fix(backend/util): rewrite SafeJson to prevent Invalid \escape errors

Completely rewrote SafeJson implementation to fix "Invalid \escape" errors
occurring in /upsert_execution_output endpoint.

**Problem:**
- Data containing literal backslash-u sequences (e.g., "\u0000" as text)
  caused JSON parse errors
- Previous approach removed escape sequences from JSON strings, which
  created invalid JSON like "\w" after removing "\\u0000"
- Error: "Invalid \escape: line 1 column 36404 (char 36403)"

**Solution:**
- Rewritten to work on Python data structures instead of JSON strings
- Added _sanitize_value() helper that recursively walks through dicts,
  lists, and tuples to remove control characters from strings
- Eliminates serialize → sanitize → deserialize cycle
- Preserves all valid content (backslashes, paths, literal text)

**Changes:**
- Removed POSTGRES_JSON_ESCAPES regex (no longer needed)
- Added recursive _sanitize_value() function
- Simplified SafeJson() to convert Pydantic models and sanitize data
- Added "import json # noqa: F401" for backwards compatibility

**Testing:**
- Verified fix resolves the Invalid \escape error
- All existing SafeJson tests pass
- Problematic data no longer causes parsing errors

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.deepsource.toml

@@ -0,0 +1,18 @@
+version = 1
+
+test_patterns = ["**/*.spec.ts","**/*_test.py","**/*_tests.py","**/test_*.py"]
+
+exclude_patterns = ["classic/**"]
+
+[[analyzers]]
+name = "javascript"
+
+[analyzers.meta]
+plugins = ["react"]
+environment = ["nodejs"]
+
+[[analyzers]]
+name = "python"
+
+[analyzers.meta]
+runtime_version = "3.x.x"

.dockerignore

@@ -1,40 +1,65 @@
 # Ignore everything by default, selectively add things to context
 *
 
-# AutoGPT
-!autogpt/autogpt/
-!autogpt/pyproject.toml
-!autogpt/poetry.lock
-!autogpt/README.md
-!autogpt/tests/
+# Platform - Libs
+!autogpt_platform/autogpt_libs/autogpt_libs/
+!autogpt_platform/autogpt_libs/pyproject.toml
+!autogpt_platform/autogpt_libs/poetry.lock
+!autogpt_platform/autogpt_libs/README.md
 
-# Benchmark
-!benchmark/agbenchmark/
-!benchmark/pyproject.toml
-!benchmark/poetry.lock
-!benchmark/README.md
+# Platform - Backend
+!autogpt_platform/backend/backend/
+!autogpt_platform/backend/test/e2e_test_data.py
+!autogpt_platform/backend/migrations/
+!autogpt_platform/backend/schema.prisma
+!autogpt_platform/backend/pyproject.toml
+!autogpt_platform/backend/poetry.lock
+!autogpt_platform/backend/README.md
+!autogpt_platform/backend/.env
 
-# Forge
-!forge/forge/
-!forge/pyproject.toml
-!forge/poetry.lock
-!forge/README.md
+# Platform - Market
+!autogpt_platform/market/market/
+!autogpt_platform/market/scripts.py
+!autogpt_platform/market/schema.prisma
+!autogpt_platform/market/pyproject.toml
+!autogpt_platform/market/poetry.lock
+!autogpt_platform/market/README.md
 
-# Frontend
-!frontend/build/web/
+# Platform - Frontend
+!autogpt_platform/frontend/src/
+!autogpt_platform/frontend/public/
+!autogpt_platform/frontend/scripts/
+!autogpt_platform/frontend/package.json
+!autogpt_platform/frontend/pnpm-lock.yaml
+!autogpt_platform/frontend/tsconfig.json
+!autogpt_platform/frontend/README.md
+## config
+!autogpt_platform/frontend/*.config.*
+!autogpt_platform/frontend/.env.*
+!autogpt_platform/frontend/.env
 
-# rnd
-!rnd/
+# Classic - AutoGPT
+!classic/original_autogpt/autogpt/
+!classic/original_autogpt/pyproject.toml
+!classic/original_autogpt/poetry.lock
+!classic/original_autogpt/README.md
+!classic/original_autogpt/tests/
+
+# Classic - Benchmark
+!classic/benchmark/agbenchmark/
+!classic/benchmark/pyproject.toml
+!classic/benchmark/poetry.lock
+!classic/benchmark/README.md
+
+# Classic - Forge
+!classic/forge/
+!classic/forge/pyproject.toml
+!classic/forge/poetry.lock
+!classic/forge/README.md
+
+# Classic - Frontend
+!classic/frontend/build/web/
 
 # Explicitly re-ignore some folders
 .*
 **/__pycache__
-# rnd
-rnd/autogpt_builder/.next/
-rnd/autogpt_builder/node_modules
-rnd/autogpt_builder/.env.example
-rnd/autogpt_builder/.env.local
-rnd/autogpt_server/.env
-rnd/autogpt_server/.venv/
-
-rnd/market/.env

.gitattributes

@@ -1,10 +1,10 @@
-frontend/build/** linguist-generated
+classic/frontend/build/** linguist-generated
 
 **/poetry.lock linguist-generated
 
 docs/_javascript/** linguist-vendored
 
 # Exclude VCR cassettes from stats
-forge/tests/vcr_cassettes/**/**.y*ml linguist-generated
+classic/forge/tests/vcr_cassettes/**/**.y*ml linguist-generated
 
 * text=auto

.github/CODEOWNERS

@@ -1,7 +1,7 @@
 * @Significant-Gravitas/maintainers
 .github/workflows/ @Significant-Gravitas/devops
-forge/ @Significant-Gravitas/forge-maintainers
-benchmark/ @Significant-Gravitas/benchmark-maintainers
-frontend/ @Significant-Gravitas/frontend-maintainers
-rnd/infra @Significant-Gravitas/devops
+classic/forge/ @Significant-Gravitas/forge-maintainers
+classic/benchmark/ @Significant-Gravitas/benchmark-maintainers
+classic/frontend/ @Significant-Gravitas/frontend-maintainers
+autogpt_platform/infra @Significant-Gravitas/devops
 .github/CODEOWNERS @Significant-Gravitas/admins

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,31 +1,39 @@
-### Background
-
 <!-- Clearly explain the need for these changes: -->
 
 ### Changes 🏗️
 
 <!-- Concisely describe all of the changes made in this pull request: -->
 
-### PR Quality Scorecard ✨
+### Checklist 📋
 
-<!--
-Check out our contribution guide:
-https://github.com/Significant-Gravitas/AutoGPT/wiki/Contributing
+#### For code changes:
+- [ ] I have clearly listed my changes in the PR description
+- [ ] I have made a test plan
+- [ ] I have tested my changes according to the test plan:
+  <!-- Put your test plan here: -->
+  - [ ] ...
 
-1. Avoid duplicate work, issues, PRs etc.
-2. Also consider contributing something other than code; see the [contribution guide]
-   for options.
-3. Clearly explain your changes.
-4. Avoid making unnecessary changes, especially if they're purely based on personal
-   preferences. Doing so is the maintainers' job. ;-)
--->
+<details>
+  <summary>Example test plan</summary>
+  
+  - [ ] Create from scratch and execute an agent with at least 3 blocks
+  - [ ] Import an agent from file upload, and confirm it executes correctly
+  - [ ] Upload agent to marketplace
+  - [ ] Import an agent from marketplace and confirm it executes correctly
+  - [ ] Edit an agent from monitor, and confirm it executes correctly
+</details>
 
-- [x] Have you used the PR description template? &ensp; `+2 pts`
-- [ ] Is your pull request atomic, focusing on a single change? &ensp; `+5 pts`
-- [ ] Have you linked the GitHub issue(s) that this PR addresses? &ensp; `+5 pts`
-- [ ] Have you documented your changes clearly and comprehensively? &ensp; `+5 pts`
-- [ ] Have you changed or added a feature? &ensp; `-4 pts`
-  - [ ] Have you added/updated corresponding documentation? &ensp; `+4 pts`
-  - [ ] Have you added/updated corresponding integration tests? &ensp; `+5 pts`
-- [ ] Have you changed the behavior of AutoGPT? &ensp; `-5 pts`
-  - [ ] Have you also run `agbenchmark` to verify that these changes do not regress performance? &ensp; `+10 pts`
+#### For configuration changes:
+
+- [ ] `.env.default` is updated or already compatible with my changes
+- [ ] `docker-compose.yml` is updated or already compatible with my changes
+- [ ] I have included a list of my configuration changes in the PR description (under **Changes**)
+
+<details>
+  <summary>Examples of configuration changes</summary>
+
+  - Changing ports
+  - Adding new services that need to communicate with each other
+  - Secrets or environment variable changes
+  - New or infrastructure changes such as databases
+</details>

.github/copilot-instructions.md

@@ -0,0 +1,244 @@
+# GitHub Copilot Instructions for AutoGPT
+
+This file provides comprehensive onboarding information for GitHub Copilot coding agent to work efficiently with the AutoGPT repository.
+
+## Repository Overview
+
+**AutoGPT** is a powerful platform for creating, deploying, and managing continuous AI agents that automate complex workflows. This is a large monorepo (~150MB) containing multiple components:
+
+- **AutoGPT Platform** (`autogpt_platform/`) - Main focus: Modern AI agent platform (Polyform Shield License)
+- **Classic AutoGPT** (`classic/`) - Legacy agent system (MIT License)
+- **Documentation** (`docs/`) - MkDocs-based documentation site
+- **Infrastructure** - Docker configurations, CI/CD, and development tools
+
+**Primary Languages & Frameworks:**
+- **Backend**: Python 3.10-3.13, FastAPI, Prisma ORM, PostgreSQL, RabbitMQ
+- **Frontend**: TypeScript, Next.js 15, React, Tailwind CSS, Radix UI
+- **Development**: Docker, Poetry, pnpm, Playwright, Storybook
+
+## Build and Validation Instructions
+
+### Essential Setup Commands
+
+**Always run these commands in the correct directory and in this order:**
+
+1. **Initial Setup** (required once):
+   ```bash
+   # Clone and enter repository
+   git clone <repo> && cd AutoGPT
+   
+   # Start all services (database, redis, rabbitmq, clamav)
+   cd autogpt_platform && docker compose --profile local up deps --build --detach
+   ```
+
+2. **Backend Setup** (always run before backend development):
+   ```bash
+   cd autogpt_platform/backend
+   poetry install                    # Install dependencies
+   poetry run prisma migrate dev     # Run database migrations
+   poetry run prisma generate        # Generate Prisma client
+   ```
+
+3. **Frontend Setup** (always run before frontend development):
+   ```bash
+   cd autogpt_platform/frontend
+   pnpm install                      # Install dependencies
+   ```
+
+### Runtime Requirements
+
+**Critical:** Always ensure Docker services are running before starting development:
+```bash
+cd autogpt_platform && docker compose --profile local up deps --build --detach
+```
+
+**Python Version:** Use Python 3.11 (required; managed by Poetry via pyproject.toml)
+**Node.js Version:** Use Node.js 21+ with pnpm package manager
+
+### Development Commands
+
+**Backend Development:**
+```bash
+cd autogpt_platform/backend
+poetry run serve                     # Start development server (port 8000)
+poetry run test                      # Run all tests (requires ~5 minutes)
+poetry run pytest path/to/test.py    # Run specific test
+poetry run format                    # Format code (Black + isort) - always run first
+poetry run lint                      # Lint code (ruff) - run after format
+```
+
+**Frontend Development:**
+```bash
+cd autogpt_platform/frontend
+pnpm dev                            # Start development server (port 3000) - use for active development
+pnpm build                          # Build for production (only needed for E2E tests or deployment)
+pnpm test                           # Run Playwright E2E tests (requires build first)
+pnpm test-ui                        # Run tests with UI
+pnpm format                         # Format and lint code
+pnpm storybook                      # Start component development server
+```
+
+### Testing Strategy
+
+**Backend Tests:**
+- **Block Tests**: `poetry run pytest backend/blocks/test/test_block.py -xvs` (validates all blocks)
+- **Specific Block**: `poetry run pytest 'backend/blocks/test/test_block.py::test_available_blocks[BlockName]' -xvs`
+- **Snapshot Tests**: Use `--snapshot-update` when output changes, always review with `git diff`
+
+**Frontend Tests:**
+- **E2E Tests**: Always run `pnpm dev` before `pnpm test` (Playwright requires running instance)
+- **Component Tests**: Use Storybook for isolated component development
+
+### Critical Validation Steps
+
+**Before committing changes:**
+1. Run `poetry run format` (backend) and `pnpm format` (frontend)
+2. Ensure all tests pass in modified areas
+3. Verify Docker services are still running
+4. Check that database migrations apply cleanly
+
+**Common Issues & Workarounds:**
+- **Prisma issues**: Run `poetry run prisma generate` after schema changes
+- **Permission errors**: Ensure Docker has proper permissions
+- **Port conflicts**: Check the `docker-compose.yml` file for the current list of exposed ports. You can list all mapped ports with:
+- **Test timeouts**: Backend tests can take 5+ minutes, use `-x` flag to stop on first failure
+
+## Project Layout & Architecture
+
+### Core Architecture
+
+**AutoGPT Platform** (`autogpt_platform/`):
+- `backend/` - FastAPI server with async support
+  - `backend/backend/` - Core API logic
+  - `backend/blocks/` - Agent execution blocks
+  - `backend/data/` - Database models and schemas
+  - `schema.prisma` - Database schema definition
+- `frontend/` - Next.js application
+  - `src/app/` - App Router pages and layouts
+  - `src/components/` - Reusable React components
+  - `src/lib/` - Utilities and configurations
+- `autogpt_libs/` - Shared Python utilities
+- `docker-compose.yml` - Development stack orchestration
+
+**Key Configuration Files:**
+- `pyproject.toml` - Python dependencies and tooling
+- `package.json` - Node.js dependencies and scripts
+- `schema.prisma` - Database schema and migrations
+- `next.config.mjs` - Next.js configuration
+- `tailwind.config.ts` - Styling configuration
+
+### Security & Middleware
+
+**Cache Protection**: Backend includes middleware preventing sensitive data caching in browsers/proxies
+**Authentication**: JWT-based with Supabase integration
+**User ID Validation**: All data access requires user ID checks - verify this for any `data/*.py` changes
+
+### Development Workflow
+
+**GitHub Actions**: Multiple CI/CD workflows in `.github/workflows/`
+- `platform-backend-ci.yml` - Backend testing and validation
+- `platform-frontend-ci.yml` - Frontend testing and validation
+- `platform-fullstack-ci.yml` - End-to-end integration tests
+
+**Pre-commit Hooks**: Run linting and formatting checks
+**Conventional Commits**: Use format `type(scope): description` (e.g., `feat(backend): add API`)
+
+### Key Source Files
+
+**Backend Entry Points:**
+- `backend/backend/server/server.py` - FastAPI application setup
+- `backend/backend/data/` - Database models and user management
+- `backend/blocks/` - Agent execution blocks and logic
+
+**Frontend Entry Points:**
+- `frontend/src/app/layout.tsx` - Root application layout
+- `frontend/src/app/page.tsx` - Home page
+- `frontend/src/lib/supabase/` - Authentication and database client
+
+**Protected Routes**: Update `frontend/lib/supabase/middleware.ts` when adding protected routes
+
+### Agent Block System
+
+Agents are built using a visual block-based system where each block performs a single action. Blocks are defined in `backend/blocks/` and must include:
+- Block definition with input/output schemas
+- Execution logic with proper error handling
+- Tests validating functionality
+
+### Database & ORM
+
+**Prisma ORM** with PostgreSQL backend including pgvector for embeddings:
+- Schema in `schema.prisma`
+- Migrations in `backend/migrations/`
+- Always run `prisma migrate dev` and `prisma generate` after schema changes
+
+## Environment Configuration
+
+### Configuration Files Priority Order
+1. **Backend**: `/backend/.env.default` → `/backend/.env` (user overrides)
+2. **Frontend**: `/frontend/.env.default` → `/frontend/.env` (user overrides)  
+3. **Platform**: `/.env.default` (Supabase/shared) → `/.env` (user overrides)
+4. Docker Compose `environment:` sections override file-based config
+5. Shell environment variables have highest precedence
+
+### Docker Environment Setup
+- All services use hardcoded defaults (no `${VARIABLE}` substitutions)
+- The `env_file` directive loads variables INTO containers at runtime
+- Backend/Frontend services use YAML anchors for consistent configuration
+- Copy `.env.default` files to `.env` for local development customization
+
+## Advanced Development Patterns
+
+### Adding New Blocks
+1. Create file in `/backend/backend/blocks/`
+2. Inherit from `Block` base class with input/output schemas
+3. Implement `run` method with proper error handling
+4. Generate block UUID using `uuid.uuid4()`
+5. Register in block registry
+6. Write tests alongside block implementation
+7. Consider how inputs/outputs connect with other blocks in graph editor
+
+### API Development
+1. Update routes in `/backend/backend/server/routers/`
+2. Add/update Pydantic models in same directory
+3. Write tests alongside route files
+4. For `data/*.py` changes, validate user ID checks
+5. Run `poetry run test` to verify changes
+
+### Frontend Development
+1. Components in `/frontend/src/components/`
+2. Use existing UI components from `/frontend/src/components/ui/`
+3. Add Storybook stories for component development
+4. Test user-facing features with Playwright E2E tests
+5. Update protected routes in middleware when needed
+
+### Security Guidelines
+**Cache Protection Middleware** (`/backend/backend/server/middleware/security.py`):
+- Default: Disables caching for ALL endpoints with `Cache-Control: no-store, no-cache, must-revalidate, private`
+- Uses allow list approach for cacheable paths (static assets, health checks, public pages)
+- Prevents sensitive data caching in browsers/proxies
+- Add new cacheable endpoints to `CACHEABLE_PATHS`
+
+### CI/CD Alignment
+The repository has comprehensive CI workflows that test:
+- **Backend**: Python 3.11-3.13, services (Redis/RabbitMQ/ClamAV), Prisma migrations, Poetry lock validation
+- **Frontend**: Node.js 21, pnpm, Playwright with Docker Compose stack, API schema validation
+- **Integration**: Full-stack type checking and E2E testing
+
+Match these patterns when developing locally - the copilot setup environment mirrors these CI configurations.
+
+## Collaboration with Other AI Assistants
+
+This repository is actively developed with assistance from Claude (via CLAUDE.md files). When working on this codebase:
+- Check for existing CLAUDE.md files that provide additional context
+- Follow established patterns and conventions already in the codebase
+- Maintain consistency with existing code style and architecture
+- Consider that changes may be reviewed and extended by both human developers and AI assistants
+
+## Trust These Instructions
+
+These instructions are comprehensive and tested. Only perform additional searches if:
+1. Information here is incomplete for your specific task
+2. You encounter errors not covered by the workarounds
+3. You need to understand implementation details not covered above
+
+For detailed platform development patterns, refer to `autogpt_platform/CLAUDE.md` and `AGENTS.md` in the repository root.

