a vision-capable model but can't "see" workspace images. When a block generates an image and returns `workspace://abc123`, CoPilot can't evaluate it (e.g., checking blog thumbnail quality).
 **Backend Solution:**
 When preparing messages for the LLM, detect `workspace://` image references and convert them to proper image content blocks:
 ```python
 # Before sending to LLM, scan for workspace image references
 # and inject them as image content parts
 # Example message transformation:
 # FROM: {"role": "assistant", "content": "Generated image: workspace://abc123"}
 # TO:   {"role": "assistant", "content": [
 #         {"type": "text", "text": "Generated image: workspace://abc123"},
 #         {"type": "image_url", "image_url": {"url": "data:image/png;base64,..."}}
 #       ]}
 ```
 **Where to implement:**
 - In the chat stream handler before calling the LLM
 - Or in a message preprocessing step
 - Need to fetch image from workspace, convert to base64, add as image content
 **Considerations:**
 - Only do this for image MIME types (image/png, image/jpeg, etc.)
 - May want a size limit (don't pass 10MB images)
 - Track which images were "shown" to the AI for frontend indicator
 - Cost implications - vision API calls are more expensive
 **Frontend Solution:**
 Show visual indicator on workspace files in chat:
 - If AI saw the image: normal display
 - If AI didn't see it: overlay icon saying "AI can't see this image"
 Requires response metadata indicating which `workspace://` refs were passed to the model.
 ---
 ## Output Post-Processing Layer for run_block
 **Problem:** Many blocks produce large outputs that:
 - Consume massive context (100KB base64 image = ~133KB tokens)
 - Can't fit in conversation
 - Break things and cause high LLM costs
 **Proposed Solution:** Instead of modifying individual blocks or `store_media_file()`, implement a centralized output processor in `run_block.py` that handles outputs before they're returned to CoPilot.
 **Benefits:**
 1. **Centralized** - one place to handle all output processing
 2. **Future-proof** - new blocks automatically get output processing
 3. **Keeps blocks pure** - they don't need to know about context constraints
 4. **Handles all large outputs** - not just images
 **Processing Rules:**
 - Detect base64 data URIs → save to workspace, return `workspace://` reference
 - Truncate very long strings (>N chars) with truncation note
 - Summarize large arrays/lists (e.g., "Array with 1000 items, first 5: [...]")
 - Handle nested large outputs in dicts recursively
 - Cap total output size
 **Implementation Location:** `run_block.py` after block execution, before returning `BlockOutputResponse`
 **Example:**
 ```python
 def _process_outputs_for_context(
    outputs: dict[str, list[Any]],
    workspace_manager: WorkspaceManager,
    max_string_length: int = 10000,
    max_array_preview: int = 5,
 ) -> dict[str, list[Any]]:
    """Process block outputs to prevent context bloat."""
    processed = {}
    for name, values in outputs.items():
        processed[name] = [_process_value(v, workspace_manager) for v in values]
    return processed
 ```
--- a/autogpt_platform/backend/backend/api/features/chat/tools/init.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/init.py
@@ -18,6 +18,12 @@ from .get_doc_page import GetDocPageTool
 from .run_agent import RunAgentTool
 from .run_block import RunBlockTool
 from .search_docs import SearchDocsTool
 from .workspace_files import (
    DeleteWorkspaceFileTool,
    ListWorkspaceFilesTool,
    ReadWorkspaceFileTool,
    WriteWorkspaceFileTool,
 )
 if TYPE_CHECKING:
    from backend.api.features.chat.response_model import StreamToolOutputAvailable
@@ -37,6 +43,11 @@ TOOL_REGISTRY: dict[str, BaseTool] = {
    "view_agent_output": AgentOutputTool(),
    "search_docs": SearchDocsTool(),
    "get_doc_page": GetDocPageTool(),
    # Workspace tools for CoPilot file operations
    "list_workspace_files": ListWorkspaceFilesTool(),
    "read_workspace_file": ReadWorkspaceFileTool(),
    "write_workspace_file": WriteWorkspaceFileTool(),
    "delete_workspace_file": DeleteWorkspaceFileTool(),
 }
 # Export individual tool instances for backwards compatibility
--- a/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/init.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/init.py
@@ -9,6 +9,7 @@ from .core import (
    json_to_graph,
    save_agent_to_library,
 )
 from .errors import get_user_message_for_error
 from .service import health_check as check_external_service_health
 from .service import is_external_service_configured
@@ -25,4 +26,6 @@ __all__ = [
    # Service
    "is_external_service_configured",
    "check_external_service_health",
    # Error handling
    "get_user_message_for_error",
 ]
--- a/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/core.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/core.py
@@ -64,7 +64,7 @@ async def generate_agent(instructions: dict[str, Any]) -> dict[str, Any] | None:
        instructions: Structured instructions from decompose_goal
    Returns:
-        Agent JSON dict or None on error
+        Agent JSON dict, error dict {"type": "error", ...}, or None on error
    Raises:
        AgentGeneratorNotConfiguredError: If the external service is not configured.
@@ -73,7 +73,10 @@ async def generate_agent(instructions: dict[str, Any]) -> dict[str, Any] | None:
    logger.info("Calling external Agent Generator service for generate_agent")
    result = await generate_agent_external(instructions)
    if result:
-        # Ensure required fields
+        # Check if it's an error response - pass through as-is
        if isinstance(result, dict) and result.get("type") == "error":
            return result
        # Ensure required fields for successful agent generation
        if "id" not in result:
            result["id"] = str(uuid.uuid4())
        if "version" not in result:
@@ -267,7 +270,8 @@ async def generate_agent_patch(
        current_agent: Current agent JSON
    Returns:
-        Updated agent JSON, clarifying questions dict, or None on error
+        Updated agent JSON, clarifying questions dict {"type": "clarifying_questions", ...},
        error dict {"type": "error", ...}, or None on unexpected error
    Raises:
        AgentGeneratorNotConfiguredError: If the external service is not configured.
--- a/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/errors.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/errors.py
@@ -0,0 +1,43 @@
 """Error handling utilities for agent generator."""
 def get_user_message_for_error(
    error_type: str,
    operation: str = "process the request",
    llm_parse_message: str | None = None,
    validation_message: str | None = None,
 ) -> str:
    """Get a user-friendly error message based on error type.
    This function maps internal error types to user-friendly messages,
    providing a consistent experience across different agent operations.
    Args:
        error_type: The error type from the external service
            (e.g., "llm_parse_error", "timeout", "rate_limit")
        operation: Description of what operation failed, used in the default
            message (e.g., "analyze the goal", "generate the agent")
        llm_parse_message: Custom message for llm_parse_error type
        validation_message: Custom message for validation_error type
    Returns:
        User-friendly error message suitable for display to the user
    """
    if error_type == "llm_parse_error":
        return (
            llm_parse_message
            or "The AI had trouble processing this request. Please try again."
        )
    elif error_type == "validation_error":
        return (
            validation_message
            or "The request failed validation. Please try rephrasing."
        )
    elif error_type == "patch_error":
        return "Failed to apply the changes. Please try a different approach."
    elif error_type in ("timeout", "llm_timeout"):
        return "The request took too long. Please try again."
    elif error_type in ("rate_limit", "llm_rate_limit"):
        return "The service is currently busy. Please try again in a moment."
    else:
        return f"Failed to {operation}. Please try again."
--- a/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/service.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/agent_generator/service.py
@@ -14,6 +14,70 @@ from backend.util.settings import Settings
 logger = logging.getLogger(__name__)
 def _create_error_response(
    error_message: str,
    error_type: str = "unknown",
    details: dict[str, Any] | None = None,
 ) -> dict[str, Any]:
    """Create a standardized error response dict.
    Args:
        error_message: Human-readable error message
        error_type: Machine-readable error type
        details: Optional additional error details
    Returns:
        Error dict with type="error" and error details
    """
    response: dict[str, Any] = {
        "type": "error",
        "error": error_message,
        "error_type": error_type,
    }
    if details:
        response["details"] = details
    return response
 def _classify_http_error(e: httpx.HTTPStatusError) -> tuple[str, str]:
    """Classify an HTTP error into error_type and message.
    Args:
        e: The HTTP status error
    Returns:
        Tuple of (error_type, error_message)
    """
    status = e.response.status_code
    if status == 429:
        return "rate_limit", f"Agent Generator rate limited: {e}"
    elif status == 503:
        return "service_unavailable", f"Agent Generator unavailable: {e}"
    elif status == 504 or status == 408:
        return "timeout", f"Agent Generator timed out: {e}"
    else:
        return "http_error", f"HTTP error calling Agent Generator: {e}"
 def _classify_request_error(e: httpx.RequestError) -> tuple[str, str]:
    """Classify a request error into error_type and message.
    Args:
        e: The request error
    Returns:
        Tuple of (error_type, error_message)
    """
    error_str = str(e).lower()
    if "timeout" in error_str or "timed out" in error_str:
        return "timeout", f"Agent Generator request timed out: {e}"
    elif "connect" in error_str:
        return "connection_error", f"Could not connect to Agent Generator: {e}"
    else:
        return "request_error", f"Request error calling Agent Generator: {e}"
 _client: httpx.AsyncClient | None = None
 _settings: Settings | None = None
@@ -67,7 +131,8 @@ async def decompose_goal_external(
        - {"type": "instructions", "steps": [...]}
        - {"type": "unachievable_goal", ...}
        - {"type": "vague_goal", ...}
-        Or None on error
+        - {"type": "error", "error": "...", "error_type": "..."} on error
        Or None on unexpected error
    """
    client = _get_client()
@@ -83,8 +148,13 @@ async def decompose_goal_external(
        data = response.json()
        if not data.get("success"):
-            logger.error(f"External service returned error: {data.get('error')}")
+            error_msg = data.get("error", "Unknown error from Agent Generator")
-            return None
+            error_type = data.get("error_type", "unknown")
            logger.error(
                f"Agent Generator decomposition failed: {error_msg} "
                f"(type: {error_type})"
            )
            return _create_error_response(error_msg, error_type)
        # Map the response to the expected format
        response_type = data.get("type")
@@ -106,25 +176,37 @@ async def decompose_goal_external(
                "type": "vague_goal",
                "suggested_goal": data.get("suggested_goal"),
            }
        elif response_type == "error":
            # Pass through error from the service
            return _create_error_response(
                data.get("error", "Unknown error"),
                data.get("error_type", "unknown"),
            )
        else:
            logger.error(
                f"Unknown response type from external service: {response_type}"
            )
-            return None
+            return _create_error_response(
                f"Unknown response type from Agent Generator: {response_type}",
                "invalid_response",
            )
    except httpx.HTTPStatusError as e:
-        logger.error(f"HTTP error calling external agent generator: {e}")
+        error_type, error_msg = _classify_http_error(e)
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, error_type)
    except httpx.RequestError as e:
-        logger.error(f"Request error calling external agent generator: {e}")
+        error_type, error_msg = _classify_request_error(e)
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, error_type)
    except Exception as e:
-        logger.error(f"Unexpected error calling external agent generator: {e}")
+        error_msg = f"Unexpected error calling Agent Generator: {e}"
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, "unexpected_error")
 async def generate_agent_external(
-    instructions: dict[str, Any]
+    instructions: dict[str, Any],
 ) -> dict[str, Any] | None:
    """Call the external service to generate an agent from instructions.
@@ -132,7 +214,7 @@ async def generate_agent_external(
        instructions: Structured instructions from decompose_goal
    Returns:
-        Agent JSON dict or None on error
+        Agent JSON dict on success, or error dict {"type": "error", ...} on error
    """
    client = _get_client()
@@ -144,20 +226,28 @@ async def generate_agent_external(
        data = response.json()
        if not data.get("success"):
-            logger.error(f"External service returned error: {data.get('error')}")
+            error_msg = data.get("error", "Unknown error from Agent Generator")
-            return None
+            error_type = data.get("error_type", "unknown")
            logger.error(
                f"Agent Generator generation failed: {error_msg} "
                f"(type: {error_type})"
            )
            return _create_error_response(error_msg, error_type)
        return data.get("agent_json")
    except httpx.HTTPStatusError as e:
-        logger.error(f"HTTP error calling external agent generator: {e}")
+        error_type, error_msg = _classify_http_error(e)
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, error_type)
    except httpx.RequestError as e:
-        logger.error(f"Request error calling external agent generator: {e}")
+        error_type, error_msg = _classify_request_error(e)
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, error_type)
    except Exception as e:
-        logger.error(f"Unexpected error calling external agent generator: {e}")
+        error_msg = f"Unexpected error calling Agent Generator: {e}"
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, "unexpected_error")
 async def generate_agent_patch_external(
@@ -170,7 +260,7 @@ async def generate_agent_patch_external(
        current_agent: Current agent JSON
    Returns:
-        Updated agent JSON, clarifying questions dict, or None on error
+        Updated agent JSON, clarifying questions dict, or error dict on error
    """
    client = _get_client()
@@ -186,8 +276,13 @@ async def generate_agent_patch_external(
        data = response.json()
        if not data.get("success"):
-            logger.error(f"External service returned error: {data.get('error')}")
+            error_msg = data.get("error", "Unknown error from Agent Generator")
-            return None
+            error_type = data.get("error_type", "unknown")
            logger.error(
                f"Agent Generator patch generation failed: {error_msg} "
                f"(type: {error_type})"
            )
            return _create_error_response(error_msg, error_type)
        # Check if it's clarifying questions
        if data.get("type") == "clarifying_questions":
@@ -196,18 +291,28 @@ async def generate_agent_patch_external(
                "questions": data.get("questions", []),
            }
        # Check if it's an error passed through
        if data.get("type") == "error":
            return _create_error_response(
                data.get("error", "Unknown error"),
                data.get("error_type", "unknown"),
            )
        # Otherwise return the updated agent JSON
        return data.get("agent_json")
    except httpx.HTTPStatusError as e:
-        logger.error(f"HTTP error calling external agent generator: {e}")
+        error_type, error_msg = _classify_http_error(e)
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, error_type)
    except httpx.RequestError as e:
-        logger.error(f"Request error calling external agent generator: {e}")
+        error_type, error_msg = _classify_request_error(e)
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, error_type)
    except Exception as e:
-        logger.error(f"Unexpected error calling external agent generator: {e}")
+        error_msg = f"Unexpected error calling Agent Generator: {e}"
-        return None
+        logger.error(error_msg)
        return _create_error_response(error_msg, "unexpected_error")
 async def get_blocks_external() -> list[dict[str, Any]] | None:
--- a/autogpt_platform/backend/backend/api/features/chat/tools/create_agent.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/create_agent.py
@@ -9,6 +9,7 @@ from .agent_generator import (
    AgentGeneratorNotConfiguredError,
    decompose_goal,
    generate_agent,
    get_user_message_for_error,
    save_agent_to_library,
 )
 from .base import BaseTool
@@ -117,11 +118,29 @@ class CreateAgentTool(BaseTool):
        if decomposition_result is None:
            return ErrorResponse(
-                message="Failed to analyze the goal. The agent generation service may be unavailable or timed out. Please try again.",
+                message="Failed to analyze the goal. The agent generation service may be unavailable. Please try again.",
                error="decomposition_failed",
                details={"description": description[:100]},
                session_id=session_id,
            )
        # Check if the result is an error from the external service
        if decomposition_result.get("type") == "error":
            error_msg = decomposition_result.get("error", "Unknown error")
            error_type = decomposition_result.get("error_type", "unknown")
            user_message = get_user_message_for_error(
                error_type,
                operation="analyze the goal",
                llm_parse_message="The AI had trouble understanding this request. Please try rephrasing your goal.",
            )
            return ErrorResponse(
                message=user_message,
                error=f"decomposition_failed:{error_type}",
                details={
-                    "description": description[:100]
+                    "description": description[:100],
-                },  # Include context for debugging
+                    "service_error": error_msg,
                    "error_type": error_type,
                },
                session_id=session_id,
            )
@@ -186,11 +205,30 @@ class CreateAgentTool(BaseTool):
        if agent_json is None:
            return ErrorResponse(
-                message="Failed to generate the agent. The agent generation service may be unavailable or timed out. Please try again.",
+                message="Failed to generate the agent. The agent generation service may be unavailable. Please try again.",
                error="generation_failed",
                details={"description": description[:100]},
                session_id=session_id,
            )
        # Check if the result is an error from the external service
        if isinstance(agent_json, dict) and agent_json.get("type") == "error":
            error_msg = agent_json.get("error", "Unknown error")
            error_type = agent_json.get("error_type", "unknown")
            user_message = get_user_message_for_error(
                error_type,
                operation="generate the agent",
                llm_parse_message="The AI had trouble generating the agent. Please try again or simplify your goal.",
                validation_message="The generated agent failed validation. Please try rephrasing your goal.",
            )
            return ErrorResponse(
                message=user_message,
                error=f"generation_failed:{error_type}",
                details={
-                    "description": description[:100]
+                    "description": description[:100],
-                },  # Include context for debugging
+                    "service_error": error_msg,
                    "error_type": error_type,
                },
                session_id=session_id,
            )
--- a/autogpt_platform/backend/backend/api/features/chat/tools/edit_agent.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/edit_agent.py
@@ -9,6 +9,7 @@ from .agent_generator import (
    AgentGeneratorNotConfiguredError,
    generate_agent_patch,
    get_agent_as_json,
    get_user_message_for_error,
    save_agent_to_library,
 )
 from .base import BaseTool
@@ -152,6 +153,28 @@ class EditAgentTool(BaseTool):
                session_id=session_id,
            )
        # Check if the result is an error from the external service
        if isinstance(result, dict) and result.get("type") == "error":
            error_msg = result.get("error", "Unknown error")
            error_type = result.get("error_type", "unknown")
            user_message = get_user_message_for_error(
                error_type,
                operation="generate the changes",
                llm_parse_message="The AI had trouble generating the changes. Please try again or simplify your request.",
                validation_message="The generated changes failed validation. Please try rephrasing your request.",
            )
            return ErrorResponse(
                message=user_message,
                error=f"update_generation_failed:{error_type}",
                details={
                    "agent_id": agent_id,
                    "changes": changes[:100],
                    "service_error": error_msg,
                    "error_type": error_type,
                },
                session_id=session_id,
            )
        # Check if LLM returned clarifying questions
        if result.get("type") == "clarifying_questions":
            questions = result.get("questions", [])
--- a/autogpt_platform/backend/backend/api/features/chat/tools/models.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/models.py
@@ -28,6 +28,12 @@ class ResponseType(str, Enum):
    BLOCK_OUTPUT = "block_output"
    DOC_SEARCH_RESULTS = "doc_search_results"
    DOC_PAGE = "doc_page"
    # Workspace response types
    WORKSPACE_FILE_LIST = "workspace_file_list"
    WORKSPACE_FILE_CONTENT = "workspace_file_content"
    WORKSPACE_FILE_METADATA = "workspace_file_metadata"
    WORKSPACE_FILE_WRITTEN = "workspace_file_written"
    WORKSPACE_FILE_DELETED = "workspace_file_deleted"
    # Long-running operation types
    OPERATION_STARTED = "operation_started"
    OPERATION_PENDING = "operation_pending"
--- a/autogpt_platform/backend/backend/api/features/chat/tools/run_block.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/run_block.py
@@ -1,6 +1,7 @@
 """Tool for executing blocks directly."""
 import logging
 import uuid
 from collections import defaultdict
 from typing import Any
@@ -8,6 +9,7 @@ from backend.api.features.chat.model import ChatSession
 from backend.data.block import get_block
 from backend.data.execution import ExecutionContext
 from backend.data.model import CredentialsMetaInput
 from backend.data.workspace import get_or_create_workspace
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.util.exceptions import BlockError
@@ -223,11 +225,48 @@ class RunBlockTool(BaseTool):
            )
        try:
-            # Fetch actual credentials and prepare kwargs for block execution
+            # Get or create user's workspace for CoPilot file operations
-            # Create execution context with defaults (blocks may require it)
+            workspace = await get_or_create_workspace(user_id)
            # Generate synthetic IDs for CoPilot context
            # Each chat session is treated as its own agent with one continuous run
            # This means:
            # - graph_id (agent) = session (memories scoped to session when limit_to_agent=True)
            # - graph_exec_id (run) = session (memories scoped to session when limit_to_run=True)
            # - node_exec_id = unique per block execution
            synthetic_graph_id = f"copilot-session-{session.session_id}"
            synthetic_graph_exec_id = f"copilot-session-{session.session_id}"
            synthetic_node_id = f"copilot-node-{block_id}"
            synthetic_node_exec_id = (
                f"copilot-{session.session_id}-{uuid.uuid4().hex[:8]}"
            )
            # Create unified execution context with all required fields
            execution_context = ExecutionContext(
                # Execution identity
                user_id=user_id,
                graph_id=synthetic_graph_id,
                graph_exec_id=synthetic_graph_exec_id,
                graph_version=1,  # Versions are 1-indexed
                node_id=synthetic_node_id,
                node_exec_id=synthetic_node_exec_id,
                # Workspace with session scoping
                workspace_id=workspace.id,
                session_id=session.session_id,
            )
            # Prepare kwargs for block execution
            # Keep individual kwargs for backwards compatibility with existing blocks
            exec_kwargs: dict[str, Any] = {
                "user_id": user_id,
-                "execution_context": ExecutionContext(),
+                "execution_context": execution_context,
                # Legacy: individual kwargs for blocks not yet using execution_context
                "workspace_id": workspace.id,
                "graph_exec_id": synthetic_graph_exec_id,
                "node_exec_id": synthetic_node_exec_id,
                "node_id": synthetic_node_id,
                "graph_version": 1,  # Versions are 1-indexed
                "graph_id": synthetic_graph_id,
            }
            for field_name, cred_meta in matched_credentials.items():
--- a/autogpt_platform/backend/backend/api/features/chat/tools/workspace_files.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/workspace_files.py
@@ -0,0 +1,620 @@
 """CoPilot tools for workspace file operations."""
 import base64
 import logging
 from typing import Any, Optional
 from pydantic import BaseModel
 from backend.api.features.chat.model import ChatSession
 from backend.data.workspace import get_or_create_workspace
 from backend.util.settings import Config
 from backend.util.virus_scanner import scan_content_safe
 from backend.util.workspace import WorkspaceManager
 from .base import BaseTool
 from .models import ErrorResponse, ResponseType, ToolResponseBase
 logger = logging.getLogger(__name__)
 class WorkspaceFileInfoData(BaseModel):
    """Data model for workspace file information (not a response itself)."""
    file_id: str
    name: str
    path: str
    mime_type: str
    size_bytes: int
 class WorkspaceFileListResponse(ToolResponseBase):
    """Response containing list of workspace files."""
    type: ResponseType = ResponseType.WORKSPACE_FILE_LIST
    files: list[WorkspaceFileInfoData]
    total_count: int
 class WorkspaceFileContentResponse(ToolResponseBase):
    """Response containing workspace file content (legacy, for small text files)."""
    type: ResponseType = ResponseType.WORKSPACE_FILE_CONTENT
    file_id: str
    name: str
    path: str
    mime_type: str
    content_base64: str
 class WorkspaceFileMetadataResponse(ToolResponseBase):
    """Response containing workspace file metadata and download URL (prevents context bloat)."""
    type: ResponseType = ResponseType.WORKSPACE_FILE_METADATA
    file_id: str
    name: str
    path: str
    mime_type: str
    size_bytes: int
    download_url: str
    preview: str | None = None  # First 500 chars for text files
 class WorkspaceWriteResponse(ToolResponseBase):
    """Response after writing a file to workspace."""
    type: ResponseType = ResponseType.WORKSPACE_FILE_WRITTEN
    file_id: str
    name: str
    path: str
    size_bytes: int
 class WorkspaceDeleteResponse(ToolResponseBase):
    """Response after deleting a file from workspace."""
    type: ResponseType = ResponseType.WORKSPACE_FILE_DELETED
    file_id: str
    success: bool
 class ListWorkspaceFilesTool(BaseTool):
    """Tool for listing files in user's workspace."""
    @property
    def name(self) -> str:
        return "list_workspace_files"
    @property
    def description(self) -> str:
        return (
            "List files in the user's workspace. "
            "Returns file names, paths, sizes, and metadata. "
            "Optionally filter by path prefix."
        )
    @property
    def parameters(self) -> dict[str, Any]:
        return {
            "type": "object",
            "properties": {
                "path_prefix": {
                    "type": "string",
                    "description": (
                        "Optional path prefix to filter files "
                        "(e.g., '/documents/' to list only files in documents folder). "
                        "By default, only files from the current session are listed."
                    ),
                },
                "limit": {
                    "type": "integer",
                    "description": "Maximum number of files to return (default 50, max 100)",
                    "minimum": 1,
                    "maximum": 100,
                },
                "include_all_sessions": {
                    "type": "boolean",
                    "description": (
                        "If true, list files from all sessions. "
                        "Default is false (only current session's files)."
                    ),
                },
            },
            "required": [],
        }
    @property
    def requires_auth(self) -> bool:
        return True
    async def _execute(
        self,
        user_id: str | None,
        session: ChatSession,
        **kwargs,
    ) -> ToolResponseBase:
        session_id = session.session_id
        if not user_id:
            return ErrorResponse(
                message="Authentication required",
                session_id=session_id,
            )
        path_prefix: Optional[str] = kwargs.get("path_prefix")
        limit = min(kwargs.get("limit", 50), 100)
        include_all_sessions: bool = kwargs.get("include_all_sessions", False)
        try:
            workspace = await get_or_create_workspace(user_id)
            # Pass session_id for session-scoped file access
            manager = WorkspaceManager(user_id, workspace.id, session_id)
            files = await manager.list_files(
                path=path_prefix,
                limit=limit,
                include_all_sessions=include_all_sessions,
            )
            total = await manager.get_file_count(
                path=path_prefix,
                include_all_sessions=include_all_sessions,
            )
            file_infos = [
                WorkspaceFileInfoData(
                    file_id=f.id,
                    name=f.name,
                    path=f.path,
                    mime_type=f.mimeType,
                    size_bytes=f.sizeBytes,
                )
                for f in files
            ]
            scope_msg = "all sessions" if include_all_sessions else "current session"
            return WorkspaceFileListResponse(
                files=file_infos,
                total_count=total,
                message=f"Found {len(files)} files in workspace ({scope_msg})",
                session_id=session_id,
            )
        except Exception as e:
            logger.error(f"Error listing workspace files: {e}", exc_info=True)
            return ErrorResponse(
                message=f"Failed to list workspace files: {str(e)}",
                error=str(e),
                session_id=session_id,
            )
 class ReadWorkspaceFileTool(BaseTool):
    """Tool for reading file content from workspace."""
    # Size threshold for returning full content vs metadata+URL
    # Files larger than this return metadata with download URL to prevent context bloat
    MAX_INLINE_SIZE_BYTES = 32 * 1024  # 32KB
    # Preview size for text files
    PREVIEW_SIZE = 500
    @property
    def name(self) -> str:
        return "read_workspace_file"
    @property
    def description(self) -> str:
        return (
            "Read a file from the user's workspace. "
            "Specify either file_id or path to identify the file. "
            "For small text files, returns content directly. "
            "For large or binary files, returns metadata and a download URL. "
            "Paths are scoped to the current session by default. "
            "Use /sessions/<session_id>/... for cross-session access."