.github/dependabot.yml

@@ -0,0 +1,153 @@
+version: 2
+updates:
+  # autogpt_libs (Poetry project)
+  - package-ecosystem: "pip"
+    directory: "autogpt_platform/autogpt_libs"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: "dev"
+    commit-message:
+      prefix: "chore(libs/deps)"
+      prefix-development: "chore(libs/deps-dev)"
+    ignore:
+      - dependency-name: "poetry"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # backend (Poetry project)
+  - package-ecosystem: "pip"
+    directory: "autogpt_platform/backend"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: "dev"
+    commit-message:
+      prefix: "chore(backend/deps)"
+      prefix-development: "chore(backend/deps-dev)"
+    ignore:
+      - dependency-name: "poetry"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # frontend (Next.js project)
+  - package-ecosystem: "npm"
+    directory: "autogpt_platform/frontend"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: "dev"
+    commit-message:
+      prefix: "chore(frontend/deps)"
+      prefix-development: "chore(frontend/deps-dev)"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # infra (Terraform)
+  - package-ecosystem: "terraform"
+    directory: "autogpt_platform/infra"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    target-branch: "dev"
+    commit-message:
+      prefix: "chore(infra/deps)"
+      prefix-development: "chore(infra/deps-dev)"
+
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    target-branch: "dev"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Docker
+  - package-ecosystem: "docker"
+    directory: "autogpt_platform/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    target-branch: "dev"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Docs
+  - package-ecosystem: "pip"
+    directory: "docs/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 1
+    target-branch: "dev"
+    commit-message:
+      prefix: "chore(docs/deps)"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"

.github/labeler.yml

@@ -1,27 +1,33 @@
-AutoGPT Agent:
+Classic AutoGPT Agent:
 - changed-files:
-  - any-glob-to-any-file: autogpt/**
+  - any-glob-to-any-file: classic/original_autogpt/**
+
+Classic Benchmark:
+- changed-files:
+  - any-glob-to-any-file: classic/benchmark/**
+
+Classic Frontend:
+- changed-files:
+  - any-glob-to-any-file: classic/frontend/**
 
 Forge:
 - changed-files:
-  - any-glob-to-any-file: forge/**
-
-Benchmark:
-- changed-files:
-  - any-glob-to-any-file: benchmark/**
-
-Frontend:
-- changed-files:
-  - any-glob-to-any-file: frontend/**
+  - any-glob-to-any-file: classic/forge/**
 
 documentation:
 - changed-files:
   - any-glob-to-any-file: docs/**
 
-Builder:
+platform/frontend:
 - changed-files:
-  - any-glob-to-any-file: rnd/autogpt_builder/**
+  - any-glob-to-any-file: autogpt_platform/frontend/**
 
-Server:
+platform/backend:
 - changed-files:
-  - any-glob-to-any-file: rnd/autogpt_server/**
+  - all-globs-to-any-file:
+    - autogpt_platform/backend/**
+    - '!autogpt_platform/backend/backend/blocks/**'
+
+platform/blocks:
+- changed-files:
+  - any-glob-to-any-file: autogpt_platform/backend/backend/blocks/**

.github/workflows/autogpt-builder-ci.yml

@@ -1,41 +0,0 @@
-name: AutoGPT Builder CI
-
-on:
-  push:
-    branches: [ master ]
-    paths:
-      - '.github/workflows/autogpt-builder-ci.yml'
-      - 'rnd/autogpt_builder/**'
-  pull_request:
-    paths:
-      - '.github/workflows/autogpt-builder-ci.yml'
-      - 'rnd/autogpt_builder/**'
-
-defaults:
-  run:
-    shell: bash
-    working-directory: rnd/autogpt_builder
-
-jobs:
-
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v4
-    - name: Set up Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: '21'
-
-    - name: Install dependencies
-      run: |
-        npm install
-
-    - name: Check formatting with Prettier
-      run: |
-        npx prettier --check .
-
-    - name: Run lint
-      run: |
-        npm run lint

.github/workflows/autogpt-docker-cache-clean.yml

@@ -1,59 +0,0 @@
-name: Purge Auto-GPT Docker CI cache
-
-on:
-  schedule:
-    - cron: 20 4 * * 1,4
-
-env:
-  BASE_BRANCH: development
-  IMAGE_NAME: auto-gpt
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        build-type: [release, dev]
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - id: build
-      name: Build image
-      uses: docker/build-push-action@v5
-      with:
-        file: Dockerfile.autogpt
-        build-args: BUILD_TYPE=${{ matrix.build-type }}
-        load: true    # save to docker images
-        # use GHA cache as read-only
-        cache-to: type=gha,scope=autogpt-docker-${{ matrix.build-type }},mode=max
-
-    - name: Generate build report
-      env:
-        event_name: ${{ github.event_name }}
-        event_ref: ${{ github.event.schedule }}
-
-        build_type: ${{ matrix.build-type }}
-
-        prod_branch: master
-        dev_branch: development
-        repository: ${{ github.repository }}
-        base_branch: ${{ github.ref_name != 'master' && github.ref_name != 'development' && 'development' || 'master' }}
-
-        current_ref: ${{ github.ref_name }}
-        commit_hash: ${{ github.sha }}
-        source_url: ${{ format('{0}/tree/{1}', github.event.repository.url, github.sha) }}
-        push_forced_label:
-
-        new_commits_json: ${{ null }}
-        compare_url_template: ${{ format('/{0}/compare/{{base}}...{{head}}', github.repository) }}
-
-        github_context_json: ${{ toJSON(github) }}
-        job_env_json: ${{ toJSON(env) }}
-        vars_json: ${{ toJSON(vars) }}
-
-      run: .github/workflows/scripts/docker-ci-summary.sh >> $GITHUB_STEP_SUMMARY
-      continue-on-error: true

.github/workflows/autogpt-docker-release.yml

@@ -1,86 +0,0 @@
-name: AutoGPT Docker Release
-
-on:
-  release:
-    types: [ published, edited ]
-
-  workflow_dispatch:
-    inputs:
-      no_cache:
-        type: boolean
-        description: 'Build from scratch, without using cached layers'
-
-env:
-  IMAGE_NAME: auto-gpt
-  DEPLOY_IMAGE_NAME: ${{ secrets.DOCKER_USER }}/auto-gpt
-
-jobs:
-  build:
-    if: startsWith(github.ref, 'refs/tags/autogpt-')
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: Log in to Docker hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKER_USER }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-      # slashes are not allowed in image tags, but can appear in git branch or tag names
-    - id: sanitize_tag
-      name: Sanitize image tag
-      run: |
-        tag=${raw_tag//\//-}
-        echo tag=${tag#autogpt-} >> $GITHUB_OUTPUT
-      env:
-        raw_tag: ${{ github.ref_name }}
-
-    - id: build
-      name: Build image
-      uses: docker/build-push-action@v5
-      with:
-        file: Dockerfile.autogpt
-        build-args: BUILD_TYPE=release
-        load: true    # save to docker images
-        # push: true  # TODO: uncomment when this issue is fixed: https://github.com/moby/buildkit/issues/1555
-        tags: >
-          ${{ env.IMAGE_NAME }},
-          ${{ env.DEPLOY_IMAGE_NAME }}:latest,
-          ${{ env.DEPLOY_IMAGE_NAME }}:${{ steps.sanitize_tag.outputs.tag }}
-        labels: GIT_REVISION=${{ github.sha }}
-
-        # cache layers in GitHub Actions cache to speed up builds
-        cache-from: ${{ !inputs.no_cache && 'type=gha' || '' }},scope=autogpt-docker-release
-        cache-to: type=gha,scope=autogpt-docker-release,mode=max
-
-    - name: Push image to Docker Hub
-      run: docker push --all-tags ${{ env.DEPLOY_IMAGE_NAME }}
-
-    - name: Generate build report
-      env:
-        event_name: ${{ github.event_name }}
-        event_ref: ${{ github.event.ref }}
-        event_ref_type: ${{ github.event.ref}}
-        inputs_no_cache: ${{ inputs.no_cache }}
-
-        prod_branch: master
-        dev_branch: development
-        repository: ${{ github.repository }}
-        base_branch: ${{ github.ref_name != 'master' && github.ref_name != 'development' && 'development' || 'master' }}
-
-        ref_type: ${{ github.ref_type }}
-        current_ref: ${{ github.ref_name }}
-        commit_hash: ${{ github.sha }}
-        source_url: ${{ format('{0}/tree/{1}', github.event.repository.url, github.event.release && github.event.release.tag_name || github.sha) }}
-
-        github_context_json: ${{ toJSON(github) }}
-        job_env_json: ${{ toJSON(env) }}
-        vars_json: ${{ toJSON(vars) }}
-
-      run: .github/workflows/scripts/docker-release-summary.sh >> $GITHUB_STEP_SUMMARY
-      continue-on-error: true

.github/workflows/autogpt-infra-ci.yml

@@ -1,56 +0,0 @@
-name: AutoGPT Builder Infra
-
-on:
-  push:
-    branches: [ master ]
-    paths:
-      - '.github/workflows/autogpt-infra-ci.yml'
-      - 'rnd/infra/**'
-  pull_request:
-    paths:
-      - '.github/workflows/autogpt-infra-ci.yml'
-      - 'rnd/infra/**'
-
-defaults:
-  run:
-    shell: bash
-    working-directory: rnd/infra
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: TFLint
-        uses: pauloconnor/tflint-action@v0.0.2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-            tflint_path: terraform/
-            tflint_recurse: true
-            tflint_changed_only: false
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4.2.0
-        with:
-          version: v3.14.4
-
-      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.0
-
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Run chart-testing (lint)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }}

.github/workflows/autogpt-server-ci.yml

@@ -1,155 +0,0 @@
-name: AutoGPT Server CI
-
-on:
-  push:
-    branches: [master, development, ci-test*]
-    paths:
-      - ".github/workflows/autogpt-server-ci.yml"
-      - "rnd/autogpt_server/**"
-  pull_request:
-    branches: [master, development, release-*]
-    paths:
-      - ".github/workflows/autogpt-server-ci.yml"
-      - "rnd/autogpt_server/**"
-
-concurrency:
-  group: ${{ format('autogpt-server-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
-  cancel-in-progress: ${{ startsWith(github.event_name, 'pull_request') }}
-
-defaults:
-  run:
-    shell: bash
-    working-directory: rnd/autogpt_server
-
-jobs:
-  test:
-    permissions:
-      contents: read
-    timeout-minutes: 30
-    strategy:
-      fail-fast: false
-      matrix:
-        python-version: ["3.10"]
-        platform-os: [ubuntu, macos, macos-arm64, windows]
-    runs-on: ${{ matrix.platform-os != 'macos-arm64' && format('{0}-latest', matrix.platform-os) || 'macos-14' }}
-
-    steps:
-      - name: Setup PostgreSQL
-        uses: ikalnytskyi/action-setup-postgres@v6
-        with:
-          username: ${{ secrets.DB_USER || 'postgres' }}
-          password: ${{ secrets.DB_PASS || 'postgres' }}
-          database: postgres
-          port: 5432
-        id: postgres
-
-      # Quite slow on macOS (2~4 minutes to set up Docker)
-      # - name: Set up Docker (macOS)
-      #   if: runner.os == 'macOS'
-      #   uses: crazy-max/ghaction-setup-docker@v3
-
-      - name: Start MinIO service (Linux)
-        if: runner.os == 'Linux'
-        working-directory: "."
-        run: |
-          docker pull minio/minio:edge-cicd
-          docker run -d -p 9000:9000 minio/minio:edge-cicd
-
-      - name: Start MinIO service (macOS)
-        if: runner.os == 'macOS'
-        working-directory: ${{ runner.temp }}
-        run: |
-          brew install minio/stable/minio
-          mkdir data
-          minio server ./data &
-
-      # No MinIO on Windows:
-      # - Windows doesn't support running Linux Docker containers
-      # - It doesn't seem possible to start background processes on Windows. They are
-      #   killed after the step returns.
-      #   See: https://github.com/actions/runner/issues/598#issuecomment-2011890429
-
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: true
-
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
-
-      - id: get_date
-        name: Get date
-        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
-
-      - name: Set up Python dependency cache
-        # On Windows, unpacking cached dependencies takes longer than just installing them
-        if: runner.os != 'Windows'
-        uses: actions/cache@v4
-        with:
-          path: ${{ runner.os == 'macOS' && '~/Library/Caches/pypoetry' || '~/.cache/pypoetry' }}
-          key: poetry-${{ runner.os }}-${{ hashFiles('rnd/autogpt_server/poetry.lock') }}
-
-      - name: Install Poetry (Unix)
-        if: runner.os != 'Windows'
-        run: |
-          curl -sSL https://install.python-poetry.org | python3 -
-
-          if [ "${{ runner.os }}" = "macOS" ]; then
-            PATH="$HOME/.local/bin:$PATH"
-            echo "$HOME/.local/bin" >> $GITHUB_PATH
-          fi
-
-      - name: Install Poetry (Windows)
-        if: runner.os == 'Windows'
-        shell: pwsh
-        run: |
-          (Invoke-WebRequest -Uri https://install.python-poetry.org -UseBasicParsing).Content | python -
-
-          $env:PATH += ";$env:APPDATA\Python\Scripts"
-          echo "$env:APPDATA\Python\Scripts" >> $env:GITHUB_PATH
-
-      - name: Install Python dependencies
-        run: poetry install
-
-      - name: Generate Prisma Client
-        run: poetry run prisma generate
-
-      - name: Run Database Migrations
-        run: poetry run prisma migrate dev --name updates
-        env:
-          CONNECTION_STR: ${{ steps.postgres.outputs.connection-uri }}
-
-      - id: lint
-        name: Run Linter
-        run: poetry run lint
-
-      - name: Run pytest with coverage
-        run: |
-          if [[ "${{ runner.debug }}" == "1" ]]; then
-            poetry run pytest -vv -o log_cli=true -o log_cli_level=DEBUG test
-          else
-            poetry run pytest -vv test
-          fi
-        if: success() || (failure() && steps.lint.outcome == 'failure')
-        env:
-          LOG_LEVEL: ${{ runner.debug && 'DEBUG' || 'INFO' }}
-    env:
-      CI: true
-      PLAIN_OUTPUT: True
-      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-      DB_USER: ${{ secrets.DB_USER || 'postgres' }}
-      DB_PASS: ${{ secrets.DB_PASS || 'postgres' }}
-      DB_NAME: postgres
-      DB_PORT: 5432
-      RUN_ENV: local
-      PORT: 8080
-      DATABASE_URL: postgresql://${{ secrets.DB_USER || 'postgres' }}:${{ secrets.DB_PASS || 'postgres' }}@localhost:5432/${{ secrets.DB_NAME || 'postgres'}}
-
-      # - name: Upload coverage reports to Codecov
-      #   uses: codecov/codecov-action@v4
-      #   with:
-      #     token: ${{ secrets.CODECOV_TOKEN }}
-      #     flags: autogpt-server,${{ runner.os }}

.github/workflows/autogpts-benchmark.yml

@@ -1,97 +0,0 @@
-name: AutoGPTs Nightly Benchmark
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  benchmark:
-    permissions:
-      contents: write
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        agent-name: [ autogpt ]
-      fail-fast: false
-    timeout-minutes: 120
-    env:
-      min-python-version: '3.10'
-      REPORTS_BRANCH: data/benchmark-reports
-      REPORTS_FOLDER: ${{ format('benchmark/reports/{0}', matrix.agent-name) }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: true
-
-      - name: Set up Python ${{ env.min-python-version }}
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ env.min-python-version }}
-
-      - name: Install Poetry
-        run: curl -sSL https://install.python-poetry.org | python -
-
-      - name: Prepare reports folder
-        run: mkdir -p ${{ env.REPORTS_FOLDER }}
-
-      - run: poetry -C benchmark install
-
-      - name: Benchmark ${{ matrix.agent-name }}
-        run: |
-          ./run agent start ${{ matrix.agent-name }}
-          cd ${{ matrix.agent-name }}
-
-          set +e  # Do not quit on non-zero exit codes
-          poetry run agbenchmark run -N 3 \
-            --test=ReadFile \
-            --test=BasicRetrieval --test=RevenueRetrieval2 \
-            --test=CombineCsv --test=LabelCsv --test=AnswerQuestionCombineCsv \
-            --test=UrlShortener --test=TicTacToe --test=Battleship \
-            --test=WebArenaTask_0 --test=WebArenaTask_21 --test=WebArenaTask_124 \
-            --test=WebArenaTask_134 --test=WebArenaTask_163
-
-            # Convert exit code 1 (some challenges failed) to exit code 0
-            if [ $? -eq 0 ] || [ $? -eq 1 ]; then
-              exit 0
-            else
-              exit $?
-            fi
-        env:
-          AGENT_NAME: ${{ matrix.agent-name }}
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
-          REPORTS_FOLDER: ${{ format('../../{0}', env.REPORTS_FOLDER) }}  # account for changed workdir
-
-          TELEMETRY_ENVIRONMENT: autogpt-benchmark-ci
-          TELEMETRY_OPT_IN: ${{ github.ref_name == 'master' }}
-
-      - name: Push reports to data branch
-        run: |
-          # BODGE: Remove success_rate.json and regression_tests.json to avoid conflicts on checkout
-          rm ${{ env.REPORTS_FOLDER }}/*.json
-
-          # Find folder with newest (untracked) report in it
-          report_subfolder=$(find ${{ env.REPORTS_FOLDER }} -type f -name 'report.json' \
-            | xargs -I {} dirname {} \
-            | xargs -I {} git ls-files --others --exclude-standard {} \
-            | xargs -I {} dirname {} \
-            | sort -u)
-          json_report_file="$report_subfolder/report.json"
-
-          # Convert JSON report to Markdown
-          markdown_report_file="$report_subfolder/report.md"
-          poetry -C benchmark run benchmark/reports/format.py "$json_report_file" > "$markdown_report_file"
-          cat "$markdown_report_file" >> $GITHUB_STEP_SUMMARY
-
-          git config --global user.name 'GitHub Actions'
-          git config --global user.email 'github-actions@agpt.co'
-          git fetch origin ${{ env.REPORTS_BRANCH }}:${{ env.REPORTS_BRANCH }} \
-            && git checkout ${{ env.REPORTS_BRANCH }} \
-            || git checkout --orphan ${{ env.REPORTS_BRANCH }}
-          git reset --hard
-          git add ${{ env.REPORTS_FOLDER }}
-          git commit -m "Benchmark report for ${{ matrix.agent-name }} @ $(date +'%Y-%m-%d')" \
-            && git push origin ${{ env.REPORTS_BRANCH }}

.github/workflows/classic-autogpt-ci.yml

@@ -1,25 +1,25 @@
-name: AutoGPT CI
+name: Classic - AutoGPT CI
 
 on:
   push:
-    branches: [ master, development, ci-test* ]
+    branches: [ master, dev, ci-test* ]
     paths:
-      - '.github/workflows/autogpt-ci.yml'
-      - 'autogpt/**'
+      - '.github/workflows/classic-autogpt-ci.yml'
+      - 'classic/original_autogpt/**'
   pull_request:
-    branches: [ master, development, release-* ]
+    branches: [ master, dev, release-* ]
     paths:
-      - '.github/workflows/autogpt-ci.yml'
-      - 'autogpt/**'
+      - '.github/workflows/classic-autogpt-ci.yml'
+      - 'classic/original_autogpt/**'
 
 concurrency:
-  group: ${{ format('autogpt-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
+  group: ${{ format('classic-autogpt-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
   cancel-in-progress: ${{ startsWith(github.event_name, 'pull_request') }}
 
 defaults:
   run:
     shell: bash
-    working-directory: autogpt
+    working-directory: classic/original_autogpt
 
 jobs:
   test:
@@ -86,7 +86,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: ${{ runner.os == 'macOS' && '~/Library/Caches/pypoetry' || '~/.cache/pypoetry' }}
-          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt/poetry.lock') }}
+          key: poetry-${{ runner.os }}-${{ hashFiles('classic/original_autogpt/poetry.lock') }}
 
       - name: Install Poetry (Unix)
         if: runner.os != 'Windows'
@@ -115,6 +115,7 @@ jobs:
           poetry run pytest -vv \
             --cov=autogpt --cov-branch --cov-report term-missing --cov-report xml \
             --numprocesses=logical --durations=10 \
+            --junitxml=junit.xml -o junit_family=legacy \
             tests/unit tests/integration
         env:
           CI: true
@@ -124,8 +125,14 @@ jobs:
           AWS_ACCESS_KEY_ID: minioadmin
           AWS_SECRET_ACCESS_KEY: minioadmin
 
+      - name: Upload test results to Codecov
+        if: ${{ !cancelled() }}  # Run even if tests fail
+        uses: codecov/test-results-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
       - name: Upload coverage reports to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           flags: autogpt-agent,${{ runner.os }}
@@ -135,4 +142,4 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: test-logs
-          path: autogpt/logs/
+          path: classic/original_autogpt/logs/

.github/workflows/classic-autogpt-docker-cache-clean.yml

@@ -0,0 +1,60 @@
+name: Classic - Purge Auto-GPT Docker CI cache
+
+on:
+  schedule:
+    - cron: 20 4 * * 1,4
+
+env:
+  BASE_BRANCH: dev
+  IMAGE_NAME: auto-gpt
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        build-type: [release, dev]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - id: build
+        name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          context: classic/
+          file: classic/Dockerfile.autogpt
+          build-args: BUILD_TYPE=${{ matrix.build-type }}
+          load: true # save to docker images
+          # use GHA cache as read-only
+          cache-to: type=gha,scope=autogpt-docker-${{ matrix.build-type }},mode=max
+
+      - name: Generate build report
+        env:
+          event_name: ${{ github.event_name }}
+          event_ref: ${{ github.event.schedule }}
+
+          build_type: ${{ matrix.build-type }}
+
+          prod_branch: master
+          dev_branch: dev
+          repository: ${{ github.repository }}
+          base_branch: ${{ github.ref_name != 'master' && github.ref_name != 'dev' && 'dev' || 'master' }}
+
+          current_ref: ${{ github.ref_name }}
+          commit_hash: ${{ github.sha }}
+          source_url: ${{ format('{0}/tree/{1}', github.event.repository.url, github.sha) }}
+          push_forced_label:
+
+          new_commits_json: ${{ null }}
+          compare_url_template: ${{ format('/{0}/compare/{{base}}...{{head}}', github.repository) }}
+
+          github_context_json: ${{ toJSON(github) }}
+          job_env_json: ${{ toJSON(env) }}
+          vars_json: ${{ toJSON(vars) }}
+
+        run: .github/workflows/scripts/docker-ci-summary.sh >> $GITHUB_STEP_SUMMARY
+        continue-on-error: true

.github/workflows/classic-autogpt-docker-ci.yml

@@ -1,24 +1,26 @@
-name: AutoGPT Docker CI
+name: Classic - AutoGPT Docker CI
 
 on:
   push:
-    branches: [ master, development ]
+    branches: [master, dev]
     paths:
-      - '.github/workflows/autogpt-docker-ci.yml'
-      - 'autogpt/**'
+      - '.github/workflows/classic-autogpt-docker-ci.yml'
+      - 'classic/original_autogpt/**'
+      - 'classic/forge/**'
   pull_request:
-    branches: [ master, development, release-* ]
+    branches: [ master, dev, release-* ]
     paths:
-      - '.github/workflows/autogpt-docker-ci.yml'
-      - 'autogpt/**'
+      - '.github/workflows/classic-autogpt-docker-ci.yml'
+      - 'classic/original_autogpt/**'
+      - 'classic/forge/**'
 
 concurrency:
-  group: ${{ format('autogpt-docker-ci-{0}', github.head_ref && format('pr-{0}', github.event.pull_request.number) || github.sha) }}
+  group: ${{ format('classic-autogpt-docker-ci-{0}', github.head_ref && format('pr-{0}', github.event.pull_request.number) || github.sha) }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 defaults:
   run:
-    working-directory: autogpt
+    working-directory: classic/original_autogpt
 
 env:
   IMAGE_NAME: auto-gpt
@@ -32,57 +34,58 @@ jobs:
       matrix:
         build-type: [release, dev]
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-    - if: runner.debug
-      run: |
-        ls -al
-        du -hs *
+      - if: runner.debug
+        run: |
+          ls -al
+          du -hs *
 