        )
    @property
    def parameters(self) -> dict[str, Any]:
        return {
            "type": "object",
            "properties": {
                "file_id": {
                    "type": "string",
                    "description": "The file's unique ID (from list_workspace_files)",
                },
                "path": {
                    "type": "string",
                    "description": (
                        "The virtual file path (e.g., '/documents/report.pdf'). "
                        "Scoped to current session by default."
                    ),
                },
                "force_download_url": {
                    "type": "boolean",
                    "description": (
                        "If true, always return metadata+URL instead of inline content. "
                        "Default is false (auto-selects based on file size/type)."
                    ),
                },
            },
            "required": [],  # At least one must be provided
        }
    @property
    def requires_auth(self) -> bool:
        return True
    def _is_text_mime_type(self, mime_type: str) -> bool:
        """Check if the MIME type is a text-based type."""
        text_types = [
            "text/",
            "application/json",
            "application/xml",
            "application/javascript",
            "application/x-python",
            "application/x-sh",
        ]
        return any(mime_type.startswith(t) for t in text_types)
    async def _execute(
        self,
        user_id: str | None,
        session: ChatSession,
        **kwargs,
    ) -> ToolResponseBase:
        session_id = session.session_id
        if not user_id:
            return ErrorResponse(
                message="Authentication required",
                session_id=session_id,
            )
        file_id: Optional[str] = kwargs.get("file_id")
        path: Optional[str] = kwargs.get("path")
        force_download_url: bool = kwargs.get("force_download_url", False)
        if not file_id and not path:
            return ErrorResponse(
                message="Please provide either file_id or path",
                session_id=session_id,
            )
        try:
            workspace = await get_or_create_workspace(user_id)
            # Pass session_id for session-scoped file access
            manager = WorkspaceManager(user_id, workspace.id, session_id)
            # Get file info
            if file_id:
                file_info = await manager.get_file_info(file_id)
                if file_info is None:
                    return ErrorResponse(
                        message=f"File not found: {file_id}",
                        session_id=session_id,
                    )
                target_file_id = file_id
            else:
                # path is guaranteed to be non-None here due to the check above
                assert path is not None
                file_info = await manager.get_file_info_by_path(path)
                if file_info is None:
                    return ErrorResponse(
                        message=f"File not found at path: {path}",
                        session_id=session_id,
                    )
                target_file_id = file_info.id
            # Decide whether to return inline content or metadata+URL
            is_small_file = file_info.sizeBytes <= self.MAX_INLINE_SIZE_BYTES
            is_text_file = self._is_text_mime_type(file_info.mimeType)
            # Return inline content for small text files (unless force_download_url)
            if is_small_file and is_text_file and not force_download_url:
                content = await manager.read_file_by_id(target_file_id)
                content_b64 = base64.b64encode(content).decode("utf-8")
                return WorkspaceFileContentResponse(
                    file_id=file_info.id,
                    name=file_info.name,
                    path=file_info.path,
                    mime_type=file_info.mimeType,
                    content_base64=content_b64,
                    message=f"Successfully read file: {file_info.name}",
                    session_id=session_id,
                )
            # Return metadata + workspace:// reference for large or binary files
            # This prevents context bloat (100KB file = ~133KB as base64)
            # Use workspace:// format so frontend urlTransform can add proxy prefix
            download_url = f"workspace://{target_file_id}"
            # Generate preview for text files
            preview: str | None = None
            if is_text_file:
                try:
                    content = await manager.read_file_by_id(target_file_id)
                    preview_text = content[: self.PREVIEW_SIZE].decode(
                        "utf-8", errors="replace"
                    )
                    if len(content) > self.PREVIEW_SIZE:
                        preview_text += "..."
                    preview = preview_text
                except Exception:
                    pass  # Preview is optional
            return WorkspaceFileMetadataResponse(
                file_id=file_info.id,
                name=file_info.name,
                path=file_info.path,
                mime_type=file_info.mimeType,
                size_bytes=file_info.sizeBytes,
                download_url=download_url,
                preview=preview,
                message=f"File: {file_info.name} ({file_info.sizeBytes} bytes). Use download_url to retrieve content.",
                session_id=session_id,
            )
        except FileNotFoundError as e:
            return ErrorResponse(
                message=str(e),
                session_id=session_id,
            )
        except Exception as e:
            logger.error(f"Error reading workspace file: {e}", exc_info=True)
            return ErrorResponse(
                message=f"Failed to read workspace file: {str(e)}",
                error=str(e),
                session_id=session_id,
            )
 class WriteWorkspaceFileTool(BaseTool):
    """Tool for writing files to workspace."""
    @property
    def name(self) -> str:
        return "write_workspace_file"
    @property
    def description(self) -> str:
        return (
            "Write or create a file in the user's workspace. "
            "Provide the content as a base64-encoded string. "
            f"Maximum file size is {Config().max_file_size_mb}MB. "
            "Files are saved to the current session's folder by default. "
            "Use /sessions/<session_id>/... for cross-session access."
        )
    @property
    def parameters(self) -> dict[str, Any]:
        return {
            "type": "object",
            "properties": {
                "filename": {
                    "type": "string",
                    "description": "Name for the file (e.g., 'report.pdf')",
                },
                "content_base64": {
                    "type": "string",
                    "description": "Base64-encoded file content",
                },
                "path": {
                    "type": "string",
                    "description": (
                        "Optional virtual path where to save the file "
                        "(e.g., '/documents/report.pdf'). "
                        "Defaults to '/{filename}'. Scoped to current session."
                    ),
                },
                "mime_type": {
                    "type": "string",
                    "description": (
                        "Optional MIME type of the file. "
                        "Auto-detected from filename if not provided."
                    ),
                },
                "overwrite": {
                    "type": "boolean",
                    "description": "Whether to overwrite if file exists at path (default: false)",
                },
            },
            "required": ["filename", "content_base64"],
        }
    @property
    def requires_auth(self) -> bool:
        return True
    async def _execute(
        self,
        user_id: str | None,
        session: ChatSession,
        **kwargs,
    ) -> ToolResponseBase:
        session_id = session.session_id
        if not user_id:
            return ErrorResponse(
                message="Authentication required",
                session_id=session_id,
            )
        filename: str = kwargs.get("filename", "")
        content_b64: str = kwargs.get("content_base64", "")
        path: Optional[str] = kwargs.get("path")
        mime_type: Optional[str] = kwargs.get("mime_type")
        overwrite: bool = kwargs.get("overwrite", False)
        if not filename:
            return ErrorResponse(
                message="Please provide a filename",
                session_id=session_id,
            )
        if not content_b64:
            return ErrorResponse(
                message="Please provide content_base64",
                session_id=session_id,
            )
        # Decode content
        try:
            content = base64.b64decode(content_b64)
        except Exception:
            return ErrorResponse(
                message="Invalid base64-encoded content",
                session_id=session_id,
            )
        # Check size
        max_file_size = Config().max_file_size_mb * 1024 * 1024
        if len(content) > max_file_size:
            return ErrorResponse(
                message=f"File too large. Maximum size is {Config().max_file_size_mb}MB",
                session_id=session_id,
            )
        try:
            # Virus scan
            await scan_content_safe(content, filename=filename)
            workspace = await get_or_create_workspace(user_id)
            # Pass session_id for session-scoped file access
            manager = WorkspaceManager(user_id, workspace.id, session_id)
            file_record = await manager.write_file(
                content=content,
                filename=filename,
                path=path,
                mime_type=mime_type,
                overwrite=overwrite,
            )
            return WorkspaceWriteResponse(
                file_id=file_record.id,
                name=file_record.name,
                path=file_record.path,
                size_bytes=file_record.sizeBytes,
                message=f"Successfully wrote file: {file_record.name}",
                session_id=session_id,
            )
        except ValueError as e:
            return ErrorResponse(
                message=str(e),
                session_id=session_id,
            )
        except Exception as e:
            logger.error(f"Error writing workspace file: {e}", exc_info=True)
            return ErrorResponse(
                message=f"Failed to write workspace file: {str(e)}",
                error=str(e),
                session_id=session_id,
            )
 class DeleteWorkspaceFileTool(BaseTool):
    """Tool for deleting files from workspace."""
    @property
    def name(self) -> str:
        return "delete_workspace_file"
    @property
    def description(self) -> str:
        return (
            "Delete a file from the user's workspace. "
            "Specify either file_id or path to identify the file. "
            "Paths are scoped to the current session by default. "
            "Use /sessions/<session_id>/... for cross-session access."
        )
    @property
    def parameters(self) -> dict[str, Any]:
        return {
            "type": "object",
            "properties": {
                "file_id": {
                    "type": "string",
                    "description": "The file's unique ID (from list_workspace_files)",
                },
                "path": {
                    "type": "string",
                    "description": (
                        "The virtual file path (e.g., '/documents/report.pdf'). "
                        "Scoped to current session by default."
                    ),
                },
            },
            "required": [],  # At least one must be provided
        }
    @property
    def requires_auth(self) -> bool:
        return True
    async def _execute(
        self,
        user_id: str | None,
        session: ChatSession,
        **kwargs,
    ) -> ToolResponseBase:
        session_id = session.session_id
        if not user_id:
            return ErrorResponse(
                message="Authentication required",
                session_id=session_id,
            )
        file_id: Optional[str] = kwargs.get("file_id")
        path: Optional[str] = kwargs.get("path")
        if not file_id and not path:
            return ErrorResponse(
                message="Please provide either file_id or path",
                session_id=session_id,
            )
        try:
            workspace = await get_or_create_workspace(user_id)
            # Pass session_id for session-scoped file access
            manager = WorkspaceManager(user_id, workspace.id, session_id)
            # Determine the file_id to delete
            target_file_id: str
            if file_id:
                target_file_id = file_id
            else:
                # path is guaranteed to be non-None here due to the check above
                assert path is not None
                file_info = await manager.get_file_info_by_path(path)
                if file_info is None:
                    return ErrorResponse(
                        message=f"File not found at path: {path}",
                        session_id=session_id,
                    )
                target_file_id = file_info.id
            success = await manager.delete_file(target_file_id)
            if not success:
                return ErrorResponse(
                    message=f"File not found: {target_file_id}",
                    session_id=session_id,
                )
            return WorkspaceDeleteResponse(
                file_id=target_file_id,
                success=True,
                message="File deleted successfully",
                session_id=session_id,
            )
        except Exception as e:
            logger.error(f"Error deleting workspace file: {e}", exc_info=True)
            return ErrorResponse(
                message=f"Failed to delete workspace file: {str(e)}",
                error=str(e),
                session_id=session_id,
            )
--- a/autogpt_platform/backend/backend/api/features/workspace/init.py
+++ b/autogpt_platform/backend/backend/api/features/workspace/init.py
@@ -0,0 +1 @@
 # Workspace API feature module
--- a/autogpt_platform/backend/backend/api/features/workspace/routes.py
+++ b/autogpt_platform/backend/backend/api/features/workspace/routes.py
@@ -0,0 +1,122 @@
 """
 Workspace API routes for managing user file storage.
 """
 import logging
 import re
 from typing import Annotated
 from urllib.parse import quote
 import fastapi
 from autogpt_libs.auth.dependencies import get_user_id, requires_user
 from fastapi.responses import Response
 from backend.data.workspace import get_workspace, get_workspace_file
 from backend.util.workspace_storage import get_workspace_storage
 def _sanitize_filename_for_header(filename: str) -> str:
    """
    Sanitize filename for Content-Disposition header to prevent header injection.
    Removes/replaces characters that could break the header or inject new headers.
    Uses RFC5987 encoding for non-ASCII characters.
    """
    # Remove CR, LF, and null bytes (header injection prevention)
    sanitized = re.sub(r"[\r\n\x00]", "", filename)
    # Escape quotes
    sanitized = sanitized.replace('"', '\\"')
    # For non-ASCII, use RFC5987 filename* parameter
    # Check if filename has non-ASCII characters
    try:
        sanitized.encode("ascii")
        return f'attachment; filename="{sanitized}"'
    except UnicodeEncodeError:
        # Use RFC5987 encoding for UTF-8 filenames
        encoded = quote(sanitized, safe="")
        return f"attachment; filename*=UTF-8''{encoded}"
 logger = logging.getLogger(__name__)
 router = fastapi.APIRouter(
    dependencies=[fastapi.Security(requires_user)],
 )
 def _create_streaming_response(content: bytes, file) -> Response:
    """Create a streaming response for file content."""
    return Response(
        content=content,
        media_type=file.mimeType,
        headers={
            "Content-Disposition": _sanitize_filename_for_header(file.name),
            "Content-Length": str(len(content)),
        },
    )
 async def _create_file_download_response(file) -> Response:
    """
    Create a download response for a workspace file.
    Handles both local storage (direct streaming) and GCS (signed URL redirect
    with fallback to streaming).
    """
    storage = await get_workspace_storage()
    # For local storage, stream the file directly
    if file.storagePath.startswith("local://"):
        content = await storage.retrieve(file.storagePath)
        return _create_streaming_response(content, file)
    # For GCS, try to redirect to signed URL, fall back to streaming
    try:
        url = await storage.get_download_url(file.storagePath, expires_in=300)
        # If we got back an API path (fallback), stream directly instead
        if url.startswith("/api/"):
            content = await storage.retrieve(file.storagePath)
            return _create_streaming_response(content, file)
        return fastapi.responses.RedirectResponse(url=url, status_code=302)
    except Exception as e:
        # Log the signed URL failure with context
        logger.error(
            f"Failed to get signed URL for file {file.id} "
            f"(storagePath={file.storagePath}): {e}",
            exc_info=True,
        )
        # Fall back to streaming directly from GCS
        try:
            content = await storage.retrieve(file.storagePath)
            return _create_streaming_response(content, file)
        except Exception as fallback_error:
            logger.error(
                f"Fallback streaming also failed for file {file.id} "
                f"(storagePath={file.storagePath}): {fallback_error}",
                exc_info=True,
            )
            raise
@router.get(
    "/files/{file_id}/download",
    summary="Download file by ID",
 )
 async def download_file(
    user_id: Annotated[str, fastapi.Security(get_user_id)],
    file_id: str,
 ) -> Response:
    """
    Download a file by its ID.
    Returns the file content directly or redirects to a signed URL for GCS.
    """
    workspace = await get_workspace(user_id)
    if workspace is None:
        raise fastapi.HTTPException(status_code=404, detail="Workspace not found")
    file = await get_workspace_file(file_id, workspace.id)
    if file is None:
        raise fastapi.HTTPException(status_code=404, detail="File not found")
    return await _create_file_download_response(file)
--- a/autogpt_platform/backend/backend/api/rest_api.py
+++ b/autogpt_platform/backend/backend/api/rest_api.py
@@ -32,6 +32,7 @@ import backend.api.features.postmark.postmark
 import backend.api.features.store.model
 import backend.api.features.store.routes
 import backend.api.features.v1
 import backend.api.features.workspace.routes as workspace_routes
 import backend.data.block
 import backend.data.db
 import backend.data.graph
@@ -52,6 +53,7 @@ from backend.util.exceptions import (
 )
 from backend.util.feature_flag import initialize_launchdarkly, shutdown_launchdarkly
 from backend.util.service import UnhealthyServiceError
 from backend.util.workspace_storage import shutdown_workspace_storage
 from .external.fastapi_app import external_api
 from .features.analytics import router as analytics_router
@@ -124,6 +126,11 @@ async def lifespan_context(app: fastapi.FastAPI):
    except Exception as e:
        logger.warning(f"Error shutting down cloud storage handler: {e}")
    try:
        await shutdown_workspace_storage()
    except Exception as e:
        logger.warning(f"Error shutting down workspace storage: {e}")
    await backend.data.db.disconnect()
@@ -315,6 +322,11 @@ app.include_router(
    tags=["v2", "chat"],
    prefix="/api/chat",
 )
 app.include_router(
    workspace_routes.router,
    tags=["workspace"],
    prefix="/api/workspace",
 )
 app.include_router(
    backend.api.features.oauth.router,
    tags=["oauth"],
--- a/autogpt_platform/backend/backend/blocks/ai_image_customizer.py
+++ b/autogpt_platform/backend/backend/blocks/ai_image_customizer.py
@@ -13,6 +13,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import (
    APIKeyCredentials,
    CredentialsField,
@@ -117,11 +118,13 @@ class AIImageCustomizerBlock(Block):
                "credentials": TEST_CREDENTIALS_INPUT,
            },
            test_output=[
-                ("image_url", "https://replicate.delivery/generated-image.jpg"),
+                # Output will be a workspace ref or data URI depending on context
                ("image_url", lambda x: x.startswith(("workspace://", "data:"))),
            ],
            test_mock={
                # Use data URI to avoid HTTP requests during tests
                "run_model": lambda *args, **kwargs: MediaFileType(
-                    "https://replicate.delivery/generated-image.jpg"
+                    "data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAABAAEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iiigD//2Q=="
                ),
            },
            test_credentials=TEST_CREDENTIALS,
@@ -132,8 +135,7 @@ class AIImageCustomizerBlock(Block):
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        try:
@@ -141,10 +143,9 @@ class AIImageCustomizerBlock(Block):
            processed_images = await asyncio.gather(
                *(
                    store_media_file(
                        graph_exec_id=graph_exec_id,
                        file=img,
-                        user_id=user_id,
+                        execution_context=execution_context,
-                        return_content=True,
+                        return_format="for_external_api",  # Get content for Replicate API
                    )
                    for img in input_data.images
                )
@@ -158,7 +159,14 @@ class AIImageCustomizerBlock(Block):
                aspect_ratio=input_data.aspect_ratio.value,
                output_format=input_data.output_format.value,
            )
-            yield "image_url", result
+
            # Store the generated image to the user's workspace for persistence
            stored_url = await store_media_file(
                file=result,
                execution_context=execution_context,
                return_format="for_block_output",
            )
            yield "image_url", stored_url
        except Exception as e:
            yield "error", str(e)
--- a/autogpt_platform/backend/backend/blocks/ai_image_generator_block.py
+++ b/autogpt_platform/backend/backend/blocks/ai_image_generator_block.py
@@ -6,6 +6,7 @@ from replicate.client import Client as ReplicateClient
 from replicate.helpers import FileOutput
 from backend.data.block import Block, BlockCategory, BlockSchemaInput, BlockSchemaOutput
 from backend.data.execution import ExecutionContext
 from backend.data.model import (
    APIKeyCredentials,
    CredentialsField,
@@ -13,6 +14,8 @@ from backend.data.model import (
    SchemaField,
 )
 from backend.integrations.providers import ProviderName
 from backend.util.file import store_media_file
 from backend.util.type import MediaFileType
 class ImageSize(str, Enum):
@@ -165,11 +168,13 @@ class AIImageGeneratorBlock(Block):
            test_output=[
                (
                    "image_url",
-                    "https://replicate.delivery/generated-image.webp",
+                    # Test output is a data URI since we now store images
                    lambda x: x.startswith("data:image/"),
                ),
            ],
            test_mock={
-                "_run_client": lambda *args, **kwargs: "https://replicate.delivery/generated-image.webp"
+                # Return a data URI directly so store_media_file doesn't need to download
                "_run_client": lambda *args, **kwargs: "data:image/webp;base64,UklGRiQAAABXRUJQVlA4IBgAAAAwAQCdASoBAAEAAQAcJYgCdAEO"
            },
        )
@@ -318,11 +323,24 @@ class AIImageGeneratorBlock(Block):
        style_text = style_map.get(style, "")
        return f"{style_text} of" if style_text else ""
-    async def run(self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs):
+    async def run(
        self,
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
        execution_context: ExecutionContext,
        **kwargs,
    ):
        try:
            url = await self.generate_image(input_data, credentials)
            if url:
-                yield "image_url", url
+                # Store the generated image to the user's workspace/execution folder
                stored_url = await store_media_file(
                    file=MediaFileType(url),
                    execution_context=execution_context,
                    return_format="for_block_output",
                )
                yield "image_url", stored_url
            else:
                yield "error", "Image generation returned an empty result."
        except Exception as e:
--- a/autogpt_platform/backend/backend/blocks/ai_shortform_video_block.py
+++ b/autogpt_platform/backend/backend/blocks/ai_shortform_video_block.py
@@ -13,6 +13,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import (
    APIKeyCredentials,
    CredentialsField,
@@ -21,7 +22,9 @@ from backend.data.model import (
 )
 from backend.integrations.providers import ProviderName
 from backend.util.exceptions import BlockExecutionError
 from backend.util.file import store_media_file
 from backend.util.request import Requests
 from backend.util.type import MediaFileType
 TEST_CREDENTIALS = APIKeyCredentials(
    id="01234567-89ab-cdef-0123-456789abcdef",
@@ -271,7 +274,10 @@ class AIShortformVideoCreatorBlock(Block):
                "voice": Voice.LILY,
                "video_style": VisualMediaType.STOCK_VIDEOS,
            },
-            test_output=("video_url", "https://example.com/video.mp4"),
+            test_output=(
                "video_url",
                lambda x: x.startswith(("workspace://", "data:")),
            ),
            test_mock={
                "create_webhook": lambda *args, **kwargs: (
                    "test_uuid",
@@ -280,15 +286,21 @@ class AIShortformVideoCreatorBlock(Block):
                "create_video": lambda *args, **kwargs: {"pid": "test_pid"},
                "check_video_status": lambda *args, **kwargs: {
                    "status": "ready",
-                    "videoUrl": "https://example.com/video.mp4",
+                    "videoUrl": "data:video/mp4;base64,AAAA",
                },
-                "wait_for_video": lambda *args, **kwargs: "https://example.com/video.mp4",
+                # Use data URI to avoid HTTP requests during tests
                "wait_for_video": lambda *args, **kwargs: "data:video/mp4;base64,AAAA",
            },
            test_credentials=TEST_CREDENTIALS,
        )
    async def run(
-        self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
+        self,
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
        execution_context: ExecutionContext,
        **kwargs,
    ) -> BlockOutput:
        # Create a new Webhook.site URL
        webhook_token, webhook_url = await self.create_webhook()
@@ -340,7 +352,13 @@ class AIShortformVideoCreatorBlock(Block):
            )
            video_url = await self.wait_for_video(credentials.api_key, pid)
            logger.debug(f"Video ready: {video_url}")
-            yield "video_url", video_url
+            # Store the generated video to the user's workspace for persistence
            stored_url = await store_media_file(
                file=MediaFileType(video_url),
                execution_context=execution_context,
                return_format="for_block_output",
            )
            yield "video_url", stored_url
 class AIAdMakerVideoCreatorBlock(Block):
@@ -447,7 +465,10 @@ class AIAdMakerVideoCreatorBlock(Block):
                    "https://cdn.revid.ai/uploads/1747076315114-image.png",
                ],
            },
-            test_output=("video_url", "https://example.com/ad.mp4"),
+            test_output=(
                "video_url",
                lambda x: x.startswith(("workspace://", "data:")),
            ),
            test_mock={
                "create_webhook": lambda *args, **kwargs: (
                    "test_uuid",
@@ -456,14 +477,21 @@ class AIAdMakerVideoCreatorBlock(Block):
                "create_video": lambda *args, **kwargs: {"pid": "test_pid"},
                "check_video_status": lambda *args, **kwargs: {
                    "status": "ready",
-                    "videoUrl": "https://example.com/ad.mp4",
+                    "videoUrl": "data:video/mp4;base64,AAAA",
                },
-                "wait_for_video": lambda *args, **kwargs: "https://example.com/ad.mp4",
+                "wait_for_video": lambda *args, **kwargs: "data:video/mp4;base64,AAAA",
            },
            test_credentials=TEST_CREDENTIALS,
        )
-    async def run(self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs):
+    async def run(
        self,
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
        execution_context: ExecutionContext,
        **kwargs,
    ):
        webhook_token, webhook_url = await self.create_webhook()
        payload = {
@@ -531,7 +559,13 @@ class AIAdMakerVideoCreatorBlock(Block):
            raise RuntimeError("Failed to create video: No project ID returned")
        video_url = await self.wait_for_video(credentials.api_key, pid)
-        yield "video_url", video_url
+        # Store the generated video to the user's workspace for persistence
        stored_url = await store_media_file(
            file=MediaFileType(video_url),
            execution_context=execution_context,
            return_format="for_block_output",
        )
        yield "video_url", stored_url
 class AIScreenshotToVideoAdBlock(Block):
@@ -626,7 +660,10 @@ class AIScreenshotToVideoAdBlock(Block):
                "script": "Amazing numbers!",
                "screenshot_url": "https://cdn.revid.ai/uploads/1747080376028-image.png",
            },
-            test_output=("video_url", "https://example.com/screenshot.mp4"),
+            test_output=(
                "video_url",
                lambda x: x.startswith(("workspace://", "data:")),
            ),
            test_mock={
                "create_webhook": lambda *args, **kwargs: (
                    "test_uuid",
@@ -635,14 +672,21 @@ class AIScreenshotToVideoAdBlock(Block):
                "create_video": lambda *args, **kwargs: {"pid": "test_pid"},
                "check_video_status": lambda *args, **kwargs: {
                    "status": "ready",
-                    "videoUrl": "https://example.com/screenshot.mp4",
+                    "videoUrl": "data:video/mp4;base64,AAAA",
                },
-                "wait_for_video": lambda *args, **kwargs: "https://example.com/screenshot.mp4",
+                "wait_for_video": lambda *args, **kwargs: "data:video/mp4;base64,AAAA",
            },
            test_credentials=TEST_CREDENTIALS,
        )
-    async def run(self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs):
+    async def run(
        self,
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
        execution_context: ExecutionContext,
        **kwargs,
    ):
        webhook_token, webhook_url = await self.create_webhook()
        payload = {
@@ -710,4 +754,10 @@ class AIScreenshotToVideoAdBlock(Block):
            raise RuntimeError("Failed to create video: No project ID returned")
        video_url = await self.wait_for_video(credentials.api_key, pid)
-        yield "video_url", video_url
+        # Store the generated video to the user's workspace for persistence
        stored_url = await store_media_file(
            file=MediaFileType(video_url),
            execution_context=execution_context,
            return_format="for_block_output",
        )
        yield "video_url", stored_url
--- a/autogpt_platform/backend/backend/blocks/bannerbear/text_overlay.py
+++ b/autogpt_platform/backend/backend/blocks/bannerbear/text_overlay.py
@@ -6,6 +6,7 @@ if TYPE_CHECKING:
 from pydantic import SecretStr
 from backend.data.execution import ExecutionContext
 from backend.sdk import (
    APIKeyCredentials,
    Block,
@@ -17,6 +18,8 @@ from backend.sdk import (
    Requests,
    SchemaField,
 )
 from backend.util.file import store_media_file
 from backend.util.type import MediaFileType
 from ._config import bannerbear
@@ -135,15 +138,17 @@ class BannerbearTextOverlayBlock(Block):
            },
            test_output=[
                ("success", True),
-                ("image_url", "https://cdn.bannerbear.com/test-image.jpg"),
+                # Output will be a workspace ref or data URI depending on context
                ("image_url", lambda x: x.startswith(("workspace://", "data:"))),
                ("uid", "test-uid-123"),
                ("status", "completed"),
            ],
            test_mock={
                # Use data URI to avoid HTTP requests during tests
                "_make_api_request": lambda *args, **kwargs: {
                    "uid": "test-uid-123",
                    "status": "completed",
-                    "image_url": "https://cdn.bannerbear.com/test-image.jpg",
+                    "image_url": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/wAALCAABAAEBAREA/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/9oACAEBAAA/APn+v//Z",
                }
            },
            test_credentials=TEST_CREDENTIALS,
@@ -177,7 +182,12 @@ class BannerbearTextOverlayBlock(Block):
            raise Exception(error_msg)
    async def run(
-        self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
+        self,
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
        execution_context: ExecutionContext,
        **kwargs,
    ) -> BlockOutput:
        # Build the modifications array
        modifications = []
@@ -234,6 +244,18 @@ class BannerbearTextOverlayBlock(Block):
        # Synchronous request - image should be ready
        yield "success", True
-        yield "image_url", data.get("image_url", "")
+
        # Store the generated image to workspace for persistence
        image_url = data.get("image_url", "")
        if image_url:
            stored_url = await store_media_file(
                file=MediaFileType(image_url),
                execution_context=execution_context,
                return_format="for_block_output",
            )
            yield "image_url", stored_url
        else:
            yield "image_url", ""
        yield "uid", data.get("uid", "")
        yield "status", data.get("status", "completed")
--- a/autogpt_platform/backend/backend/blocks/basic.py
+++ b/autogpt_platform/backend/backend/blocks/basic.py
@@ -9,6 +9,7 @@ from backend.data.block import (
    BlockSchemaOutput,
    BlockType,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import SchemaField
 from backend.util.file import store_media_file
 from backend.util.type import MediaFileType, convert
@@ -17,10 +18,10 @@ from backend.util.type import MediaFileType, convert
 class FileStoreBlock(Block):
    class Input(BlockSchemaInput):
        file_in: MediaFileType = SchemaField(
-            description="The file to store in the temporary directory, it can be a URL, data URI, or local path."