-    - id: build
-      name: Build image
-      uses: docker/build-push-action@v5
-      with:
-        file: Dockerfile.autogpt
-        build-args: BUILD_TYPE=${{ matrix.build-type }}
-        tags: ${{ env.IMAGE_NAME }}
-        labels: GIT_REVISION=${{ github.sha }}
-        load: true    # save to docker images
-        # cache layers in GitHub Actions cache to speed up builds
-        cache-from: type=gha,scope=autogpt-docker-${{ matrix.build-type }}
-        cache-to: type=gha,scope=autogpt-docker-${{ matrix.build-type }},mode=max
+      - id: build
+        name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          context: classic/
+          file: classic/Dockerfile.autogpt
+          build-args: BUILD_TYPE=${{ matrix.build-type }}
+          tags: ${{ env.IMAGE_NAME }}
+          labels: GIT_REVISION=${{ github.sha }}
+          load: true # save to docker images
+          # cache layers in GitHub Actions cache to speed up builds
+          cache-from: type=gha,scope=autogpt-docker-${{ matrix.build-type }}
+          cache-to: type=gha,scope=autogpt-docker-${{ matrix.build-type }},mode=max
 
-    - name: Generate build report
-      env:
-        event_name: ${{ github.event_name }}
-        event_ref: ${{ github.event.ref }}
-        event_ref_type: ${{ github.event.ref}}
+      - name: Generate build report
+        env:
+          event_name: ${{ github.event_name }}
+          event_ref: ${{ github.event.ref }}
+          event_ref_type: ${{ github.event.ref}}
 
-        build_type: ${{ matrix.build-type }}
+          build_type: ${{ matrix.build-type }}
 
-        prod_branch: master
-        dev_branch: development
-        repository: ${{ github.repository }}
-        base_branch: ${{ github.ref_name != 'master' && github.ref_name != 'development' && 'development' || 'master' }}
+          prod_branch: master
+          dev_branch: dev
+          repository: ${{ github.repository }}
+          base_branch: ${{ github.ref_name != 'master' && github.ref_name != 'dev' && 'dev' || 'master' }}
 
-        current_ref: ${{ github.ref_name }}
-        commit_hash: ${{ github.event.after }}
-        source_url: ${{ format('{0}/tree/{1}', github.event.repository.url, github.event.release && github.event.release.tag_name || github.sha) }}
-        push_forced_label: ${{ github.event.forced && '☢️ forced' || '' }}
+          current_ref: ${{ github.ref_name }}
+          commit_hash: ${{ github.event.after }}
+          source_url: ${{ format('{0}/tree/{1}', github.event.repository.url, github.event.release && github.event.release.tag_name || github.sha) }}
+          push_forced_label: ${{ github.event.forced && '☢️ forced' || '' }}
 
-        new_commits_json: ${{ toJSON(github.event.commits) }}
-        compare_url_template: ${{ format('/{0}/compare/{{base}}...{{head}}', github.repository) }}
+          new_commits_json: ${{ toJSON(github.event.commits) }}
+          compare_url_template: ${{ format('/{0}/compare/{{base}}...{{head}}', github.repository) }}
 
-        github_context_json: ${{ toJSON(github) }}
-        job_env_json: ${{ toJSON(env) }}
-        vars_json: ${{ toJSON(vars) }}
+          github_context_json: ${{ toJSON(github) }}
+          job_env_json: ${{ toJSON(env) }}
+          vars_json: ${{ toJSON(vars) }}
 
-      run: .github/workflows/scripts/docker-ci-summary.sh >> $GITHUB_STEP_SUMMARY
-      continue-on-error: true
+        run: .github/workflows/scripts/docker-ci-summary.sh >> $GITHUB_STEP_SUMMARY
+        continue-on-error: true
 
   test:
     runs-on: ubuntu-latest
@@ -114,15 +117,16 @@ jobs:
 
       - id: build
         name: Build image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
-          file: Dockerfile.autogpt
-          build-args: BUILD_TYPE=dev  # include pytest
+          context: classic/
+          file: classic/Dockerfile.autogpt
+          build-args: BUILD_TYPE=dev # include pytest
           tags: >
             ${{ env.IMAGE_NAME }},
             ${{ env.DEPLOY_IMAGE_NAME }}:${{ env.DEV_IMAGE_TAG }}
           labels: GIT_REVISION=${{ github.sha }}
-          load: true                  # save to docker images
+          load: true # save to docker images
           # cache layers in GitHub Actions cache to speed up builds
           cache-from: type=gha,scope=autogpt-docker-dev
           cache-to: type=gha,scope=autogpt-docker-dev,mode=max

.github/workflows/classic-autogpt-docker-release.yml

@@ -0,0 +1,87 @@
+name: Classic - AutoGPT Docker Release
+
+on:
+  release:
+    types: [published, edited]
+
+  workflow_dispatch:
+    inputs:
+      no_cache:
+        type: boolean
+        description: 'Build from scratch, without using cached layers'
+
+env:
+  IMAGE_NAME: auto-gpt
+  DEPLOY_IMAGE_NAME: ${{ secrets.DOCKER_USER }}/auto-gpt
+
+jobs:
+  build:
+    if: startsWith(github.ref, 'refs/tags/autogpt-')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+        # slashes are not allowed in image tags, but can appear in git branch or tag names
+      - id: sanitize_tag
+        name: Sanitize image tag
+        run: |
+          tag=${raw_tag//\//-}
+          echo tag=${tag#autogpt-} >> $GITHUB_OUTPUT
+        env:
+          raw_tag: ${{ github.ref_name }}
+
+      - id: build
+        name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          context: classic/
+          file: Dockerfile.autogpt
+          build-args: BUILD_TYPE=release
+          load: true # save to docker images
+          # push: true  # TODO: uncomment when this issue is fixed: https://github.com/moby/buildkit/issues/1555
+          tags: >
+            ${{ env.IMAGE_NAME }},
+            ${{ env.DEPLOY_IMAGE_NAME }}:latest,
+            ${{ env.DEPLOY_IMAGE_NAME }}:${{ steps.sanitize_tag.outputs.tag }}
+          labels: GIT_REVISION=${{ github.sha }}
+
+          # cache layers in GitHub Actions cache to speed up builds
+          cache-from: ${{ !inputs.no_cache && 'type=gha' || '' }},scope=autogpt-docker-release
+          cache-to: type=gha,scope=autogpt-docker-release,mode=max
+
+      - name: Push image to Docker Hub
+        run: docker push --all-tags ${{ env.DEPLOY_IMAGE_NAME }}
+
+      - name: Generate build report
+        env:
+          event_name: ${{ github.event_name }}
+          event_ref: ${{ github.event.ref }}
+          event_ref_type: ${{ github.event.ref}}
+          inputs_no_cache: ${{ inputs.no_cache }}
+
+          prod_branch: master
+          dev_branch: dev
+          repository: ${{ github.repository }}
+          base_branch: ${{ github.ref_name != 'master' && github.ref_name != 'dev' && 'dev' || 'master' }}
+
+          ref_type: ${{ github.ref_type }}
+          current_ref: ${{ github.ref_name }}
+          commit_hash: ${{ github.sha }}
+          source_url: ${{ format('{0}/tree/{1}', github.event.repository.url, github.event.release && github.event.release.tag_name || github.sha) }}
+
+          github_context_json: ${{ toJSON(github) }}
+          job_env_json: ${{ toJSON(env) }}
+          vars_json: ${{ toJSON(vars) }}
+
+        run: .github/workflows/scripts/docker-release-summary.sh >> $GITHUB_STEP_SUMMARY
+        continue-on-error: true

.github/workflows/classic-autogpts-ci.yml

@@ -1,38 +1,43 @@
-name: Agent smoke tests
+name: Classic - Agent smoke tests
 
 on:
   workflow_dispatch:
   schedule:
     - cron: '0 8 * * *'
   push:
-    branches: [ master, development, ci-test* ]
+    branches: [ master, dev, ci-test* ]
     paths:
-      - '.github/workflows/autogpts-ci.yml'
-      - 'autogpt/**'
-      - 'forge/**'
-      - 'benchmark/**'
-      - 'run'
-      - 'cli.py'
-      - 'setup.py'
+      - '.github/workflows/classic-autogpts-ci.yml'
+      - 'classic/original_autogpt/**'
+      - 'classic/forge/**'
+      - 'classic/benchmark/**'
+      - 'classic/run'
+      - 'classic/cli.py'
+      - 'classic/setup.py'
       - '!**/*.md'
   pull_request:
-    branches: [ master, development, release-* ]
+    branches: [ master, dev, release-* ]
     paths:
-      - '.github/workflows/autogpts-ci.yml'
-      - 'autogpt/**'
-      - 'forge/**'
-      - 'benchmark/**'
-      - 'run'
-      - 'cli.py'
-      - 'setup.py'
+      - '.github/workflows/classic-autogpts-ci.yml'
+      - 'classic/original_autogpt/**'
+      - 'classic/forge/**'
+      - 'classic/benchmark/**'
+      - 'classic/run'
+      - 'classic/cli.py'
+      - 'classic/setup.py'
       - '!**/*.md'
 
+defaults:
+  run:
+    shell: bash
+    working-directory: classic
+
 jobs:
   serve-agent-protocol:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        agent-name: [ autogpt ]
+        agent-name: [ original_autogpt ]
       fail-fast: false
     timeout-minutes: 20
     env:
@@ -50,7 +55,7 @@ jobs:
           python-version: ${{ env.min-python-version }}
 
       - name: Install Poetry
-        working-directory: ./${{ matrix.agent-name }}/
+        working-directory: ./classic/${{ matrix.agent-name }}/
         run: |
           curl -sSL https://install.python-poetry.org | python -
 

.github/workflows/classic-benchmark-ci.yml

@@ -1,18 +1,18 @@
-name: AGBenchmark CI
+name: Classic - AGBenchmark CI
 
 on:
   push:
-    branches: [ master, development, ci-test* ]
+    branches: [ master, dev, ci-test* ]
     paths:
-      - 'benchmark/**'
-      - .github/workflows/benchmark-ci.yml
-      - '!benchmark/reports/**'
+      - 'classic/benchmark/**'
+      - '!classic/benchmark/reports/**'
+      - .github/workflows/classic-benchmark-ci.yml
   pull_request:
-    branches: [ master, development, release-* ]
+    branches: [ master, dev, release-* ]
     paths:
-      - 'benchmark/**'
-      - '!benchmark/reports/**'
-      - .github/workflows/benchmark-ci.yml
+      - 'classic/benchmark/**'
+      - '!classic/benchmark/reports/**'
+      - .github/workflows/classic-benchmark-ci.yml
 
 concurrency:
   group: ${{ format('benchmark-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
@@ -39,7 +39,7 @@ jobs:
     defaults:
       run:
         shell: bash
-        working-directory: benchmark
+        working-directory: classic/benchmark
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -58,7 +58,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: ${{ runner.os == 'macOS' && '~/Library/Caches/pypoetry' || '~/.cache/pypoetry' }}
-          key: poetry-${{ runner.os }}-${{ hashFiles('benchmark/poetry.lock') }}
+          key: poetry-${{ runner.os }}-${{ hashFiles('classic/benchmark/poetry.lock') }}
 
       - name: Install Poetry (Unix)
         if: runner.os != 'Windows'
@@ -87,13 +87,20 @@ jobs:
           poetry run pytest -vv \
             --cov=agbenchmark --cov-branch --cov-report term-missing --cov-report xml \
             --durations=10 \
+            --junitxml=junit.xml -o junit_family=legacy \
             tests
         env:
           CI: true
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
 
+      - name: Upload test results to Codecov
+        if: ${{ !cancelled() }}  # Run even if tests fail
+        uses: codecov/test-results-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
       - name: Upload coverage reports to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           flags: agbenchmark,${{ runner.os }}
@@ -102,7 +109,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        agent-name: [ forge ]
+        agent-name: [forge]
       fail-fast: false
     timeout-minutes: 20
     steps:
@@ -122,7 +129,7 @@ jobs:
           curl -sSL https://install.python-poetry.org | python -
 
       - name: Run regression tests
-        working-directory: .
+        working-directory: classic
         run: |
           ./run agent start ${{ matrix.agent-name }}
           cd ${{ matrix.agent-name }}
@@ -146,23 +153,23 @@ jobs:
           echo "Running the following command: poetry run agbenchmark --mock --category=coding"
           poetry run agbenchmark --mock --category=coding
 
-          echo "Running the following command: poetry run agbenchmark --test=WriteFile"
-          poetry run agbenchmark --test=WriteFile
+          # echo "Running the following command: poetry run agbenchmark --test=WriteFile"
+          # poetry run agbenchmark --test=WriteFile
           cd ../benchmark
           poetry install
           echo "Adding the BUILD_SKILL_TREE environment variable. This will attempt to add new elements in the skill tree. If new elements are added, the CI fails because they should have been pushed"
           export BUILD_SKILL_TREE=true
 
-          poetry run agbenchmark --mock
+          # poetry run agbenchmark --mock
 
-          CHANGED=$(git diff --name-only | grep -E '(agbenchmark/challenges)|(../frontend/assets)') || echo "No diffs"
-          if [ ! -z "$CHANGED" ]; then
-            echo "There are unstaged changes please run agbenchmark and commit those changes since they are needed."
-            echo "$CHANGED"
-            exit 1
-          else
-            echo "No unstaged changes."
-          fi
+          # CHANGED=$(git diff --name-only | grep -E '(agbenchmark/challenges)|(../classic/frontend/assets)') || echo "No diffs"
+          # if [ ! -z "$CHANGED" ]; then
+          #   echo "There are unstaged changes please run agbenchmark and commit those changes since they are needed."
+          #   echo "$CHANGED"
+          #   exit 1
+          # else
+          #   echo "No unstaged changes."
+          # fi
         env:
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           TELEMETRY_ENVIRONMENT: autogpt-benchmark-ci

.github/workflows/classic-benchmark_publish_package.yml

@@ -1,4 +1,4 @@
-name: Publish to PyPI
+name: Classic - Publish to PyPI
 
 on:
   workflow_dispatch:
@@ -21,21 +21,21 @@ jobs:
         python-version: 3.8
 
     - name: Install Poetry
-      working-directory: ./benchmark/
+      working-directory: ./classic/benchmark/
       run: |
         curl -sSL https://install.python-poetry.org | python3 -
         echo "$HOME/.poetry/bin" >> $GITHUB_PATH
 
     - name: Build project for distribution
-      working-directory: ./benchmark/
+      working-directory: ./classic/benchmark/
       run: poetry build
 
     - name: Install dependencies
-      working-directory: ./benchmark/
+      working-directory: ./classic/benchmark/
       run: poetry install
 
     - name: Check Version
-      working-directory: ./benchmark/
+      working-directory: ./classic/benchmark/
       id: check-version
       run: |
         echo version=$(poetry version --short) >> $GITHUB_OUTPUT
@@ -43,7 +43,7 @@ jobs:
     - name: Create Release
       uses: ncipollo/release-action@v1
       with:
-        artifacts: "benchmark/dist/*"
+        artifacts: "classic/benchmark/dist/*"
         token: ${{ secrets.GITHUB_TOKEN }}
         draft: false
         generateReleaseNotes: false
@@ -51,5 +51,5 @@ jobs:
         commit: master
 
     - name: Build and publish
-      working-directory: ./benchmark/
+      working-directory: ./classic/benchmark/
       run: poetry publish -u __token__ -p ${{ secrets.PYPI_API_TOKEN }}

.github/workflows/classic-forge-ci.yml

@@ -1,18 +1,18 @@
-name: Forge CI
+name: Classic - Forge CI
 
 on:
   push:
-    branches: [ master, development, ci-test* ]
+    branches: [ master, dev, ci-test* ]
     paths:
-      - '.github/workflows/forge-ci.yml'
-      - 'forge/**'
-      - '!forge/tests/vcr_cassettes'
+      - '.github/workflows/classic-forge-ci.yml'
+      - 'classic/forge/**'
+      - '!classic/forge/tests/vcr_cassettes'
   pull_request:
-    branches: [ master, development, release-* ]
+    branches: [ master, dev, release-* ]
     paths:
-      - '.github/workflows/forge-ci.yml'
-      - 'forge/**'
-      - '!forge/tests/vcr_cassettes'
+      - '.github/workflows/classic-forge-ci.yml'
+      - 'classic/forge/**'
+      - '!classic/forge/tests/vcr_cassettes'
 
 concurrency:
   group: ${{ format('forge-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
@@ -21,7 +21,7 @@ concurrency:
 defaults:
   run:
     shell: bash
-    working-directory: forge
+    working-directory: classic/forge
 
 jobs:
   test:
@@ -110,7 +110,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: ${{ runner.os == 'macOS' && '~/Library/Caches/pypoetry' || '~/.cache/pypoetry' }}
-          key: poetry-${{ runner.os }}-${{ hashFiles('forge/poetry.lock') }}
+          key: poetry-${{ runner.os }}-${{ hashFiles('classic/forge/poetry.lock') }}
 
       - name: Install Poetry (Unix)
         if: runner.os != 'Windows'
@@ -139,6 +139,7 @@ jobs:
           poetry run pytest -vv \
             --cov=forge --cov-branch --cov-report term-missing --cov-report xml \
             --durations=10 \
+            --junitxml=junit.xml -o junit_family=legacy \
             forge
         env:
           CI: true
@@ -148,8 +149,14 @@ jobs:
           AWS_ACCESS_KEY_ID: minioadmin
           AWS_SECRET_ACCESS_KEY: minioadmin
 
+      - name: Upload test results to Codecov
+        if: ${{ !cancelled() }}  # Run even if tests fail
+        uses: codecov/test-results-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
       - name: Upload coverage reports to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           flags: forge,${{ runner.os }}
@@ -233,4 +240,4 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: test-logs
-          path: forge/logs/
+          path: classic/forge/logs/

.github/workflows/classic-frontend-ci.yml

@@ -0,0 +1,60 @@
+name: Classic - Frontend CI/CD
+
+on:
+  push:
+    branches:
+      - master
+      - dev
+      - 'ci-test*' # This will match any branch that starts with "ci-test"
+    paths:
+      - 'classic/frontend/**'
+      - '.github/workflows/classic-frontend-ci.yml'
+  pull_request:
+    paths:
+      - 'classic/frontend/**'
+      - '.github/workflows/classic-frontend-ci.yml'
+
+jobs:
+  build:
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    env:
+      BUILD_BRANCH: ${{ format('classic-frontend-build/{0}', github.ref_name) }}
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Setup Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          flutter-version: '3.13.2'
+
+      - name: Build Flutter to Web
+        run: |
+          cd classic/frontend
+          flutter build web --base-href /app/
+
+      # - name: Commit and Push to ${{ env.BUILD_BRANCH }}
+      #   if: github.event_name == 'push'
+      #   run: |
+      #     git config --local user.email "action@github.com"
+      #     git config --local user.name "GitHub Action"
+      #     git add classic/frontend/build/web
+      #     git checkout -B ${{ env.BUILD_BRANCH }}
+      #     git commit -m "Update frontend build to ${GITHUB_SHA:0:7}" -a
+      #     git push -f origin ${{ env.BUILD_BRANCH }}
+
+      - name: Create PR ${{ env.BUILD_BRANCH }} -> ${{ github.ref_name }}
+        if: github.event_name == 'push'
+        uses: peter-evans/create-pull-request@v7
+        with:
+          add-paths: classic/frontend/build/web
+          base: ${{ github.ref_name }}
+          branch: ${{ env.BUILD_BRANCH }}
+          delete-branch: true
+          title: "Update frontend build in `${{ github.ref_name }}`"
+          body: "This PR updates the frontend build based on commit ${{ github.sha }}."
+          commit-message: "Update frontend build based on commit ${{ github.sha }}"

.github/workflows/classic-python-checks.yml

@@ -1,27 +1,27 @@
-name: Python checks
+name: Classic - Python checks
 
 on:
   push:
-    branches: [ master, development, ci-test* ]
+    branches: [ master, dev, ci-test* ]
     paths:
-      - '.github/workflows/lint-ci.yml'
-      - 'autogpt/**'
-      - 'forge/**'
-      - 'benchmark/**'
+      - '.github/workflows/classic-python-checks-ci.yml'
+      - 'classic/original_autogpt/**'
+      - 'classic/forge/**'
+      - 'classic/benchmark/**'
       - '**.py'
-      - '!forge/tests/vcr_cassettes'
+      - '!classic/forge/tests/vcr_cassettes'
   pull_request:
-    branches: [ master, development, release-* ]
+    branches: [ master, dev, release-* ]
     paths:
-      - '.github/workflows/lint-ci.yml'
-      - 'autogpt/**'
-      - 'forge/**'
-      - 'benchmark/**'
+      - '.github/workflows/classic-python-checks-ci.yml'
+      - 'classic/original_autogpt/**'
+      - 'classic/forge/**'
+      - 'classic/benchmark/**'
       - '**.py'
-      - '!forge/tests/vcr_cassettes'
+      - '!classic/forge/tests/vcr_cassettes'
 
 concurrency:
-  group: ${{ format('lint-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
+  group: ${{ format('classic-python-checks-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
   cancel-in-progress: ${{ startsWith(github.event_name, 'pull_request') }}
 
 defaults:
@@ -40,18 +40,18 @@ jobs:
         uses: dorny/paths-filter@v3
         with:
           filters: |
-            autogpt:
-              - autogpt/autogpt/**
-              - autogpt/tests/**
-              - autogpt/poetry.lock
+            original_autogpt:
+              - classic/original_autogpt/autogpt/**
+              - classic/original_autogpt/tests/**
+              - classic/original_autogpt/poetry.lock
             forge:
-              - forge/forge/**
-              - forge/tests/**
-              - forge/poetry.lock
+              - classic/forge/forge/**
+              - classic/forge/tests/**
+              - classic/forge/poetry.lock
             benchmark:
-              - benchmark/agbenchmark/**
-              - benchmark/tests/**
-              - benchmark/poetry.lock
+              - classic/benchmark/agbenchmark/**
+              - classic/benchmark/tests/**
+              - classic/benchmark/poetry.lock
     outputs:
       changed-parts: ${{ steps.changes-in.outputs.changes }}
 
@@ -89,23 +89,23 @@ jobs:
       # Install dependencies
 
       - name: Install Python dependencies
-        run: poetry -C ${{ matrix.sub-package }} install
+        run: poetry -C classic/${{ matrix.sub-package }} install
 
       # Lint
 
       - name: Lint (isort)
         run: poetry run isort --check .
-        working-directory: ${{ matrix.sub-package }}
+        working-directory: classic/${{ matrix.sub-package }}
 
       - name: Lint (Black)
         if: success() || failure()
         run: poetry run black --check .
-        working-directory: ${{ matrix.sub-package }}
+        working-directory: classic/${{ matrix.sub-package }}
 
       - name: Lint (Flake8)
         if: success() || failure()
         run: poetry run flake8 .
-        working-directory: ${{ matrix.sub-package }}
+        working-directory: classic/${{ matrix.sub-package }}
 
   types:
     needs: get-changed-parts
@@ -141,11 +141,11 @@ jobs:
       # Install dependencies
 
       - name: Install Python dependencies
-        run: poetry -C ${{ matrix.sub-package }} install
+        run: poetry -C classic/${{ matrix.sub-package }} install
 
       # Typecheck
 
       - name: Typecheck
         if: success() || failure()
         run: poetry run pyright
-        working-directory: ${{ matrix.sub-package }}
+        working-directory: classic/${{ matrix.sub-package }}

.github/workflows/claude-ci-failure-auto-fix.yml

@@ -0,0 +1,97 @@
+name: Auto Fix CI Failures
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+
+permissions:
+  contents: write
+  pull-requests: write
+  actions: read
+  issues: write
+  id-token: write # Required for OIDC token exchange
+
+jobs:
+  auto-fix:
+    if: |
+      github.event.workflow_run.conclusion == 'failure' &&
+      github.event.workflow_run.pull_requests[0] &&
+      !startsWith(github.event.workflow_run.head_branch, 'claude-auto-fix-ci-')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup git identity
+        run: |
+          git config --global user.email "claude[bot]@users.noreply.github.com"
+          git config --global user.name "claude[bot]"
+
+      - name: Create fix branch
+        id: branch
+        run: |
+          BRANCH_NAME="claude-auto-fix-ci-${{ github.event.workflow_run.head_branch }}-${{ github.run_id }}"
+          git checkout -b "$BRANCH_NAME"
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: Get CI failure details
+        id: failure_details
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const run = await github.rest.actions.getWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }}
+            });
+
+            const jobs = await github.rest.actions.listJobsForWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }}
+            });
+
+            const failedJobs = jobs.data.jobs.filter(job => job.conclusion === 'failure');
+
+            let errorLogs = [];
+            for (const job of failedJobs) {
+              const logs = await github.rest.actions.downloadJobLogsForWorkflowRun({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                job_id: job.id
+              });
+              errorLogs.push({
+                jobName: job.name,
+                logs: logs.data
+              });
+            }
+
+            return {
+              runUrl: run.data.html_url,
+              failedJobs: failedJobs.map(j => j.name),
+              errorLogs: errorLogs
+            };
+
+      - name: Fix CI failures with Claude
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          prompt: |
+            /fix-ci 
+            Failed CI Run: ${{ fromJSON(steps.failure_details.outputs.result).runUrl }}
+            Failed Jobs: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs, ', ') }}
+            PR Number: ${{ github.event.workflow_run.pull_requests[0].number }}
+            Branch Name: ${{ steps.branch.outputs.branch_name }}
+            Base Branch: ${{ github.event.workflow_run.head_branch }}
+            Repository: ${{ github.repository }}
+
+            Error logs:
+            ${{ toJSON(fromJSON(steps.failure_details.outputs.result).errorLogs) }}
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_args: "--allowedTools 'Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(git:*),Bash(bun:*),Bash(npm:*),Bash(npx:*),Bash(gh:*)'"

.github/workflows/claude-dependabot.yml

@@ -0,0 +1,379 @@
+# Claude Dependabot PR Review Workflow
+# 
+# This workflow automatically runs Claude analysis on Dependabot PRs to:
+# - Identify dependency changes and their versions
+# - Look up changelogs for updated packages  
+# - Assess breaking changes and security impacts
+# - Provide actionable recommendations for the development team
+#
+# Triggered on: Dependabot PRs (opened, synchronize)
+# Requirements: ANTHROPIC_API_KEY secret must be configured
+
+name: Claude Dependabot PR Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  dependabot-review:
+    # Only run on Dependabot PRs
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    permissions:
+      contents: write
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for CI access
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      # Backend Python/Poetry setup (mirrors platform-backend-ci.yml)
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"  # Use standard version matching CI
+
+      - name: Set up Python dependency cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pypoetry
+          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
+
+      - name: Install Poetry
+        run: |
+          # Extract Poetry version from backend/poetry.lock (matches CI)
+          cd autogpt_platform/backend
+          HEAD_POETRY_VERSION=$(python3 ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
+          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
+          
+          # Install Poetry
+          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
+          
+          # Add Poetry to PATH
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Check poetry.lock
+        working-directory: autogpt_platform/backend
+        run: |
+          poetry lock
+          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
+            echo "Warning: poetry.lock not up to date, but continuing for setup"
+            git checkout poetry.lock  # Reset for clean setup
+          fi
+
+      - name: Install Python dependencies
+        working-directory: autogpt_platform/backend
+        run: poetry install
+
+      - name: Generate Prisma Client
+        working-directory: autogpt_platform/backend
+        run: poetry run prisma generate
+
+      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Set pnpm store directory
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+          echo "PNPM_HOME=$HOME/.pnpm-store" >> $GITHUB_ENV
+
+      - name: Cache frontend dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install JavaScript dependencies
+        working-directory: autogpt_platform/frontend
+        run: pnpm install --frozen-lockfile
+
+      # Install Playwright browsers for frontend testing
+      # NOTE: Disabled to save ~1 minute of setup time. Re-enable if Copilot needs browser automation (e.g., for MCP)
+      # - name: Install Playwright browsers
+      #   working-directory: autogpt_platform/frontend
+      #   run: pnpm playwright install --with-deps chromium
+
+      # Docker setup for development environment
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Copy default environment files
+        working-directory: autogpt_platform
+        run: |
+          # Copy default environment files for development
+          cp .env.default .env
+          cp backend/.env.default backend/.env
+          cp frontend/.env.default frontend/.env
+
+      # Phase 1: Cache and load Docker images for faster setup
+      - name: Set up Docker image cache
+        id: docker-cache
+        uses: actions/cache@v4
+        with:
+          path: ~/docker-cache
+          # Use a versioned key for cache invalidation when image list changes
+          key: docker-images-v2-${{ runner.os }}-${{ hashFiles('.github/workflows/copilot-setup-steps.yml') }}
+          restore-keys: |
+            docker-images-v2-${{ runner.os }}-
+            docker-images-v1-${{ runner.os }}-
+
+      - name: Load or pull Docker images
+        working-directory: autogpt_platform
+        run: |
+          mkdir -p ~/docker-cache
+          
+          # Define image list for easy maintenance
+          IMAGES=(
+            "redis:latest"
+            "rabbitmq:management"
+            "clamav/clamav-debian:latest"
+            "busybox:latest"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+            "supabase/postgres-meta:v0.86.1"
+            "supabase/studio:20250224-d10db0f"
+          )
+          
+          # Check if any cached tar files exist (more reliable than cache-hit)
+          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
+            echo "Docker cache found, loading images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              # Convert image name to filename (replace : and / with -)
+              filename=$(echo "$image" | tr ':/' '--')
+              if [ -f ~/docker-cache/${filename}.tar ]; then
+                echo "Loading $image..."
+                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
+              fi
+            done
+            wait
+            echo "All cached images loaded"
+          else
+            echo "No Docker cache found, pulling images in parallel..."
+            # Pull all images in parallel
+            for image in "${IMAGES[@]}"; do
+              docker pull "$image" &
+            done
+            wait
+            
+            # Only save cache on main branches (not PRs) to avoid cache pollution
+            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
+              echo "Saving Docker images to cache in parallel..."
+              for image in "${IMAGES[@]}"; do
+                # Convert image name to filename (replace : and / with -)
+                filename=$(echo "$image" | tr ':/' '--')
+                echo "Saving $image..."
+                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
+              done
+              wait
+              echo "Docker image cache saved"
+            else
+              echo "Skipping cache save for PR/feature branch"
+            fi
+          fi
+          
+          echo "Docker images ready for use"
+
+      # Phase 2: Build migrate service with GitHub Actions cache
+      - name: Build migrate Docker image with cache
+        working-directory: autogpt_platform
+        run: |
+          # Build the migrate image with buildx for GHA caching
+          docker buildx build \
+            --cache-from type=gha \
+            --cache-to type=gha,mode=max \
+            --target migrate \
+            --tag autogpt_platform-migrate:latest \
+            --load \
+            -f backend/Dockerfile \
+            ..
+
+      # Start services using pre-built images
+      - name: Start Docker services for development
+        working-directory: autogpt_platform
+        run: |
+          # Start essential services (migrate image already built with correct tag)
+          docker compose --profile local up deps --no-build --detach
+          echo "Waiting for services to be ready..."
+          
+          # Wait for database to be ready
+          echo "Checking database readiness..."
+          timeout 30 sh -c 'until docker compose exec -T db pg_isready -U postgres 2>/dev/null; do 
+            echo "  Waiting for database..."
+            sleep 2
+          done' && echo "✅ Database is ready" || echo "⚠️ Database ready check timeout after 30s, continuing..."
+          
+          # Check migrate service status
+          echo "Checking migration status..."
+          docker compose ps migrate || echo "  Migrate service not visible in ps output"
+          
+          # Wait for migrate service to complete
+          echo "Waiting for migrations to complete..."
+          timeout 30 bash -c '
+            ATTEMPTS=0
+            while [ $ATTEMPTS -lt 15 ]; do
+              ATTEMPTS=$((ATTEMPTS + 1))
+              
+              # Check using docker directly (more reliable than docker compose ps)
+              CONTAINER_STATUS=$(docker ps -a --filter "label=com.docker.compose.service=migrate" --format "{{.Status}}" | head -1)
+              
+              if [ -z "$CONTAINER_STATUS" ]; then
+                echo "  Attempt $ATTEMPTS: Migrate container not found yet..."
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited (0)"; then
+                echo "✅ Migrations completed successfully"
+                docker compose logs migrate --tail=5 2>/dev/null || true
+                exit 0
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited ([1-9]"; then
+                EXIT_CODE=$(echo "$CONTAINER_STATUS" | grep -oE "Exited \([0-9]+\)" | grep -oE "[0-9]+")
+                echo "❌ Migrations failed with exit code: $EXIT_CODE"
+                echo "Migration logs:"
+                docker compose logs migrate --tail=20 2>/dev/null || true
+                exit 1
+              elif echo "$CONTAINER_STATUS" | grep -q "Up"; then
+                echo "  Attempt $ATTEMPTS: Migrate container is running... ($CONTAINER_STATUS)"
+              else
+                echo "  Attempt $ATTEMPTS: Migrate container status: $CONTAINER_STATUS"
+              fi
+              
+              sleep 2
+            done
+            
+            echo "⚠️ Timeout: Could not determine migration status after 30 seconds"
+            echo "Final container check:"
+            docker ps -a --filter "label=com.docker.compose.service=migrate" || true
+            echo "Migration logs (if available):"
+            docker compose logs migrate --tail=10 2>/dev/null || echo "  No logs available"
+          ' || echo "⚠️ Migration check completed with warnings, continuing..."
+          
+          # Brief wait for other services to stabilize
+          echo "Waiting 5 seconds for other services to stabilize..."
+          sleep 5
+
+      # Verify installations and provide environment info
+      - name: Verify setup and show environment info
+        run: |
+          echo "=== Python Setup ==="
+          python --version
+          poetry --version
+          
+          echo "=== Node.js Setup ==="
+          node --version
+          pnpm --version
+          
+          echo "=== Additional Tools ==="
+          docker --version
+          docker compose version
+          gh --version || true
+          
+          echo "=== Services Status ==="
+          cd autogpt_platform
+          docker compose ps || true
+          
+          echo "=== Backend Dependencies ==="
+          cd backend
+          poetry show | head -10 || true
+          
+          echo "=== Frontend Dependencies ==="
+          cd ../frontend
+          pnpm list --depth=0 | head -10 || true
+          
+          echo "=== Environment Files ==="
+          ls -la ../.env* || true
+          ls -la .env* || true
+          ls -la ../backend/.env* || true
+          
+          echo "✅ AutoGPT Platform development environment setup complete!"
+          echo "🚀 Ready for development with Docker services running"
+          echo "📝 Backend server: poetry run serve (port 8000)"
+          echo "🌐 Frontend server: pnpm dev (port 3000)"
+
+
+      - name: Run Claude Dependabot Analysis
+        id: claude_review
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_args: |
+            --allowedTools "Bash(npm:*),Bash(pnpm:*),Bash(poetry:*),Bash(git:*),Edit,Replace,NotebookEditCell,mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*)"
+          prompt: |
+            You are Claude, an AI assistant specialized in reviewing Dependabot dependency update PRs. 
+            
+            Your primary tasks are:
+            1. **Analyze the dependency changes** in this Dependabot PR
+            2. **Look up changelogs** for all updated dependencies to understand what changed
+            3. **Identify breaking changes** and assess potential impact on the AutoGPT codebase
+            4. **Provide actionable recommendations** for the development team
+            
+            ## Analysis Process:
+            
+            1. **Identify Changed Dependencies**: 
+               - Use git diff to see what dependencies were updated
+               - Parse package.json, poetry.lock, requirements files, etc.
+               - List all package versions: old → new
+            
+            2. **Changelog Research**:
+               - For each updated dependency, look up its changelog/release notes
+               - Use WebFetch to access GitHub releases, NPM package pages, PyPI project pages. The pr should also have some details
+               - Focus on versions between the old and new versions
+               - Identify: breaking changes, deprecations, security fixes, new features
+            
+            3. **Breaking Change Assessment**:
+               - Categorize changes: BREAKING, MAJOR, MINOR, PATCH, SECURITY
+               - Assess impact on AutoGPT's usage patterns
+               - Check if AutoGPT uses affected APIs/features
+               - Look for migration guides or upgrade instructions
+            
+            4. **Codebase Impact Analysis**:
+               - Search the AutoGPT codebase for usage of changed APIs
+               - Identify files that might be affected by breaking changes
+               - Check test files for deprecated usage patterns
+               - Look for configuration changes needed
+            
+            ## Output Format:
+            
+            Provide a comprehensive review comment with:
+            
+            ### 🔍 Dependency Analysis Summary
+            - List of updated packages with version changes
+            - Overall risk assessment (LOW/MEDIUM/HIGH)
+            
+            ### 📋 Detailed Changelog Review
+            For each updated dependency:
+            - **Package**: name (old_version → new_version)
+            - **Changes**: Summary of key changes
+            - **Breaking Changes**: List any breaking changes
+            - **Security Fixes**: Note security improvements
+            - **Migration Notes**: Any upgrade steps needed
+            
+            ### ⚠️ Impact Assessment
+            - **Breaking Changes Found**: Yes/No with details
+            - **Affected Files**: List AutoGPT files that may need updates
+            - **Test Impact**: Any tests that may need updating
+            - **Configuration Changes**: Required config updates
+            
+            ### 🛠️ Recommendations
+            - **Action Required**: What the team should do
+            - **Testing Focus**: Areas to test thoroughly
+            - **Follow-up Tasks**: Any additional work needed
+            - **Merge Recommendation**: APPROVE/REVIEW_NEEDED/HOLD
+            
+            ### 📚 Useful Links
+            - Links to relevant changelogs, migration guides, documentation
+            
+            Be thorough but concise. Focus on actionable insights that help the development team make informed decisions about the dependency updates.

.github/workflows/claude.yml

@@ -0,0 +1,325 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (
+        (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+        (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+        (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+        (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+      ) && (
+        github.event.comment.author_association == 'OWNER' ||
+        github.event.comment.author_association == 'MEMBER' ||
+        github.event.comment.author_association == 'COLLABORATOR' ||
+        github.event.review.author_association == 'OWNER' ||
+        github.event.review.author_association == 'MEMBER' ||
+        github.event.review.author_association == 'COLLABORATOR' ||
+        github.event.issue.author_association == 'OWNER' ||
+        github.event.issue.author_association == 'MEMBER' ||
+        github.event.issue.author_association == 'COLLABORATOR'
+      )
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    permissions:
+      contents: write
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for CI access
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      # Backend Python/Poetry setup (mirrors platform-backend-ci.yml)
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"  # Use standard version matching CI
+
+      - name: Set up Python dependency cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pypoetry
+          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
+
+      - name: Install Poetry
+        run: |
+          # Extract Poetry version from backend/poetry.lock (matches CI)
+          cd autogpt_platform/backend
+          HEAD_POETRY_VERSION=$(python3 ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
+          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
+          
+          # Install Poetry
+          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
+          
+          # Add Poetry to PATH
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Check poetry.lock
+        working-directory: autogpt_platform/backend
+        run: |
+          poetry lock
+          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
+            echo "Warning: poetry.lock not up to date, but continuing for setup"
+            git checkout poetry.lock  # Reset for clean setup
+          fi
+
+      - name: Install Python dependencies
+        working-directory: autogpt_platform/backend
+        run: poetry install
+
+      - name: Generate Prisma Client
+        working-directory: autogpt_platform/backend
+        run: poetry run prisma generate
+
+      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Set pnpm store directory
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+          echo "PNPM_HOME=$HOME/.pnpm-store" >> $GITHUB_ENV
+
+      - name: Cache frontend dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install JavaScript dependencies
+        working-directory: autogpt_platform/frontend
+        run: pnpm install --frozen-lockfile
+
+      # Install Playwright browsers for frontend testing
+      # NOTE: Disabled to save ~1 minute of setup time. Re-enable if Copilot needs browser automation (e.g., for MCP)
+      # - name: Install Playwright browsers
+      #   working-directory: autogpt_platform/frontend
+      #   run: pnpm playwright install --with-deps chromium
+
+      # Docker setup for development environment
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Copy default environment files
+        working-directory: autogpt_platform
+        run: |
+          # Copy default environment files for development
+          cp .env.default .env
+          cp backend/.env.default backend/.env
+          cp frontend/.env.default frontend/.env
+
+      # Phase 1: Cache and load Docker images for faster setup
+      - name: Set up Docker image cache
+        id: docker-cache
+        uses: actions/cache@v4
+        with:
+          path: ~/docker-cache
+          # Use a versioned key for cache invalidation when image list changes
+          key: docker-images-v2-${{ runner.os }}-${{ hashFiles('.github/workflows/copilot-setup-steps.yml') }}
+          restore-keys: |
+            docker-images-v2-${{ runner.os }}-
+            docker-images-v1-${{ runner.os }}-
+
+      - name: Load or pull Docker images
+        working-directory: autogpt_platform
+        run: |
+          mkdir -p ~/docker-cache
+          
+          # Define image list for easy maintenance
+          IMAGES=(
+            "redis:latest"
+            "rabbitmq:management"
+            "clamav/clamav-debian:latest"
+            "busybox:latest"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+            "supabase/postgres-meta:v0.86.1"
+            "supabase/studio:20250224-d10db0f"
+          )
+          
+          # Check if any cached tar files exist (more reliable than cache-hit)
+          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
+            echo "Docker cache found, loading images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              # Convert image name to filename (replace : and / with -)
+              filename=$(echo "$image" | tr ':/' '--')
+              if [ -f ~/docker-cache/${filename}.tar ]; then
+                echo "Loading $image..."
+                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
+              fi
+            done
+            wait
+            echo "All cached images loaded"
+          else
+            echo "No Docker cache found, pulling images in parallel..."
+            # Pull all images in parallel
+            for image in "${IMAGES[@]}"; do
+              docker pull "$image" &
+            done
+            wait
+            
+            # Only save cache on main branches (not PRs) to avoid cache pollution
+            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
+              echo "Saving Docker images to cache in parallel..."
+              for image in "${IMAGES[@]}"; do
+                # Convert image name to filename (replace : and / with -)
+                filename=$(echo "$image" | tr ':/' '--')
+                echo "Saving $image..."
+                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
+              done
+              wait
+              echo "Docker image cache saved"
+            else
+              echo "Skipping cache save for PR/feature branch"
+            fi
+          fi
+          
+          echo "Docker images ready for use"
+
+      # Phase 2: Build migrate service with GitHub Actions cache
+      - name: Build migrate Docker image with cache
+        working-directory: autogpt_platform
+        run: |
+          # Build the migrate image with buildx for GHA caching
+          docker buildx build \
+            --cache-from type=gha \
+            --cache-to type=gha,mode=max \
+            --target migrate \
+            --tag autogpt_platform-migrate:latest \
+            --load \
+            -f backend/Dockerfile \
+            ..
+
+      # Start services using pre-built images
+      - name: Start Docker services for development
+        working-directory: autogpt_platform
+        run: |
+          # Start essential services (migrate image already built with correct tag)
+          docker compose --profile local up deps --no-build --detach
+          echo "Waiting for services to be ready..."
+          
+          # Wait for database to be ready
+          echo "Checking database readiness..."
+          timeout 30 sh -c 'until docker compose exec -T db pg_isready -U postgres 2>/dev/null; do 
+            echo "  Waiting for database..."
+            sleep 2
+          done' && echo "✅ Database is ready" || echo "⚠️ Database ready check timeout after 30s, continuing..."
+          
+          # Check migrate service status
+          echo "Checking migration status..."
+          docker compose ps migrate || echo "  Migrate service not visible in ps output"
+          
+          # Wait for migrate service to complete
+          echo "Waiting for migrations to complete..."
+          timeout 30 bash -c '
+            ATTEMPTS=0
+            while [ $ATTEMPTS -lt 15 ]; do
+              ATTEMPTS=$((ATTEMPTS + 1))
+              
+              # Check using docker directly (more reliable than docker compose ps)
+              CONTAINER_STATUS=$(docker ps -a --filter "label=com.docker.compose.service=migrate" --format "{{.Status}}" | head -1)
+              
+              if [ -z "$CONTAINER_STATUS" ]; then
+                echo "  Attempt $ATTEMPTS: Migrate container not found yet..."
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited (0)"; then
+                echo "✅ Migrations completed successfully"
+                docker compose logs migrate --tail=5 2>/dev/null || true
+                exit 0
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited ([1-9]"; then
+                EXIT_CODE=$(echo "$CONTAINER_STATUS" | grep -oE "Exited \([0-9]+\)" | grep -oE "[0-9]+")
+                echo "❌ Migrations failed with exit code: $EXIT_CODE"
+                echo "Migration logs:"
+                docker compose logs migrate --tail=20 2>/dev/null || true
+                exit 1
+              elif echo "$CONTAINER_STATUS" | grep -q "Up"; then
+                echo "  Attempt $ATTEMPTS: Migrate container is running... ($CONTAINER_STATUS)"
+              else
+                echo "  Attempt $ATTEMPTS: Migrate container status: $CONTAINER_STATUS"
+              fi
+              
+              sleep 2
+            done
+            
+            echo "⚠️ Timeout: Could not determine migration status after 30 seconds"
+            echo "Final container check:"
+            docker ps -a --filter "label=com.docker.compose.service=migrate" || true
+            echo "Migration logs (if available):"
+            docker compose logs migrate --tail=10 2>/dev/null || echo "  No logs available"
+          ' || echo "⚠️ Migration check completed with warnings, continuing..."
+          
+          # Brief wait for other services to stabilize
+          echo "Waiting 5 seconds for other services to stabilize..."
+          sleep 5
+
+      # Verify installations and provide environment info
+      - name: Verify setup and show environment info
+        run: |
+          echo "=== Python Setup ==="
+          python --version
+          poetry --version
+          
+          echo "=== Node.js Setup ==="
+          node --version
+          pnpm --version
+          
+          echo "=== Additional Tools ==="
+          docker --version
+          docker compose version
+          gh --version || true
+          
+          echo "=== Services Status ==="
+          cd autogpt_platform
+          docker compose ps || true
+          
+          echo "=== Backend Dependencies ==="
+          cd backend
+          poetry show | head -10 || true
+          
+          echo "=== Frontend Dependencies ==="
+          cd ../frontend
+          pnpm list --depth=0 | head -10 || true
+          
+          echo "=== Environment Files ==="
+          ls -la ../.env* || true
+          ls -la .env* || true
+          ls -la ../backend/.env* || true
+          
+          echo "✅ AutoGPT Platform development environment setup complete!"
+          echo "🚀 Ready for development with Docker services running"
+          echo "📝 Backend server: poetry run serve (port 8000)"
+          echo "🌐 Frontend server: pnpm dev (port 3000)"
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_args: |
+            --allowedTools "Bash(npm:*),Bash(pnpm:*),Bash(poetry:*),Bash(git:*),Edit,Replace,NotebookEditCell,mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*), Bash(gh pr edit:*)"
+            --model opus
+          additional_permissions: |
+            actions: read