+            description="The file to download and store. Can be a URL (https://...), data URI, or local path."
        )
        base_64: bool = SchemaField(
-            description="Whether produce an output in base64 format (not recommended, you can pass the string path just fine accross blocks).",
+            description="Whether to produce output in base64 format (not recommended, you can pass the file reference across blocks).",
            default=False,
            advanced=True,
            title="Produce Base64 Output",
@@ -28,13 +29,18 @@ class FileStoreBlock(Block):
    class Output(BlockSchemaOutput):
        file_out: MediaFileType = SchemaField(
-            description="The relative path to the stored file in the temporary directory."
+            description="Reference to the stored file. In CoPilot: workspace:// URI (visible in list_workspace_files). In graphs: data URI for passing to other blocks."
        )
    def __init__(self):
        super().__init__(
            id="cbb50872-625b-42f0-8203-a2ae78242d8a",
-            description="Stores the input file in the temporary directory.",
+            description=(
                "Downloads and stores a file from a URL, data URI, or local path. "
                "Use this to fetch images, documents, or other files for processing. "
                "In CoPilot: saves to workspace (use list_workspace_files to see it). "
                "In graphs: outputs a data URI to pass to other blocks."
            ),
            categories={BlockCategory.BASIC, BlockCategory.MULTIMEDIA},
            input_schema=FileStoreBlock.Input,
            output_schema=FileStoreBlock.Output,
@@ -45,15 +51,18 @@ class FileStoreBlock(Block):
        self,
        input_data: Input,
        *,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        # Determine return format based on user preference
        # for_external_api: always returns data URI (base64) - honors "Produce Base64 Output"
        # for_block_output: smart format - workspace:// in CoPilot, data URI in graphs
        return_format = "for_external_api" if input_data.base_64 else "for_block_output"
        yield "file_out", await store_media_file(
            graph_exec_id=graph_exec_id,
            file=input_data.file_in,
-            user_id=user_id,
+            execution_context=execution_context,
-            return_content=input_data.base_64,
+            return_format=return_format,
        )
--- a/autogpt_platform/backend/backend/blocks/discord/bot_blocks.py
+++ b/autogpt_platform/backend/backend/blocks/discord/bot_blocks.py
@@ -15,6 +15,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import APIKeyCredentials, SchemaField
 from backend.util.file import store_media_file
 from backend.util.request import Requests
@@ -666,8 +667,7 @@ class SendDiscordFileBlock(Block):
        file: MediaFileType,
        filename: str,
        message_content: str,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
    ) -> dict:
        intents = discord.Intents.default()
        intents.guilds = True
@@ -731,10 +731,9 @@ class SendDiscordFileBlock(Block):
                    # Local file path - read from stored media file
                    # This would be a path from a previous block's output
                    stored_file = await store_media_file(
                        graph_exec_id=graph_exec_id,
                        file=file,
-                        user_id=user_id,
+                        execution_context=execution_context,
-                        return_content=True,  # Get as data URI
+                        return_format="for_external_api",  # Get content to send to Discord
                    )
                    # Now process as data URI
                    header, encoded = stored_file.split(",", 1)
@@ -781,8 +780,7 @@ class SendDiscordFileBlock(Block):
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        try:
@@ -793,8 +791,7 @@ class SendDiscordFileBlock(Block):
                file=input_data.file,
                filename=input_data.filename,
                message_content=input_data.message_content,
-                graph_exec_id=graph_exec_id,
+                execution_context=execution_context,
                user_id=user_id,
            )
            yield "status", result.get("status", "Unknown error")
--- a/autogpt_platform/backend/backend/blocks/fal/ai_video_generator.py
+++ b/autogpt_platform/backend/backend/blocks/fal/ai_video_generator.py
@@ -17,8 +17,11 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import SchemaField
 from backend.util.file import store_media_file
 from backend.util.request import ClientResponseError, Requests
 from backend.util.type import MediaFileType
 logger = logging.getLogger(__name__)
@@ -64,9 +67,13 @@ class AIVideoGeneratorBlock(Block):
                "credentials": TEST_CREDENTIALS_INPUT,
            },
            test_credentials=TEST_CREDENTIALS,
-            test_output=[("video_url", "https://fal.media/files/example/video.mp4")],
+            test_output=[
                # Output will be a workspace ref or data URI depending on context
                ("video_url", lambda x: x.startswith(("workspace://", "data:"))),
            ],
            test_mock={
-                "generate_video": lambda *args, **kwargs: "https://fal.media/files/example/video.mp4"
+                # Use data URI to avoid HTTP requests during tests
                "generate_video": lambda *args, **kwargs: "data:video/mp4;base64,AAAA"
            },
        )
@@ -208,11 +215,22 @@ class AIVideoGeneratorBlock(Block):
            raise RuntimeError(f"API request failed: {str(e)}")
    async def run(
-        self, input_data: Input, *, credentials: FalCredentials, **kwargs
+        self,
        input_data: Input,
        *,
        credentials: FalCredentials,
        execution_context: ExecutionContext,
        **kwargs,
    ) -> BlockOutput:
        try:
            video_url = await self.generate_video(input_data, credentials)
-            yield "video_url", video_url
+            # Store the generated video to the user's workspace for persistence
            stored_url = await store_media_file(
                file=MediaFileType(video_url),
                execution_context=execution_context,
                return_format="for_block_output",
            )
            yield "video_url", stored_url
        except Exception as e:
            error_message = str(e)
            yield "error", error_message
--- a/autogpt_platform/backend/backend/blocks/flux_kontext.py
+++ b/autogpt_platform/backend/backend/blocks/flux_kontext.py
@@ -12,6 +12,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import (
    APIKeyCredentials,
    CredentialsField,
@@ -121,10 +122,12 @@ class AIImageEditorBlock(Block):
                "credentials": TEST_CREDENTIALS_INPUT,
            },
            test_output=[
-                ("output_image", "https://replicate.com/output/edited-image.png"),
+                # Output will be a workspace ref or data URI depending on context
                ("output_image", lambda x: x.startswith(("workspace://", "data:"))),
            ],
            test_mock={
-                "run_model": lambda *args, **kwargs: "https://replicate.com/output/edited-image.png",
+                # Use data URI to avoid HTTP requests during tests
                "run_model": lambda *args, **kwargs: "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==",
            },
            test_credentials=TEST_CREDENTIALS,
        )
@@ -134,8 +137,7 @@ class AIImageEditorBlock(Block):
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        result = await self.run_model(
@@ -144,20 +146,25 @@ class AIImageEditorBlock(Block):
            prompt=input_data.prompt,
            input_image_b64=(
                await store_media_file(
                    graph_exec_id=graph_exec_id,
                    file=input_data.input_image,
-                    user_id=user_id,
+                    execution_context=execution_context,
-                    return_content=True,
+                    return_format="for_external_api",  # Get content for Replicate API
                )
                if input_data.input_image
                else None
            ),
            aspect_ratio=input_data.aspect_ratio.value,
            seed=input_data.seed,
-            user_id=user_id,
+            user_id=execution_context.user_id or "",
-            graph_exec_id=graph_exec_id,
+            graph_exec_id=execution_context.graph_exec_id or "",
        )
-        yield "output_image", result
+        # Store the generated image to the user's workspace for persistence
        stored_url = await store_media_file(
            file=result,
            execution_context=execution_context,
            return_format="for_block_output",
        )
        yield "output_image", stored_url
    async def run_model(
        self,
--- a/autogpt_platform/backend/backend/blocks/google/gmail.py
+++ b/autogpt_platform/backend/backend/blocks/google/gmail.py
@@ -21,6 +21,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import SchemaField
 from backend.util.file import MediaFileType, get_exec_file_path, store_media_file
 from backend.util.settings import Settings
@@ -95,8 +96,7 @@ def _make_mime_text(
 async def create_mime_message(
    input_data,
-    graph_exec_id: str,
+    execution_context: ExecutionContext,
    user_id: str,
 ) -> str:
    """Create a MIME message with attachments and return base64-encoded raw message."""
@@ -117,12 +117,12 @@ async def create_mime_message(
    if input_data.attachments:
        for attach in input_data.attachments:
            local_path = await store_media_file(
                user_id=user_id,
                graph_exec_id=graph_exec_id,
                file=attach,
-                return_content=False,
+                execution_context=execution_context,
                return_format="for_local_processing",
            )
-            abs_path = get_exec_file_path(graph_exec_id, local_path)
+            assert execution_context.graph_exec_id  # Validated by store_media_file
            abs_path = get_exec_file_path(execution_context.graph_exec_id, local_path)
            part = MIMEBase("application", "octet-stream")
            with open(abs_path, "rb") as f:
                part.set_payload(f.read())
@@ -582,27 +582,25 @@ class GmailSendBlock(GmailBase):
        input_data: Input,
        *,
        credentials: GoogleCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        service = self._build_service(credentials, **kwargs)
        result = await self._send_email(
            service,
            input_data,
-            graph_exec_id,
+            execution_context,
            user_id,
        )
        yield "result", result
    async def _send_email(
-        self, service, input_data: Input, graph_exec_id: str, user_id: str
+        self, service, input_data: Input, execution_context: ExecutionContext
    ) -> dict:
        if not input_data.to or not input_data.subject or not input_data.body:
            raise ValueError(
                "At least one recipient, subject, and body are required for sending an email"
            )
-        raw_message = await create_mime_message(input_data, graph_exec_id, user_id)
+        raw_message = await create_mime_message(input_data, execution_context)
        sent_message = await asyncio.to_thread(
            lambda: service.users()
            .messages()
@@ -692,30 +690,28 @@ class GmailCreateDraftBlock(GmailBase):
        input_data: Input,
        *,
        credentials: GoogleCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        service = self._build_service(credentials, **kwargs)
        result = await self._create_draft(
            service,
            input_data,
-            graph_exec_id,
+            execution_context,
            user_id,
        )
        yield "result", GmailDraftResult(
            id=result["id"], message_id=result["message"]["id"], status="draft_created"
        )
    async def _create_draft(
-        self, service, input_data: Input, graph_exec_id: str, user_id: str
+        self, service, input_data: Input, execution_context: ExecutionContext
    ) -> dict:
        if not input_data.to or not input_data.subject:
            raise ValueError(
                "At least one recipient and subject are required for creating a draft"
            )
-        raw_message = await create_mime_message(input_data, graph_exec_id, user_id)
+        raw_message = await create_mime_message(input_data, execution_context)
        draft = await asyncio.to_thread(
            lambda: service.users()
            .drafts()
@@ -1100,7 +1096,7 @@ class GmailGetThreadBlock(GmailBase):
 async def _build_reply_message(
-    service, input_data, graph_exec_id: str, user_id: str
+    service, input_data, execution_context: ExecutionContext
 ) -> tuple[str, str]:
    """
    Builds a reply MIME message for Gmail threads.
@@ -1190,12 +1186,12 @@ async def _build_reply_message(
    # Handle attachments
    for attach in input_data.attachments:
        local_path = await store_media_file(
            user_id=user_id,
            graph_exec_id=graph_exec_id,
            file=attach,
-            return_content=False,
+            execution_context=execution_context,
            return_format="for_local_processing",
        )
-        abs_path = get_exec_file_path(graph_exec_id, local_path)
+        assert execution_context.graph_exec_id  # Validated by store_media_file
        abs_path = get_exec_file_path(execution_context.graph_exec_id, local_path)
        part = MIMEBase("application", "octet-stream")
        with open(abs_path, "rb") as f:
            part.set_payload(f.read())
@@ -1311,16 +1307,14 @@ class GmailReplyBlock(GmailBase):
        input_data: Input,
        *,
        credentials: GoogleCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        service = self._build_service(credentials, **kwargs)
        message = await self._reply(
            service,
            input_data,
-            graph_exec_id,
+            execution_context,
            user_id,
        )
        yield "messageId", message["id"]
        yield "threadId", message.get("threadId", input_data.threadId)
@@ -1343,11 +1337,11 @@ class GmailReplyBlock(GmailBase):
        yield "email", email
    async def _reply(
-        self, service, input_data: Input, graph_exec_id: str, user_id: str
+        self, service, input_data: Input, execution_context: ExecutionContext
    ) -> dict:
        # Build the reply message using the shared helper
        raw, thread_id = await _build_reply_message(
-            service, input_data, graph_exec_id, user_id
+            service, input_data, execution_context
        )
        # Send the message
@@ -1441,16 +1435,14 @@ class GmailDraftReplyBlock(GmailBase):
        input_data: Input,
        *,
        credentials: GoogleCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        service = self._build_service(credentials, **kwargs)
        draft = await self._create_draft_reply(
            service,
            input_data,
-            graph_exec_id,
+            execution_context,
            user_id,
        )
        yield "draftId", draft["id"]
        yield "messageId", draft["message"]["id"]
@@ -1458,11 +1450,11 @@ class GmailDraftReplyBlock(GmailBase):
        yield "status", "draft_created"
    async def _create_draft_reply(
-        self, service, input_data: Input, graph_exec_id: str, user_id: str
+        self, service, input_data: Input, execution_context: ExecutionContext
    ) -> dict:
        # Build the reply message using the shared helper
        raw, thread_id = await _build_reply_message(
-            service, input_data, graph_exec_id, user_id
+            service, input_data, execution_context
        )
        # Create draft with proper thread association
@@ -1629,23 +1621,21 @@ class GmailForwardBlock(GmailBase):
        input_data: Input,
        *,
        credentials: GoogleCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        service = self._build_service(credentials, **kwargs)
        result = await self._forward_message(
            service,
            input_data,
-            graph_exec_id,
+            execution_context,
            user_id,
        )
        yield "messageId", result["id"]
        yield "threadId", result.get("threadId", "")
        yield "status", "forwarded"
    async def _forward_message(
-        self, service, input_data: Input, graph_exec_id: str, user_id: str
+        self, service, input_data: Input, execution_context: ExecutionContext
    ) -> dict:
        if not input_data.to:
            raise ValueError("At least one recipient is required for forwarding")
@@ -1727,12 +1717,12 @@ To: {original_to}
        # Add any additional attachments
        for attach in input_data.additionalAttachments:
            local_path = await store_media_file(
                user_id=user_id,
                graph_exec_id=graph_exec_id,
                file=attach,
-                return_content=False,
+                execution_context=execution_context,
                return_format="for_local_processing",
            )
-            abs_path = get_exec_file_path(graph_exec_id, local_path)
+            assert execution_context.graph_exec_id  # Validated by store_media_file
            abs_path = get_exec_file_path(execution_context.graph_exec_id, local_path)
            part = MIMEBase("application", "octet-stream")
            with open(abs_path, "rb") as f:
                part.set_payload(f.read())
--- a/autogpt_platform/backend/backend/blocks/http.py
+++ b/autogpt_platform/backend/backend/blocks/http.py
@@ -15,6 +15,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import (
    CredentialsField,
    CredentialsMetaInput,
@@ -116,10 +117,9 @@ class SendWebRequestBlock(Block):
    @staticmethod
    async def _prepare_files(
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        files_name: str,
        files: list[MediaFileType],
        user_id: str,
    ) -> list[tuple[str, tuple[str, BytesIO, str]]]:
        """
        Prepare files for the request by storing them and reading their content.
@@ -127,11 +127,16 @@ class SendWebRequestBlock(Block):
        (files_name, (filename, BytesIO, mime_type))
        """
        files_payload: list[tuple[str, tuple[str, BytesIO, str]]] = []
        graph_exec_id = execution_context.graph_exec_id
        if graph_exec_id is None:
            raise ValueError("graph_exec_id is required for file operations")
        for media in files:
            # Normalise to a list so we can repeat the same key
            rel_path = await store_media_file(
-                graph_exec_id, media, user_id, return_content=False
+                file=media,
                execution_context=execution_context,
                return_format="for_local_processing",
            )
            abs_path = get_exec_file_path(graph_exec_id, rel_path)
            async with aiofiles.open(abs_path, "rb") as f:
@@ -143,7 +148,7 @@ class SendWebRequestBlock(Block):
        return files_payload
    async def run(
-        self, input_data: Input, *, graph_exec_id: str, user_id: str, **kwargs
+        self, input_data: Input, *, execution_context: ExecutionContext, **kwargs
    ) -> BlockOutput:
        # ─── Parse/normalise body ────────────────────────────────────
        body = input_data.body
@@ -174,7 +179,7 @@ class SendWebRequestBlock(Block):
        files_payload: list[tuple[str, tuple[str, BytesIO, str]]] = []
        if use_files:
            files_payload = await self._prepare_files(
-                graph_exec_id, input_data.files_name, input_data.files, user_id
+                execution_context, input_data.files_name, input_data.files
            )
        # Enforce body format rules
@@ -238,9 +243,8 @@ class SendAuthenticatedWebRequestBlock(SendWebRequestBlock):
        self,
        input_data: Input,
        *,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        credentials: HostScopedCredentials,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        # Create SendWebRequestBlock.Input from our input (removing credentials field)
@@ -271,6 +275,6 @@ class SendAuthenticatedWebRequestBlock(SendWebRequestBlock):
        # Use parent class run method
        async for output_name, output_data in super().run(
-            base_input, graph_exec_id=graph_exec_id, user_id=user_id, **kwargs
+            base_input, execution_context=execution_context, **kwargs
        ):
            yield output_name, output_data
--- a/autogpt_platform/backend/backend/blocks/io.py
+++ b/autogpt_platform/backend/backend/blocks/io.py
@@ -12,6 +12,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockType,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import SchemaField
 from backend.util.file import store_media_file
 from backend.util.mock import MockObject
@@ -462,18 +463,21 @@ class AgentFileInputBlock(AgentInputBlock):
        self,
        input_data: Input,
        *,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        if not input_data.value:
            return
        # Determine return format based on user preference
        # for_external_api: always returns data URI (base64) - honors "Produce Base64 Output"
        # for_block_output: smart format - workspace:// in CoPilot, data URI in graphs
        return_format = "for_external_api" if input_data.base_64 else "for_block_output"
        yield "result", await store_media_file(
            graph_exec_id=graph_exec_id,
            file=input_data.value,
-            user_id=user_id,
+            execution_context=execution_context,
-            return_content=input_data.base_64,
+            return_format=return_format,
        )
--- a/autogpt_platform/backend/backend/blocks/media.py
+++ b/autogpt_platform/backend/backend/blocks/media.py
@@ -1,6 +1,6 @@
 import os
 import tempfile
-from typing import Literal, Optional
+from typing import Optional
 from moviepy.audio.io.AudioFileClip import AudioFileClip
 from moviepy.video.fx.Loop import Loop
@@ -13,6 +13,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import SchemaField
 from backend.util.file import MediaFileType, get_exec_file_path, store_media_file
@@ -46,18 +47,19 @@ class MediaDurationBlock(Block):
        self,
        input_data: Input,
        *,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        # 1) Store the input media locally
        local_media_path = await store_media_file(
            graph_exec_id=graph_exec_id,
            file=input_data.media_in,
-            user_id=user_id,
+            execution_context=execution_context,
-            return_content=False,
+            return_format="for_local_processing",
        )
        assert execution_context.graph_exec_id is not None
        media_abspath = get_exec_file_path(
            execution_context.graph_exec_id, local_media_path
        )
        media_abspath = get_exec_file_path(graph_exec_id, local_media_path)
        # 2) Load the clip
        if input_data.is_video:
@@ -88,10 +90,6 @@ class LoopVideoBlock(Block):
            default=None,
            ge=1,
        )
        output_return_type: Literal["file_path", "data_uri"] = SchemaField(
            description="How to return the output video. Either a relative path or base64 data URI.",
            default="file_path",
        )
    class Output(BlockSchemaOutput):
        video_out: str = SchemaField(
@@ -111,17 +109,19 @@ class LoopVideoBlock(Block):
        self,
        input_data: Input,
        *,
-        node_exec_id: str,
+        execution_context: ExecutionContext,
        graph_exec_id: str,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        assert execution_context.graph_exec_id is not None
        assert execution_context.node_exec_id is not None
        graph_exec_id = execution_context.graph_exec_id
        node_exec_id = execution_context.node_exec_id
        # 1) Store the input video locally
        local_video_path = await store_media_file(
            graph_exec_id=graph_exec_id,
            file=input_data.video_in,
-            user_id=user_id,
+            execution_context=execution_context,
-            return_content=False,
+            return_format="for_local_processing",
        )
        input_abspath = get_exec_file_path(graph_exec_id, local_video_path)
@@ -149,12 +149,11 @@ class LoopVideoBlock(Block):
        looped_clip = looped_clip.with_audio(clip.audio)
        looped_clip.write_videofile(output_abspath, codec="libx264", audio_codec="aac")
-        # Return as data URI
+        # Return output - for_block_output returns workspace:// if available, else data URI
        video_out = await store_media_file(
            graph_exec_id=graph_exec_id,
            file=output_filename,
-            user_id=user_id,
+            execution_context=execution_context,
-            return_content=input_data.output_return_type == "data_uri",
+            return_format="for_block_output",
        )
        yield "video_out", video_out
@@ -177,10 +176,6 @@ class AddAudioToVideoBlock(Block):
            description="Volume scale for the newly attached audio track (1.0 = original).",
            default=1.0,
        )
        output_return_type: Literal["file_path", "data_uri"] = SchemaField(
            description="Return the final output as a relative path or base64 data URI.",
            default="file_path",
        )
    class Output(BlockSchemaOutput):
        video_out: MediaFileType = SchemaField(
@@ -200,23 +195,24 @@ class AddAudioToVideoBlock(Block):
        self,
        input_data: Input,
        *,
-        node_exec_id: str,
+        execution_context: ExecutionContext,
        graph_exec_id: str,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        assert execution_context.graph_exec_id is not None
        assert execution_context.node_exec_id is not None
        graph_exec_id = execution_context.graph_exec_id
        node_exec_id = execution_context.node_exec_id
        # 1) Store the inputs locally
        local_video_path = await store_media_file(
            graph_exec_id=graph_exec_id,
            file=input_data.video_in,
-            user_id=user_id,
+            execution_context=execution_context,
-            return_content=False,
+            return_format="for_local_processing",
        )
        local_audio_path = await store_media_file(
            graph_exec_id=graph_exec_id,
            file=input_data.audio_in,
-            user_id=user_id,
+            execution_context=execution_context,
-            return_content=False,
+            return_format="for_local_processing",
        )
        abs_temp_dir = os.path.join(tempfile.gettempdir(), "exec_file", graph_exec_id)
@@ -240,12 +236,11 @@ class AddAudioToVideoBlock(Block):
        output_abspath = os.path.join(abs_temp_dir, output_filename)
        final_clip.write_videofile(output_abspath, codec="libx264", audio_codec="aac")
-        # 5) Return either path or data URI
+        # 5) Return output - for_block_output returns workspace:// if available, else data URI
        video_out = await store_media_file(
            graph_exec_id=graph_exec_id,
            file=output_filename,
-            user_id=user_id,
+            execution_context=execution_context,
-            return_content=input_data.output_return_type == "data_uri",
+            return_format="for_block_output",
        )
        yield "video_out", video_out
--- a/autogpt_platform/backend/backend/blocks/screenshotone.py
+++ b/autogpt_platform/backend/backend/blocks/screenshotone.py
@@ -11,6 +11,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import (
    APIKeyCredentials,
    CredentialsField,
@@ -112,8 +113,7 @@ class ScreenshotWebPageBlock(Block):
    @staticmethod
    async def take_screenshot(
        credentials: APIKeyCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        url: str,
        viewport_width: int,
        viewport_height: int,
@@ -155,12 +155,11 @@ class ScreenshotWebPageBlock(Block):
        return {
            "image": await store_media_file(
                graph_exec_id=graph_exec_id,
                file=MediaFileType(
                    f"data:image/{format.value};base64,{b64encode(content).decode('utf-8')}"
                ),
-                user_id=user_id,
+                execution_context=execution_context,
-                return_content=True,
+                return_format="for_block_output",
            )
        }
@@ -169,15 +168,13 @@ class ScreenshotWebPageBlock(Block):
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
-        graph_exec_id: str,
+        execution_context: ExecutionContext,
        user_id: str,
        **kwargs,
    ) -> BlockOutput:
        try:
            screenshot_data = await self.take_screenshot(
                credentials=credentials,
-                graph_exec_id=graph_exec_id,
+                execution_context=execution_context,
                user_id=user_id,
                url=input_data.url,
                viewport_width=input_data.viewport_width,
                viewport_height=input_data.viewport_height,
--- a/autogpt_platform/backend/backend/blocks/spreadsheet.py
+++ b/autogpt_platform/backend/backend/blocks/spreadsheet.py
@@ -7,6 +7,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import ContributorDetails, SchemaField
 from backend.util.file import get_exec_file_path, store_media_file
 from backend.util.type import MediaFileType
@@ -98,7 +99,7 @@ class ReadSpreadsheetBlock(Block):
        )
    async def run(
-        self, input_data: Input, *, graph_exec_id: str, user_id: str, **_kwargs
+        self, input_data: Input, *, execution_context: ExecutionContext, **_kwargs
    ) -> BlockOutput:
        import csv
        from io import StringIO
@@ -106,14 +107,16 @@ class ReadSpreadsheetBlock(Block):
        # Determine data source - prefer file_input if provided, otherwise use contents
        if input_data.file_input:
            stored_file_path = await store_media_file(
                user_id=user_id,
                graph_exec_id=graph_exec_id,
                file=input_data.file_input,
-                return_content=False,
+                execution_context=execution_context,
                return_format="for_local_processing",
            )
            # Get full file path
-            file_path = get_exec_file_path(graph_exec_id, stored_file_path)
+            assert execution_context.graph_exec_id  # Validated by store_media_file
            file_path = get_exec_file_path(
                execution_context.graph_exec_id, stored_file_path
            )
            if not Path(file_path).exists():
                raise ValueError(f"File does not exist: {file_path}")
--- a/autogpt_platform/backend/backend/blocks/talking_head.py
+++ b/autogpt_platform/backend/backend/blocks/talking_head.py
@@ -10,6 +10,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import (
    APIKeyCredentials,
    CredentialsField,
@@ -17,7 +18,9 @@ from backend.data.model import (
    SchemaField,
 )
 from backend.integrations.providers import ProviderName
 from backend.util.file import store_media_file
 from backend.util.request import Requests
 from backend.util.type import MediaFileType
 TEST_CREDENTIALS = APIKeyCredentials(
    id="01234567-89ab-cdef-0123-456789abcdef",
@@ -102,7 +105,7 @@ class CreateTalkingAvatarVideoBlock(Block):
            test_output=[
                (
                    "video_url",
-                    "https://d-id.com/api/clips/abcd1234-5678-efgh-ijkl-mnopqrstuvwx/video",
+                    lambda x: x.startswith(("workspace://", "data:")),
                ),
            ],
            test_mock={
@@ -110,9 +113,10 @@ class CreateTalkingAvatarVideoBlock(Block):
                    "id": "abcd1234-5678-efgh-ijkl-mnopqrstuvwx",
                    "status": "created",
                },
                # Use data URI to avoid HTTP requests during tests
                "get_clip_status": lambda *args, **kwargs: {
                    "status": "done",
-                    "result_url": "https://d-id.com/api/clips/abcd1234-5678-efgh-ijkl-mnopqrstuvwx/video",
+                    "result_url": "data:video/mp4;base64,AAAA",
                },
            },
            test_credentials=TEST_CREDENTIALS,
@@ -138,7 +142,12 @@ class CreateTalkingAvatarVideoBlock(Block):
        return response.json()
    async def run(
-        self, input_data: Input, *, credentials: APIKeyCredentials, **kwargs
+        self,
        input_data: Input,
        *,
        credentials: APIKeyCredentials,
        execution_context: ExecutionContext,
        **kwargs,
    ) -> BlockOutput:
        # Create the clip
        payload = {
@@ -165,7 +174,14 @@ class CreateTalkingAvatarVideoBlock(Block):
        for _ in range(input_data.max_polling_attempts):
            status_response = await self.get_clip_status(credentials.api_key, clip_id)
            if status_response["status"] == "done":
-                yield "video_url", status_response["result_url"]
+                # Store the generated video to the user's workspace for persistence
                video_url = status_response["result_url"]
                stored_url = await store_media_file(
                    file=MediaFileType(video_url),
                    execution_context=execution_context,
                    return_format="for_block_output",
                )
                yield "video_url", stored_url
                return
            elif status_response["status"] == "error":
                raise RuntimeError(
--- a/autogpt_platform/backend/backend/blocks/test/test_blocks_dos_vulnerability.py
+++ b/autogpt_platform/backend/backend/blocks/test/test_blocks_dos_vulnerability.py
@@ -12,6 +12,7 @@ from backend.blocks.iteration import StepThroughItemsBlock
 from backend.blocks.llm import AITextSummarizerBlock
 from backend.blocks.text import ExtractTextInformationBlock
 from backend.blocks.xml_parser import XMLParserBlock
 from backend.data.execution import ExecutionContext
 from backend.util.file import store_media_file
 from backend.util.type import MediaFileType
@@ -233,9 +234,12 @@ class TestStoreMediaFileSecurity:
        with pytest.raises(ValueError, match="File too large"):
            await store_media_file(
                graph_exec_id="test",
                file=MediaFileType(large_data_uri),
-                user_id="test_user",
+                execution_context=ExecutionContext(
                    user_id="test_user",
                    graph_exec_id="test",
                ),
                return_format="for_local_processing",
            )
    @patch("backend.util.file.Path")
@@ -270,9 +274,12 @@ class TestStoreMediaFileSecurity:
        # Should raise an error when directory size exceeds limit
        with pytest.raises(ValueError, match="Disk usage limit exceeded"):
            await store_media_file(
                graph_exec_id="test",
                file=MediaFileType(
                    "data:text/plain;base64,dGVzdA=="
                ),  # Small test file
-                user_id="test_user",
+                execution_context=ExecutionContext(
                    user_id="test_user",
                    graph_exec_id="test",
                ),
                return_format="for_local_processing",
            )
--- a/autogpt_platform/backend/backend/blocks/test/test_http.py
+++ b/autogpt_platform/backend/backend/blocks/test/test_http.py
@@ -11,10 +11,22 @@ from backend.blocks.http import (
    HttpMethod,
    SendAuthenticatedWebRequestBlock,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import HostScopedCredentials
 from backend.util.request import Response
 def make_test_context(
    graph_exec_id: str = "test-exec-id",
    user_id: str = "test-user-id",
 ) -> ExecutionContext:
    """Helper to create test ExecutionContext."""