.github/workflows/codeql.yml

@@ -0,0 +1,98 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "release-*", "dev" ]
+  pull_request:
+    branches: [ "master", "release-*", "dev" ]
+  merge_group:
+  schedule:
+    - cron: '15 4 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: typescript
+          build-mode: none
+        - language: python
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        config: |
+          paths-ignore:
+            - classic/frontend/build/**
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/copilot-setup-steps.yml

@@ -0,0 +1,302 @@
+name: "Copilot Setup Steps"
+
+# Automatically run the setup steps when they are changed to allow for easy validation, and
+# allow manual testing through the repository's "Actions" tab
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+  pull_request:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+  # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot.
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    # Set the permissions to the lowest permissions possible needed for your steps.
+    # Copilot will be given its own token for its operations.
+    permissions:
+      # If you want to clone the repository as part of your setup steps, for example to install dependencies, you'll need the `contents: read` permission. If you don't clone the repository in your setup steps, Copilot will do this for you automatically after the steps complete.
+      contents: read
+
+    # You can define any steps you want, and they will run before the agent starts.
+    # If you do not check out your code, Copilot will do this for you.
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      # Backend Python/Poetry setup (mirrors platform-backend-ci.yml)
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"  # Use standard version matching CI
+
+      - name: Set up Python dependency cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pypoetry
+          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
+
+      - name: Install Poetry
+        run: |
+          # Extract Poetry version from backend/poetry.lock (matches CI)
+          cd autogpt_platform/backend
+          HEAD_POETRY_VERSION=$(python3 ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
+          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
+          
+          # Install Poetry
+          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
+          
+          # Add Poetry to PATH
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Check poetry.lock
+        working-directory: autogpt_platform/backend
+        run: |
+          poetry lock
+          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
+            echo "Warning: poetry.lock not up to date, but continuing for setup"
+            git checkout poetry.lock  # Reset for clean setup
+          fi
+
+      - name: Install Python dependencies
+        working-directory: autogpt_platform/backend
+        run: poetry install
+
+      - name: Generate Prisma Client
+        working-directory: autogpt_platform/backend
+        run: poetry run prisma generate
+
+      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Set pnpm store directory
+        run: |
+          pnpm config set store-dir ~/.pnpm-store
+          echo "PNPM_HOME=$HOME/.pnpm-store" >> $GITHUB_ENV
+
+      - name: Cache frontend dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install JavaScript dependencies
+        working-directory: autogpt_platform/frontend
+        run: pnpm install --frozen-lockfile
+
+      # Install Playwright browsers for frontend testing
+      # NOTE: Disabled to save ~1 minute of setup time. Re-enable if Copilot needs browser automation (e.g., for MCP)
+      # - name: Install Playwright browsers
+      #   working-directory: autogpt_platform/frontend
+      #   run: pnpm playwright install --with-deps chromium
+
+      # Docker setup for development environment
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Copy default environment files
+        working-directory: autogpt_platform
+        run: |
+          # Copy default environment files for development
+          cp .env.default .env
+          cp backend/.env.default backend/.env
+          cp frontend/.env.default frontend/.env
+
+      # Phase 1: Cache and load Docker images for faster setup
+      - name: Set up Docker image cache
+        id: docker-cache
+        uses: actions/cache@v4
+        with:
+          path: ~/docker-cache
+          # Use a versioned key for cache invalidation when image list changes
+          key: docker-images-v2-${{ runner.os }}-${{ hashFiles('.github/workflows/copilot-setup-steps.yml') }}
+          restore-keys: |
+            docker-images-v2-${{ runner.os }}-
+            docker-images-v1-${{ runner.os }}-
+
+      - name: Load or pull Docker images
+        working-directory: autogpt_platform
+        run: |
+          mkdir -p ~/docker-cache
+          
+          # Define image list for easy maintenance
+          IMAGES=(
+            "redis:latest"
+            "rabbitmq:management"
+            "clamav/clamav-debian:latest"
+            "busybox:latest"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+            "supabase/postgres-meta:v0.86.1"
+            "supabase/studio:20250224-d10db0f"
+          )
+          
+          # Check if any cached tar files exist (more reliable than cache-hit)
+          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
+            echo "Docker cache found, loading images in parallel..."
+            for image in "${IMAGES[@]}"; do
+              # Convert image name to filename (replace : and / with -)
+              filename=$(echo "$image" | tr ':/' '--')
+              if [ -f ~/docker-cache/${filename}.tar ]; then
+                echo "Loading $image..."
+                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
+              fi
+            done
+            wait
+            echo "All cached images loaded"
+          else
+            echo "No Docker cache found, pulling images in parallel..."
+            # Pull all images in parallel
+            for image in "${IMAGES[@]}"; do
+              docker pull "$image" &
+            done
+            wait
+            
+            # Only save cache on main branches (not PRs) to avoid cache pollution
+            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
+              echo "Saving Docker images to cache in parallel..."
+              for image in "${IMAGES[@]}"; do
+                # Convert image name to filename (replace : and / with -)
+                filename=$(echo "$image" | tr ':/' '--')
+                echo "Saving $image..."
+                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
+              done
+              wait
+              echo "Docker image cache saved"
+            else
+              echo "Skipping cache save for PR/feature branch"
+            fi
+          fi
+          
+          echo "Docker images ready for use"
+
+      # Phase 2: Build migrate service with GitHub Actions cache
+      - name: Build migrate Docker image with cache
+        working-directory: autogpt_platform
+        run: |
+          # Build the migrate image with buildx for GHA caching
+          docker buildx build \
+            --cache-from type=gha \
+            --cache-to type=gha,mode=max \
+            --target migrate \
+            --tag autogpt_platform-migrate:latest \
+            --load \
+            -f backend/Dockerfile \
+            ..
+
+      # Start services using pre-built images
+      - name: Start Docker services for development
+        working-directory: autogpt_platform
+        run: |
+          # Start essential services (migrate image already built with correct tag)
+          docker compose --profile local up deps --no-build --detach
+          echo "Waiting for services to be ready..."
+          
+          # Wait for database to be ready
+          echo "Checking database readiness..."
+          timeout 30 sh -c 'until docker compose exec -T db pg_isready -U postgres 2>/dev/null; do 
+            echo "  Waiting for database..."
+            sleep 2
+          done' && echo "✅ Database is ready" || echo "⚠️ Database ready check timeout after 30s, continuing..."
+          
+          # Check migrate service status
+          echo "Checking migration status..."
+          docker compose ps migrate || echo "  Migrate service not visible in ps output"
+          
+          # Wait for migrate service to complete
+          echo "Waiting for migrations to complete..."
+          timeout 30 bash -c '
+            ATTEMPTS=0
+            while [ $ATTEMPTS -lt 15 ]; do
+              ATTEMPTS=$((ATTEMPTS + 1))
+              
+              # Check using docker directly (more reliable than docker compose ps)
+              CONTAINER_STATUS=$(docker ps -a --filter "label=com.docker.compose.service=migrate" --format "{{.Status}}" | head -1)
+              
+              if [ -z "$CONTAINER_STATUS" ]; then
+                echo "  Attempt $ATTEMPTS: Migrate container not found yet..."
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited (0)"; then
+                echo "✅ Migrations completed successfully"
+                docker compose logs migrate --tail=5 2>/dev/null || true
+                exit 0
+              elif echo "$CONTAINER_STATUS" | grep -q "Exited ([1-9]"; then
+                EXIT_CODE=$(echo "$CONTAINER_STATUS" | grep -oE "Exited \([0-9]+\)" | grep -oE "[0-9]+")
+                echo "❌ Migrations failed with exit code: $EXIT_CODE"
+                echo "Migration logs:"
+                docker compose logs migrate --tail=20 2>/dev/null || true
+                exit 1
+              elif echo "$CONTAINER_STATUS" | grep -q "Up"; then
+                echo "  Attempt $ATTEMPTS: Migrate container is running... ($CONTAINER_STATUS)"
+              else
+                echo "  Attempt $ATTEMPTS: Migrate container status: $CONTAINER_STATUS"
+              fi
+              
+              sleep 2
+            done
+            
+            echo "⚠️ Timeout: Could not determine migration status after 30 seconds"
+            echo "Final container check:"
+            docker ps -a --filter "label=com.docker.compose.service=migrate" || true
+            echo "Migration logs (if available):"
+            docker compose logs migrate --tail=10 2>/dev/null || echo "  No logs available"
+          ' || echo "⚠️ Migration check completed with warnings, continuing..."
+          
+          # Brief wait for other services to stabilize
+          echo "Waiting 5 seconds for other services to stabilize..."
+          sleep 5
+
+      # Verify installations and provide environment info
+      - name: Verify setup and show environment info
+        run: |
+          echo "=== Python Setup ==="
+          python --version
+          poetry --version
+          
+          echo "=== Node.js Setup ==="
+          node --version
+          pnpm --version
+          
+          echo "=== Additional Tools ==="
+          docker --version
+          docker compose version
+          gh --version || true
+          
+          echo "=== Services Status ==="
+          cd autogpt_platform
+          docker compose ps || true
+          
+          echo "=== Backend Dependencies ==="
+          cd backend
+          poetry show | head -10 || true
+          
+          echo "=== Frontend Dependencies ==="
+          cd ../frontend
+          pnpm list --depth=0 | head -10 || true
+          
+          echo "=== Environment Files ==="
+          ls -la ../.env* || true
+          ls -la .env* || true
+          ls -la ../backend/.env* || true
+          
+          echo "✅ AutoGPT Platform development environment setup complete!"
+          echo "🚀 Ready for development with Docker services running"
+          echo "📝 Backend server: poetry run serve (port 8000)"
+          echo "🌐 Frontend server: pnpm dev (port 3000)"

.github/workflows/frontend-ci.yml

@@ -1,60 +0,0 @@
-name: Frontend CI/CD
-
-on:
-  push:
-    branches:
-      - master
-      - development
-      - 'ci-test*' # This will match any branch that starts with "ci-test"
-    paths:
-      - 'frontend/**'
-      - '.github/workflows/frontend-ci.yml'
-  pull_request:
-    paths:
-      - 'frontend/**'
-      - '.github/workflows/frontend-ci.yml'
-
-jobs:
-  build:
-    permissions:
-      contents: write
-      pull-requests: write
-    runs-on: ubuntu-latest
-    env:
-      BUILD_BRANCH: ${{ format('frontend-build/{0}', github.ref_name) }}
-
-    steps:
-    - name: Checkout Repo
-      uses: actions/checkout@v4
-
-    - name: Setup Flutter
-      uses: subosito/flutter-action@v2
-      with:
-        flutter-version: '3.13.2'
-
-    - name: Build Flutter to Web
-      run: |
-        cd frontend
-        flutter build web --base-href /app/
-
-    # - name: Commit and Push to ${{ env.BUILD_BRANCH }}
-    #   if: github.event_name == 'push'
-    #   run: |
-    #     git config --local user.email "action@github.com"
-    #     git config --local user.name "GitHub Action"
-    #     git add frontend/build/web
-    #     git checkout -B ${{ env.BUILD_BRANCH }}
-    #     git commit -m "Update frontend build to ${GITHUB_SHA:0:7}" -a
-    #     git push -f origin ${{ env.BUILD_BRANCH }}
-
-    - name: Create PR ${{ env.BUILD_BRANCH }} -> ${{ github.ref_name }}
-      if: github.event_name == 'push'
-      uses: peter-evans/create-pull-request@v6
-      with:
-        add-paths: frontend/build/web
-        base: ${{ github.ref_name }}
-        branch: ${{ env.BUILD_BRANCH }}
-        delete-branch: true
-        title: "Update frontend build in `${{ github.ref_name }}`"
-        body: "This PR updates the frontend build based on commit ${{ github.sha }}."
-        commit-message: "Update frontend build based on commit ${{ github.sha }}"

.github/workflows/hackathon.yml

@@ -1,133 +0,0 @@
-name: Hackathon
-
-on:
-  workflow_dispatch:
-    inputs:
-      agents:
-        description: "Agents to run (comma-separated)"
-        required: false
-        default: "autogpt" # Default agents if none are specified
-
-jobs:
-  matrix-setup:
-    runs-on: ubuntu-latest
-    # Service containers to run with `matrix-setup`
-    services:
-      # Label used to access the service container
-      postgres:
-        # Docker Hub image
-        image: postgres
-        # Provide the password for postgres
-        env:
-          POSTGRES_PASSWORD: postgres
-        # Set health checks to wait until postgres has started
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          # Maps tcp port 5432 on service container to the host
-          - 5432:5432
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-      env-name: ${{ steps.set-matrix.outputs.env-name }}
-    steps:
-      - id: set-matrix
-        run: |
-          if [ "${{ github.event_name }}" == "schedule" ]; then
-            echo "::set-output name=env-name::production"
-            echo "::set-output name=matrix::[ 'irrelevant']"
-          elif [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
-            IFS=',' read -ra matrix_array <<< "${{ github.event.inputs.agents }}"
-            matrix_string="[ \"$(echo "${matrix_array[@]}" | sed 's/ /", "/g')\" ]"
-            echo "::set-output name=env-name::production"
-            echo "::set-output name=matrix::$matrix_string"
-          else
-            echo "::set-output name=env-name::testing"
-            echo "::set-output name=matrix::[ 'irrelevant' ]"
-          fi
-
-  tests:
-    environment:
-      name: "${{ needs.matrix-setup.outputs.env-name }}"
-    needs: matrix-setup
-    env:
-      min-python-version: "3.10"
-    name: "${{ matrix.agent-name }}"
-    runs-on: ubuntu-latest
-    services:
-      # Label used to access the service container
-      postgres:
-        # Docker Hub image
-        image: postgres
-        # Provide the password for postgres
-        env:
-          POSTGRES_PASSWORD: postgres
-        # Set health checks to wait until postgres has started
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          # Maps tcp port 5432 on service container to the host
-          - 5432:5432
-    timeout-minutes: 50
-    strategy:
-      fail-fast: false
-      matrix:
-        agent-name: ${{fromJson(needs.matrix-setup.outputs.matrix)}}
-    steps:
-      - name: Print Environment Name
-        run: |
-          echo "Matrix Setup Environment Name: ${{ needs.matrix-setup.outputs.env-name }}"
-
-      - name: Check Docker Container
-        id: check
-        run: docker ps
-
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: true
-
-      - name: Set up Python ${{ env.min-python-version }}
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ env.min-python-version }}
-
-      - id: get_date
-        name: Get date
-        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
-
-      - name: Install Poetry
-        run: |
-          curl -sSL https://install.python-poetry.org | python -
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: v18.15
-
-      - name: Run benchmark
-        run: |
-          link=$(jq -r '.["github_repo_url"]' arena/$AGENT_NAME.json)
-          branch=$(jq -r '.["branch_to_benchmark"]' arena/$AGENT_NAME.json)
-          git clone "$link" -b "$branch" "$AGENT_NAME"
-          cd $AGENT_NAME
-          cp ./$AGENT_NAME/.env.example ./$AGENT_NAME/.env || echo "file not found"
-          ./run agent start $AGENT_NAME
-          cd ../benchmark
-          poetry install
-          poetry run agbenchmark --no-dep
-        env:
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          SERP_API_KEY: ${{ secrets.SERP_API_KEY }}
-          SERPAPI_API_KEY: ${{ secrets.SERP_API_KEY }}
-          WEAVIATE_API_KEY: ${{ secrets.WEAVIATE_API_KEY }}
-          WEAVIATE_URL: ${{ secrets.WEAVIATE_URL }}
-          GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-          GOOGLE_CUSTOM_SEARCH_ENGINE_ID: ${{ secrets.GOOGLE_CUSTOM_SEARCH_ENGINE_ID }}
-          AGENT_NAME: ${{ matrix.agent-name }}

.github/workflows/platform-autogpt-deploy-dev.yaml

@@ -0,0 +1,60 @@
+name: AutoGPT Platform - Deploy Dev Environment
+
+on:
+  push:
+    branches: [ dev ]
+    paths:
+      - 'autogpt_platform/**'
+  workflow_dispatch:
+    inputs:
+      git_ref:
+        description: 'Git ref (branch/tag) of AutoGPT to deploy'
+        required: true
+        default: 'master'
+        type: string
+
+permissions:
+  contents: 'read'
+  id-token: 'write'
+
+jobs:
+  migrate:
+    environment: develop
+    name: Run migrations for AutoGPT Platform
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.git_ref || github.ref_name }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install Python dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install prisma
+
+      - name: Run Backend Migrations
+        working-directory: ./autogpt_platform/backend
+        run: |
+          python -m prisma migrate deploy
+        env:
+          DATABASE_URL: ${{ secrets.BACKEND_DATABASE_URL }}
+          DIRECT_URL: ${{ secrets.BACKEND_DATABASE_URL }}
+
+  trigger:
+    needs: migrate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger deploy workflow
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.DEPLOY_TOKEN }}
+          repository: Significant-Gravitas/AutoGPT_cloud_infrastructure
+          event-type: build_deploy_dev
+          client-payload: '{"ref": "${{ github.event.inputs.git_ref || github.ref }}", "repository": "${{ github.repository }}"}'

.github/workflows/platform-autogpt-deploy-prod.yml

@@ -0,0 +1,54 @@
+name: AutoGPT Platform - Deploy Prod Environment
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+permissions:
+  contents: 'read'
+  id-token: 'write'
+
+jobs:
+  migrate:
+    environment: production
+    name: Run migrations for AutoGPT Platform
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name || 'master' }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install Python dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install prisma
+
+      - name: Run Backend Migrations
+        working-directory: ./autogpt_platform/backend
+        run: |
+          python -m prisma migrate deploy
+        env:
+          DATABASE_URL: ${{ secrets.BACKEND_DATABASE_URL }}
+          DIRECT_URL: ${{ secrets.BACKEND_DATABASE_URL }}
+
+
+  trigger:
+    needs: migrate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger deploy workflow
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.DEPLOY_TOKEN }}
+          repository: Significant-Gravitas/AutoGPT_cloud_infrastructure
+          event-type: build_deploy_prod
+          client-payload: |
+            {"ref": "${{ github.ref_name || 'master' }}", "repository": "${{ github.repository }}"}