    return ExecutionContext(
        user_id=user_id,
        graph_exec_id=graph_exec_id,
    )
 class TestHttpBlockWithHostScopedCredentials:
    """Test suite for HTTP block integration with HostScopedCredentials."""
@@ -105,8 +117,7 @@ class TestHttpBlockWithHostScopedCredentials:
        async for output_name, output_data in http_block.run(
            input_data,
            credentials=exact_match_credentials,
-            graph_exec_id="test-exec-id",
+            execution_context=make_test_context(),
            user_id="test-user-id",
        ):
            result.append((output_name, output_data))
@@ -161,8 +172,7 @@ class TestHttpBlockWithHostScopedCredentials:
        async for output_name, output_data in http_block.run(
            input_data,
            credentials=wildcard_credentials,
-            graph_exec_id="test-exec-id",
+            execution_context=make_test_context(),
            user_id="test-user-id",
        ):
            result.append((output_name, output_data))
@@ -208,8 +218,7 @@ class TestHttpBlockWithHostScopedCredentials:
        async for output_name, output_data in http_block.run(
            input_data,
            credentials=non_matching_credentials,
-            graph_exec_id="test-exec-id",
+            execution_context=make_test_context(),
            user_id="test-user-id",
        ):
            result.append((output_name, output_data))
@@ -258,8 +267,7 @@ class TestHttpBlockWithHostScopedCredentials:
        async for output_name, output_data in http_block.run(
            input_data,
            credentials=exact_match_credentials,
-            graph_exec_id="test-exec-id",
+            execution_context=make_test_context(),
            user_id="test-user-id",
        ):
            result.append((output_name, output_data))
@@ -318,8 +326,7 @@ class TestHttpBlockWithHostScopedCredentials:
        async for output_name, output_data in http_block.run(
            input_data,
            credentials=auto_discovered_creds,  # Execution manager found these
-            graph_exec_id="test-exec-id",
+            execution_context=make_test_context(),
            user_id="test-user-id",
        ):
            result.append((output_name, output_data))
@@ -382,8 +389,7 @@ class TestHttpBlockWithHostScopedCredentials:
        async for output_name, output_data in http_block.run(
            input_data,
            credentials=multi_header_creds,
-            graph_exec_id="test-exec-id",
+            execution_context=make_test_context(),
            user_id="test-user-id",
        ):
            result.append((output_name, output_data))
@@ -471,8 +477,7 @@ class TestHttpBlockWithHostScopedCredentials:
            async for output_name, output_data in http_block.run(
                input_data,
                credentials=test_creds,
-                graph_exec_id="test-exec-id",
+                execution_context=make_test_context(),
                user_id="test-user-id",
            ):
                result.append((output_name, output_data))
--- a/autogpt_platform/backend/backend/blocks/text.py
+++ b/autogpt_platform/backend/backend/blocks/text.py
@@ -11,6 +11,7 @@ from backend.data.block import (
    BlockSchemaInput,
    BlockSchemaOutput,
 )
 from backend.data.execution import ExecutionContext
 from backend.data.model import SchemaField
 from backend.util import json, text
 from backend.util.file import get_exec_file_path, store_media_file
@@ -444,18 +445,21 @@ class FileReadBlock(Block):
        )
    async def run(
-        self, input_data: Input, *, graph_exec_id: str, user_id: str, **_kwargs
+        self, input_data: Input, *, execution_context: ExecutionContext, **_kwargs
    ) -> BlockOutput:
        # Store the media file properly (handles URLs, data URIs, etc.)
        stored_file_path = await store_media_file(
            user_id=user_id,
            graph_exec_id=graph_exec_id,
            file=input_data.file_input,
-            return_content=False,
+            execution_context=execution_context,
            return_format="for_local_processing",
        )
-        # Get full file path
+        # Get full file path (graph_exec_id validated by store_media_file above)
-        file_path = get_exec_file_path(graph_exec_id, stored_file_path)
+        if not execution_context.graph_exec_id:
            raise ValueError("execution_context.graph_exec_id is required")
        file_path = get_exec_file_path(
            execution_context.graph_exec_id, stored_file_path
        )
        if not Path(file_path).exists():
            raise ValueError(f"File does not exist: {file_path}")
--- a/autogpt_platform/backend/backend/data/execution.py
+++ b/autogpt_platform/backend/backend/data/execution.py
@@ -83,12 +83,29 @@ class ExecutionContext(BaseModel):
    model_config = {"extra": "ignore"}
    # Execution identity
    user_id: Optional[str] = None
    graph_id: Optional[str] = None
    graph_exec_id: Optional[str] = None
    graph_version: Optional[int] = None
    node_id: Optional[str] = None
    node_exec_id: Optional[str] = None
    # Safety settings
    human_in_the_loop_safe_mode: bool = True
    sensitive_action_safe_mode: bool = False
    # User settings
    user_timezone: str = "UTC"
    # Execution hierarchy
    root_execution_id: Optional[str] = None
    parent_execution_id: Optional[str] = None
    # Workspace
    workspace_id: Optional[str] = None
    session_id: Optional[str] = None
 # -------------------------- Models -------------------------- #
--- a/autogpt_platform/backend/backend/data/workspace.py
+++ b/autogpt_platform/backend/backend/data/workspace.py
@@ -0,0 +1,276 @@
 """
 Database CRUD operations for User Workspace.
 This module provides functions for managing user workspaces and workspace files.
 """
 import logging
 from datetime import datetime, timezone
 from typing import Optional
 from prisma.models import UserWorkspace, UserWorkspaceFile
 from prisma.types import UserWorkspaceFileWhereInput
 from backend.util.json import SafeJson
 logger = logging.getLogger(__name__)
 async def get_or_create_workspace(user_id: str) -> UserWorkspace:
    """
    Get user's workspace, creating one if it doesn't exist.
    Uses upsert to handle race conditions when multiple concurrent requests
    attempt to create a workspace for the same user.
    Args:
        user_id: The user's ID
    Returns:
        UserWorkspace instance
    """
    workspace = await UserWorkspace.prisma().upsert(
        where={"userId": user_id},
        data={
            "create": {"userId": user_id},
            "update": {},  # No updates needed if exists
        },
    )
    return workspace
 async def get_workspace(user_id: str) -> Optional[UserWorkspace]:
    """
    Get user's workspace if it exists.
    Args:
        user_id: The user's ID
    Returns:
        UserWorkspace instance or None
    """
    return await UserWorkspace.prisma().find_unique(where={"userId": user_id})
 async def create_workspace_file(
    workspace_id: str,
    file_id: str,
    name: str,
    path: str,
    storage_path: str,
    mime_type: str,
    size_bytes: int,
    checksum: Optional[str] = None,
    metadata: Optional[dict] = None,
 ) -> UserWorkspaceFile:
    """
    Create a new workspace file record.
    Args:
        workspace_id: The workspace ID
        file_id: The file ID (same as used in storage path for consistency)
        name: User-visible filename
        path: Virtual path (e.g., "/documents/report.pdf")
        storage_path: Actual storage path (GCS or local)
        mime_type: MIME type of the file
        size_bytes: File size in bytes
        checksum: Optional SHA256 checksum
        metadata: Optional additional metadata
    Returns:
        Created UserWorkspaceFile instance
    """
    # Normalize path to start with /
    if not path.startswith("/"):
        path = f"/{path}"
    file = await UserWorkspaceFile.prisma().create(
        data={
            "id": file_id,
            "workspaceId": workspace_id,
            "name": name,
            "path": path,
            "storagePath": storage_path,
            "mimeType": mime_type,
            "sizeBytes": size_bytes,
            "checksum": checksum,
            "metadata": SafeJson(metadata or {}),
        }
    )
    logger.info(
        f"Created workspace file {file.id} at path {path} "
        f"in workspace {workspace_id}"
    )
    return file
 async def get_workspace_file(
    file_id: str,
    workspace_id: Optional[str] = None,
 ) -> Optional[UserWorkspaceFile]:
    """
    Get a workspace file by ID.
    Args:
        file_id: The file ID
        workspace_id: Optional workspace ID for validation
    Returns:
        UserWorkspaceFile instance or None
    """
    where_clause: dict = {"id": file_id, "isDeleted": False}
    if workspace_id:
        where_clause["workspaceId"] = workspace_id
    return await UserWorkspaceFile.prisma().find_first(where=where_clause)
 async def get_workspace_file_by_path(
    workspace_id: str,
    path: str,
 ) -> Optional[UserWorkspaceFile]:
    """
    Get a workspace file by its virtual path.
    Args:
        workspace_id: The workspace ID
        path: Virtual path
    Returns:
        UserWorkspaceFile instance or None
    """
    # Normalize path
    if not path.startswith("/"):
        path = f"/{path}"
    return await UserWorkspaceFile.prisma().find_first(
        where={
            "workspaceId": workspace_id,
            "path": path,
            "isDeleted": False,
        }
    )
 async def list_workspace_files(
    workspace_id: str,
    path_prefix: Optional[str] = None,
    include_deleted: bool = False,
    limit: Optional[int] = None,
    offset: int = 0,
 ) -> list[UserWorkspaceFile]:
    """
    List files in a workspace.
    Args:
        workspace_id: The workspace ID
        path_prefix: Optional path prefix to filter (e.g., "/documents/")
        include_deleted: Whether to include soft-deleted files
        limit: Maximum number of files to return
        offset: Number of files to skip
    Returns:
        List of UserWorkspaceFile instances
    """
    where_clause: UserWorkspaceFileWhereInput = {"workspaceId": workspace_id}
    if not include_deleted:
        where_clause["isDeleted"] = False
    if path_prefix:
        # Normalize prefix
        if not path_prefix.startswith("/"):
            path_prefix = f"/{path_prefix}"
        where_clause["path"] = {"startswith": path_prefix}
    return await UserWorkspaceFile.prisma().find_many(
        where=where_clause,
        order={"createdAt": "desc"},
        take=limit,
        skip=offset,
    )
 async def count_workspace_files(
    workspace_id: str,
    path_prefix: Optional[str] = None,
    include_deleted: bool = False,
 ) -> int:
    """
    Count files in a workspace.
    Args:
        workspace_id: The workspace ID
        path_prefix: Optional path prefix to filter (e.g., "/sessions/abc123/")
        include_deleted: Whether to include soft-deleted files
    Returns:
        Number of files
    """
    where_clause: dict = {"workspaceId": workspace_id}
    if not include_deleted:
        where_clause["isDeleted"] = False
    if path_prefix:
        # Normalize prefix
        if not path_prefix.startswith("/"):
            path_prefix = f"/{path_prefix}"
        where_clause["path"] = {"startswith": path_prefix}
    return await UserWorkspaceFile.prisma().count(where=where_clause)
 async def soft_delete_workspace_file(
    file_id: str,
    workspace_id: Optional[str] = None,
 ) -> Optional[UserWorkspaceFile]:
    """
    Soft-delete a workspace file.
    The path is modified to include a deletion timestamp to free up the original
    path for new files while preserving the record for potential recovery.
    Args:
        file_id: The file ID
        workspace_id: Optional workspace ID for validation
    Returns:
        Updated UserWorkspaceFile instance or None if not found
    """
    # First verify the file exists and belongs to workspace
    file = await get_workspace_file(file_id, workspace_id)
    if file is None:
        return None
    deleted_at = datetime.now(timezone.utc)
    # Modify path to free up the unique constraint for new files at original path
    # Format: {original_path}__deleted__{timestamp}
    deleted_path = f"{file.path}__deleted__{int(deleted_at.timestamp())}"
    updated = await UserWorkspaceFile.prisma().update(
        where={"id": file_id},
        data={
            "isDeleted": True,
            "deletedAt": deleted_at,
            "path": deleted_path,
        },
    )
    logger.info(f"Soft-deleted workspace file {file_id}")
    return updated
 async def get_workspace_total_size(workspace_id: str) -> int:
    """
    Get the total size of all files in a workspace.
    Args:
        workspace_id: The workspace ID
    Returns:
        Total size in bytes
    """
    files = await list_workspace_files(workspace_id)
    return sum(file.sizeBytes for file in files)
--- a/autogpt_platform/backend/backend/executor/manager.py
+++ b/autogpt_platform/backend/backend/executor/manager.py
@@ -236,7 +236,14 @@ async def execute_node(
    input_size = len(input_data_str)
    log_metadata.debug("Executed node with input", input=input_data_str)
    # Create node-specific execution context to avoid race conditions
    # (multiple nodes can execute concurrently and would otherwise mutate shared state)
    execution_context = execution_context.model_copy(
        update={"node_id": node_id, "node_exec_id": node_exec_id}
    )
    # Inject extra execution arguments for the blocks via kwargs
    # Keep individual kwargs for backwards compatibility with existing blocks
    extra_exec_kwargs: dict = {
        "graph_id": graph_id,
        "graph_version": graph_version,
--- a/autogpt_platform/backend/backend/executor/utils.py
+++ b/autogpt_platform/backend/backend/executor/utils.py
@@ -892,11 +892,19 @@ async def add_graph_execution(
        settings = await gdb.get_graph_settings(user_id=user_id, graph_id=graph_id)
        execution_context = ExecutionContext(
            # Execution identity
            user_id=user_id,
            graph_id=graph_id,
            graph_exec_id=graph_exec.id,
            graph_version=graph_exec.graph_version,
            # Safety settings
            human_in_the_loop_safe_mode=settings.human_in_the_loop_safe_mode,
            sensitive_action_safe_mode=settings.sensitive_action_safe_mode,
            # User settings
            user_timezone=(
                user.timezone if user.timezone != USER_TIMEZONE_NOT_SET else "UTC"
            ),
            # Execution hierarchy
            root_execution_id=graph_exec.id,
        )
--- a/autogpt_platform/backend/backend/executor/utils_test.py
+++ b/autogpt_platform/backend/backend/executor/utils_test.py
@@ -348,6 +348,7 @@ async def test_add_graph_execution_is_repeatable(mocker: MockerFixture):
    mock_graph_exec.id = "execution-id-123"
    mock_graph_exec.node_executions = []  # Add this to avoid AttributeError
    mock_graph_exec.status = ExecutionStatus.QUEUED  # Required for race condition check
    mock_graph_exec.graph_version = graph_version
    mock_graph_exec.to_graph_execution_entry.return_value = mocker.MagicMock()
    # Mock the queue and event bus
@@ -434,6 +435,9 @@ async def test_add_graph_execution_is_repeatable(mocker: MockerFixture):
    # Create a second mock execution for the sanity check
    mock_graph_exec_2 = mocker.MagicMock(spec=GraphExecutionWithNodes)
    mock_graph_exec_2.id = "execution-id-456"
    mock_graph_exec_2.node_executions = []
    mock_graph_exec_2.status = ExecutionStatus.QUEUED
    mock_graph_exec_2.graph_version = graph_version
    mock_graph_exec_2.to_graph_execution_entry.return_value = mocker.MagicMock()
    # Reset mocks and set up for second call
@@ -614,6 +618,7 @@ async def test_add_graph_execution_with_nodes_to_skip(mocker: MockerFixture):
    mock_graph_exec.id = "execution-id-123"
    mock_graph_exec.node_executions = []
    mock_graph_exec.status = ExecutionStatus.QUEUED  # Required for race condition check
    mock_graph_exec.graph_version = graph_version
    # Track what's passed to to_graph_execution_entry
    captured_kwargs = {}
--- a/autogpt_platform/backend/backend/util/cloud_storage.py
+++ b/autogpt_platform/backend/backend/util/cloud_storage.py
@@ -13,6 +13,7 @@ import aiohttp
 from gcloud.aio import storage as async_gcs_storage
 from google.cloud import storage as gcs_storage
 from backend.util.gcs_utils import download_with_fresh_session, generate_signed_url
 from backend.util.settings import Config
 logger = logging.getLogger(__name__)
@@ -251,7 +252,7 @@ class CloudStorageHandler:
            f"in_task: {current_task is not None}"
        )
-        # Parse bucket and blob name from path
+        # Parse bucket and blob name from path (path already has gcs:// prefix removed)
        parts = path.split("/", 1)
        if len(parts) != 2:
            raise ValueError(f"Invalid GCS path: {path}")
@@ -261,50 +262,19 @@ class CloudStorageHandler:
        # Authorization check
        self._validate_file_access(blob_name, user_id, graph_exec_id)
-        # Use a fresh client for each download to avoid session issues
+        logger.info(
-        # This is less efficient but more reliable with the executor's event loop
+            f"[CloudStorage] About to download from GCS - bucket: {bucket_name}, blob: {blob_name}"
        logger.info("[CloudStorage] Creating fresh GCS client for download")
        # Create a new session specifically for this download
        session = aiohttp.ClientSession(
            connector=aiohttp.TCPConnector(limit=10, force_close=True)
        )
        async_client = None
        try:
-            # Create a new GCS client with the fresh session
+            content = await download_with_fresh_session(bucket_name, blob_name)
            async_client = async_gcs_storage.Storage(session=session)
            logger.info(
                f"[CloudStorage] About to download from GCS - bucket: {bucket_name}, blob: {blob_name}"
            )
            # Download content using the fresh client
            content = await async_client.download(bucket_name, blob_name)
            logger.info(
                f"[CloudStorage] GCS download successful - size: {len(content)} bytes"
            )
            # Clean up
            await async_client.close()
            await session.close()
            return content
-
+        except FileNotFoundError:
            raise
        except Exception as e:
            # Always try to clean up
            if async_client is not None:
                try:
                    await async_client.close()
                except Exception as cleanup_error:
                    logger.warning(
                        f"[CloudStorage] Error closing GCS client: {cleanup_error}"
                    )
            try:
                await session.close()
            except Exception as cleanup_error:
                logger.warning(f"[CloudStorage] Error closing session: {cleanup_error}")
            # Log the specific error for debugging
            logger.error(
                f"[CloudStorage] GCS download failed - error: {str(e)}, "
@@ -319,10 +289,6 @@ class CloudStorageHandler:
                    f"current_task: {current_task}, "
                    f"bucket: {bucket_name}, blob: redacted for privacy"
                )
            # Convert gcloud-aio exceptions to standard ones
            if "404" in str(e) or "Not Found" in str(e):
                raise FileNotFoundError(f"File not found: gcs://{path}")
            raise
    def _validate_file_access(
@@ -445,8 +411,7 @@ class CloudStorageHandler:
        graph_exec_id: str | None = None,
    ) -> str:
        """Generate signed URL for GCS with authorization."""
-
+        # Parse bucket and blob name from path (path already has gcs:// prefix removed)
        # Parse bucket and blob name from path
        parts = path.split("/", 1)
        if len(parts) != 2:
            raise ValueError(f"Invalid GCS path: {path}")
@@ -456,21 +421,11 @@ class CloudStorageHandler:
        # Authorization check
        self._validate_file_access(blob_name, user_id, graph_exec_id)
        # Use sync client for signed URLs since gcloud-aio doesn't support them
        sync_client = self._get_sync_gcs_client()
-        bucket = sync_client.bucket(bucket_name)
+        return await generate_signed_url(
-        blob = bucket.blob(blob_name)
+            sync_client, bucket_name, blob_name, expiration_hours * 3600
        # Generate signed URL asynchronously using sync client
        url = await asyncio.to_thread(
            blob.generate_signed_url,
            version="v4",
            expiration=datetime.now(timezone.utc) + timedelta(hours=expiration_hours),
            method="GET",
        )
        return url
    async def delete_expired_files(self, provider: str = "gcs") -> int:
        """
        Delete files that have passed their expiration time.
--- a/autogpt_platform/backend/backend/util/file.py
+++ b/autogpt_platform/backend/backend/util/file.py
@@ -5,13 +5,26 @@ import shutil
 import tempfile
 import uuid
 from pathlib import Path
 from typing import TYPE_CHECKING, Literal
 from urllib.parse import urlparse
 from backend.util.cloud_storage import get_cloud_storage_handler
 from backend.util.request import Requests
 from backend.util.settings import Config
 from backend.util.type import MediaFileType
 from backend.util.virus_scanner import scan_content_safe
 if TYPE_CHECKING:
    from backend.data.execution import ExecutionContext
 # Return format options for store_media_file
 # - "for_local_processing": Returns local file path - use with ffmpeg, MoviePy, PIL, etc.
 # - "for_external_api": Returns data URI (base64) - use when sending content to external APIs
 # - "for_block_output": Returns best format for output - workspace:// in CoPilot, data URI in graphs
 MediaReturnFormat = Literal[
    "for_local_processing", "for_external_api", "for_block_output"
 ]
 TEMP_DIR = Path(tempfile.gettempdir()).resolve()
 # Maximum filename length (conservative limit for most filesystems)
@@ -67,42 +80,56 @@ def clean_exec_files(graph_exec_id: str, file: str = "") -> None:
 async def store_media_file(
    graph_exec_id: str,
    file: MediaFileType,
-    user_id: str,
+    execution_context: "ExecutionContext",
-    return_content: bool = False,
+    *,
    return_format: MediaReturnFormat,
 ) -> MediaFileType:
    """
-    Safely handle 'file' (a data URI, a URL, or a local path relative to {temp}/exec_file/{exec_id}),
+    Safely handle 'file' (a data URI, a URL, a workspace:// reference, or a local path
-    placing or verifying it under:
+    relative to {temp}/exec_file/{exec_id}), placing or verifying it under:
        {tempdir}/exec_file/{exec_id}/...
-    If 'return_content=True', return a data URI (data:<mime>;base64,<content>).
+    For each MediaFileType input:
-    Otherwise, returns the file media path relative to the exec_id folder.
+    - Data URI: decode and store locally
    - URL: download and store locally
    - workspace:// reference: read from workspace, store locally
    - Local path: verify it exists in exec_file directory
-    For each MediaFileType type:
+    Return format options:
-    - Data URI:
+    - "for_local_processing": Returns local file path - use with ffmpeg, MoviePy, PIL, etc.
-      -> decode and store in a new random file in that folder
+    - "for_external_api": Returns data URI (base64) - use when sending to external APIs
-    - URL:
+    - "for_block_output": Returns best format for output - workspace:// in CoPilot, data URI in graphs
      -> download and store in that folder
    - Local path:
      -> interpret as relative to that folder; verify it exists
         (no copying, as it's presumably already there).
         We realpath-check so no symlink or '..' can escape the folder.
-
+    :param file:               Data URI, URL, workspace://, or local (relative) path.
-    :param graph_exec_id:  The unique ID of the graph execution.
+    :param execution_context:  ExecutionContext with user_id, graph_exec_id, workspace_id.
-    :param file:           Data URI, URL, or local (relative) path.
+    :param return_format:      What to return: "for_local_processing", "for_external_api", or "for_block_output".
-    :param return_content: If True, return a data URI of the file content.
+    :return:                   The requested result based on return_format.