.github/workflows/platform-backend-ci.yml

@@ -0,0 +1,225 @@
+name: AutoGPT Platform - Backend CI
+
+on:
+  push:
+    branches: [master, dev, ci-test*]
+    paths:
+      - ".github/workflows/platform-backend-ci.yml"
+      - "autogpt_platform/backend/**"
+      - "autogpt_platform/autogpt_libs/**"
+  pull_request:
+    branches: [master, dev, release-*]
+    paths:
+      - ".github/workflows/platform-backend-ci.yml"
+      - "autogpt_platform/backend/**"
+      - "autogpt_platform/autogpt_libs/**"
+  merge_group:
+
+concurrency:
+  group: ${{ format('backend-ci-{0}', github.head_ref && format('{0}-{1}', github.event_name, github.event.pull_request.number) || github.sha) }}
+  cancel-in-progress: ${{ startsWith(github.event_name, 'pull_request') }}
+
+defaults:
+  run:
+    shell: bash
+    working-directory: autogpt_platform/backend
+
+jobs:
+  test:
+    permissions:
+      contents: read
+    timeout-minutes: 30
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12", "3.13"]
+    runs-on: ubuntu-latest
+
+    services:
+      redis:
+        image: redis:latest
+        ports:
+          - 6379:6379
+      rabbitmq:
+        image: rabbitmq:3.12-management
+        ports:
+          - 5672:5672
+          - 15672:15672
+        env:
+          RABBITMQ_DEFAULT_USER: ${{ env.RABBITMQ_DEFAULT_USER }}
+          RABBITMQ_DEFAULT_PASS: ${{ env.RABBITMQ_DEFAULT_PASS }}
+      clamav:
+        image: clamav/clamav-debian:latest
+        ports:
+          - 3310:3310
+        env:
+          CLAMAV_NO_FRESHCLAMD: false
+          CLAMD_CONF_StreamMaxLength: 50M
+          CLAMD_CONF_MaxFileSize: 100M
+          CLAMD_CONF_MaxScanSize: 100M
+          CLAMD_CONF_MaxThreads: 4
+          CLAMD_CONF_ReadTimeout: 300
+        options: >-
+          --health-cmd "clamdscan --version || exit 1"
+          --health-interval 30s
+          --health-timeout 10s
+          --health-retries 5
+          --health-start-period 180s
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Setup Supabase
+        uses: supabase/setup-cli@v1
+        with:
+          version: 1.178.1
+
+      - id: get_date
+        name: Get date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+      - name: Set up Python dependency cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pypoetry
+          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
+
+      - name: Install Poetry (Unix)
+        run: |
+          # Extract Poetry version from backend/poetry.lock
+          HEAD_POETRY_VERSION=$(python ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
+          echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock"
+
+          if [ -n "$BASE_REF" ]; then
+            BASE_BRANCH=${BASE_REF/refs\/heads\//}
+            BASE_POETRY_VERSION=$((git show "origin/$BASE_BRANCH":./poetry.lock; true) | python ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry -)
+            echo "Found Poetry version ${BASE_POETRY_VERSION} in backend/poetry.lock on ${BASE_REF}"
+            POETRY_VERSION=$(printf '%s\n' "$HEAD_POETRY_VERSION" "$BASE_POETRY_VERSION" | sort -V | tail -n1)
+          else
+            POETRY_VERSION=$HEAD_POETRY_VERSION
+          fi
+          echo "Using Poetry version ${POETRY_VERSION}"
+
+          # Install Poetry
+          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$POETRY_VERSION python3 -
+
+          if [ "${{ runner.os }}" = "macOS" ]; then
+            PATH="$HOME/.local/bin:$PATH"
+            echo "$HOME/.local/bin" >> $GITHUB_PATH
+          fi
+        env:
+          BASE_REF: ${{ github.base_ref || github.event.merge_group.base_ref }}
+
+      - name: Check poetry.lock
+        run: |
+          poetry lock
+
+          if ! git diff --quiet --ignore-matching-lines="^# " poetry.lock; then
+            echo "Error: poetry.lock not up to date."
+            echo
+            git diff poetry.lock
+            exit 1
+          fi
+
+      - name: Install Python dependencies
+        run: poetry install
+
+      - name: Generate Prisma Client
+        run: poetry run prisma generate
+
+      - id: supabase
+        name: Start Supabase
+        working-directory: .
+        run: |
+          supabase init
+          supabase start --exclude postgres-meta,realtime,storage-api,imgproxy,inbucket,studio,edge-runtime,logflare,vector,supavisor
+          supabase status -o env | sed 's/="/=/; s/"$//' >> $GITHUB_OUTPUT
+        # outputs:
+        # DB_URL, API_URL, GRAPHQL_URL, ANON_KEY, SERVICE_ROLE_KEY, JWT_SECRET
+
+      - name: Wait for ClamAV to be ready
+        run: |
+          echo "Waiting for ClamAV daemon to start..."
+          max_attempts=60
+          attempt=0
+          
+          until nc -z localhost 3310 || [ $attempt -eq $max_attempts ]; do
+            echo "ClamAV is unavailable - sleeping (attempt $((attempt+1))/$max_attempts)"
+            sleep 5
+            attempt=$((attempt+1))
+          done
+          
+          if [ $attempt -eq $max_attempts ]; then
+            echo "ClamAV failed to start after $((max_attempts*5)) seconds"
+            echo "Checking ClamAV service logs..."
+            docker logs $(docker ps -q --filter "ancestor=clamav/clamav-debian:latest") 2>&1 | tail -50 || echo "No ClamAV container found"
+            exit 1
+          fi
+          
+          echo "ClamAV is ready!"
+          
+          # Verify ClamAV is responsive
+          echo "Testing ClamAV connection..."
+          timeout 10 bash -c 'echo "PING" | nc localhost 3310' || {
+            echo "ClamAV is not responding to PING"
+            docker logs $(docker ps -q --filter "ancestor=clamav/clamav-debian:latest") 2>&1 | tail -50 || echo "No ClamAV container found"
+            exit 1
+          }
+
+      - name: Run Database Migrations
+        run: poetry run prisma migrate dev --name updates
+        env:
+          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
+          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
+
+      - id: lint
+        name: Run Linter
+        run: poetry run lint
+
+      - name: Run pytest with coverage
+        run: |
+          if [[ "${{ runner.debug }}" == "1" ]]; then
+            poetry run pytest -s -vv -o log_cli=true -o log_cli_level=DEBUG
+          else
+            poetry run pytest -s -vv
+          fi
+        if: success() || (failure() && steps.lint.outcome == 'failure')
+        env:
+          LOG_LEVEL: ${{ runner.debug && 'DEBUG' || 'INFO' }}
+          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
+          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
+          SUPABASE_URL: ${{ steps.supabase.outputs.API_URL }}
+          SUPABASE_SERVICE_ROLE_KEY: ${{ steps.supabase.outputs.SERVICE_ROLE_KEY }}
+          JWT_VERIFY_KEY: ${{ steps.supabase.outputs.JWT_SECRET }}
+          REDIS_HOST: "localhost"
+          REDIS_PORT: "6379"
+          ENCRYPTION_KEY: "dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw=" # DO NOT USE IN PRODUCTION!!
+
+    env:
+      CI: true
+      PLAIN_OUTPUT: True
+      RUN_ENV: local
+      PORT: 8080
+      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      # We know these are here, don't report this as a security vulnerability
+      # This is used as the default credential for the entire system's RabbitMQ instance
+      # If you want to replace this, you can do so by making our entire system generate
+      # new credentials for each local user and update the environment variables in
+      # the backend service, docker composes, and examples
+      RABBITMQ_DEFAULT_USER: "rabbitmq_user_default"
+      RABBITMQ_DEFAULT_PASS: "k0VMxyIJF9S35f3x2uaw5IWAl6Y536O7"
+
+      # - name: Upload coverage reports to Codecov
+      #   uses: codecov/codecov-action@v4
+      #   with:
+      #     token: ${{ secrets.CODECOV_TOKEN }}
+      #     flags: backend,${{ runner.os }}

.github/workflows/platform-dev-deploy-event-dispatcher.yml

@@ -0,0 +1,198 @@
+name: AutoGPT Platform - Dev Deploy PR Event Dispatcher
+
+on:
+  pull_request:
+    types: [closed]
+  issue_comment:
+    types: [created]
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check comment permissions and deployment status
+        id: check_status
+        if: github.event_name == 'issue_comment' && github.event.issue.pull_request
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const commentBody = context.payload.comment.body.trim();
+            const commentUser = context.payload.comment.user.login;
+            const prAuthor = context.payload.issue.user.login;
+            const authorAssociation = context.payload.comment.author_association;
+            
+            // Check permissions
+            const hasPermission = (
+              authorAssociation === 'OWNER' ||
+              authorAssociation === 'MEMBER' ||
+              authorAssociation === 'COLLABORATOR'
+            );
+            
+            core.setOutput('comment_body', commentBody);
+            core.setOutput('has_permission', hasPermission);
+            
+            if (!hasPermission && (commentBody === '!deploy' || commentBody === '!undeploy')) {
+              core.setOutput('permission_denied', 'true');
+              return;
+            }
+            
+            if (commentBody !== '!deploy' && commentBody !== '!undeploy') {
+              return;
+            }
+            
+            // Process deploy command
+            if (commentBody === '!deploy') {
+              core.setOutput('should_deploy', 'true');
+            }
+            // Process undeploy command
+            else if (commentBody === '!undeploy') {
+              core.setOutput('should_undeploy', 'true');
+            }
+
+      - name: Post permission denied comment
+        if: steps.check_status.outputs.permission_denied == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: `❌ **Permission denied**: Only the repository owners, members, or collaborators can use deployment commands.`
+            });
+
+      - name: Get PR details for deployment
+        id: pr_details
+        if: steps.check_status.outputs.should_deploy == 'true' || steps.check_status.outputs.should_undeploy == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const pr = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.issue.number
+            });
+            core.setOutput('pr_number', pr.data.number);
+            core.setOutput('pr_title', pr.data.title);
+            core.setOutput('pr_state', pr.data.state);
+          
+      - name: Dispatch Deploy Event
+        if: steps.check_status.outputs.should_deploy == 'true'
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.DISPATCH_TOKEN }}
+          repository: Significant-Gravitas/AutoGPT_cloud_infrastructure
+          event-type: pr-event
+          client-payload: |
+            {
+              "action": "deploy",
+              "pr_number": "${{ steps.pr_details.outputs.pr_number }}",
+              "pr_title": "${{ steps.pr_details.outputs.pr_title }}",
+              "pr_state": "${{ steps.pr_details.outputs.pr_state }}",
+              "repo": "${{ github.repository }}"
+            }
+
+      - name: Post deploy success comment
+        if: steps.check_status.outputs.should_deploy == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: `🚀 **Deploying PR #${{ steps.pr_details.outputs.pr_number }}** to development environment...`
+            });
+
+      - name: Dispatch Undeploy Event (from comment)
+        if: steps.check_status.outputs.should_undeploy == 'true'
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.DISPATCH_TOKEN }}
+          repository: Significant-Gravitas/AutoGPT_cloud_infrastructure
+          event-type: pr-event
+          client-payload: |
+            {
+              "action": "undeploy",
+              "pr_number": "${{ steps.pr_details.outputs.pr_number }}",
+              "pr_title": "${{ steps.pr_details.outputs.pr_title }}",
+              "pr_state": "${{ steps.pr_details.outputs.pr_state }}",
+              "repo": "${{ github.repository }}"
+            }
+
+      - name: Post undeploy success comment
+        if: steps.check_status.outputs.should_undeploy == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: `🗑️ **Undeploying PR #${{ steps.pr_details.outputs.pr_number }}** from development environment...`
+            });
+
+      - name: Check deployment status on PR close
+        id: check_pr_close
+        if: github.event_name == 'pull_request' && github.event.action == 'closed'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const comments = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number
+            });
+            
+            let lastDeployIndex = -1;
+            let lastUndeployIndex = -1;
+            
+            comments.data.forEach((comment, index) => {
+              if (comment.body.trim() === '!deploy') {
+                lastDeployIndex = index;
+              } else if (comment.body.trim() === '!undeploy') {
+                lastUndeployIndex = index;
+              }
+            });
+            
+            // Should undeploy if there's a !deploy without a subsequent !undeploy
+            const shouldUndeploy = lastDeployIndex !== -1 && lastDeployIndex > lastUndeployIndex;
+            core.setOutput('should_undeploy', shouldUndeploy);
+            
+      - name: Dispatch Undeploy Event (PR closed with active deployment)
+        if: >-
+          github.event_name == 'pull_request' &&
+          github.event.action == 'closed' &&
+          steps.check_pr_close.outputs.should_undeploy == 'true'
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.DISPATCH_TOKEN }}
+          repository: Significant-Gravitas/AutoGPT_cloud_infrastructure
+          event-type: pr-event
+          client-payload: |
+            {
+              "action": "undeploy",
+              "pr_number": "${{ github.event.pull_request.number }}",
+              "pr_title": "${{ github.event.pull_request.title }}",
+              "pr_state": "${{ github.event.pull_request.state }}",
+              "repo": "${{ github.repository }}"
+            }
+
+      - name: Post PR close undeploy comment
+        if: >-
+          github.event_name == 'pull_request' &&
+          github.event.action == 'closed' &&
+          steps.check_pr_close.outputs.should_undeploy == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: `🧹 **Auto-undeploying**: PR closed with active deployment. Cleaning up development environment for PR #${{ github.event.pull_request.number }}.`
+            });

.github/workflows/platform-frontend-ci.yml

@@ -0,0 +1,235 @@
+name: AutoGPT Platform - Frontend CI
+
+on:
+  push:
+    branches: [master, dev]
+    paths:
+      - ".github/workflows/platform-frontend-ci.yml"
+      - "autogpt_platform/frontend/**"
+  pull_request:
+    paths:
+      - ".github/workflows/platform-frontend-ci.yml"
+      - "autogpt_platform/frontend/**"
+  merge_group:
+
+defaults:
+  run:
+    shell: bash
+    working-directory: autogpt_platform/frontend
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      cache-key: ${{ steps.cache-key.outputs.key }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Generate cache key
+        id: cache-key
+        run: echo "key=${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}" >> $GITHUB_OUTPUT
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ steps.cache-key.outputs.key }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+  lint:
+    runs-on: ubuntu-latest
+    needs: setup
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Restore dependencies cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ needs.setup.outputs.cache-key }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run lint
+        run: pnpm lint
+
+  chromatic:
+    runs-on: ubuntu-latest
+    needs: setup
+    # Only run on dev branch pushes or PRs targeting dev
+    if: github.ref == 'refs/heads/dev' || github.base_ref == 'dev'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Restore dependencies cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ needs.setup.outputs.cache-key }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run Chromatic
+        uses: chromaui/action@latest
+        with:
+          projectToken: chpt_9e7c1a76478c9c8
+          onlyChanged: true
+          workingDir: autogpt_platform/frontend
+          token: ${{ secrets.GITHUB_TOKEN }}
+          exitOnceUploaded: true
+
+  test:
+    runs-on: big-boi
+    needs: setup
+    strategy:
+      fail-fast: false
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Copy default supabase .env
+        run: |
+          cp ../.env.default ../.env
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-frontend-test-${{ hashFiles('autogpt_platform/docker-compose.yml', 'autogpt_platform/backend/Dockerfile', 'autogpt_platform/backend/pyproject.toml', 'autogpt_platform/backend/poetry.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-frontend-test-
+
+      - name: Run docker compose
+        run: |
+          NEXT_PUBLIC_PW_TEST=true docker compose -f ../docker-compose.yml up -d
+        env:
+          DOCKER_BUILDKIT: 1
+          BUILDX_CACHE_FROM: type=local,src=/tmp/.buildx-cache
+          BUILDX_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          if [ -d "/tmp/.buildx-cache-new" ]; then
+            mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          fi
+
+      - name: Wait for services to be ready
+        run: |
+          echo "Waiting for rest_server to be ready..."
+          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
+          echo "Waiting for database to be ready..."
+          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
+
+      - name: Create E2E test data
+        run: |
+          echo "Creating E2E test data..."
+          # First try to run the script from inside the container
+          if docker compose -f ../docker-compose.yml exec -T rest_server test -f /app/autogpt_platform/backend/test/e2e_test_data.py; then
+            echo "✅ Found e2e_test_data.py in container, running it..."
+            docker compose -f ../docker-compose.yml exec -T rest_server sh -c "cd /app/autogpt_platform && python backend/test/e2e_test_data.py" || {
+              echo "❌ E2E test data creation failed!"
+              docker compose -f ../docker-compose.yml logs --tail=50 rest_server
+              exit 1
+            }
+          else
+            echo "⚠️ e2e_test_data.py not found in container, copying and running..."
+            # Copy the script into the container and run it
+            docker cp ../backend/test/e2e_test_data.py $(docker compose -f ../docker-compose.yml ps -q rest_server):/tmp/e2e_test_data.py || {
+              echo "❌ Failed to copy script to container"
+              exit 1
+            }
+            docker compose -f ../docker-compose.yml exec -T rest_server sh -c "cd /app/autogpt_platform && python /tmp/e2e_test_data.py" || {
+              echo "❌ E2E test data creation failed!"
+              docker compose -f ../docker-compose.yml logs --tail=50 rest_server
+              exit 1
+            }
+          fi
+
+      - name: Restore dependencies cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ needs.setup.outputs.cache-key }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Install Browser 'chromium'
+        run: pnpm playwright install --with-deps chromium
+
+      - name: Run Playwright tests
+        run: pnpm test:no-build
+
+      - name: Upload Playwright artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: playwright-report
+
+      - name: Print Final Docker Compose logs
+        if: always()
+        run: docker compose -f ../docker-compose.yml logs

.github/workflows/platform-fullstack-ci.yml

@@ -0,0 +1,132 @@
+name: AutoGPT Platform - Frontend CI
+
+on:
+  push:
+    branches: [master, dev]
+    paths:
+      - ".github/workflows/platform-fullstack-ci.yml"
+      - "autogpt_platform/**"
+  pull_request:
+    paths:
+      - ".github/workflows/platform-fullstack-ci.yml"
+      - "autogpt_platform/**"
+  merge_group:
+
+defaults:
+  run:
+    shell: bash
+    working-directory: autogpt_platform/frontend
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      cache-key: ${{ steps.cache-key.outputs.key }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Generate cache key
+        id: cache-key
+        run: echo "key=${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}" >> $GITHUB_OUTPUT
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ steps.cache-key.outputs.key }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }}
+            ${{ runner.os }}-pnpm-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+  types:
+    runs-on: ubuntu-latest
+    needs: setup
+    strategy:
+      fail-fast: false
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "21"
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Copy default supabase .env
+        run: |
+          cp ../.env.default ../.env
+
+      - name: Copy backend .env
+        run: |
+          cp ../backend/.env.default ../backend/.env
+
+      - name: Run docker compose
+        run: |
+          docker compose -f ../docker-compose.yml --profile local --profile deps_backend up -d
+
+      - name: Restore dependencies cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.pnpm-store
+          key: ${{ needs.setup.outputs.cache-key }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Setup .env
+        run: cp .env.default .env
+
+      - name: Wait for services to be ready
+        run: |
+          echo "Waiting for rest_server to be ready..."
+          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
+          echo "Waiting for database to be ready..."
+          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
+
+      - name: Generate API queries
+        run: pnpm generate:api:force
+
+      - name: Check for API schema changes
+        run: |
+          if ! git diff --exit-code src/app/api/openapi.json; then
+            echo "❌ API schema changes detected in src/app/api/openapi.json"
+            echo ""
+            echo "The openapi.json file has been modified after running 'pnpm generate:api-all'."
+            echo "This usually means changes have been made in the BE endpoints without updating the Frontend."
+            echo "The API schema is now out of sync with the Front-end queries."
+            echo ""
+            echo "To fix this:"
+            echo "1. Pull the backend 'docker compose pull && docker compose up -d --build --force-recreate'"
+            echo "2. Run 'pnpm generate:api' locally"
+            echo "3. Run 'pnpm types' locally"
+            echo "4. Fix any TypeScript errors that may have been introduced"
+            echo "5. Commit and push your changes"
+            echo ""
+            exit 1
+          else
+            echo "✅ No API schema changes detected"
+          fi
+
+      - name: Run Typescript checks
+        run: pnpm types

.github/workflows/repo-close-stale-issues.yml

@@ -1,4 +1,4 @@
-name: 'Close stale issues'
+name: Repo - Close stale issues
 on:
   schedule:
     - cron: '30 1 * * *'
@@ -16,7 +16,7 @@ jobs:
           # operations-per-run: 5000
           stale-issue-message: >
             This issue has automatically been marked as _stale_ because it has not had
-            any activity in the last 50 days. You can _unstale_ it by commenting or
+            any activity in the last 170 days. You can _unstale_ it by commenting or
             removing the label. Otherwise, this issue will be closed in 10 days.
           stale-pr-message: >
             This pull request has automatically been marked as _stale_ because it has
@@ -25,7 +25,7 @@ jobs:
           close-issue-message: >
             This issue was closed automatically because it has been stale for 10 days
             with no activity.
-          days-before-stale: 50
+          days-before-stale: 170
           days-before-close: 10
           # Do not touch meta issues:
           exempt-issue-labels: meta,fridge,project management

.github/workflows/repo-pr-enforce-base-branch.yml

@@ -0,0 +1,21 @@
+name: Repo - Enforce dev as base branch
+on:
+  pull_request_target:
+    branches: [ master ]
+    types: [ opened ]
+
+jobs:
+  check_pr_target:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Check if PR is from dev or hotfix
+        if: ${{ !(startsWith(github.event.pull_request.head.ref, 'hotfix/') || github.event.pull_request.head.ref == 'dev') }}
+        run: |
+          gh pr comment ${{ github.event.number }} --repo "$REPO" \
+            --body $'This PR targets the `master` branch but does not come from `dev` or a `hotfix/*` branch.\n\nAutomatically setting the base branch to `dev`.'
+          gh pr edit ${{ github.event.number }} --base dev --repo "$REPO"
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          REPO: ${{ github.repository }}

.github/workflows/repo-pr-label.yml

@@ -1,12 +1,12 @@
-name: "Pull Request auto-label"
+name: Repo - Pull Request auto-label
 
 on:
   # So that PRs touching the same files as the push are updated
   push:
-    branches: [ master, development, release-* ]
+    branches: [ master, dev, release-* ]
     paths-ignore:
-      - 'forge/tests/vcr_cassettes'
-      - 'benchmark/reports/**'
+      - 'classic/forge/tests/vcr_cassettes'
+      - 'classic/benchmark/reports/**'
   # So that the `dirtyLabel` is removed if conflicts are resolve
   # We recommend `pull_request_target` so that github secrets are available.
   # In `pull_request` we wouldn't be able to change labels of fork PRs

.github/workflows/repo-stats.yml

@@ -1,4 +1,4 @@
-name: github-repo-stats
+name: Repo - Github Stats
 
 on:
   schedule:

.github/workflows/repo-workflow-checker.yml

@@ -1,7 +1,8 @@
-name: PR Status Checker
+name: Repo - PR Status Checker
 on:
   pull_request:
     types: [opened, synchronize, reopened]
+  merge_group:
 
 jobs:
   status-check:
@@ -26,6 +27,6 @@ jobs:
           echo "Current directory before running Python script:"
           pwd
           echo "Attempting to run Python script:"
-          python check_actions_status.py
+          python .github/workflows/scripts/check_actions_status.py
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/scripts/check_actions_status.py

@@ -5,6 +5,8 @@ import sys
 import time
 from typing import Dict, List, Tuple
 
+CHECK_INTERVAL = 30
+
 
 def get_environment_variables() -> Tuple[str, str, str, str, str]:
     """Retrieve and return necessary environment variables."""
@@ -12,7 +14,11 @@ def get_environment_variables() -> Tuple[str, str, str, str, str]:
         with open(os.environ["GITHUB_EVENT_PATH"]) as f:
             event = json.load(f)
 
-        sha = event["pull_request"]["head"]["sha"]
+        # Handle both PR and merge group events
+        if "pull_request" in event:
+            sha = event["pull_request"]["head"]["sha"]
+        else:
+            sha = os.environ["GITHUB_SHA"]
 
         return (
             os.environ["GITHUB_API_URL"],
@@ -93,9 +99,10 @@ def main():
             break
 
         print(
-            "Some check runs are still in progress. Waiting 3 minutes before checking again..."
+            "Some check runs are still in progress. "
+            f"Waiting {CHECK_INTERVAL} seconds before checking again..."
         )
-        time.sleep(180)
+        time.sleep(CHECK_INTERVAL)
 
     if all_others_passed:
         print("All other completed check runs have passed. This check passes.")