                           If False, return the *relative* path inside the exec_id folder.
    :return:               The requested result: data URI or relative path of the media.
    """
    # Extract values from execution_context
    graph_exec_id = execution_context.graph_exec_id
    user_id = execution_context.user_id
    if not graph_exec_id:
        raise ValueError("execution_context.graph_exec_id is required")
    if not user_id:
        raise ValueError("execution_context.user_id is required")
    # Create workspace_manager if we have workspace_id (with session scoping)
    # Import here to avoid circular import (file.py → workspace.py → data → blocks → file.py)
    from backend.util.workspace import WorkspaceManager
    workspace_manager: WorkspaceManager | None = None
    if execution_context.workspace_id:
        workspace_manager = WorkspaceManager(
            user_id, execution_context.workspace_id, execution_context.session_id
        )
    # Build base path
    base_path = Path(get_exec_file_path(graph_exec_id, ""))
    base_path.mkdir(parents=True, exist_ok=True)
    # Security fix: Add disk space limits to prevent DoS
-    MAX_FILE_SIZE = 100 * 1024 * 1024  # 100MB per file
+    MAX_FILE_SIZE_BYTES = Config().max_file_size_mb * 1024 * 1024
    MAX_TOTAL_DISK_USAGE = 1024 * 1024 * 1024  # 1GB total per execution directory
    # Check total disk usage in base_path
@@ -142,9 +169,57 @@ async def store_media_file(
        """
        return str(absolute_path.relative_to(base))
-    # Check if this is a cloud storage path
+    # Get cloud storage handler for checking cloud paths
    cloud_storage = await get_cloud_storage_handler()
-    if cloud_storage.is_cloud_path(file):
+
    # Track if the input came from workspace (don't re-save it)
    is_from_workspace = file.startswith("workspace://")
    # Check if this is a workspace file reference
    if is_from_workspace:
        if workspace_manager is None:
            raise ValueError(
                "Workspace file reference requires workspace context. "
                "This file type is only available in CoPilot sessions."
            )
        # Parse workspace reference
        # workspace://abc123 - by file ID
        # workspace:///path/to/file.txt - by virtual path
        file_ref = file[12:]  # Remove "workspace://"
        if file_ref.startswith("/"):
            # Path reference
            workspace_content = await workspace_manager.read_file(file_ref)
            file_info = await workspace_manager.get_file_info_by_path(file_ref)
            filename = sanitize_filename(
                file_info.name if file_info else f"{uuid.uuid4()}.bin"
            )
        else:
            # ID reference
            workspace_content = await workspace_manager.read_file_by_id(file_ref)
            file_info = await workspace_manager.get_file_info(file_ref)
            filename = sanitize_filename(
                file_info.name if file_info else f"{uuid.uuid4()}.bin"
            )
        try:
            target_path = _ensure_inside_base(base_path / filename, base_path)
        except OSError as e:
            raise ValueError(f"Invalid file path '{filename}': {e}") from e
        # Check file size limit
        if len(workspace_content) > MAX_FILE_SIZE_BYTES:
            raise ValueError(
                f"File too large: {len(workspace_content)} bytes > {MAX_FILE_SIZE_BYTES} bytes"
            )
        # Virus scan the workspace content before writing locally
        await scan_content_safe(workspace_content, filename=filename)
        target_path.write_bytes(workspace_content)
    # Check if this is a cloud storage path
    elif cloud_storage.is_cloud_path(file):
        # Download from cloud storage and store locally
        cloud_content = await cloud_storage.retrieve_file(
            file, user_id=user_id, graph_exec_id=graph_exec_id
@@ -159,9 +234,9 @@ async def store_media_file(
            raise ValueError(f"Invalid file path '{filename}': {e}") from e
        # Check file size limit
-        if len(cloud_content) > MAX_FILE_SIZE:
+        if len(cloud_content) > MAX_FILE_SIZE_BYTES:
            raise ValueError(
-                f"File too large: {len(cloud_content)} bytes > {MAX_FILE_SIZE} bytes"
+                f"File too large: {len(cloud_content)} bytes > {MAX_FILE_SIZE_BYTES} bytes"
            )
        # Virus scan the cloud content before writing locally
@@ -189,9 +264,9 @@ async def store_media_file(
        content = base64.b64decode(b64_content)
        # Check file size limit
-        if len(content) > MAX_FILE_SIZE:
+        if len(content) > MAX_FILE_SIZE_BYTES:
            raise ValueError(
-                f"File too large: {len(content)} bytes > {MAX_FILE_SIZE} bytes"
+                f"File too large: {len(content)} bytes > {MAX_FILE_SIZE_BYTES} bytes"
            )
        # Virus scan the base64 content before writing
@@ -199,23 +274,31 @@ async def store_media_file(
        target_path.write_bytes(content)
    elif file.startswith(("http://", "https://")):
-        # URL
+        # URL - download first to get Content-Type header
        resp = await Requests().get(file)
        # Check file size limit
        if len(resp.content) > MAX_FILE_SIZE_BYTES:
            raise ValueError(
                f"File too large: {len(resp.content)} bytes > {MAX_FILE_SIZE_BYTES} bytes"
            )
        # Extract filename from URL path
        parsed_url = urlparse(file)
        filename = sanitize_filename(Path(parsed_url.path).name or f"{uuid.uuid4()}")
        # If filename lacks extension, add one from Content-Type header
        if "." not in filename:
            content_type = resp.headers.get("Content-Type", "").split(";")[0].strip()
            if content_type:
                ext = _extension_from_mime(content_type)
                filename = f"{filename}{ext}"
        try:
            target_path = _ensure_inside_base(base_path / filename, base_path)
        except OSError as e:
            raise ValueError(f"Invalid file path '{filename}': {e}") from e
        # Download and save
        resp = await Requests().get(file)
        # Check file size limit
        if len(resp.content) > MAX_FILE_SIZE:
            raise ValueError(
                f"File too large: {len(resp.content)} bytes > {MAX_FILE_SIZE} bytes"
            )
        # Virus scan the downloaded content before writing
        await scan_content_safe(resp.content, filename=filename)
        target_path.write_bytes(resp.content)
@@ -230,12 +313,44 @@ async def store_media_file(
        if not target_path.is_file():
            raise ValueError(f"Local file does not exist: {target_path}")
-    # Return result
+    # Return based on requested format
-    if return_content:
+    if return_format == "for_local_processing":
-        return MediaFileType(_file_to_data_uri(target_path))
+        # Use when processing files locally with tools like ffmpeg, MoviePy, PIL
-    else:
+        # Returns: relative path in exec_file directory (e.g., "image.png")
        return MediaFileType(_strip_base_prefix(target_path, base_path))
    elif return_format == "for_external_api":
        # Use when sending content to external APIs that need base64
        # Returns: data URI (e.g., "data:image/png;base64,iVBORw0...")
        return MediaFileType(_file_to_data_uri(target_path))
    elif return_format == "for_block_output":
        # Use when returning output from a block to user/next block
        # Returns: workspace:// ref (CoPilot) or data URI (graph execution)
        if workspace_manager is None:
            # No workspace available (graph execution without CoPilot)
            # Fallback to data URI so the content can still be used/displayed
            return MediaFileType(_file_to_data_uri(target_path))
        # Don't re-save if input was already from workspace
        if is_from_workspace:
            # Return original workspace reference
            return MediaFileType(file)
        # Save new content to workspace
        content = target_path.read_bytes()
        filename = target_path.name
        file_record = await workspace_manager.write_file(
            content=content,
            filename=filename,
            overwrite=True,
        )
        return MediaFileType(f"workspace://{file_record.id}")
    else:
        raise ValueError(f"Invalid return_format: {return_format}")
 def get_dir_size(path: Path) -> int:
    """Get total size of directory."""
--- a/autogpt_platform/backend/backend/util/file_test.py
+++ b/autogpt_platform/backend/backend/util/file_test.py
@@ -7,10 +7,22 @@ from unittest.mock import AsyncMock, MagicMock, patch
 import pytest
 from backend.data.execution import ExecutionContext
 from backend.util.file import store_media_file
 from backend.util.type import MediaFileType
 def make_test_context(
    graph_exec_id: str = "test-exec-123",
    user_id: str = "test-user-123",
 ) -> ExecutionContext:
    """Helper to create test ExecutionContext."""
    return ExecutionContext(
        user_id=user_id,
        graph_exec_id=graph_exec_id,
    )
 class TestFileCloudIntegration:
    """Test cases for cloud storage integration in file utilities."""
@@ -70,10 +82,9 @@ class TestFileCloudIntegration:
            mock_path_class.side_effect = path_constructor
            result = await store_media_file(
-                graph_exec_id,
+                file=MediaFileType(cloud_path),
-                MediaFileType(cloud_path),
+                execution_context=make_test_context(graph_exec_id=graph_exec_id),
-                "test-user-123",
+                return_format="for_local_processing",
                return_content=False,
            )
            # Verify cloud storage operations
@@ -144,10 +155,9 @@ class TestFileCloudIntegration:
            mock_path_obj.name = "image.png"
            with patch("backend.util.file.Path", return_value=mock_path_obj):
                result = await store_media_file(
-                    graph_exec_id,
+                    file=MediaFileType(cloud_path),
-                    MediaFileType(cloud_path),
+                    execution_context=make_test_context(graph_exec_id=graph_exec_id),
-                    "test-user-123",
+                    return_format="for_external_api",
                    return_content=True,
                )
            # Verify result is a data URI
@@ -198,10 +208,9 @@ class TestFileCloudIntegration:
            mock_resolved_path.relative_to.return_value = Path("test-uuid-789.txt")
            await store_media_file(
-                graph_exec_id,
+                file=MediaFileType(data_uri),
-                MediaFileType(data_uri),
+                execution_context=make_test_context(graph_exec_id=graph_exec_id),
-                "test-user-123",
+                return_format="for_local_processing",
                return_content=False,
            )
            # Verify cloud handler was checked but not used for retrieval
@@ -234,5 +243,7 @@ class TestFileCloudIntegration:
                FileNotFoundError, match="File not found in cloud storage"
            ):
                await store_media_file(
-                    graph_exec_id, MediaFileType(cloud_path), "test-user-123"
+                    file=MediaFileType(cloud_path),
                    execution_context=make_test_context(graph_exec_id=graph_exec_id),
                    return_format="for_local_processing",
                )
--- a/autogpt_platform/backend/backend/util/gcs_utils.py
+++ b/autogpt_platform/backend/backend/util/gcs_utils.py
@@ -0,0 +1,108 @@
 """
 Shared GCS utilities for workspace and cloud storage backends.
 This module provides common functionality for working with Google Cloud Storage,
 including path parsing, client management, and signed URL generation.
 """
 import asyncio
 import logging
 from datetime import datetime, timedelta, timezone
 import aiohttp
 from gcloud.aio import storage as async_gcs_storage
 from google.cloud import storage as gcs_storage
 logger = logging.getLogger(__name__)
 def parse_gcs_path(path: str) -> tuple[str, str]:
    """
    Parse a GCS path in the format 'gcs://bucket/blob' to (bucket, blob).
    Args:
        path: GCS path string (e.g., "gcs://my-bucket/path/to/file")
    Returns:
        Tuple of (bucket_name, blob_name)
    Raises:
        ValueError: If the path format is invalid
    """
    if not path.startswith("gcs://"):
        raise ValueError(f"Invalid GCS path: {path}")
    path_without_prefix = path[6:]  # Remove "gcs://"
    parts = path_without_prefix.split("/", 1)
    if len(parts) != 2:
        raise ValueError(f"Invalid GCS path format: {path}")
    return parts[0], parts[1]
 async def download_with_fresh_session(bucket: str, blob: str) -> bytes:
    """
    Download file content using a fresh session.
    This approach avoids event loop issues that can occur when reusing
    sessions across different async contexts (e.g., in executors).
    Args:
        bucket: GCS bucket name
        blob: Blob path within the bucket
    Returns:
        File content as bytes
    Raises:
        FileNotFoundError: If the file doesn't exist
    """
    session = aiohttp.ClientSession(
        connector=aiohttp.TCPConnector(limit=10, force_close=True)
    )
    client: async_gcs_storage.Storage | None = None
    try:
        client = async_gcs_storage.Storage(session=session)
        content = await client.download(bucket, blob)
        return content
    except Exception as e:
        if "404" in str(e) or "Not Found" in str(e):
            raise FileNotFoundError(f"File not found: gcs://{bucket}/{blob}")
        raise
    finally:
        if client:
            try:
                await client.close()
            except Exception:
                pass  # Best-effort cleanup
        await session.close()
 async def generate_signed_url(
    sync_client: gcs_storage.Client,
    bucket_name: str,
    blob_name: str,
    expires_in: int,
 ) -> str:
    """
    Generate a signed URL for temporary access to a GCS file.
    Uses asyncio.to_thread() to run the sync operation without blocking.
    Args:
        sync_client: Sync GCS client with service account credentials
        bucket_name: GCS bucket name
        blob_name: Blob path within the bucket
        expires_in: URL expiration time in seconds
    Returns:
        Signed URL string
    """
    bucket = sync_client.bucket(bucket_name)
    blob = bucket.blob(blob_name)
    return await asyncio.to_thread(
        blob.generate_signed_url,
        version="v4",
        expiration=datetime.now(timezone.utc) + timedelta(seconds=expires_in),
        method="GET",
    )
--- a/autogpt_platform/backend/backend/util/settings.py
+++ b/autogpt_platform/backend/backend/util/settings.py
@@ -263,6 +263,12 @@ class Config(UpdateTrackingModel["Config"], BaseSettings):
        description="The name of the Google Cloud Storage bucket for media files",
    )
    workspace_storage_dir: str = Field(
        default="",
        description="Local directory for workspace file storage when GCS is not configured. "
        "If empty, defaults to {app_data}/workspaces. Used for self-hosted deployments.",
    )
    reddit_user_agent: str = Field(
        default="web:AutoGPT:v0.6.0 (by /u/autogpt)",
        description="The user agent for the Reddit API",
@@ -389,6 +395,13 @@ class Config(UpdateTrackingModel["Config"], BaseSettings):
        description="Maximum file size in MB for file uploads (1-1024 MB)",
    )
    max_file_size_mb: int = Field(
        default=100,
        ge=1,
        le=1024,
        description="Maximum file size in MB for workspace files (1-1024 MB)",
    )
    # AutoMod configuration
    automod_enabled: bool = Field(
        default=False,
--- a/autogpt_platform/backend/backend/util/test.py
+++ b/autogpt_platform/backend/backend/util/test.py
@@ -140,14 +140,29 @@ async def execute_block_test(block: Block):
            setattr(block, mock_name, mock_obj)
    # Populate credentials argument(s)
    # Generate IDs for execution context
    graph_id = str(uuid.uuid4())
    node_id = str(uuid.uuid4())
    graph_exec_id = str(uuid.uuid4())
    node_exec_id = str(uuid.uuid4())
    user_id = str(uuid.uuid4())
    graph_version = 1  # Default version for tests
    extra_exec_kwargs: dict = {
-        "graph_id": str(uuid.uuid4()),
+        "graph_id": graph_id,
-        "node_id": str(uuid.uuid4()),
+        "node_id": node_id,
-        "graph_exec_id": str(uuid.uuid4()),
+        "graph_exec_id": graph_exec_id,
-        "node_exec_id": str(uuid.uuid4()),
+        "node_exec_id": node_exec_id,
-        "user_id": str(uuid.uuid4()),
+        "user_id": user_id,
-        "graph_version": 1,  # Default version for tests
+        "graph_version": graph_version,
-        "execution_context": ExecutionContext(),
+        "execution_context": ExecutionContext(
            user_id=user_id,
            graph_id=graph_id,
            graph_exec_id=graph_exec_id,
            graph_version=graph_version,
            node_id=node_id,
            node_exec_id=node_exec_id,
        ),
    }
    input_model = cast(type[BlockSchema], block.input_schema)
--- a/autogpt_platform/backend/backend/util/workspace.py
+++ b/autogpt_platform/backend/backend/util/workspace.py
@@ -0,0 +1,419 @@
 """
 WorkspaceManager for managing user workspace file operations.
 This module provides a high-level interface for workspace file operations,
 combining the storage backend and database layer.
 """
 import logging
 import mimetypes
 import uuid
 from typing import Optional
 from prisma.errors import UniqueViolationError
 from prisma.models import UserWorkspaceFile
 from backend.data.workspace import (
    count_workspace_files,
    create_workspace_file,
    get_workspace_file,
    get_workspace_file_by_path,
    list_workspace_files,
    soft_delete_workspace_file,
 )
 from backend.util.settings import Config
 from backend.util.workspace_storage import compute_file_checksum, get_workspace_storage
 logger = logging.getLogger(__name__)
 class WorkspaceManager:
    """
    Manages workspace file operations.
    Combines storage backend operations with database record management.
    Supports session-scoped file segmentation where files are stored in
    session-specific virtual paths: /sessions/{session_id}/{filename}
    """
    def __init__(
        self, user_id: str, workspace_id: str, session_id: Optional[str] = None
    ):
        """
        Initialize WorkspaceManager.
        Args:
            user_id: The user's ID
            workspace_id: The workspace ID
            session_id: Optional session ID for session-scoped file access
        """
        self.user_id = user_id
        self.workspace_id = workspace_id
        self.session_id = session_id
        # Session path prefix for file isolation
        self.session_path = f"/sessions/{session_id}" if session_id else ""
    def _resolve_path(self, path: str) -> str:
        """
        Resolve a path, defaulting to session folder if session_id is set.
        Cross-session access is allowed by explicitly using /sessions/other-session-id/...
        Args:
            path: Virtual path (e.g., "/file.txt" or "/sessions/abc123/file.txt")
        Returns:
            Resolved path with session prefix if applicable
        """
        # If path explicitly references a session folder, use it as-is
        if path.startswith("/sessions/"):
            return path
        # If we have a session context, prepend session path
        if self.session_path:
            # Normalize the path
            if not path.startswith("/"):
                path = f"/{path}"
            return f"{self.session_path}{path}"
        # No session context, use path as-is
        return path if path.startswith("/") else f"/{path}"
    def _get_effective_path(
        self, path: Optional[str], include_all_sessions: bool
    ) -> Optional[str]:
        """
        Get effective path for list/count operations based on session context.
        Args:
            path: Optional path prefix to filter
            include_all_sessions: If True, don't apply session scoping
        Returns:
            Effective path prefix for database query
        """
        if include_all_sessions:
            # Normalize path to ensure leading slash (stored paths are normalized)
            if path is not None and not path.startswith("/"):
                return f"/{path}"
            return path
        elif path is not None:
            # Resolve the provided path with session scoping
            return self._resolve_path(path)
        elif self.session_path:
            # Default to session folder with trailing slash to prevent prefix collisions
            # e.g., "/sessions/abc" should not match "/sessions/abc123"
            return self.session_path.rstrip("/") + "/"
        else:
            # No session context, use path as-is
            return path
    async def read_file(self, path: str) -> bytes:
        """
        Read file from workspace by virtual path.
        When session_id is set, paths are resolved relative to the session folder
        unless they explicitly reference /sessions/...
        Args:
            path: Virtual path (e.g., "/documents/report.pdf")
        Returns:
            File content as bytes
        Raises:
            FileNotFoundError: If file doesn't exist
        """
        resolved_path = self._resolve_path(path)
        file = await get_workspace_file_by_path(self.workspace_id, resolved_path)
        if file is None:
            raise FileNotFoundError(f"File not found at path: {resolved_path}")
        storage = await get_workspace_storage()
        return await storage.retrieve(file.storagePath)
    async def read_file_by_id(self, file_id: str) -> bytes:
        """
        Read file from workspace by file ID.
        Args:
            file_id: The file's ID
        Returns:
            File content as bytes
        Raises:
            FileNotFoundError: If file doesn't exist
        """
        file = await get_workspace_file(file_id, self.workspace_id)
        if file is None:
            raise FileNotFoundError(f"File not found: {file_id}")
        storage = await get_workspace_storage()
        return await storage.retrieve(file.storagePath)
    async def write_file(
        self,
        content: bytes,
        filename: str,
        path: Optional[str] = None,
        mime_type: Optional[str] = None,
        overwrite: bool = False,
    ) -> UserWorkspaceFile:
        """
        Write file to workspace.
        When session_id is set, files are written to /sessions/{session_id}/...
        by default. Use explicit /sessions/... paths for cross-session access.
        Args:
            content: File content as bytes
            filename: Filename for the file
            path: Virtual path (defaults to "/{filename}", session-scoped if session_id set)
            mime_type: MIME type (auto-detected if not provided)
            overwrite: Whether to overwrite existing file at path
        Returns:
            Created UserWorkspaceFile instance
        Raises:
            ValueError: If file exceeds size limit or path already exists
        """
        # Enforce file size limit
        max_file_size = Config().max_file_size_mb * 1024 * 1024
        if len(content) > max_file_size:
            raise ValueError(
                f"File too large: {len(content)} bytes exceeds "
                f"{Config().max_file_size_mb}MB limit"
            )
        # Determine path with session scoping
        if path is None:
            path = f"/{filename}"
        elif not path.startswith("/"):
            path = f"/{path}"
        # Resolve path with session prefix
        path = self._resolve_path(path)
        # Check if file exists at path (only error for non-overwrite case)
        # For overwrite=True, we let the write proceed and handle via UniqueViolationError
        # This ensures the new file is written to storage BEFORE the old one is deleted,
        # preventing data loss if the new write fails
        if not overwrite:
            existing = await get_workspace_file_by_path(self.workspace_id, path)
            if existing is not None:
                raise ValueError(f"File already exists at path: {path}")
        # Auto-detect MIME type if not provided
        if mime_type is None:
            mime_type, _ = mimetypes.guess_type(filename)
            mime_type = mime_type or "application/octet-stream"
        # Compute checksum
        checksum = compute_file_checksum(content)
        # Generate unique file ID for storage
        file_id = str(uuid.uuid4())
        # Store file in storage backend
        storage = await get_workspace_storage()
        storage_path = await storage.store(
            workspace_id=self.workspace_id,
            file_id=file_id,
            filename=filename,
            content=content,
        )
        # Create database record - handle race condition where another request
        # created a file at the same path between our check and create
        try:
            file = await create_workspace_file(
                workspace_id=self.workspace_id,
                file_id=file_id,
                name=filename,
                path=path,
                storage_path=storage_path,
                mime_type=mime_type,
                size_bytes=len(content),
                checksum=checksum,
            )
        except UniqueViolationError:
            # Race condition: another request created a file at this path
            if overwrite:
                # Re-fetch and delete the conflicting file, then retry
                existing = await get_workspace_file_by_path(self.workspace_id, path)
                if existing:
                    await self.delete_file(existing.id)
                # Retry the create - if this also fails, clean up storage file
                try:
                    file = await create_workspace_file(
                        workspace_id=self.workspace_id,
                        file_id=file_id,
                        name=filename,
                        path=path,
                        storage_path=storage_path,
                        mime_type=mime_type,
                        size_bytes=len(content),
                        checksum=checksum,
                    )
                except Exception:
                    # Clean up orphaned storage file on retry failure
                    try:
                        await storage.delete(storage_path)
                    except Exception as e:
                        logger.warning(f"Failed to clean up orphaned storage file: {e}")
                    raise
            else:
                # Clean up the orphaned storage file before raising
                try:
                    await storage.delete(storage_path)
                except Exception as e:
                    logger.warning(f"Failed to clean up orphaned storage file: {e}")
                raise ValueError(f"File already exists at path: {path}")
        except Exception:
            # Any other database error (connection, validation, etc.) - clean up storage
            try:
                await storage.delete(storage_path)
            except Exception as e:
                logger.warning(f"Failed to clean up orphaned storage file: {e}")
            raise
        logger.info(
            f"Wrote file {file.id} ({filename}) to workspace {self.workspace_id} "
            f"at path {path}, size={len(content)} bytes"
        )
        return file
    async def list_files(
        self,
        path: Optional[str] = None,
        limit: Optional[int] = None,
        offset: int = 0,
        include_all_sessions: bool = False,
    ) -> list[UserWorkspaceFile]:
        """
        List files in workspace.
        When session_id is set and include_all_sessions is False (default),
        only files in the current session's folder are listed.
        Args:
            path: Optional path prefix to filter (e.g., "/documents/")
            limit: Maximum number of files to return
            offset: Number of files to skip
            include_all_sessions: If True, list files from all sessions.
                                  If False (default), only list current session's files.
        Returns:
            List of UserWorkspaceFile instances
        """
        effective_path = self._get_effective_path(path, include_all_sessions)
        return await list_workspace_files(
            workspace_id=self.workspace_id,
            path_prefix=effective_path,
            limit=limit,
            offset=offset,
        )
    async def delete_file(self, file_id: str) -> bool:
        """
        Delete a file (soft-delete).
        Args:
            file_id: The file's ID
        Returns:
            True if deleted, False if not found
        """
        file = await get_workspace_file(file_id, self.workspace_id)
        if file is None:
            return False
        # Delete from storage
        storage = await get_workspace_storage()
        try:
            await storage.delete(file.storagePath)
        except Exception as e:
            logger.warning(f"Failed to delete file from storage: {e}")
            # Continue with database soft-delete even if storage delete fails
        # Soft-delete database record
        result = await soft_delete_workspace_file(file_id, self.workspace_id)
        return result is not None
    async def get_download_url(self, file_id: str, expires_in: int = 3600) -> str:
        """
        Get download URL for a file.
        Args:
            file_id: The file's ID
            expires_in: URL expiration in seconds (default 1 hour)
        Returns:
            Download URL (signed URL for GCS, API endpoint for local)
        Raises:
            FileNotFoundError: If file doesn't exist
        """
        file = await get_workspace_file(file_id, self.workspace_id)
        if file is None:
            raise FileNotFoundError(f"File not found: {file_id}")
        storage = await get_workspace_storage()
        return await storage.get_download_url(file.storagePath, expires_in)
    async def get_file_info(self, file_id: str) -> Optional[UserWorkspaceFile]:
        """
        Get file metadata.
        Args:
            file_id: The file's ID
        Returns:
            UserWorkspaceFile instance or None
        """
        return await get_workspace_file(file_id, self.workspace_id)
    async def get_file_info_by_path(self, path: str) -> Optional[UserWorkspaceFile]:
        """
        Get file metadata by path.
        When session_id is set, paths are resolved relative to the session folder
        unless they explicitly reference /sessions/...
        Args:
            path: Virtual path
        Returns:
            UserWorkspaceFile instance or None
        """
        resolved_path = self._resolve_path(path)
        return await get_workspace_file_by_path(self.workspace_id, resolved_path)
    async def get_file_count(
        self,
        path: Optional[str] = None,
        include_all_sessions: bool = False,
    ) -> int:
        """
        Get number of files in workspace.
        When session_id is set and include_all_sessions is False (default),
        only counts files in the current session's folder.
        Args:
            path: Optional path prefix to filter (e.g., "/documents/")
            include_all_sessions: If True, count all files in workspace.
                                  If False (default), only count current session's files.
        Returns:
            Number of files
        """
        effective_path = self._get_effective_path(path, include_all_sessions)
        return await count_workspace_files(
            self.workspace_id, path_prefix=effective_path
        )
--- a/autogpt_platform/backend/backend/util/workspace_storage.py
+++ b/autogpt_platform/backend/backend/util/workspace_storage.py
@@ -0,0 +1,398 @@
 """
 Workspace storage backend abstraction for supporting both cloud and local deployments.
 This module provides a unified interface for storing workspace files, with implementations
 for Google Cloud Storage (cloud deployments) and local filesystem (self-hosted deployments).
 """
 import asyncio
 import hashlib
 import logging
 from abc import ABC, abstractmethod
 from datetime import datetime, timezone
 from pathlib import Path
 from typing import Optional
 import aiofiles
 import aiohttp
 from gcloud.aio import storage as async_gcs_storage
 from google.cloud import storage as gcs_storage
 from backend.util.data import get_data_path
 from backend.util.gcs_utils import (
    download_with_fresh_session,
    generate_signed_url,
    parse_gcs_path,
 )
 from backend.util.settings import Config
 logger = logging.getLogger(__name__)
 class WorkspaceStorageBackend(ABC):
    """Abstract interface for workspace file storage."""
    @abstractmethod
    async def store(
        self,
        workspace_id: str,
        file_id: str,
        filename: str,
        content: bytes,
    ) -> str:
        """
        Store file content, return storage path.
        Args:
            workspace_id: The workspace ID
            file_id: Unique file ID for storage
            filename: Original filename
            content: File content as bytes
        Returns:
            Storage path string (cloud path or local path)
        """
        pass
    @abstractmethod
    async def retrieve(self, storage_path: str) -> bytes:
        """
        Retrieve file content from storage.
        Args:
            storage_path: The storage path returned from store()
        Returns:
            File content as bytes
        """
        pass
    @abstractmethod
    async def delete(self, storage_path: str) -> None:
        """
        Delete file from storage.
        Args:
            storage_path: The storage path to delete
        """
        pass
    @abstractmethod
    async def get_download_url(self, storage_path: str, expires_in: int = 3600) -> str:
        """
        Get URL for downloading the file.
        Args:
            storage_path: The storage path
            expires_in: URL expiration time in seconds (default 1 hour)
        Returns:
            Download URL (signed URL for GCS, direct API path for local)
        """
        pass
 class GCSWorkspaceStorage(WorkspaceStorageBackend):
    """Google Cloud Storage implementation for workspace storage."""
    def __init__(self, bucket_name: str):
        self.bucket_name = bucket_name
        self._async_client: Optional[async_gcs_storage.Storage] = None
        self._sync_client: Optional[gcs_storage.Client] = None
        self._session: Optional[aiohttp.ClientSession] = None
    async def _get_async_client(self) -> async_gcs_storage.Storage:
        """Get or create async GCS client."""
        if self._async_client is None:
            self._session = aiohttp.ClientSession(
                connector=aiohttp.TCPConnector(limit=100, force_close=False)
            )
            self._async_client = async_gcs_storage.Storage(session=self._session)
        return self._async_client
    def _get_sync_client(self) -> gcs_storage.Client:
        """Get or create sync GCS client (for signed URLs)."""
        if self._sync_client is None:
            self._sync_client = gcs_storage.Client()
        return self._sync_client
    async def close(self) -> None:
        """Close all client connections."""
        if self._async_client is not None:
            try:
                await self._async_client.close()
            except Exception as e:
                logger.warning(f"Error closing GCS client: {e}")
            self._async_client = None
        if self._session is not None:
            try:
                await self._session.close()
            except Exception as e:
                logger.warning(f"Error closing session: {e}")
            self._session = None
    def _build_blob_name(self, workspace_id: str, file_id: str, filename: str) -> str:
        """Build the blob path for workspace files."""
        return f"workspaces/{workspace_id}/{file_id}/{filename}"
    async def store(
        self,
        workspace_id: str,
        file_id: str,
        filename: str,
        content: bytes,
    ) -> str:
        """Store file in GCS."""
        client = await self._get_async_client()
        blob_name = self._build_blob_name(workspace_id, file_id, filename)
        # Upload with metadata
        upload_time = datetime.now(timezone.utc)
        await client.upload(
            self.bucket_name,
            blob_name,
            content,
            metadata={
                "uploaded_at": upload_time.isoformat(),
                "workspace_id": workspace_id,
                "file_id": file_id,
            },
        )
        return f"gcs://{self.bucket_name}/{blob_name}"
    async def retrieve(self, storage_path: str) -> bytes:
        """Retrieve file from GCS."""
        bucket_name, blob_name = parse_gcs_path(storage_path)
        return await download_with_fresh_session(bucket_name, blob_name)
    async def delete(self, storage_path: str) -> None:
        """Delete file from GCS."""
        bucket_name, blob_name = parse_gcs_path(storage_path)
        client = await self._get_async_client()
        try:
            await client.delete(bucket_name, blob_name)
        except Exception as e:
            if "404" not in str(e) and "Not Found" not in str(e):
                raise
            # File already deleted, that's fine
    async def get_download_url(self, storage_path: str, expires_in: int = 3600) -> str:
        """
        Generate download URL for GCS file.
        Attempts to generate a signed URL if running with service account credentials.
        Falls back to an API proxy endpoint if signed URL generation fails
        (e.g., when running locally with user OAuth credentials).
        """
        bucket_name, blob_name = parse_gcs_path(storage_path)
        # Extract file_id from blob_name for fallback: workspaces/{workspace_id}/{file_id}/{filename}
        blob_parts = blob_name.split("/")
        file_id = blob_parts[2] if len(blob_parts) >= 3 else None
        # Try to generate signed URL (requires service account credentials)
        try:
            sync_client = self._get_sync_client()
            return await generate_signed_url(
                sync_client, bucket_name, blob_name, expires_in
            )
        except AttributeError as e:
            # Signed URL generation requires service account with private key.
            # When running with user OAuth credentials, fall back to API proxy.
            if "private key" in str(e) and file_id:
                logger.debug(
                    "Cannot generate signed URL (no service account credentials), "
                    "falling back to API proxy endpoint"
                )
                return f"/api/workspace/files/{file_id}/download"
            raise
 class LocalWorkspaceStorage(WorkspaceStorageBackend):
    """Local filesystem implementation for workspace storage (self-hosted deployments)."""
    def __init__(self, base_dir: Optional[str] = None):
        """
        Initialize local storage backend.
        Args:
            base_dir: Base directory for workspace storage.
                     If None, defaults to {app_data}/workspaces
        """
        if base_dir:
            self.base_dir = Path(base_dir)
        else:
            self.base_dir = Path(get_data_path()) / "workspaces"
        # Ensure base directory exists
        self.base_dir.mkdir(parents=True, exist_ok=True)
    def _build_file_path(self, workspace_id: str, file_id: str, filename: str) -> Path:
        """Build the local file path with path traversal protection."""
        # Import here to avoid circular import
        # (file.py imports workspace.py which imports workspace_storage.py)
        from backend.util.file import sanitize_filename
        # Sanitize filename to prevent path traversal (removes / and \ among others)
        safe_filename = sanitize_filename(filename)
        file_path = (self.base_dir / workspace_id / file_id / safe_filename).resolve()
        # Verify the resolved path is still under base_dir
        if not file_path.is_relative_to(self.base_dir.resolve()):
            raise ValueError("Invalid filename: path traversal detected")
        return file_path
    def _parse_storage_path(self, storage_path: str) -> Path:
        """Parse local storage path to filesystem path."""
        if storage_path.startswith("local://"):
            relative_path = storage_path[8:]  # Remove "local://"
        else:
            relative_path = storage_path
        full_path = (self.base_dir / relative_path).resolve()
        # Security check: ensure path is under base_dir
        # Use is_relative_to() for robust path containment check
        # (handles case-insensitive filesystems and edge cases)
        if not full_path.is_relative_to(self.base_dir.resolve()):
            raise ValueError("Invalid storage path: path traversal detected")
        return full_path
    async def store(
        self,
        workspace_id: str,
        file_id: str,
        filename: str,
        content: bytes,
    ) -> str:
        """Store file locally."""
        file_path = self._build_file_path(workspace_id, file_id, filename)
        # Create parent directories
        file_path.parent.mkdir(parents=True, exist_ok=True)
        # Write file asynchronously
        async with aiofiles.open(file_path, "wb") as f:
            await f.write(content)
        # Return relative path as storage path
        relative_path = file_path.relative_to(self.base_dir)
        return f"local://{relative_path}"
    async def retrieve(self, storage_path: str) -> bytes:
        """Retrieve file from local storage."""
        file_path = self._parse_storage_path(storage_path)
        if not file_path.exists():
            raise FileNotFoundError(f"File not found: {storage_path}")
        async with aiofiles.open(file_path, "rb") as f:
            return await f.read()
    async def delete(self, storage_path: str) -> None:
        """Delete file from local storage."""
        file_path = self._parse_storage_path(storage_path)
        if file_path.exists():
            # Remove file
            file_path.unlink()
            # Clean up empty parent directories
            parent = file_path.parent
            while parent != self.base_dir:
                try:
                    if parent.exists() and not any(parent.iterdir()):
                        parent.rmdir()
                    else:
                        break
                except OSError:
                    break
                parent = parent.parent
    async def get_download_url(self, storage_path: str, expires_in: int = 3600) -> str:
        """
        Get download URL for local file.
        For local storage, this returns an API endpoint path.
        The actual serving is handled by the API layer.
        """
        # Parse the storage path to get the components
        if storage_path.startswith("local://"):
            relative_path = storage_path[8:]
        else:
            relative_path = storage_path
        # Return the API endpoint for downloading
        # The file_id is extracted from the path: {workspace_id}/{file_id}/{filename}
        parts = relative_path.split("/")
        if len(parts) >= 2:
            file_id = parts[1]  # Second component is file_id
            return f"/api/workspace/files/{file_id}/download"
        else:
            raise ValueError(f"Invalid storage path format: {storage_path}")
 # Global storage backend instance
 _workspace_storage: Optional[WorkspaceStorageBackend] = None
 _storage_lock = asyncio.Lock()
 async def get_workspace_storage() -> WorkspaceStorageBackend:
    """
    Get the workspace storage backend instance.
    Uses GCS if media_gcs_bucket_name is configured, otherwise uses local storage.
    """
    global _workspace_storage
    if _workspace_storage is None:
        async with _storage_lock:
            if _workspace_storage is None:
                config = Config()
                if config.media_gcs_bucket_name:
                    logger.info(
                        f"Using GCS workspace storage: {config.media_gcs_bucket_name}"
                    )
                    _workspace_storage = GCSWorkspaceStorage(
                        config.media_gcs_bucket_name
                    )
                else:
                    storage_dir = (
                        config.workspace_storage_dir
                        if config.workspace_storage_dir
                        else None
                    )
                    logger.info(
                        f"Using local workspace storage: {storage_dir or 'default'}"
                    )
                    _workspace_storage = LocalWorkspaceStorage(storage_dir)
    return _workspace_storage
 async def shutdown_workspace_storage() -> None:
    """
    Properly shutdown the global workspace storage backend.
    Closes aiohttp sessions and other resources for GCS backend.
    Should be called during application shutdown.
    """
    global _workspace_storage
    if _workspace_storage is not None:
        async with _storage_lock:
            if _workspace_storage is not None:
                if isinstance(_workspace_storage, GCSWorkspaceStorage):
                    await _workspace_storage.close()
                _workspace_storage = None
 def compute_file_checksum(content: bytes) -> str:
    """Compute SHA256 checksum of file content."""
    return hashlib.sha256(content).hexdigest()
--- a/autogpt_platform/backend/migrations/20260127230419_add_user_workspace/migration.sql
+++ b/autogpt_platform/backend/migrations/20260127230419_add_user_workspace/migration.sql
@@ -0,0 +1,52 @@
 -- CreateEnum
 CREATE TYPE "WorkspaceFileSource" AS ENUM ('UPLOAD', 'EXECUTION', 'COPILOT', 'IMPORT');
 -- CreateTable
 CREATE TABLE "UserWorkspace" (
    "id" TEXT NOT NULL,
    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    "updatedAt" TIMESTAMP(3) NOT NULL,
    "userId" TEXT NOT NULL,
    CONSTRAINT "UserWorkspace_pkey" PRIMARY KEY ("id")
 );
 -- CreateTable
 CREATE TABLE "UserWorkspaceFile" (
    "id" TEXT NOT NULL,
    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
    "updatedAt" TIMESTAMP(3) NOT NULL,
    "workspaceId" TEXT NOT NULL,
    "name" TEXT NOT NULL,
    "path" TEXT NOT NULL,
    "storagePath" TEXT NOT NULL,
    "mimeType" TEXT NOT NULL,
    "sizeBytes" BIGINT NOT NULL,
    "checksum" TEXT,
    "isDeleted" BOOLEAN NOT NULL DEFAULT false,
    "deletedAt" TIMESTAMP(3),
    "source" "WorkspaceFileSource" NOT NULL DEFAULT 'UPLOAD',
    "sourceExecId" TEXT,
    "sourceSessionId" TEXT,
    "metadata" JSONB NOT NULL DEFAULT '{}',
    CONSTRAINT "UserWorkspaceFile_pkey" PRIMARY KEY ("id")
 );
 -- CreateIndex
 CREATE UNIQUE INDEX "UserWorkspace_userId_key" ON "UserWorkspace"("userId");
 -- CreateIndex
 CREATE INDEX "UserWorkspace_userId_idx" ON "UserWorkspace"("userId");
 -- CreateIndex
 CREATE INDEX "UserWorkspaceFile_workspaceId_isDeleted_idx" ON "UserWorkspaceFile"("workspaceId", "isDeleted");
 -- CreateIndex
 CREATE UNIQUE INDEX "UserWorkspaceFile_workspaceId_path_key" ON "UserWorkspaceFile"("workspaceId", "path");
 -- AddForeignKey
 ALTER TABLE "UserWorkspace" ADD CONSTRAINT "UserWorkspace_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;
 -- AddForeignKey
 ALTER TABLE "UserWorkspaceFile" ADD CONSTRAINT "UserWorkspaceFile_workspaceId_fkey" FOREIGN KEY ("workspaceId") REFERENCES "UserWorkspace"("id") ON DELETE CASCADE ON UPDATE CASCADE;
--- a/autogpt_platform/backend/migrations/20260129011611_remove_workspace_file_source/migration.sql
+++ b/autogpt_platform/backend/migrations/20260129011611_remove_workspace_file_source/migration.sql
@@ -0,0 +1,16 @@
 /*
  Warnings:
  - You are about to drop the column `source` on the `UserWorkspaceFile` table. All the data in the column will be lost.
  - You are about to drop the column `sourceExecId` on the `UserWorkspaceFile` table. All the data in the column will be lost.
  - You are about to drop the column `sourceSessionId` on the `UserWorkspaceFile` table. All the data in the column will be lost.
 */
 -- AlterTable
 ALTER TABLE "UserWorkspaceFile" DROP COLUMN "source",
 DROP COLUMN "sourceExecId",
 DROP COLUMN "sourceSessionId";
 -- DropEnum
 DROP TYPE "WorkspaceFileSource";
--- a/autogpt_platform/backend/schema.prisma
+++ b/autogpt_platform/backend/schema.prisma
@@ -63,6 +63,7 @@ model User {
  IntegrationWebhooks   IntegrationWebhook[]
  NotificationBatches   UserNotificationBatch[]
  PendingHumanReviews   PendingHumanReview[]
  Workspace             UserWorkspace?
  // OAuth Provider relations
  OAuthApplications       OAuthApplication[]
@@ -137,6 +138,53 @@ model CoPilotUnderstanding {
  @@index([userId])
 }
 ////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////
 ////////////////   USER WORKSPACE TABLES   /////////////////
 ////////////////////////////////////////////////////////////
 ////////////////////////////////////////////////////////////
 // User's persistent file storage workspace
 model UserWorkspace {
  id        String   @id @default(uuid())
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt
  userId String @unique
  User   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
  Files UserWorkspaceFile[]
  @@index([userId])
 }
 // Individual files in a user's workspace
 model UserWorkspaceFile {
  id        String   @id @default(uuid())
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt
  workspaceId String
  Workspace   UserWorkspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
  // File metadata
  name        String // User-visible filename
  path        String // Virtual path (e.g., "/documents/report.pdf")
  storagePath String // Actual GCS or local storage path
  mimeType    String
  sizeBytes   BigInt
  checksum    String? // SHA256 for integrity
  // File state
  isDeleted Boolean   @default(false)
  deletedAt DateTime?
  metadata Json @default("{}")
  @@unique([workspaceId, path])
  @@index([workspaceId, isDeleted])
 }
 model BuilderSearchHistory {
  id        String   @id @default(uuid())
  createdAt DateTime @default(now())
--- a/autogpt_platform/backend/test/agent_generator/test_service.py
+++ b/autogpt_platform/backend/test/agent_generator/test_service.py
@@ -151,15 +151,20 @@ class TestDecomposeGoalExternal:
    @pytest.mark.asyncio
    async def test_decompose_goal_handles_http_error(self):
        """Test decomposition handles HTTP errors gracefully."""
        mock_response = MagicMock()
        mock_response.status_code = 500
        mock_client = AsyncMock()
        mock_client.post.side_effect = httpx.HTTPStatusError(
-            "Server error", request=MagicMock(), response=MagicMock()
+            "Server error", request=MagicMock(), response=mock_response
        )
        with patch.object(service, "_get_client", return_value=mock_client):
            result = await service.decompose_goal_external("Build a chatbot")
-        assert result is None
+        assert result is not None
        assert result.get("type") == "error"
        assert result.get("error_type") == "http_error"
        assert "Server error" in result.get("error", "")
    @pytest.mark.asyncio
    async def test_decompose_goal_handles_request_error(self):
@@ -170,7 +175,10 @@ class TestDecomposeGoalExternal:
        with patch.object(service, "_get_client", return_value=mock_client):
            result = await service.decompose_goal_external("Build a chatbot")
-        assert result is None
+        assert result is not None
        assert result.get("type") == "error"
        assert result.get("error_type") == "connection_error"
        assert "Connection failed" in result.get("error", "")
    @pytest.mark.asyncio
    async def test_decompose_goal_handles_service_error(self):
@@ -179,6 +187,7 @@ class TestDecomposeGoalExternal:
        mock_response.json.return_value = {
            "success": False,
            "error": "Internal error",
            "error_type": "internal_error",
        }
        mock_response.raise_for_status = MagicMock()
@@ -188,7 +197,10 @@ class TestDecomposeGoalExternal:
        with patch.object(service, "_get_client", return_value=mock_client):
            result = await service.decompose_goal_external("Build a chatbot")
-        assert result is None
+        assert result is not None
        assert result.get("type") == "error"
        assert result.get("error") == "Internal error"
        assert result.get("error_type") == "internal_error"
 class TestGenerateAgentExternal:
@@ -236,7 +248,10 @@ class TestGenerateAgentExternal:
        with patch.object(service, "_get_client", return_value=mock_client):
            result = await service.generate_agent_external({"steps": []})
-        assert result is None
+        assert result is not None
        assert result.get("type") == "error"
        assert result.get("error_type") == "connection_error"
        assert "Connection failed" in result.get("error", "")
 class TestGenerateAgentPatchExternal:
--- a/autogpt_platform/frontend/.env.default
+++ b/autogpt_platform/frontend/.env.default
@@ -34,3 +34,6 @@ NEXT_PUBLIC_PREVIEW_STEALING_DEV=
 # PostHog Analytics
 NEXT_PUBLIC_POSTHOG_KEY=
 NEXT_PUBLIC_POSTHOG_HOST=https://eu.i.posthog.com
 # OpenAI (for voice transcription)
 OPENAI_API_KEY=
--- a/autogpt_platform/frontend/CLAUDE.md
+++ b/autogpt_platform/frontend/CLAUDE.md
@@ -0,0 +1,76 @@
 # CLAUDE.md - Frontend
 This file provides guidance to Claude Code when working with the frontend.
 ## Essential Commands
 ```bash
 # Install dependencies
 pnpm i
 # Generate API client from OpenAPI spec
 pnpm generate:api
 # Start development server
 pnpm dev
 # Run E2E tests
 pnpm test
 # Run Storybook for component development
 pnpm storybook
 # Build production
 pnpm build
 # Format and lint
 pnpm format
 # Type checking
 pnpm types
 ```
 ### Code Style
 - Fully capitalize acronyms in symbols, e.g. `graphID`, `useBackendAPI`
 - Use function declarations (not arrow functions) for components/handlers
 ## Architecture
 - **Framework**: Next.js 15 App Router (client-first approach)
 - **Data Fetching**: Type-safe generated API hooks via Orval + React Query
 - **State Management**: React Query for server state, co-located UI state in components/hooks
 - **Component Structure**: Separate render logic (`.tsx`) from business logic (`use*.ts` hooks)
 - **Workflow Builder**: Visual graph editor using @xyflow/react
 - **UI Components**: shadcn/ui (Radix UI primitives) with Tailwind CSS styling
 - **Icons**: Phosphor Icons only
 - **Feature Flags**: LaunchDarkly integration
 - **Error Handling**: ErrorCard for render errors, toast for mutations, Sentry for exceptions
 - **Testing**: Playwright for E2E, Storybook for component development
 ## Environment Configuration
 `.env.default` (defaults) → `.env` (user overrides)
 ## Feature Development
 See @CONTRIBUTING.md for complete patterns. Quick reference:
 1. **Pages**: Create in `src/app/(platform)/feature-name/page.tsx`
   - Extract component logic into custom hooks grouped by concern, not by component. Each hook should represent a cohesive domain of functionality (e.g., useSearch, useFilters, usePagination) rather than bundling all state into one useComponentState hook.