.github/workflows/scripts/get_package_version_from_lockfile.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+import sys
+
+if sys.version_info < (3, 11):
+    print("Python version 3.11 or higher required")
+    sys.exit(1)
+
+import tomllib
+
+
+def get_package_version(package_name: str, lockfile_path: str) -> str | None:
+    """Extract package version from poetry.lock file."""
+    try:
+        if lockfile_path == "-":
+            data = tomllib.load(sys.stdin.buffer)
+        else:
+            with open(lockfile_path, "rb") as f:
+                data = tomllib.load(f)
+    except FileNotFoundError:
+        print(f"Error: File '{lockfile_path}' not found", file=sys.stderr)
+        sys.exit(1)
+    except tomllib.TOMLDecodeError as e:
+        print(f"Error parsing TOML file: {e}", file=sys.stderr)
+        sys.exit(1)
+    except Exception as e:
+        print(f"Error reading file: {e}", file=sys.stderr)
+        sys.exit(1)
+
+    # Look for the package in the packages list
+    packages = data.get("package", [])
+    for package in packages:
+        if package.get("name", "").lower() == package_name.lower():
+            return package.get("version")
+
+    return None
+
+
+def main():
+    if len(sys.argv) not in (2, 3):
+        print(
+            "Usages: python get_package_version_from_lockfile.py <package name> [poetry.lock path]\n"
+            "        cat poetry.lock | python get_package_version_from_lockfile.py <package name> -",
+            file=sys.stderr,
+        )
+        sys.exit(1)
+
+    package_name = sys.argv[1]
+    lockfile_path = sys.argv[2] if len(sys.argv) == 3 else "poetry.lock"
+
+    version = get_package_version(package_name, lockfile_path)
+
+    if version:
+        print(version)
+    else:
+        print(f"Package '{package_name}' not found in {lockfile_path}", file=sys.stderr)
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()

.gitignore

@@ -1,10 +1,12 @@
 ## Original ignores
 .github_access_token
-autogpt/keys.py
-autogpt/*.json
+classic/original_autogpt/keys.py
+classic/original_autogpt/*.json
 auto_gpt_workspace/*
 *.mpeg
 .env
+# Root .env files
+/.env
 azure.yaml
 .vscode
 .idea/*
@@ -121,7 +123,6 @@ celerybeat.pid
 
 # Environments
 .direnv/
-.env
 .venv
 env/
 venv*/
@@ -157,7 +158,7 @@ openai/
 CURRENT_BULLETIN.md
 
 # AgBenchmark
-agbenchmark/reports/
+classic/benchmark/agbenchmark/reports/
 
 # Nodejs
 package-lock.json
@@ -165,9 +166,15 @@ package-lock.json
 
 # Allow for locally private items
 # private
-pri* 
+pri*
 # ignore
 ig*
 .github_access_token
 LICENSE.rtf
-rnd/autogpt_server/settings.py
+autogpt_platform/backend/settings.py
+/.auth
+/autogpt_platform/frontend/.auth
+
+*.ign.*
+.test-contents
+.claude/settings.local.json

.gitmodules

@@ -1,3 +1,3 @@
-[submodule "forge/tests/vcr_cassettes"]
-	path = forge/tests/vcr_cassettes
+[submodule "classic/forge/tests/vcr_cassettes"]
+	path = classic/forge/tests/vcr_cassettes
 	url = https://github.com/Significant-Gravitas/Auto-GPT-test-cassettes

.pr_agent.toml

@@ -1,6 +1,3 @@
-[pr_reviewer]
-num_code_suggestions=0
-
 [pr_code_suggestions]
 commitable_code_suggestions=false
 num_code_suggestions=0

.pre-commit-config.yaml

@@ -10,39 +10,142 @@ repos:
       - id: check-symlinks
       - id: debug-statements
 
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        name: Detect secrets
+        description: Detects high entropy strings that are likely to be passwords.
+        files: ^autogpt_platform/
+        stages: [pre-push]
+
+  - repo: local
+    # For proper type checking, all dependencies need to be up-to-date.
+    # It's also a good idea to check that poetry.lock is consistent with pyproject.toml.
+    hooks:
+      - id: poetry-install
+        name: Check & Install dependencies - AutoGPT Platform - Backend
+        alias: poetry-install-platform-backend
+        entry: poetry -C autogpt_platform/backend install
+        # include autogpt_libs source (since it's a path dependency)
+        files: ^autogpt_platform/(backend|autogpt_libs)/poetry\.lock$
+        types: [file]
+        language: system
+        pass_filenames: false
+
+      - id: poetry-install
+        name: Check & Install dependencies - AutoGPT Platform - Libs
+        alias: poetry-install-platform-libs
+        entry: poetry -C autogpt_platform/autogpt_libs install
+        files: ^autogpt_platform/autogpt_libs/poetry\.lock$
+        types: [file]
+        language: system
+        pass_filenames: false
+
+      - id: poetry-install
+        name: Check & Install dependencies - Classic - AutoGPT
+        alias: poetry-install-classic-autogpt
+        entry: poetry -C classic/original_autogpt install
+        # include forge source (since it's a path dependency)
+        files: ^classic/(original_autogpt|forge)/poetry\.lock$
+        types: [file]
+        language: system
+        pass_filenames: false
+
+      - id: poetry-install
+        name: Check & Install dependencies - Classic - Forge
+        alias: poetry-install-classic-forge
+        entry: poetry -C classic/forge install
+        files: ^classic/forge/poetry\.lock$
+        types: [file]
+        language: system
+        pass_filenames: false
+
+      - id: poetry-install
+        name: Check & Install dependencies - Classic - Benchmark
+        alias: poetry-install-classic-benchmark
+        entry: poetry -C classic/benchmark install
+        files: ^classic/benchmark/poetry\.lock$
+        types: [file]
+        language: system
+        pass_filenames: false
+
+  - repo: local
+    # For proper type checking, Prisma client must be up-to-date.
+    hooks:
+      - id: prisma-generate
+        name: Prisma Generate - AutoGPT Platform - Backend
+        alias: prisma-generate-platform-backend
+        entry: bash -c 'cd autogpt_platform/backend && poetry run prisma generate'
+        # include everything that triggers poetry install + the prisma schema
+        files: ^autogpt_platform/((backend|autogpt_libs)/poetry\.lock|backend/schema.prisma)$
+        types: [file]
+        language: system
+        pass_filenames: false
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.7.2
+    hooks:
+      - id: ruff
+        name: Lint (Ruff) - AutoGPT Platform - Backend
+        alias: ruff-lint-platform-backend
+        files: ^autogpt_platform/backend/
+        args: [--fix]
+
+      - id: ruff
+        name: Lint (Ruff) - AutoGPT Platform - Libs
+        alias: ruff-lint-platform-libs
+        files: ^autogpt_platform/autogpt_libs/
+        args: [--fix]
+
+      - id: ruff-format
+        name: Format (Ruff) - AutoGPT Platform - Libs
+        alias: ruff-lint-platform-libs
+        files: ^autogpt_platform/autogpt_libs/
+
   - repo: local
     # isort needs the context of which packages are installed to function, so we
     # can't use a vendored isort pre-commit hook (which runs in its own isolated venv).
     hooks:
-      - id: isort-autogpt
-        name: Lint (isort) - AutoGPT
-        entry: poetry -C autogpt run isort
-        files: ^autogpt/
+      - id: isort
+        name: Lint (isort) - AutoGPT Platform - Backend
+        alias: isort-platform-backend
+        entry: poetry -P autogpt_platform/backend run isort -p backend
+        files: ^autogpt_platform/backend/
         types: [file, python]
         language: system
 
-      - id: isort-forge
-        name: Lint (isort) - Forge
-        entry: poetry -C forge run isort
-        files: ^forge/
+      - id: isort
+        name: Lint (isort) - Classic - AutoGPT
+        alias: isort-classic-autogpt
+        entry: poetry -P classic/original_autogpt run isort -p autogpt
+        files: ^classic/original_autogpt/
         types: [file, python]
         language: system
 
-      - id: isort-benchmark
-        name: Lint (isort) - Benchmark
-        entry: poetry -C benchmark run isort
-        files: ^benchmark/
+      - id: isort
+        name: Lint (isort) - Classic - Forge
+        alias: isort-classic-forge
+        entry: poetry -P classic/forge run isort -p forge
+        files: ^classic/forge/
+        types: [file, python]
+        language: system
+
+      - id: isort
+        name: Lint (isort) - Classic - Benchmark
+        alias: isort-classic-benchmark
+        entry: poetry -P classic/benchmark run isort -p agbenchmark
+        files: ^classic/benchmark/
         types: [file, python]
         language: system
 
   - repo: https://github.com/psf/black
-    rev: 23.12.1
+    rev: 24.10.0
     # Black has sensible defaults, doesn't need package context, and ignores
     # everything in .gitignore, so it works fine without any config or arguments.
     hooks:
       - id: black
-        name: Lint (Black)
-        language_version: python3.10
+        name: Format (Black)
 
   - repo: https://github.com/PyCQA/flake8
     rev: 7.0.0
@@ -50,78 +153,126 @@ repos:
     # them separately.
     hooks:
       - id: flake8
-        name: Lint (Flake8) - AutoGPT
-        alias: flake8-autogpt
-        files: ^autogpt/(autogpt|scripts|tests)/
-        args: [--config=autogpt/.flake8]
+        name: Lint (Flake8) - Classic - AutoGPT
+        alias: flake8-classic-autogpt
+        files: ^classic/original_autogpt/(autogpt|scripts|tests)/
+        args: [--config=classic/original_autogpt/.flake8]
 
       - id: flake8
-        name: Lint (Flake8) - Forge
-        alias: flake8-forge
-        files: ^forge/(forge|tests)/
-        args: [--config=forge/.flake8]
+        name: Lint (Flake8) - Classic - Forge
+        alias: flake8-classic-forge
+        files: ^classic/forge/(forge|tests)/
+        args: [--config=classic/forge/.flake8]
 
       - id: flake8
-        name: Lint (Flake8) - Benchmark
-        alias: flake8-benchmark
-        files: ^benchmark/(agbenchmark|tests)/((?!reports).)*[/.]
-        args: [--config=benchmark/.flake8]
+        name: Lint (Flake8) - Classic - Benchmark
+        alias: flake8-classic-benchmark
+        files: ^classic/benchmark/(agbenchmark|tests)/((?!reports).)*[/.]
+        args: [--config=classic/benchmark/.flake8]
+
+  - repo: local
+    hooks:
+      - id: prettier
+        name: Format (Prettier) - AutoGPT Platform - Frontend
+        alias: format-platform-frontend
+        entry: bash -c 'cd autogpt_platform/frontend && npx prettier --write $(echo "$@" | sed "s|autogpt_platform/frontend/||g")' --
+        files: ^autogpt_platform/frontend/
+        types: [file]
+        language: system
 
   - repo: local
     # To have watertight type checking, we check *all* the files in an affected
     # project. To trigger on poetry.lock we also reset the file `types` filter.
     hooks:
       - id: pyright
-        name: Typecheck - AutoGPT
-        alias: pyright-autogpt
-        entry: poetry -C autogpt run pyright
-        args: [-p, autogpt, autogpt]
+        name: Typecheck - AutoGPT Platform - Backend
+        alias: pyright-platform-backend
+        entry: poetry -C autogpt_platform/backend run pyright
         # include forge source (since it's a path dependency) but exclude *_test.py files:
-        files: ^(autogpt/((autogpt|scripts|tests)/|poetry\.lock$)|forge/(forge/.*(?<!_test)\.py|poetry\.lock)$)
+        files: ^autogpt_platform/(backend/((backend|test)/|(\w+\.py|poetry\.lock)$)|autogpt_libs/(autogpt_libs/.*(?<!_test)\.py|poetry\.lock)$)
         types: [file]
         language: system
         pass_filenames: false
 
       - id: pyright
-        name: Typecheck - Forge
-        alias: pyright-forge
-        entry: poetry -C forge run pyright
-        args: [-p, forge, forge]
-        files: ^forge/(forge/|poetry\.lock$)
+        name: Typecheck - AutoGPT Platform - Libs
+        alias: pyright-platform-libs
+        entry: poetry -C autogpt_platform/autogpt_libs run pyright
+        files: ^autogpt_platform/autogpt_libs/(autogpt_libs/|poetry\.lock$)
         types: [file]
         language: system
         pass_filenames: false
 
       - id: pyright
-        name: Typecheck - Benchmark
-        alias: pyright-benchmark
-        entry: poetry -C benchmark run pyright
-        args: [-p, benchmark, benchmark]
-        files: ^benchmark/(agbenchmark/|tests/|poetry\.lock$)
+        name: Typecheck - Classic - AutoGPT
+        alias: pyright-classic-autogpt
+        entry: poetry -C classic/original_autogpt run pyright
+        # include forge source (since it's a path dependency) but exclude *_test.py files:
+        files: ^(classic/original_autogpt/((autogpt|scripts|tests)/|poetry\.lock$)|classic/forge/(forge/.*(?<!_test)\.py|poetry\.lock)$)
+        types: [file]
+        language: system
+        pass_filenames: false
+
+      - id: pyright
+        name: Typecheck - Classic - Forge
+        alias: pyright-classic-forge
+        entry: poetry -C classic/forge run pyright
+        files: ^classic/forge/(forge/|poetry\.lock$)
+        types: [file]
+        language: system
+        pass_filenames: false
+
+      - id: pyright
+        name: Typecheck - Classic - Benchmark
+        alias: pyright-classic-benchmark
+        entry: poetry -C classic/benchmark run pyright
+        files: ^classic/benchmark/(agbenchmark/|tests/|poetry\.lock$)
         types: [file]
         language: system
         pass_filenames: false
 
   - repo: local
     hooks:
-      - id: pytest-autogpt
-        name: Run tests - AutoGPT (excl. slow tests)
-        entry: bash -c 'cd autogpt && poetry run pytest --cov=autogpt -m "not slow" tests/unit tests/integration'
-        # include forge source (since it's a path dependency) but exclude *_test.py files:
-        files: ^(autogpt/((autogpt|tests)/|poetry\.lock$)|forge/(forge/.*(?<!_test)\.py|poetry\.lock)$)
+      - id: tsc
+        name: Typecheck - AutoGPT Platform - Frontend
+        entry: bash -c 'cd autogpt_platform/frontend && pnpm types'
+        files: ^autogpt_platform/frontend/
+        types: [file]
         language: system
         pass_filenames: false
 
-      - id: pytest-forge
-        name: Run tests - Forge (excl. slow tests)
-        entry: bash -c 'cd forge && poetry run pytest --cov=forge -m "not slow"'
-        files: ^forge/(forge/|tests/|poetry\.lock$)
-        language: system
-        pass_filenames: false
+  # - repo: local
+  #   hooks:
+  #     - id: pytest
+  #       name: Run tests - AutoGPT Platform - Backend
+  #       alias: pytest-platform-backend
+  #       entry: bash -c 'cd autogpt_platform/backend && poetry run pytest'
+  #       # include autogpt_libs source (since it's a path dependency) but exclude *_test.py files:
+  #       files: ^autogpt_platform/(backend/((backend|test)/|poetry\.lock$)|autogpt_libs/(autogpt_libs/.*(?<!_test)\.py|poetry\.lock)$)
+  #       language: system
+  #       pass_filenames: false
 
-      - id: pytest-benchmark
-        name: Run tests - Benchmark
-        entry: bash -c 'cd benchmark && poetry run pytest --cov=benchmark'
-        files: ^benchmark/(agbenchmark/|tests/|poetry\.lock$)
-        language: system
-        pass_filenames: false
+  #     - id: pytest
+  #       name: Run tests - Classic - AutoGPT (excl. slow tests)
+  #       alias: pytest-classic-autogpt
+  #       entry: bash -c 'cd classic/original_autogpt && poetry run pytest --cov=autogpt -m "not slow" tests/unit tests/integration'
+  #       # include forge source (since it's a path dependency) but exclude *_test.py files:
+  #       files: ^(classic/original_autogpt/((autogpt|tests)/|poetry\.lock$)|classic/forge/(forge/.*(?<!_test)\.py|poetry\.lock)$)
+  #       language: system
+  #       pass_filenames: false
+
+  #     - id: pytest
+  #       name: Run tests - Classic - Forge (excl. slow tests)
+  #       alias: pytest-classic-forge
+  #       entry: bash -c 'cd classic/forge && poetry run pytest --cov=forge -m "not slow"'
+  #       files: ^classic/forge/(forge/|tests/|poetry\.lock$)
+  #       language: system
+  #       pass_filenames: false
+
+  #     - id: pytest
+  #       name: Run tests - Classic - Benchmark
+  #       alias: pytest-classic-benchmark
+  #       entry: bash -c 'cd classic/benchmark && poetry run pytest --cov=benchmark'
+  #       files: ^classic/benchmark/(agbenchmark/|tests/|poetry\.lock$)
+  #       language: system
+  #       pass_filenames: false

.vscode/all-projects.code-workspace

@@ -1,44 +1,45 @@
 {
   "folders": [
     {
-      "name": "autogpt",
-      "path": "../autogpt"
+      "name": "frontend",
+      "path": "../autogpt_platform/frontend"
     },
     {
-      "name": "benchmark",
-      "path": "../benchmark"
+      "name": "backend",
+      "path": "../autogpt_platform/backend"
+    },
+    {
+      "name": "market",
+      "path": "../autogpt_platform/market"
+    },
+    {
+      "name": "lib",
+      "path": "../autogpt_platform/autogpt_libs"
+    },
+    {
+      "name": "infra",
+      "path": "../autogpt_platform/infra"
     },
     {
       "name": "docs",
       "path": "../docs"
     },
+
     {
-      "name": "forge",
-      "path": "../forge"
+      "name": "classic - autogpt",
+      "path": "../classic/original_autogpt"
     },
     {
-      "name": "frontend",
-      "path": "../frontend"
+      "name": "classic - benchmark",
+      "path": "../classic/benchmark"
     },
     {
-      "name": "autogpt_server",
-      "path": "../rnd/autogpt_server"
+      "name": "classic - forge",
+      "path": "../classic/forge"
     },
     {
-      "name": "autogpt_builder",
-      "path": "../rnd/autogpt_builder"
-    },
-    {
-      "name": "market",
-      "path": "../rnd/market"
-    },
-    {
-      "name": "lib",
-      "path": "../rnd/autogpt_libs"
-    },
-    {
-      "name": "infra",
-      "path": "../rnd/infra"
+      "name": "classic - frontend",
+      "path": "../classic/frontend"
     },
     {
       "name": "[root]",