     - Put each hook in its own `.ts` file
   - Put sub-components in local `components/` folder
   - Component props should be `type Props = { ... }` (not exported) unless it needs to be used outside the component
 2. **Components**: Structure as `ComponentName/ComponentName.tsx` + `useComponentName.ts` + `helpers.ts`
   - Use design system components from `src/components/` (atoms, molecules, organisms)
   - Never use `src/components/__legacy__/*`
 3. **Data fetching**: Use generated API hooks from `@/app/api/__generated__/endpoints/`
   - Regenerate with `pnpm generate:api`
   - Pattern: `use{Method}{Version}{OperationName}`
 4. **Styling**: Tailwind CSS only, use design tokens, Phosphor Icons only
 5. **Testing**: Add Storybook stories for new components, Playwright for E2E
 6. **Code conventions**:
   - Use function declarations (not arrow functions) for components/handlers
   - Do not use `useCallback` or `useMemo` unless asked to optimise a given function
   - Do not type hook returns, let Typescript infer as much as possible
   - Never type with `any` unless a variable/attribute can ACTUALLY be of any type
--- a/autogpt_platform/frontend/src/app/(no-navbar)/onboarding/page.tsx
+++ b/autogpt_platform/frontend/src/app/(no-navbar)/onboarding/page.tsx
@@ -1,9 +1,10 @@
 "use client";
 import { getV1OnboardingState } from "@/app/api/__generated__/endpoints/onboarding/onboarding";
 import { getOnboardingStatus, resolveResponse } from "@/app/api/helpers";
 import { LoadingSpinner } from "@/components/atoms/LoadingSpinner/LoadingSpinner";
 import { useRouter } from "next/navigation";
 import { useEffect } from "react";
 import { resolveResponse, getOnboardingStatus } from "@/app/api/helpers";
 import { getV1OnboardingState } from "@/app/api/__generated__/endpoints/onboarding/onboarding";
 import { getHomepageRoute } from "@/lib/constants";
 export default function OnboardingPage() {
  const router = useRouter();
@@ -12,10 +13,12 @@ export default function OnboardingPage() {
    async function redirectToStep() {
      try {
        // Check if onboarding is enabled (also gets chat flag for redirect)
-        const { shouldShowOnboarding } = await getOnboardingStatus();
+        const { shouldShowOnboarding, isChatEnabled } =
          await getOnboardingStatus();
        const homepageRoute = getHomepageRoute(isChatEnabled);
        if (!shouldShowOnboarding) {
-          router.replace("/");
+          router.replace(homepageRoute);
          return;
        }
@@ -23,7 +26,7 @@ export default function OnboardingPage() {
        // Handle completed onboarding
        if (onboarding.completedSteps.includes("GET_RESULTS")) {
-          router.replace("/");
+          router.replace(homepageRoute);
          return;
        }
--- a/autogpt_platform/frontend/src/app/(platform)/auth/callback/route.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/auth/callback/route.ts
@@ -1,8 +1,9 @@
 import { getOnboardingStatus } from "@/app/api/helpers";
 import BackendAPI from "@/lib/autogpt-server-api";
 import { getServerSupabase } from "@/lib/supabase/server/getServerSupabase";
-import { revalidatePath } from "next/cache";
+import { getHomepageRoute } from "@/lib/constants";
 import BackendAPI from "@/lib/autogpt-server-api";
 import { NextResponse } from "next/server";
 import { revalidatePath } from "next/cache";
 import { getOnboardingStatus } from "@/app/api/helpers";
 // Handle the callback to complete the user session login
 export async function GET(request: Request) {
@@ -26,12 +27,13 @@ export async function GET(request: Request) {
        await api.createUser();
        // Get onboarding status from backend (includes chat flag evaluated for this user)
-        const { shouldShowOnboarding } = await getOnboardingStatus();
+        const { shouldShowOnboarding, isChatEnabled } =
          await getOnboardingStatus();
        if (shouldShowOnboarding) {
          next = "/onboarding";
          revalidatePath("/onboarding", "layout");
        } else {
-          next = "/";
+          next = getHomepageRoute(isChatEnabled);
          revalidatePath(next, "layout");
        }
      } catch (createUserError) {
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/layout.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/layout.tsx
@@ -1,13 +1,6 @@
-"use client";
+import type { ReactNode } from "react";
 import { FeatureFlagPage } from "@/services/feature-flags/FeatureFlagPage";
 import { Flag } from "@/services/feature-flags/use-get-flag";
 import { type ReactNode } from "react";
 import { CopilotShell } from "./components/CopilotShell/CopilotShell";
 export default function CopilotLayout({ children }: { children: ReactNode }) {
-  return (
+  return <CopilotShell>{children}</CopilotShell>;
    <FeatureFlagPage flag={Flag.CHAT} whenDisabled="/library">
      <CopilotShell>{children}</CopilotShell>
    </FeatureFlagPage>
  );
 }
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/page.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/page.tsx
@@ -14,8 +14,14 @@ export default function CopilotPage() {
  const isInterruptModalOpen = useCopilotStore((s) => s.isInterruptModalOpen);
  const confirmInterrupt = useCopilotStore((s) => s.confirmInterrupt);
  const cancelInterrupt = useCopilotStore((s) => s.cancelInterrupt);
-  const { greetingName, quickActions, isLoading, hasSession, initialPrompt } =
+  const {
-    state;
+    greetingName,
    quickActions,
    isLoading,
    hasSession,
    initialPrompt,
    isReady,
  } = state;
  const {
    handleQuickAction,
    startChatWithPrompt,
@@ -23,6 +29,8 @@ export default function CopilotPage() {
    handleStreamingChange,
  } = handlers;
  if (!isReady) return null;
  if (hasSession) {
    return (
      <div className="flex h-full flex-col">
--- a/autogpt_platform/frontend/src/app/(platform)/copilot/useCopilotPage.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/copilot/useCopilotPage.ts
@@ -3,11 +3,18 @@ import {
  postV2CreateSession,
 } from "@/app/api/__generated__/endpoints/chat/chat";
 import { useToast } from "@/components/molecules/Toast/use-toast";
 import { getHomepageRoute } from "@/lib/constants";
 import { useSupabase } from "@/lib/supabase/hooks/useSupabase";
 import { useOnboarding } from "@/providers/onboarding/onboarding-provider";
 import {
  Flag,
  type FlagValues,
  useGetFlag,
 } from "@/services/feature-flags/use-get-flag";
 import { SessionKey, sessionStorage } from "@/services/storage/session-storage";
 import * as Sentry from "@sentry/nextjs";
 import { useQueryClient } from "@tanstack/react-query";
 import { useFlags } from "launchdarkly-react-client-sdk";
 import { useRouter } from "next/navigation";
 import { useEffect } from "react";
 import { useCopilotStore } from "./copilot-page-store";
@@ -26,6 +33,22 @@ export function useCopilotPage() {
  const isCreating = useCopilotStore((s) => s.isCreatingSession);
  const setIsCreating = useCopilotStore((s) => s.setIsCreatingSession);
  // Complete VISIT_COPILOT onboarding step to grant $5 welcome bonus
  useEffect(() => {
    if (isLoggedIn) {
      completeStep("VISIT_COPILOT");
    }
  }, [completeStep, isLoggedIn]);
  const isChatEnabled = useGetFlag(Flag.CHAT);
  const flags = useFlags<FlagValues>();
  const homepageRoute = getHomepageRoute(isChatEnabled);
  const envEnabled = process.env.NEXT_PUBLIC_LAUNCHDARKLY_ENABLED === "true";
  const clientId = process.env.NEXT_PUBLIC_LAUNCHDARKLY_CLIENT_ID;
  const isLaunchDarklyConfigured = envEnabled && Boolean(clientId);
  const isFlagReady =
    !isLaunchDarklyConfigured || flags[Flag.CHAT] !== undefined;
  const greetingName = getGreetingName(user);
  const quickActions = getQuickActions();
@@ -35,8 +58,11 @@ export function useCopilotPage() {
    : undefined;
  useEffect(() => {
-    if (isLoggedIn) completeStep("VISIT_COPILOT");
+    if (!isFlagReady) return;
-  }, [completeStep, isLoggedIn]);
+    if (isChatEnabled === false) {
      router.replace(homepageRoute);
    }
  }, [homepageRoute, isChatEnabled, isFlagReady, router]);
  async function startChatWithPrompt(prompt: string) {
    if (!prompt?.trim()) return;
@@ -90,6 +116,7 @@ export function useCopilotPage() {
      isLoading: isUserLoading,
      hasSession,
      initialPrompt,
      isReady: isFlagReady && isChatEnabled !== false && isLoggedIn,
    },
    handlers: {
      handleQuickAction,
--- a/autogpt_platform/frontend/src/app/(platform)/error/page.tsx
+++ b/autogpt_platform/frontend/src/app/(platform)/error/page.tsx
@@ -1,6 +1,8 @@
 "use client";
 import { ErrorCard } from "@/components/molecules/ErrorCard/ErrorCard";
 import { getHomepageRoute } from "@/lib/constants";
 import { Flag, useGetFlag } from "@/services/feature-flags/use-get-flag";
 import { useSearchParams } from "next/navigation";
 import { Suspense } from "react";
 import { getErrorDetails } from "./helpers";
@@ -9,6 +11,8 @@ function ErrorPageContent() {
  const searchParams = useSearchParams();
  const errorMessage = searchParams.get("message");
  const errorDetails = getErrorDetails(errorMessage);
  const isChatEnabled = useGetFlag(Flag.CHAT);
  const homepageRoute = getHomepageRoute(isChatEnabled);
  function handleRetry() {
    // Auth-related errors should redirect to login
@@ -26,7 +30,7 @@ function ErrorPageContent() {
      }, 2000);
    } else {
      // For server/network errors, go to home
-      window.location.href = "/";
+      window.location.href = homepageRoute;
    }
  }
--- a/autogpt_platform/frontend/src/app/(platform)/login/actions.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/login/actions.ts
@@ -1,5 +1,6 @@
 "use server";
 import { getHomepageRoute } from "@/lib/constants";
 import BackendAPI from "@/lib/autogpt-server-api";
 import { getServerSupabase } from "@/lib/supabase/server/getServerSupabase";
 import { loginFormSchema } from "@/types/auth";
@@ -37,8 +38,10 @@ export async function login(email: string, password: string) {
    await api.createUser();
    // Get onboarding status from backend (includes chat flag evaluated for this user)
-    const { shouldShowOnboarding } = await getOnboardingStatus();
+    const { shouldShowOnboarding, isChatEnabled } = await getOnboardingStatus();
-    const next = shouldShowOnboarding ? "/onboarding" : "/";
+    const next = shouldShowOnboarding
      ? "/onboarding"
      : getHomepageRoute(isChatEnabled);
    return {
      success: true,
--- a/autogpt_platform/frontend/src/app/(platform)/login/useLoginPage.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/login/useLoginPage.ts
@@ -1,6 +1,8 @@
 import { useToast } from "@/components/molecules/Toast/use-toast";
 import { getHomepageRoute } from "@/lib/constants";
 import { useSupabase } from "@/lib/supabase/hooks/useSupabase";
 import { environment } from "@/services/environment";
 import { Flag, useGetFlag } from "@/services/feature-flags/use-get-flag";
 import { loginFormSchema, LoginProvider } from "@/types/auth";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useRouter, useSearchParams } from "next/navigation";
@@ -20,15 +22,17 @@ export function useLoginPage() {
  const [isGoogleLoading, setIsGoogleLoading] = useState(false);
  const [showNotAllowedModal, setShowNotAllowedModal] = useState(false);
  const isCloudEnv = environment.isCloud();
  const isChatEnabled = useGetFlag(Flag.CHAT);
  const homepageRoute = getHomepageRoute(isChatEnabled);
  // Get redirect destination from 'next' query parameter
  const nextUrl = searchParams.get("next");
  useEffect(() => {
    if (isLoggedIn && !isLoggingIn) {
-      router.push(nextUrl || "/");
+      router.push(nextUrl || homepageRoute);
    }
-  }, [isLoggedIn, isLoggingIn, nextUrl, router]);
+  }, [homepageRoute, isLoggedIn, isLoggingIn, nextUrl, router]);
  const form = useForm<z.infer<typeof loginFormSchema>>({
    resolver: zodResolver(loginFormSchema),
@@ -94,7 +98,7 @@ export function useLoginPage() {
      }
      // Prefer URL's next parameter, then use backend-determined route
-      router.replace(nextUrl || result.next || "/");
+      router.replace(nextUrl || result.next || homepageRoute);
    } catch (error) {
      toast({
        title:
--- a/autogpt_platform/frontend/src/app/(platform)/signup/actions.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/signup/actions.ts
@@ -1,5 +1,6 @@
 "use server";
 import { getHomepageRoute } from "@/lib/constants";
 import { getServerSupabase } from "@/lib/supabase/server/getServerSupabase";
 import { signupFormSchema } from "@/types/auth";
 import * as Sentry from "@sentry/nextjs";
@@ -58,8 +59,10 @@ export async function signup(
    }
    // Get onboarding status from backend (includes chat flag evaluated for this user)
-    const { shouldShowOnboarding } = await getOnboardingStatus();
+    const { shouldShowOnboarding, isChatEnabled } = await getOnboardingStatus();
-    const next = shouldShowOnboarding ? "/onboarding" : "/";
+    const next = shouldShowOnboarding
      ? "/onboarding"
      : getHomepageRoute(isChatEnabled);
    return { success: true, next };
  } catch (err) {
--- a/autogpt_platform/frontend/src/app/(platform)/signup/useSignupPage.ts
+++ b/autogpt_platform/frontend/src/app/(platform)/signup/useSignupPage.ts
@@ -1,6 +1,8 @@
 import { useToast } from "@/components/molecules/Toast/use-toast";
 import { getHomepageRoute } from "@/lib/constants";
 import { useSupabase } from "@/lib/supabase/hooks/useSupabase";
 import { environment } from "@/services/environment";
 import { Flag, useGetFlag } from "@/services/feature-flags/use-get-flag";
 import { LoginProvider, signupFormSchema } from "@/types/auth";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useRouter, useSearchParams } from "next/navigation";
@@ -20,15 +22,17 @@ export function useSignupPage() {
  const [isGoogleLoading, setIsGoogleLoading] = useState(false);
  const [showNotAllowedModal, setShowNotAllowedModal] = useState(false);
  const isCloudEnv = environment.isCloud();
  const isChatEnabled = useGetFlag(Flag.CHAT);
  const homepageRoute = getHomepageRoute(isChatEnabled);
  // Get redirect destination from 'next' query parameter
  const nextUrl = searchParams.get("next");
  useEffect(() => {
    if (isLoggedIn && !isSigningUp) {
-      router.push(nextUrl || "/");
+      router.push(nextUrl || homepageRoute);
    }
-  }, [isLoggedIn, isSigningUp, nextUrl, router]);
+  }, [homepageRoute, isLoggedIn, isSigningUp, nextUrl, router]);
  const form = useForm<z.infer<typeof signupFormSchema>>({
    resolver: zodResolver(signupFormSchema),
@@ -129,7 +133,7 @@ export function useSignupPage() {
      }
      // Prefer the URL's next parameter, then result.next (for onboarding), then default
-      const redirectTo = nextUrl || result.next || "/";
+      const redirectTo = nextUrl || result.next || homepageRoute;
      router.replace(redirectTo);
    } catch (error) {
      setIsLoading(false);
--- a/autogpt_platform/frontend/src/app/api/helpers.ts
+++ b/autogpt_platform/frontend/src/app/api/helpers.ts
@@ -181,5 +181,6 @@ export async function getOnboardingStatus() {
  const isCompleted = onboarding.completedSteps.includes("CONGRATS");
  return {
    shouldShowOnboarding: status.is_onboarding_enabled && !isCompleted,
    isChatEnabled: status.is_chat_enabled,
  };
 }
--- a/autogpt_platform/frontend/src/app/api/openapi.json
+++ b/autogpt_platform/frontend/src/app/api/openapi.json
@@ -5912,6 +5912,40 @@
        }
      }
    },
    "/api/workspace/files/{file_id}/download": {
      "get": {
        "tags": ["workspace"],
        "summary": "Download file by ID",
        "description": "Download a file by its ID.\n\nReturns the file content directly or redirects to a signed URL for GCS.",
        "operationId": "getWorkspaceDownload file by id",
        "security": [{ "HTTPBearerJWT": [] }],
        "parameters": [
          {
            "name": "file_id",
            "in": "path",
            "required": true,
            "schema": { "type": "string", "title": "File Id" }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful Response",
            "content": { "application/json": { "schema": {} } }
          },
          "401": {
            "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
          },
          "422": {
            "description": "Validation Error",
            "content": {
              "application/json": {
                "schema": { "$ref": "#/components/schemas/HTTPValidationError" }
              }
            }
          }
        }
      }
    },
    "/health": {
      "get": {
        "tags": ["health"],
--- a/autogpt_platform/frontend/src/app/api/proxy/[...path]/route.ts
+++ b/autogpt_platform/frontend/src/app/api/proxy/[...path]/route.ts
@@ -1,5 +1,6 @@
 import {
  ApiError,
  getServerAuthToken,
  makeAuthenticatedFileUpload,
  makeAuthenticatedRequest,
 } from "@/lib/autogpt-server-api/helpers";
@@ -15,6 +16,69 @@ function buildBackendUrl(path: string[], queryString: string): string {
  return `${environment.getAGPTServerBaseUrl()}/${backendPath}${queryString}`;
 }
 /**
 * Check if this is a workspace file download request that needs binary response handling.
 */
 function isWorkspaceDownloadRequest(path: string[]): boolean {
  // Match pattern: api/workspace/files/{id}/download (5 segments)
  return (
    path.length == 5 &&
    path[0] === "api" &&
    path[1] === "workspace" &&
    path[2] === "files" &&
    path[path.length - 1] === "download"
  );
 }
 /**
 * Handle workspace file download requests with proper binary response streaming.
 */
 async function handleWorkspaceDownload(
  req: NextRequest,
  backendUrl: string,
 ): Promise<NextResponse> {
  const token = await getServerAuthToken();
  const headers: Record<string, string> = {};
  if (token && token !== "no-token-found") {
    headers["Authorization"] = `Bearer ${token}`;
  }
  const response = await fetch(backendUrl, {
    method: "GET",
    headers,
    redirect: "follow", // Follow redirects to signed URLs
  });
  if (!response.ok) {
    return NextResponse.json(
      { error: `Failed to download file: ${response.statusText}` },
      { status: response.status },
    );
  }
  // Get the content type from the backend response
  const contentType =
    response.headers.get("Content-Type") || "application/octet-stream";
  const contentDisposition = response.headers.get("Content-Disposition");
  // Stream the response body
  const responseHeaders: Record<string, string> = {
    "Content-Type": contentType,
  };
  if (contentDisposition) {
    responseHeaders["Content-Disposition"] = contentDisposition;
  }
  // Return the binary content
  const arrayBuffer = await response.arrayBuffer();
  return new NextResponse(arrayBuffer, {
    status: 200,
    headers: responseHeaders,
  });
 }
 async function handleJsonRequest(
  req: NextRequest,
  method: string,
@@ -180,6 +244,11 @@ async function handler(
  };
  try {
    // Handle workspace file downloads separately (binary response)
    if (method === "GET" && isWorkspaceDownloadRequest(path)) {
      return await handleWorkspaceDownload(req, backendUrl);
    }
    if (method === "GET" || method === "DELETE") {
      responseBody = await handleGetDeleteRequest(method, backendUrl, req);
    } else if (contentType?.includes("application/json")) {
--- a/autogpt_platform/frontend/src/app/api/transcribe/route.ts
+++ b/autogpt_platform/frontend/src/app/api/transcribe/route.ts
@@ -0,0 +1,77 @@
 import { getServerAuthToken } from "@/lib/autogpt-server-api/helpers";
 import { NextRequest, NextResponse } from "next/server";
 const WHISPER_API_URL = "https://api.openai.com/v1/audio/transcriptions";
 const MAX_FILE_SIZE = 25 * 1024 * 1024; // 25MB - Whisper's limit
 function getExtensionFromMimeType(mimeType: string): string {
  const subtype = mimeType.split("/")[1]?.split(";")[0];
  return subtype || "webm";
 }
 export async function POST(request: NextRequest) {
  const token = await getServerAuthToken();
  if (!token || token === "no-token-found") {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }
  const apiKey = process.env.OPENAI_API_KEY;
  if (!apiKey) {
    return NextResponse.json(
      { error: "OpenAI API key not configured" },
      { status: 401 },
    );
  }
  try {
    const formData = await request.formData();
    const audioFile = formData.get("audio");
    if (!audioFile || !(audioFile instanceof Blob)) {
      return NextResponse.json(
        { error: "No audio file provided" },
        { status: 400 },
      );
    }
    if (audioFile.size > MAX_FILE_SIZE) {
      return NextResponse.json(
        { error: "File too large. Maximum size is 25MB." },
        { status: 413 },
      );
    }
    const ext = getExtensionFromMimeType(audioFile.type);
    const whisperFormData = new FormData();
    whisperFormData.append("file", audioFile, `recording.${ext}`);
    whisperFormData.append("model", "whisper-1");
    const response = await fetch(WHISPER_API_URL, {
      method: "POST",
      headers: {
        Authorization: `Bearer ${apiKey}`,
      },
      body: whisperFormData,
    });
    if (!response.ok) {
      const errorData = await response.json().catch(() => ({}));
      console.error("Whisper API error:", errorData);
      return NextResponse.json(
        { error: errorData.error?.message || "Transcription failed" },
        { status: response.status },
      );
    }
    const result = await response.json();
    return NextResponse.json({ text: result.text });
  } catch (error) {
    console.error("Transcription error:", error);
    return NextResponse.json(
      { error: "Failed to process audio" },
      { status: 500 },
    );
  }
 }
--- a/autogpt_platform/frontend/src/app/page.tsx
+++ b/autogpt_platform/frontend/src/app/page.tsx
@@ -1,15 +1,27 @@
 "use client";
-import { LoadingSpinner } from "@/components/atoms/LoadingSpinner/LoadingSpinner";
+import { getHomepageRoute } from "@/lib/constants";
 import { Flag, useGetFlag } from "@/services/feature-flags/use-get-flag";
 import { useRouter } from "next/navigation";
 import { useEffect } from "react";
 export default function Page() {
  const isChatEnabled = useGetFlag(Flag.CHAT);
  const router = useRouter();
  const homepageRoute = getHomepageRoute(isChatEnabled);
  const envEnabled = process.env.NEXT_PUBLIC_LAUNCHDARKLY_ENABLED === "true";
  const clientId = process.env.NEXT_PUBLIC_LAUNCHDARKLY_CLIENT_ID;
  const isLaunchDarklyConfigured = envEnabled && Boolean(clientId);
  const isFlagReady =
    !isLaunchDarklyConfigured || typeof isChatEnabled === "boolean";
-  useEffect(() => {
+  useEffect(
-    router.replace("/copilot");
+    function redirectToHomepage() {
-  }, [router]);
+      if (!isFlagReady) return;
      router.replace(homepageRoute);
    },
    [homepageRoute, isFlagReady, router],
  );
-  return <LoadingSpinner size="large" cover />;
+  return null;
 }
--- a/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/ChatInput.tsx
+++ b/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/ChatInput.tsx
@@ -1,7 +1,14 @@
 import { Button } from "@/components/atoms/Button/Button";
 import { cn } from "@/lib/utils";
-import { ArrowUpIcon, StopIcon } from "@phosphor-icons/react";
+import {
  ArrowUpIcon,
  CircleNotchIcon,
  MicrophoneIcon,
  StopIcon,
 } from "@phosphor-icons/react";
 import { RecordingIndicator } from "./components/RecordingIndicator";
 import { useChatInput } from "./useChatInput";
 import { useVoiceRecording } from "./useVoiceRecording";
 export interface Props {
  onSend: (message: string) => void;
@@ -21,13 +28,36 @@ export function ChatInput({
  className,
 }: Props) {
  const inputId = "chat-input";
-  const { value, handleKeyDown, handleSubmit, handleChange, hasMultipleLines } =
+  const {
-    useChatInput({
+    value,
-      onSend,
+    setValue,
-      disabled: disabled || isStreaming,
+    handleKeyDown: baseHandleKeyDown,
-      maxRows: 4,
+    handleSubmit,
-      inputId,
+    handleChange,
-    });
+    hasMultipleLines,
  } = useChatInput({
    onSend,
    disabled: disabled || isStreaming,
    maxRows: 4,
    inputId,
  });
  const {
    isRecording,
    isTranscribing,
    elapsedTime,
    toggleRecording,
    handleKeyDown,
    showMicButton,
    isInputDisabled,
    audioStream,
  } = useVoiceRecording({
    setValue,
    disabled: disabled || isStreaming,
    isStreaming,
    value,
    baseHandleKeyDown,
  });
  return (
    <form onSubmit={handleSubmit} className={cn("relative flex-1", className)}>
@@ -35,8 +65,11 @@ export function ChatInput({
        <div
          id={`${inputId}-wrapper`}
          className={cn(
-            "relative overflow-hidden border border-neutral-200 bg-white shadow-sm",
+            "relative overflow-hidden border bg-white shadow-sm",
-            "focus-within:border-zinc-400 focus-within:ring-1 focus-within:ring-zinc-400",
+            "focus-within:ring-1",
            isRecording
              ? "border-red-400 focus-within:border-red-400 focus-within:ring-red-400"
              : "border-neutral-200 focus-within:border-zinc-400 focus-within:ring-zinc-400",
            hasMultipleLines ? "rounded-xlarge" : "rounded-full",
          )}
        >
@@ -46,48 +79,94 @@ export function ChatInput({
            value={value}
            onChange={handleChange}
            onKeyDown={handleKeyDown}
-            placeholder={placeholder}
+            placeholder={
-            disabled={disabled || isStreaming}
+              isTranscribing
                ? "Transcribing..."
                : isRecording
                  ? ""
                  : placeholder
            }
            disabled={isInputDisabled}
            rows={1}
            className={cn(
              "w-full resize-none overflow-y-auto border-0 bg-transparent text-[1rem] leading-6 text-black",
              "placeholder:text-zinc-400",
              "focus:outline-none focus:ring-0",
              "disabled:text-zinc-500",
-              hasMultipleLines ? "pb-6 pl-4 pr-4 pt-2" : "pb-4 pl-4 pr-14 pt-4",
+              hasMultipleLines
                ? "pb-6 pl-4 pr-4 pt-2"
                : showMicButton
                  ? "pb-4 pl-14 pr-14 pt-4"
                  : "pb-4 pl-4 pr-14 pt-4",
            )}
          />
          {isRecording && !value && (
            <div className="pointer-events-none absolute inset-0 flex items-center justify-center">
              <RecordingIndicator
                elapsedTime={elapsedTime}
                audioStream={audioStream}
              />
            </div>
          )}
        </div>
        <span id="chat-input-hint" className="sr-only">
-          Press Enter to send, Shift+Enter for new line
+          Press Enter to send, Shift+Enter for new line, Space to record voice
        </span>
-        {isStreaming ? (
+        {showMicButton && (
-          <Button
+          <div className="absolute bottom-[7px] left-2 flex items-center gap-1">
-            type="button"
+            <Button
-            variant="icon"
+              type="button"
-            size="icon"
+              variant="icon"
-            aria-label="Stop generating"
+              size="icon"
-            onClick={onStop}
+              aria-label={isRecording ? "Stop recording" : "Start recording"}
-            className="absolute bottom-[7px] right-2 border-red-600 bg-red-600 text-white hover:border-red-800 hover:bg-red-800"
+              onClick={toggleRecording}
-          >
+              disabled={disabled || isTranscribing}
-            <StopIcon className="h-4 w-4" weight="bold" />
+              className={cn(
-          </Button>
+                isRecording
-        ) : (
+                  ? "animate-pulse border-red-500 bg-red-500 text-white hover:border-red-600 hover:bg-red-600"
-          <Button
+                  : isTranscribing
-            type="submit"
+                    ? "border-zinc-300 bg-zinc-100 text-zinc-400"
-            variant="icon"
+                    : "border-zinc-300 bg-white text-zinc-500 hover:border-zinc-400 hover:bg-zinc-50 hover:text-zinc-700",
-            size="icon"
+              )}
-            aria-label="Send message"
+            >
-            className={cn(
+              {isTranscribing ? (
-              "absolute bottom-[7px] right-2 border-zinc-800 bg-zinc-800 text-white hover:border-zinc-900 hover:bg-zinc-900",
+                <CircleNotchIcon className="h-4 w-4 animate-spin" />
-              (disabled || !value.trim()) && "opacity-20",
+              ) : (
-            )}
+                <MicrophoneIcon className="h-4 w-4" weight="bold" />
-            disabled={disabled || !value.trim()}
+              )}
-          >
+            </Button>
-            <ArrowUpIcon className="h-4 w-4" weight="bold" />
+          </div>
          </Button>
        )}
        <div className="absolute bottom-[7px] right-2 flex items-center gap-1">
          {isStreaming ? (
            <Button
              type="button"
              variant="icon"
              size="icon"
              aria-label="Stop generating"
              onClick={onStop}
              className="border-red-600 bg-red-600 text-white hover:border-red-800 hover:bg-red-800"
            >
              <StopIcon className="h-4 w-4" weight="bold" />
            </Button>
          ) : (
            <Button
              type="submit"
              variant="icon"
              size="icon"
              aria-label="Send message"
              className={cn(
                "border-zinc-800 bg-zinc-800 text-white hover:border-zinc-900 hover:bg-zinc-900",
                (disabled || !value.trim() || isRecording) && "opacity-20",
              )}
              disabled={disabled || !value.trim() || isRecording}
            >
              <ArrowUpIcon className="h-4 w-4" weight="bold" />
            </Button>
          )}
        </div>
      </div>
    </form>
  );
--- a/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/components/AudioWaveform.tsx
+++ b/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/components/AudioWaveform.tsx
@@ -0,0 +1,142 @@
 "use client";
 import { useEffect, useRef, useState } from "react";
 interface Props {
  stream: MediaStream | null;
  barCount?: number;
  barWidth?: number;
  barGap?: number;
  barColor?: string;
  minBarHeight?: number;
  maxBarHeight?: number;
 }
 export function AudioWaveform({
  stream,
  barCount = 24,
  barWidth = 3,
  barGap = 2,
  barColor = "#ef4444", // red-500
  minBarHeight = 4,
  maxBarHeight = 32,
 }: Props) {
  const [bars, setBars] = useState<number[]>(() =>
    Array(barCount).fill(minBarHeight),
  );
  const analyserRef = useRef<AnalyserNode | null>(null);
  const audioContextRef = useRef<AudioContext | null>(null);
  const sourceRef = useRef<MediaStreamAudioSourceNode | null>(null);
  const animationRef = useRef<number | null>(null);
  useEffect(() => {
    if (!stream) {
      setBars(Array(barCount).fill(minBarHeight));
      return;
    }
    // Create audio context and analyser
    const audioContext = new AudioContext();
    const analyser = audioContext.createAnalyser();
    analyser.fftSize = 512;
    analyser.smoothingTimeConstant = 0.8;
    // Connect the stream to the analyser
    const source = audioContext.createMediaStreamSource(stream);
    source.connect(analyser);
    audioContextRef.current = audioContext;
    analyserRef.current = analyser;
    sourceRef.current = source;
    const timeData = new Uint8Array(analyser.frequencyBinCount);
    const updateBars = () => {
      if (!analyserRef.current) return;
      analyserRef.current.getByteTimeDomainData(timeData);
      // Distribute time-domain data across bars
      // This shows waveform amplitude, making all bars respond to audio
      const newBars: number[] = [];
      const samplesPerBar = timeData.length / barCount;
      for (let i = 0; i < barCount; i++) {
        // Sample waveform data for this bar
        let maxAmplitude = 0;
        const startIdx = Math.floor(i * samplesPerBar);
        const endIdx = Math.floor((i + 1) * samplesPerBar);
        for (let j = startIdx; j < endIdx && j < timeData.length; j++) {
          // Convert to amplitude (distance from center 128)
          const amplitude = Math.abs(timeData[j] - 128);
          maxAmplitude = Math.max(maxAmplitude, amplitude);
        }
        // Map amplitude (0-128) to bar height
        const normalized = (maxAmplitude / 128) * 255;
        const height =
          minBarHeight + (normalized / 255) * (maxBarHeight - minBarHeight);
        newBars.push(height);
      }
      setBars(newBars);
      animationRef.current = requestAnimationFrame(updateBars);
    };
    updateBars();
    return () => {
      if (animationRef.current) {
        cancelAnimationFrame(animationRef.current);
      }
      if (sourceRef.current) {
        sourceRef.current.disconnect();
      }
      if (audioContextRef.current) {
        audioContextRef.current.close();
      }
      analyserRef.current = null;
      audioContextRef.current = null;
      sourceRef.current = null;
    };
  }, [stream, barCount, minBarHeight, maxBarHeight]);
  const totalWidth = barCount * barWidth + (barCount - 1) * barGap;
  return (
    <div
      className="flex items-center justify-center"
      style={{
        width: totalWidth,
        height: maxBarHeight,
        gap: barGap,
      }}
    >
      {bars.map((height, i) => {
        const barHeight = Math.max(minBarHeight, height);
        return (
          <div
            key={i}
            className="relative"
            style={{
              width: barWidth,
              height: maxBarHeight,
            }}
          >
            <div
              className="absolute left-0 rounded-full transition-[height] duration-75"
              style={{
                width: barWidth,
                height: barHeight,
                top: "50%",
                transform: "translateY(-50%)",
                backgroundColor: barColor,
              }}
            />
          </div>
        );
      })}
    </div>
  );
 }
--- a/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/components/RecordingIndicator.tsx
+++ b/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/components/RecordingIndicator.tsx
@@ -0,0 +1,26 @@
 import { formatElapsedTime } from "../helpers";
 import { AudioWaveform } from "./AudioWaveform";
 type Props = {
  elapsedTime: number;
  audioStream: MediaStream | null;
 };
 export function RecordingIndicator({ elapsedTime, audioStream }: Props) {
  return (
    <div className="flex items-center gap-3">
      <AudioWaveform
        stream={audioStream}
        barCount={20}
        barWidth={3}
        barGap={2}
        barColor="#ef4444"
        minBarHeight={4}
        maxBarHeight={24}
      />
      <span className="min-w-[3ch] text-sm font-medium text-red-500">
        {formatElapsedTime(elapsedTime)}
      </span>
    </div>
  );
 }
--- a/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/helpers.ts
+++ b/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/helpers.ts
@@ -0,0 +1,6 @@
 export function formatElapsedTime(ms: number): string {
  const seconds = Math.floor(ms / 1000);
  const minutes = Math.floor(seconds / 60);
  const remainingSeconds = seconds % 60;
  return `${minutes}:${remainingSeconds.toString().padStart(2, "0")}`;
 }
--- a/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/useChatInput.ts
+++ b/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/useChatInput.ts
@@ -6,7 +6,7 @@ import {
  useState,
 } from "react";
-interface UseChatInputArgs {
+interface Args {
  onSend: (message: string) => void;
  disabled?: boolean;
  maxRows?: number;
@@ -18,7 +18,7 @@ export function useChatInput({
  disabled = false,
  maxRows = 5,
  inputId = "chat-input",
-}: UseChatInputArgs) {
+}: Args) {
  const [value, setValue] = useState("");
  const [hasMultipleLines, setHasMultipleLines] = useState(false);
--- a/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/useVoiceRecording.ts
+++ b/autogpt_platform/frontend/src/components/contextual/Chat/components/ChatInput/useVoiceRecording.ts
@@ -0,0 +1,240 @@
 import { useToast } from "@/components/molecules/Toast/use-toast";
 import React, {
  KeyboardEvent,
  useCallback,
  useEffect,
  useRef,
  useState,
 } from "react";
 const MAX_RECORDING_DURATION = 2 * 60 * 1000; // 2 minutes in ms
 interface Args {
  setValue: React.Dispatch<React.SetStateAction<string>>;
  disabled?: boolean;
  isStreaming?: boolean;
  value: string;
  baseHandleKeyDown: (event: KeyboardEvent<HTMLTextAreaElement>) => void;
 }
 export function useVoiceRecording({
  setValue,
  disabled = false,
  isStreaming = false,
  value,
  baseHandleKeyDown,
 }: Args) {
  const [isRecording, setIsRecording] = useState(false);
  const [isTranscribing, setIsTranscribing] = useState(false);
  const [error, setError] = useState<string | null>(null);
  const [elapsedTime, setElapsedTime] = useState(0);
  const mediaRecorderRef = useRef<MediaRecorder | null>(null);
  const chunksRef = useRef<Blob[]>([]);
  const timerRef = useRef<NodeJS.Timeout | null>(null);
  const startTimeRef = useRef<number>(0);
  const streamRef = useRef<MediaStream | null>(null);
  const isRecordingRef = useRef(false);
  const isSupported =
    typeof window !== "undefined" &&
    !!(navigator.mediaDevices && navigator.mediaDevices.getUserMedia);
  const clearTimer = useCallback(() => {
    if (timerRef.current) {
      clearInterval(timerRef.current);
      timerRef.current = null;
    }
  }, []);
  const cleanup = useCallback(() => {
    clearTimer();
    if (streamRef.current) {
      streamRef.current.getTracks().forEach((track) => track.stop());
      streamRef.current = null;
    }
    mediaRecorderRef.current = null;
    chunksRef.current = [];
    setElapsedTime(0);
  }, [clearTimer]);
  const handleTranscription = useCallback(
    (text: string) => {
      setValue((prev) => {
        const trimmedPrev = prev.trim();
        if (trimmedPrev) {
          return `${trimmedPrev} ${text}`;
        }
        return text;
      });
    },
    [setValue],
  );
  const transcribeAudio = useCallback(
    async (audioBlob: Blob) => {
      setIsTranscribing(true);
      setError(null);
      try {
        const formData = new FormData();
        formData.append("audio", audioBlob);
        const response = await fetch("/api/transcribe", {
          method: "POST",
          body: formData,
        });
        if (!response.ok) {
          const data = await response.json().catch(() => ({}));
          throw new Error(data.error || "Transcription failed");
        }
        const data = await response.json();
        if (data.text) {
          handleTranscription(data.text);
        }
      } catch (err) {
        const message =
          err instanceof Error ? err.message : "Transcription failed";
        setError(message);
        console.error("Transcription error:", err);
      } finally {
        setIsTranscribing(false);
      }
    },
    [handleTranscription],
  );
  const stopRecording = useCallback(() => {
    if (mediaRecorderRef.current && isRecordingRef.current) {
      mediaRecorderRef.current.stop();
      isRecordingRef.current = false;
      setIsRecording(false);
      clearTimer();
    }
  }, [clearTimer]);
  const startRecording = useCallback(async () => {
    if (disabled || isRecordingRef.current || isTranscribing) return;
    setError(null);
    chunksRef.current = [];
    try {
      const stream = await navigator.mediaDevices.getUserMedia({ audio: true });
      streamRef.current = stream;
      const mediaRecorder = new MediaRecorder(stream, {
        mimeType: MediaRecorder.isTypeSupported("audio/webm")
          ? "audio/webm"
          : "audio/mp4",
      });
      mediaRecorderRef.current = mediaRecorder;
      mediaRecorder.ondataavailable = (event) => {
        if (event.data.size > 0) {
          chunksRef.current.push(event.data);
        }
      };
      mediaRecorder.onstop = async () => {
        const audioBlob = new Blob(chunksRef.current, {
          type: mediaRecorder.mimeType,
        });
        // Cleanup stream
        if (streamRef.current) {
          streamRef.current.getTracks().forEach((track) => track.stop());
          streamRef.current = null;
        }
        if (audioBlob.size > 0) {
          await transcribeAudio(audioBlob);
        }
      };
      mediaRecorder.start(1000); // Collect data every second
      isRecordingRef.current = true;
      setIsRecording(true);
      startTimeRef.current = Date.now();
      // Start elapsed time timer
      timerRef.current = setInterval(() => {
        const elapsed = Date.now() - startTimeRef.current;
        setElapsedTime(elapsed);
        // Auto-stop at max duration
        if (elapsed >= MAX_RECORDING_DURATION) {
          stopRecording();
        }
      }, 100);
    } catch (err) {
      console.error("Failed to start recording:", err);
      if (err instanceof DOMException && err.name === "NotAllowedError") {
        setError("Microphone permission denied");
      } else {
        setError("Failed to access microphone");
      }
      cleanup();
    }
  }, [disabled, isTranscribing, stopRecording, transcribeAudio, cleanup]);
  const toggleRecording = useCallback(() => {
    if (isRecording) {
      stopRecording();
    } else {
      startRecording();
    }
  }, [isRecording, startRecording, stopRecording]);
  const { toast } = useToast();
  useEffect(() => {
    if (error) {
      toast({
        title: "Voice recording failed",
        description: error,
        variant: "destructive",
      });
    }
  }, [error, toast]);
  const handleKeyDown = useCallback(
    (event: KeyboardEvent<HTMLTextAreaElement>) => {
      if (event.key === " " && !value.trim() && !isTranscribing) {
        event.preventDefault();
        toggleRecording();
        return;
      }
      baseHandleKeyDown(event);
    },
    [value, isTranscribing, toggleRecording, baseHandleKeyDown],
  );
  const showMicButton = isSupported && !isStreaming;
  const isInputDisabled = disabled || isStreaming || isTranscribing;
  // Cleanup on unmount
  useEffect(() => {
    return () => {
      cleanup();
    };
  }, [cleanup]);
  return {
    isRecording,
    isTranscribing,
    error,
    elapsedTime,
    startRecording,
    stopRecording,
    toggleRecording,
    isSupported,
    handleKeyDown,
    showMicButton,
    isInputDisabled,
    audioStream: streamRef.current,
  };
 }
--- a/autogpt_platform/frontend/src/components/contextual/Chat/components/MarkdownContent/MarkdownContent.tsx
+++ b/autogpt_platform/frontend/src/components/contextual/Chat/components/MarkdownContent/MarkdownContent.tsx
@@ -1,6 +1,8 @@
 "use client";
 import { getGetWorkspaceDownloadFileByIdUrl } from "@/app/api/__generated__/endpoints/workspace/workspace";
 import { cn } from "@/lib/utils";
 import { EyeSlash } from "@phosphor-icons/react";
 import React from "react";
 import ReactMarkdown from "react-markdown";
 import remarkGfm from "remark-gfm";
@@ -29,12 +31,88 @@ interface InputProps extends React.InputHTMLAttributes<HTMLInputElement> {
  type?: string;
 }
 /**
 * Converts a workspace:// URL to a proxy URL that routes through Next.js to the backend.
 * workspace://abc123 -> /api/proxy/api/workspace/files/abc123/download
 *
 * Uses the generated API URL helper and routes through the Next.js proxy
 * which handles authentication and proper backend routing.
 */
 /**
 * URL transformer for ReactMarkdown.
 * Converts workspace:// URLs to proxy URLs that route through Next.js to the backend.
 * workspace://abc123 -> /api/proxy/api/workspace/files/abc123/download
 *
 * This is needed because ReactMarkdown sanitizes URLs and only allows
 * http, https, mailto, and tel protocols by default.
 */
 function resolveWorkspaceUrl(src: string): string {
  if (src.startsWith("workspace://")) {
    const fileId = src.replace("workspace://", "");
    // Use the generated API URL helper to get the correct path
    const apiPath = getGetWorkspaceDownloadFileByIdUrl(fileId);
    // Route through the Next.js proxy (same pattern as customMutator for client-side)
    return `/api/proxy${apiPath}`;
  }
  return src;
 }
 /**
 * Check if the image URL is a workspace file (AI cannot see these yet).
 * After URL transformation, workspace files have URLs like /api/proxy/api/workspace/files/...
 */
 function isWorkspaceImage(src: string | undefined): boolean {
  return src?.includes("/workspace/files/") ?? false;
 }
 /**
 * Custom image component that shows an indicator when the AI cannot see the image.
 * Note: src is already transformed by urlTransform, so workspace:// is now /api/workspace/...
 */
 function MarkdownImage(props: Record<string, unknown>) {
  const src = props.src as string | undefined;
  const alt = props.alt as string | undefined;
  const aiCannotSee = isWorkspaceImage(src);
  // If no src, show a placeholder
  if (!src) {
    return (
      <span className="my-2 inline-block rounded border border-amber-200 bg-amber-50 px-2 py-1 text-sm text-amber-700">
        [Image: {alt || "missing src"}]
      </span>
    );
  }
  return (
    <span className="relative my-2 inline-block">
      {/* eslint-disable-next-line @next/next/no-img-element */}
      <img
        src={src}
        alt={alt || "Image"}
        className="h-auto max-w-full rounded-md border border-zinc-200"
        loading="lazy"
      />
      {aiCannotSee && (
        <span
          className="absolute bottom-2 right-2 flex items-center gap-1 rounded bg-black/70 px-2 py-1 text-xs text-white"
          title="The AI cannot see this image"
        >
          <EyeSlash size={14} />
          <span>AI cannot see this image</span>
        </span>
      )}
    </span>
  );
 }
 export function MarkdownContent({ content, className }: MarkdownContentProps) {
  return (
    <div className={cn("markdown-content", className)}>
      <ReactMarkdown
        skipHtml={true}
        remarkPlugins={[remarkGfm]}
        urlTransform={resolveWorkspaceUrl}
        components={{
          code: ({ children, className, ...props }: CodeProps) => {
            const isInline = !className?.includes("language-");
@@ -206,6 +284,9 @@ export function MarkdownContent({ content, className }: MarkdownContentProps) {
              {children}
            </td>
          ),
          img: ({ src, alt, ...props }) => (
            <MarkdownImage src={src} alt={alt} {...props} />
          ),
        }}
      >
        {content}
--- a/autogpt_platform/frontend/src/components/contextual/Chat/components/ToolResponseMessage/helpers.ts
+++ b/autogpt_platform/frontend/src/components/contextual/Chat/components/ToolResponseMessage/helpers.ts
@@ -37,6 +37,87 @@ export function getErrorMessage(result: unknown): string {
  return "An error occurred";
 }
 /**
 * Check if a value is a workspace file reference.
 */
 function isWorkspaceRef(value: unknown): value is string {
  return typeof value === "string" && value.startsWith("workspace://");
 }
 /**
 * Check if a workspace reference appears to be an image based on common patterns.
 * Since workspace refs don't have extensions, we check the context or assume image
 * for certain block types.
 *
 * TODO: Replace keyword matching with MIME type encoded in workspace ref.
 * e.g., workspace://abc123#image/png or workspace://abc123#video/mp4
 * This would let frontend render correctly without fragile keyword matching.
 */
 function isLikelyImageRef(value: string, outputKey?: string): boolean {
  if (!isWorkspaceRef(value)) return false;
  // Check output key name for video-related hints (these are NOT images)
  const videoKeywords = ["video", "mp4", "mov", "avi", "webm", "movie", "clip"];
  if (outputKey) {
    const lowerKey = outputKey.toLowerCase();
    if (videoKeywords.some((kw) => lowerKey.includes(kw))) {
      return false;
    }
  }
  // Check output key name for image-related hints
  const imageKeywords = [
    "image",
    "img",
    "photo",
    "picture",
    "thumbnail",
    "avatar",
    "icon",
    "screenshot",
  ];
  if (outputKey) {
    const lowerKey = outputKey.toLowerCase();
    if (imageKeywords.some((kw) => lowerKey.includes(kw))) {
      return true;
    }
  }
  // Default to treating workspace refs as potential images
  // since that's the most common case for generated content
  return true;
 }
 /**
 * Format a single output value, converting workspace refs to markdown images.
 */
 function formatOutputValue(value: unknown, outputKey?: string): string {
  if (isWorkspaceRef(value) && isLikelyImageRef(value, outputKey)) {
    // Format as markdown image
    return `![${outputKey || "Generated image"}](${value})`;
  }
  if (typeof value === "string") {
    // Check for data URIs (images)
    if (value.startsWith("data:image/")) {
      return `![${outputKey || "Generated image"}](${value})`;
    }
    return value;
  }
  if (Array.isArray(value)) {
    return value
      .map((item, idx) => formatOutputValue(item, `${outputKey}_${idx}`))
      .join("\n\n");
  }
  if (typeof value === "object" && value !== null) {
    return JSON.stringify(value, null, 2);
  }
  return String(value);
 }
 function getToolCompletionPhrase(toolName: string): string {
  const toolCompletionPhrases: Record<string, string> = {
    add_understanding: "Updated your business information",
@@ -127,10 +208,26 @@ export function formatToolResponse(result: unknown, toolName: string): string {
    case "block_output":
      const blockName = (response.block_name as string) || "Block";
-      const outputs = response.outputs as Record<string, unknown> | undefined;
+      const outputs = response.outputs as Record<string, unknown[]> | undefined;
      if (outputs && Object.keys(outputs).length > 0) {
-        const outputKeys = Object.keys(outputs);
+        const formattedOutputs: string[] = [];
-        return `${blockName} executed successfully. Outputs: ${outputKeys.join(", ")}`;
+
        for (const [key, values] of Object.entries(outputs)) {
          if (!Array.isArray(values) || values.length === 0) continue;
          // Format each value in the output array
          for (const value of values) {
            const formatted = formatOutputValue(value, key);
            if (formatted) {
              formattedOutputs.push(formatted);
            }
          }
        }
        if (formattedOutputs.length > 0) {
          return `${blockName} executed successfully.\n\n${formattedOutputs.join("\n\n")}`;
        }
        return `${blockName} executed successfully.`;
      }
      return `${blockName} executed successfully.`;
--- a/autogpt_platform/frontend/src/components/layout/Navbar/components/NavbarLink.tsx
+++ b/autogpt_platform/frontend/src/components/layout/Navbar/components/NavbarLink.tsx
@@ -1,6 +1,7 @@
 "use client";
 import { IconLaptop } from "@/components/__legacy__/ui/icons";
 import { getHomepageRoute } from "@/lib/constants";
 import { cn } from "@/lib/utils";
 import { Flag, useGetFlag } from "@/services/feature-flags/use-get-flag";
 import { ListChecksIcon } from "@phosphor-icons/react/dist/ssr";
@@ -23,11 +24,11 @@ interface Props {
 export function NavbarLink({ name, href }: Props) {
  const pathname = usePathname();
  const isChatEnabled = useGetFlag(Flag.CHAT);
-  const expectedHomeRoute = isChatEnabled ? "/copilot" : "/library";
+  const homepageRoute = getHomepageRoute(isChatEnabled);
  const isActive =
-    href === expectedHomeRoute
+    href === homepageRoute
-      ? pathname === "/" || pathname.startsWith(expectedHomeRoute)
+      ? pathname === "/" || pathname.startsWith(homepageRoute)
      : pathname.includes(href);
  return (
--- a/autogpt_platform/frontend/src/hooks/useAgentGraph.tsx
+++ b/autogpt_platform/frontend/src/hooks/useAgentGraph.tsx
@@ -66,7 +66,7 @@ export default function useAgentGraph(
  >(null);
  const [xyNodes, setXYNodes] = useState<CustomNode[]>([]);
  const [xyEdges, setXYEdges] = useState<CustomEdge[]>([]);
-  const betaBlocks = useGetFlag(Flag.BETA_BLOCKS) as string[];
+  const betaBlocks = useGetFlag(Flag.BETA_BLOCKS);
  // Filter blocks based on beta flags
  const availableBlocks = useMemo(() => {
--- a/autogpt_platform/frontend/src/lib/autogpt-server-api/types.ts
+++ b/autogpt_platform/frontend/src/lib/autogpt-server-api/types.ts
@@ -516,7 +516,7 @@ export type GraphValidationErrorResponse = {
 /* *** LIBRARY *** */
-/* Mirror of backend/server/v2/library/model.py:LibraryAgent */
+/* Mirror of backend/api/features/library/model.py:LibraryAgent */
 export type LibraryAgent = {
  id: LibraryAgentID;
  graph_id: GraphID;
@@ -616,7 +616,7 @@ export enum LibraryAgentSortEnum {
 /* *** CREDENTIALS *** */
-/* Mirror of backend/server/integrations/router.py:CredentialsMetaResponse */
+/* Mirror of backend/api/features/integrations/router.py:CredentialsMetaResponse */
 export type CredentialsMetaResponse = {
  id: string;
  provider: CredentialsProviderName;
@@ -628,13 +628,13 @@ export type CredentialsMetaResponse = {
  is_system?: boolean;
 };
-/* Mirror of backend/server/integrations/router.py:CredentialsDeletionResponse */
+/* Mirror of backend/api/features/integrations/router.py:CredentialsDeletionResponse */
 export type CredentialsDeleteResponse = {
  deleted: true;
  revoked: boolean | null;
 };
-/* Mirror of backend/server/integrations/router.py:CredentialsDeletionNeedsConfirmationResponse */
+/* Mirror of backend/api/features/integrations/router.py:CredentialsDeletionNeedsConfirmationResponse */
 export type CredentialsDeleteNeedConfirmationResponse = {
  deleted: false;
  need_confirmation: true;
@@ -888,7 +888,7 @@ export type Schedule = {
 export type ScheduleID = Brand<string, "ScheduleID">;
-/* Mirror of backend/server/routers/v1.py:ScheduleCreationRequest */
+/* Mirror of backend/api/features/v1.py:ScheduleCreationRequest */
 export type ScheduleCreatable = {
  graph_id: GraphID;
  graph_version: number;
--- a/autogpt_platform/frontend/src/lib/constants.ts
+++ b/autogpt_platform/frontend/src/lib/constants.ts
@@ -11,3 +11,10 @@ export const API_KEY_HEADER_NAME = "X-API-Key";
 // Layout
 export const NAVBAR_HEIGHT_PX = 60;
 // Routes
 export function getHomepageRoute(isChatEnabled?: boolean | null): string {
  if (isChatEnabled === true) return "/copilot";
  if (isChatEnabled === false) return "/library";
  return "/";
 }
--- a/autogpt_platform/frontend/src/lib/supabase/helpers.ts
+++ b/autogpt_platform/frontend/src/lib/supabase/helpers.ts
@@ -1,3 +1,4 @@
 import { getHomepageRoute } from "@/lib/constants";
 import { environment } from "@/services/environment";
 import { Key, storage } from "@/services/storage/local-storage";
 import { type CookieOptions } from "@supabase/ssr";
@@ -70,7 +71,7 @@ export function getRedirectPath(
  }
  if (isAdminPage(path) && userRole !== "admin") {
-    return "/";
+    return getHomepageRoute();
  }
  return null;
--- a/autogpt_platform/frontend/src/lib/supabase/middleware.ts
+++ b/autogpt_platform/frontend/src/lib/supabase/middleware.ts
@@ -1,3 +1,4 @@
 import { getHomepageRoute } from "@/lib/constants";
 import { environment } from "@/services/environment";
 import { createServerClient } from "@supabase/ssr";
 import { NextResponse, type NextRequest } from "next/server";
@@ -66,7 +67,7 @@ export async function updateSession(request: NextRequest) {
    // 2. Check if user is authenticated but lacks admin role when accessing admin pages
    if (user && userRole !== "admin" && isAdminPage(pathname)) {
-      url.pathname = "/";
+      url.pathname = getHomepageRoute();
      return NextResponse.redirect(url);
    }
--- a/autogpt_platform/frontend/src/providers/onboarding/onboarding-provider.tsx
+++ b/autogpt_platform/frontend/src/providers/onboarding/onboarding-provider.tsx
@@ -23,7 +23,9 @@ import {
  WebSocketNotification,
 } from "@/lib/autogpt-server-api";
 import { useBackendAPI } from "@/lib/autogpt-server-api/context";
 import { getHomepageRoute } from "@/lib/constants";
 import { useSupabase } from "@/lib/supabase/hooks/useSupabase";
 import { Flag, useGetFlag } from "@/services/feature-flags/use-get-flag";
 import Link from "next/link";
 import { usePathname, useRouter } from "next/navigation";
 import {
@@ -102,6 +104,8 @@ export default function OnboardingProvider({
  const pathname = usePathname();
  const router = useRouter();
  const { isLoggedIn } = useSupabase();
  const isChatEnabled = useGetFlag(Flag.CHAT);
  const homepageRoute = getHomepageRoute(isChatEnabled);
  useOnboardingTimezoneDetection();
@@ -146,7 +150,7 @@ export default function OnboardingProvider({
        if (isOnOnboardingRoute) {
          const enabled = await resolveResponse(getV1IsOnboardingEnabled());
          if (!enabled) {
-            router.push("/");
+            router.push(homepageRoute);
            return;
          }
        }
@@ -158,7 +162,7 @@ export default function OnboardingProvider({
          isOnOnboardingRoute &&
          shouldRedirectFromOnboarding(onboarding.completedSteps, pathname)
        ) {
-          router.push("/");
+          router.push(homepageRoute);
        }
      } catch (error) {
        console.error("Failed to initialize onboarding:", error);
@@ -173,7 +177,7 @@ export default function OnboardingProvider({
    }
    initializeOnboarding();
-  }, [api, isOnOnboardingRoute, router, isLoggedIn, pathname]);
+  }, [api, homepageRoute, isOnOnboardingRoute, router, isLoggedIn, pathname]);
  const handleOnboardingNotification = useCallback(
    (notification: WebSocketNotification) => {
--- a/autogpt_platform/frontend/src/services/environment/index.ts
+++ b/autogpt_platform/frontend/src/services/environment/index.ts
@@ -83,10 +83,6 @@ function getPostHogCredentials() {
  };
 }
 function getLaunchDarklyClientId() {
  return process.env.NEXT_PUBLIC_LAUNCHDARKLY_CLIENT_ID;
 }
 function isProductionBuild() {
  return process.env.NODE_ENV === "production";
 }
@@ -124,10 +120,7 @@ function isVercelPreview() {
 }
 function areFeatureFlagsEnabled() {
-  return (
+  return process.env.NEXT_PUBLIC_LAUNCHDARKLY_ENABLED === "enabled";
    process.env.NEXT_PUBLIC_LAUNCHDARKLY_ENABLED === "true" &&
    Boolean(process.env.NEXT_PUBLIC_LAUNCHDARKLY_CLIENT_ID)
  );
 }
 function isPostHogEnabled() {
@@ -150,7 +143,6 @@ export const environment = {
  getSupabaseAnonKey,
  getPreviewStealingDev,
  getPostHogCredentials,
  getLaunchDarklyClientId,
  // Assertions
  isServerSide,
  isClientSide,
--- a/autogpt_platform/frontend/src/services/feature-flags/FeatureFlagPage.tsx
+++ b/autogpt_platform/frontend/src/services/feature-flags/FeatureFlagPage.tsx
@@ -1,59 +0,0 @@
 "use client";
 import { LoadingSpinner } from "@/components/atoms/LoadingSpinner/LoadingSpinner";
 import { useLDClient } from "launchdarkly-react-client-sdk";
 import { useRouter } from "next/navigation";
 import { ReactNode, useEffect, useState } from "react";
 import { environment } from "../environment";
 import { Flag, useGetFlag } from "./use-get-flag";
 interface FeatureFlagRedirectProps {
  flag: Flag;
  whenDisabled: string;
  children: ReactNode;
 }
 export function FeatureFlagPage({
  flag,
  whenDisabled,
  children,
 }: FeatureFlagRedirectProps) {
  const [isLoading, setIsLoading] = useState(true);
  const router = useRouter();
  const flagValue = useGetFlag(flag);
  const ldClient = useLDClient();
  const ldEnabled = environment.areFeatureFlagsEnabled();
  const ldReady = Boolean(ldClient);
  const flagEnabled = Boolean(flagValue);
  useEffect(() => {
    const initialize = async () => {
      if (!ldEnabled) {
        router.replace(whenDisabled);
        setIsLoading(false);
        return;
      }
      // Wait for LaunchDarkly to initialize when enabled to prevent race conditions
      if (ldEnabled && !ldReady) return;
      try {
        await ldClient?.waitForInitialization();
        if (!flagEnabled) router.replace(whenDisabled);
      } catch (error) {
        console.error(error);
        router.replace(whenDisabled);
      } finally {
        setIsLoading(false);
      }
    };
    initialize();
  }, [ldReady, flagEnabled]);
  return isLoading || !flagEnabled ? (
    <LoadingSpinner size="large" cover />
  ) : (
    <>{children}</>
  );
 }
--- a/Show More
+++ b/Show More