.vscode/launch.json

@@ -0,0 +1,67 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Frontend: Server Side",
+      "type": "node-terminal",
+      "request": "launch",
+      "cwd": "${workspaceFolder}/autogpt_platform/frontend",
+      "command": "pnpm dev"
+    },
+    {
+      "name": "Frontend: Client Side",
+      "type": "msedge",
+      "request": "launch",
+      "url": "http://localhost:3000"
+    },
+    {
+      "name": "Frontend: Full Stack",
+      "type": "node-terminal",
+
+      "request": "launch",
+      "command": "pnpm dev",
+      "cwd": "${workspaceFolder}/autogpt_platform/frontend",
+      "serverReadyAction": {
+        "pattern": "- Local:.+(https?://.+)",
+        "uriFormat": "%s",
+        "action": "debugWithChrome"
+      }
+    },
+    {
+      "name": "Backend",
+      "type": "debugpy",
+      "request": "launch",
+      "module": "backend.app",
+      "env": {
+        "OBJC_DISABLE_INITIALIZE_FORK_SAFETY": "YES"
+      },
+      "envFile": "${workspaceFolder}/backend/.env",
+      "justMyCode": false,
+      "cwd": "${workspaceFolder}/autogpt_platform/backend"
+    },
+    {
+      "name": "Marketplace",
+      "type": "debugpy",
+      "request": "launch",
+      "module": "autogpt_platform.market.main",
+      "env": {
+        "ENV": "dev"
+      },
+      "envFile": "${workspaceFolder}/market/.env",
+      "justMyCode": false,
+      "cwd": "${workspaceFolder}/market"
+    }
+  ],
+  "compounds": [
+    {
+      "name": "Everything",
+      "configurations": ["Backend", "Frontend: Full Stack"],
+      // "preLaunchTask": "${defaultBuildTask}",
+      "stopAll": true,
+      "presentation": {
+        "hidden": false,
+        "order": 0
+      }
+    }
+  ]
+}

AGENTS.md

@@ -0,0 +1,53 @@
+# AutoGPT Platform Contribution Guide
+
+This guide provides context for Codex when updating the **autogpt_platform** folder.
+
+## Directory overview
+
+- `autogpt_platform/backend` – FastAPI based backend service.
+- `autogpt_platform/autogpt_libs` – Shared Python libraries.
+- `autogpt_platform/frontend` – Next.js + Typescript frontend.
+- `autogpt_platform/docker-compose.yml` – development stack.
+
+See `docs/content/platform/getting-started.md` for setup instructions.
+
+## Code style
+
+- Format Python code with `poetry run format`.
+- Format frontend code using `pnpm format`.
+
+## Testing
+
+- Backend: `poetry run test` (runs pytest with a docker based postgres + prisma).
+- Frontend: `pnpm test` or `pnpm test-ui` for Playwright tests. See `docs/content/platform/contributing/tests.md` for tips.
+
+Always run the relevant linters and tests before committing.
+Use conventional commit messages for all commits (e.g. `feat(backend): add API`).
+  Types:
+    - feat
+    - fix
+    - refactor
+    - ci
+    - dx (developer experience)
+  Scopes:
+    - platform
+      - platform/library
+      - platform/marketplace
+      - backend
+        - backend/executor
+      - frontend
+        - frontend/library
+        - frontend/marketplace
+      - blocks
+
+## Pull requests
+
+- Use the template in `.github/PULL_REQUEST_TEMPLATE.md`.
+- Rely on the pre-commit checks for linting and formatting
+- Fill out the **Changes** section and the checklist.
+- Use conventional commit titles with a scope (e.g. `feat(frontend): add feature`).
+- Keep out-of-scope changes under 20% of the PR.
+- Ensure PR descriptions are complete.
+- For changes touching `data/*.py`, validate user ID checks or explain why not needed.
+- If adding protected frontend routes, update `frontend/lib/supabase/middleware.ts`.
+- Use the linear ticket branch structure if given codex/open-1668-resume-dropped-runs

CONTRIBUTING.md

@@ -2,14 +2,14 @@
 If you are reading this, you are probably looking for the full **[contribution guide]**,
 which is part of our [wiki].
 
-Also check out our [🚀 Roadmap][roadmap] for information about our priorities and associated tasks.
-<!-- You can find our immediate priorities and their progress on our public [kanban board]. -->
-
 [contribution guide]: https://github.com/Significant-Gravitas/AutoGPT/wiki/Contributing
 [wiki]: https://github.com/Significant-Gravitas/AutoGPT/wiki
 [roadmap]: https://github.com/Significant-Gravitas/AutoGPT/discussions/6971
 [kanban board]: https://github.com/orgs/Significant-Gravitas/projects/1
 
+## Contributing to the AutoGPT Platform Folder
+All contributions to [the autogpt_platform folder](https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform) will be under our [Contribution License Agreement](https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/Contributor%20License%20Agreement%20(CLA).md). By making a pull request contributing to this folder, you agree to the terms of our CLA for your contribution. All contributions to other folders will be under the MIT license.
+
 ## In short
 1. Avoid duplicate work, issues, PRs etc.
 2. We encourage you to collaborate with fellow community members on some of our bigger

LICENSE

@@ -1,7 +1,204 @@
+All portions of this repository are under one of two licenses. 
+
+- Everything inside the autogpt_platform folder is under the Polyform Shield License.
+- Everything outside the autogpt_platform folder is under the MIT License. 
+
+More info:
+
+**Polyform Shield License:**
+Code and content within the `autogpt_platform` folder is licensed under the Polyform Shield License. This new project is our in-developlemt platform for building, deploying and managing agents.
+Read more about this effort here: https://agpt.co/blog/introducing-the-autogpt-platform
+
+**MIT License:**
+All other portions of the AutoGPT repository (i.e., everything outside the `autogpt_platform` folder) are licensed under the MIT License. This includes:
+- The Original, stand-alone AutoGPT Agent
+- Forge: https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/forge
+- AG Benchmark: https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/benchmark
+- AutoGPT Classic GUI: https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/frontend.
+
+We also publish additional work under the MIT Licence in other repositories, such as GravitasML (https://github.com/Significant-Gravitas/gravitasml) which is developed for and used in the AutoGPT Platform, and our [Code Ability](https://github.com/Significant-Gravitas/AutoGPT-Code-Ability) project.
+
+Both licences are available to read below:
+
+=====================================================
+-----------------------------------------------------
+=====================================================
+
+# PolyForm Shield License 1.0.0
+
+<https://polyformproject.org/licenses/shield/1.0.0>
+
+## Acceptance
+
+In order to get any license under these terms, you must agree
+to them as both strict obligations and conditions to all
+your licenses.
+
+## Copyright License
+
+The licensor grants you a copyright license for the
+software to do everything you might do with the software
+that would otherwise infringe the licensor's copyright
+in it for any permitted purpose.  However, you may
+only distribute the software according to [Distribution
+License](#distribution-license) and make changes or new works
+based on the software according to [Changes and New Works
+License](#changes-and-new-works-license).
+
+## Distribution License
+
+The licensor grants you an additional copyright license
+to distribute copies of the software.  Your license
+to distribute covers distributing the software with
+changes and new works permitted by [Changes and New Works
+License](#changes-and-new-works-license).
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of
+the software from you also gets a copy of these terms or the
+URL for them above, as well as copies of any plain-text lines
+beginning with `Required Notice:` that the licensor provided
+with the software.  For example:
+
+> Required Notice: Copyright Yoyodyne, Inc. (http://example.com)
+
+## Changes and New Works License
+
+The licensor grants you an additional copyright license to
+make changes and new works based on the software for any
+permitted purpose.
+
+## Patent License
+
+The licensor grants you a patent license for the software that
+covers patent claims the licensor can license, or becomes able
+to license, that you would infringe by using the software.
+
+## Noncompete
+
+Any purpose is a permitted purpose, except for providing any
+product that competes with the software or any product the
+licensor or any of its affiliates provides using the software.
+
+## Competition
+
+Goods and services compete even when they provide functionality
+through different kinds of interfaces or for different technical
+platforms.  Applications can compete with services, libraries
+with plugins, frameworks with development tools, and so on,
+even if they're written in different programming languages
+or for different computer architectures.  Goods and services
+compete even when provided free of charge.  If you market a
+product as a practical substitute for the software or another
+product, it definitely competes.
+
+## New Products
+
+If you are using the software to provide a product that does
+not compete, but the licensor or any of its affiliates brings
+your product into competition by providing a new version of
+the software or another product using the software, you may
+continue using versions of the software available under these
+terms beforehand to provide your competing product, but not
+any later versions.
+
+## Discontinued Products
+
+You may begin using the software to compete with a product
+or service that the licensor or any of its affiliates has
+stopped providing, unless the licensor includes a plain-text
+line beginning with `Licensor Line of Business:` with the
+software that mentions that line of business.  For example:
+
+> Licensor Line of Business: YoyodyneCMS Content Management
+System (http://example.com/cms)
+
+## Sales of Business
+
+If the licensor or any of its affiliates sells a line of
+business developing the software or using the software
+to provide a product, the buyer can also enforce
+[Noncompete](#noncompete) for that product.
+
+## Fair Use
+
+You may have "fair use" rights for the software under the
+law. These terms do not limit them.
+
+## No Other Rights
+
+These terms do not allow you to sublicense or transfer any of
+your licenses to anyone else, or prevent the licensor from
+granting licenses to anyone else.  These terms do not imply
+any other licenses.
+
+## Patent Defense
+
+If you make any written claim that the software infringes or
+contributes to infringement of any patent, your patent license
+for the software granted under these terms ends immediately. If
+your company makes such a claim, your patent license ends
+immediately for work on behalf of your company.
+
+## Violations
+
+The first time you are notified in writing that you have
+violated any of these terms, or done anything with the software
+not covered by your licenses, your licenses can nonetheless
+continue if you come into full compliance with these terms,
+and take practical steps to correct past violations, within
+32 days of receiving notice.  Otherwise, all your licenses
+end immediately.
+
+## No Liability
+
+***As far as the law allows, the software comes as is, without
+any warranty or condition, and the licensor will not be liable
+to you for any damages arising out of these terms or the use
+or nature of the software, under any kind of legal claim.***
+
+## Definitions
+
+The **licensor** is the individual or entity offering these
+terms, and the **software** is the software the licensor makes
+available under these terms.
+
+A **product** can be a good or service, or a combination
+of them.
+
+**You** refers to the individual or entity agreeing to these
+terms.
+
+**Your company** is any legal entity, sole proprietorship,
+or other kind of organization that you work for, plus all
+its affiliates.
+
+**Affiliates** means the other organizations than an
+organization has control over, is under the control of, or is
+under common control with.
+
+**Control** means ownership of substantially all the assets of
+an entity, or the power to direct its management and policies
+by vote, contract, or otherwise.  Control can be direct or
+indirect.
+
+**Your licenses** are all the licenses granted to you for the
+software under these terms.
+
+**Use** means anything you do with the software requiring one
+of your licenses.
+
+=====================================================
+-----------------------------------------------------
+=====================================================
+
 MIT License
 
+
 Copyright (c) 2023 Toran Bruce Richards
 
+
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
@@ -9,9 +206,11 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
+
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 
+
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

README.md

@@ -1,43 +1,139 @@
-# AutoGPT: Build & Use AI Agents
+# AutoGPT: Build, Deploy, and Run AI Agents
 
-[![Discord Follow](https://dcbadge.vercel.app/api/server/autogpt?style=flat)](https://discord.gg/autogpt)  
+[![Discord Follow](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fdiscord.com%2Fapi%2Finvites%2Fautogpt%3Fwith_counts%3Dtrue&query=%24.approximate_member_count&label=total%20members&logo=discord&logoColor=white&color=7289da)](https://discord.gg/autogpt)  
 [![Twitter Follow](https://img.shields.io/twitter/follow/Auto_GPT?style=social)](https://twitter.com/Auto_GPT)  
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-**AutoGPT** is a powerful tool that lets you create and run intelligent agents. These agents can perform various tasks automatically, making your life easier.
+<!-- Keep these links. Translations will automatically update with the README. -->
+[Deutsch](https://zdoc.app/de/Significant-Gravitas/AutoGPT) | 
+[Español](https://zdoc.app/es/Significant-Gravitas/AutoGPT) | 
+[français](https://zdoc.app/fr/Significant-Gravitas/AutoGPT) | 
+[日本語](https://zdoc.app/ja/Significant-Gravitas/AutoGPT) | 
+[한국어](https://zdoc.app/ko/Significant-Gravitas/AutoGPT) | 
+[Português](https://zdoc.app/pt/Significant-Gravitas/AutoGPT) | 
+[Русский](https://zdoc.app/ru/Significant-Gravitas/AutoGPT) | 
+[中文](https://zdoc.app/zh/Significant-Gravitas/AutoGPT)
 
-## How to Get Started
+**AutoGPT** is a powerful platform that allows you to create, deploy, and manage continuous AI agents that automate complex workflows. 
 
-https://github.com/user-attachments/assets/8508f4dc-b362-4cab-900f-644964a96cdf
+## Hosting Options 
+   - Download to self-host (Free!)
+   - [Join the Waitlist](https://bit.ly/3ZDijAI) for the cloud-hosted beta (Closed Beta - Public release Coming Soon!)
 
-### 🧱 AutoGPT Builder 
+## How to Self-Host the AutoGPT Platform
+> [!NOTE]
+> Setting up and hosting the AutoGPT Platform yourself is a technical process. 
+> If you'd rather something that just works, we recommend [joining the waitlist](https://bit.ly/3ZDijAI) for the cloud-hosted beta.
 
-The AutoGPT Builder is the frontend. It allows you to design agents using an easy flowchart style. You build your agent by connecting blocks, where each block performs a single action. It's simple and intuitive!
+### System Requirements
 
-[Read this guide](https://docs.agpt.co/server/new_blocks/) to learn how to build your own custom blocks.
+Before proceeding with the installation, ensure your system meets the following requirements:
+
+#### Hardware Requirements
+- CPU: 4+ cores recommended
+- RAM: Minimum 8GB, 16GB recommended
+- Storage: At least 10GB of free space
+
+#### Software Requirements
+- Operating Systems:
+  - Linux (Ubuntu 20.04 or newer recommended)
+  - macOS (10.15 or newer)
+  - Windows 10/11 with WSL2
+- Required Software (with minimum versions):
+  - Docker Engine (20.10.0 or newer)
+  - Docker Compose (2.0.0 or newer)
+  - Git (2.30 or newer)
+  - Node.js (16.x or newer)
+  - npm (8.x or newer)
+  - VSCode (1.60 or newer) or any modern code editor
+
+#### Network Requirements
+- Stable internet connection
+- Access to required ports (will be configured in Docker)
+- Ability to make outbound HTTPS connections
+
+### Updated Setup Instructions:
+We've moved to a fully maintained and regularly updated documentation site.
+
+👉 [Follow the official self-hosting guide here](https://docs.agpt.co/platform/getting-started/)
+
+
+This tutorial assumes you have Docker, VSCode, git and npm installed.
+
+---
+
+#### ⚡ Quick Setup with One-Line Script (Recommended for Local Hosting)
+
+Skip the manual steps and get started in minutes using our automatic setup script.
+
+For macOS/Linux:
+```
+curl -fsSL https://setup.agpt.co/install.sh -o install.sh && bash install.sh
+```
+
+For Windows (PowerShell):
+```
+powershell -c "iwr https://setup.agpt.co/install.bat -o install.bat; ./install.bat"
+```
+
+This will install dependencies, configure Docker, and launch your local instance — all in one go.
+
+### 🧱 AutoGPT Frontend
+
+The AutoGPT frontend is where users interact with our powerful AI automation platform. It offers multiple ways to engage with and leverage our AI agents. This is the interface where you'll bring your AI automation ideas to life:
+
+   **Agent Builder:** For those who want to customize, our intuitive, low-code interface allows you to design and configure your own AI agents. 
+   
+   **Workflow Management:** Build, modify, and optimize your automation workflows with ease. You build your agent by connecting blocks, where each block     performs a single action.
+   
+   **Deployment Controls:** Manage the lifecycle of your agents, from testing to production.
+   
+   **Ready-to-Use Agents:** Don't want to build? Simply select from our library of pre-configured agents and put them to work immediately.
+   
+   **Agent Interaction:** Whether you've built your own or are using pre-configured agents, easily run and interact with them through our user-friendly      interface.
+
+   **Monitoring and Analytics:** Keep track of your agents' performance and gain insights to continually improve your automation processes.
+
+[Read this guide](https://docs.agpt.co/platform/new_blocks/) to learn how to build your own custom blocks.
 
 ### 💽 AutoGPT Server
 
-The AutoGPT Server is the backend. This is where your agents run. Once deployed, agents can be triggered by external sources and can operate continuously.
+The AutoGPT Server is the powerhouse of our platform This is where your agents run. Once deployed, agents can be triggered by external sources and can operate continuously. It contains all the essential components that make AutoGPT run smoothly.
+
+   **Source Code:** The core logic that drives our agents and automation processes.
+   
+   **Infrastructure:** Robust systems that ensure reliable and scalable performance.
+   
+   **Marketplace:** A comprehensive marketplace where you can find and deploy a wide range of pre-built agents.
 
 ### 🐙 Example Agents
 
 Here are two examples of what you can do with AutoGPT:
 
-1. **Reddit Marketing Agent**
-   - This agent reads comments on Reddit.
-   - It looks for people asking about your product.
-   - It then automatically responds to them.
+1. **Generate Viral Videos from Trending Topics**
+   - This agent reads topics on Reddit.
+   - It identifies trending topics.
+   - It then automatically creates a short-form video based on the content. 
 
-2. **YouTube Content Repurposing Agent**
+2. **Identify Top Quotes from Videos for Social Media**
    - This agent subscribes to your YouTube channel.
    - When you post a new video, it transcribes it.
-   - It uses AI to write a search engine optimized blog post.
-   - Then, it publishes this blog post to your Medium account.
+   - It uses AI to identify the most impactful quotes to generate a summary.
+   - Then, it writes a post to automatically publish to your social media. 
 
-These examples show just a glimpse of what you can achieve with AutoGPT!
+These examples show just a glimpse of what you can achieve with AutoGPT! You can create customized workflows to build agents for any use case.
 
 ---
+
+### **License Overview:**
+
+🛡️ **Polyform Shield License:**
+All code and content within the `autogpt_platform` folder is licensed under the Polyform Shield License. This new project is our in-developlemt platform for building, deploying and managing agents.</br>_[Read more about this effort](https://agpt.co/blog/introducing-the-autogpt-platform)_
+
+🦉 **MIT License:**
+All other portions of the AutoGPT repository (i.e., everything outside the `autogpt_platform` folder) are licensed under the MIT License. This includes the original stand-alone AutoGPT Agent, along with projects such as [Forge](https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/forge), [agbenchmark](https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/benchmark) and the [AutoGPT Classic GUI](https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/frontend).</br>We also publish additional work under the MIT Licence in other repositories, such as [GravitasML](https://github.com/Significant-Gravitas/gravitasml) which is developed for and used in the AutoGPT Platform. See also our MIT Licenced [Code Ability](https://github.com/Significant-Gravitas/AutoGPT-Code-Ability) project.
+
+---
+### Mission
 Our mission is to provide the tools, so that you can focus on what matters:
 
 - 🏗️ **Building** - Lay the foundation for something amazing.
@@ -50,20 +146,20 @@ Be part of the revolution! **AutoGPT** is here to stay, at the forefront of AI i
 &ensp;|&ensp;
 **🚀 [Contributing](CONTRIBUTING.md)**
 
-
 ---
 ## 🤖 AutoGPT Classic
 > Below is information about the classic version of AutoGPT.
 
-**🛠️ [Build your own Agent - Quickstart](FORGE-QUICKSTART.md)**
+**🛠️ [Build your own Agent - Quickstart](classic/FORGE-QUICKSTART.md)**
+
 ### 🏗️ Forge
 
-**Forge your own agent!** &ndash; Forge is a ready-to-go template for your agent application. All the boilerplate code is already handled, letting you channel all your creativity into the things that set *your* agent apart. All tutorials are located [here](https://medium.com/@aiedge/autogpt-forge-e3de53cc58ec). Components from the [`forge.sdk`](/forge/forge/sdk) can also be used individually to speed up development and reduce boilerplate in your agent project.
+**Forge your own agent!** &ndash; Forge is a ready-to-go toolkit to build your own agent application. It handles most of the boilerplate code, letting you channel all your creativity into the things that set *your* agent apart. All tutorials are located [here](https://medium.com/@aiedge/autogpt-forge-e3de53cc58ec). Components from [`forge`](/classic/forge/) can also be used individually to speed up development and reduce boilerplate in your agent project.
 
-🚀 [**Getting Started with Forge**](https://github.com/Significant-Gravitas/AutoGPT/blob/master/forge/tutorials/001_getting_started.md) &ndash;
+🚀 [**Getting Started with Forge**](https://github.com/Significant-Gravitas/AutoGPT/blob/master/classic/forge/tutorials/001_getting_started.md) &ndash;
 This guide will walk you through the process of creating your own agent and using the benchmark and user interface.
 
-📘 [Learn More](https://github.com/Significant-Gravitas/AutoGPT/tree/master/forge) about Forge
+📘 [Learn More](https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/forge) about Forge
 
 ### 🎯 Benchmark
 
@@ -73,7 +169,7 @@ This guide will walk you through the process of creating your own agent and usin
 
 📦 [`agbenchmark`](https://pypi.org/project/agbenchmark/) on Pypi
 &ensp;|&ensp;
-📘 [Learn More](https://github.com/Significant-Gravitas/AutoGPT/blob/master/benchmark) about the Benchmark
+📘 [Learn More](https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/benchmark) about the Benchmark
 
 ### 💻 UI
 
@@ -83,7 +179,7 @@ This guide will walk you through the process of creating your own agent and usin
 
 The frontend works out-of-the-box with all agents in the repo. Just use the [CLI] to run your agent of choice!
 
-📘 [Learn More](https://github.com/Significant-Gravitas/AutoGPT/tree/master/frontend) about the Frontend
+📘 [Learn More](https://github.com/Significant-Gravitas/AutoGPT/tree/master/classic/frontend) about the Frontend
 
 ### ⌨️ CLI
 
@@ -112,7 +208,7 @@ Just clone the repo, install dependencies with `./run setup`, and you should be
 
 [![Join us on Discord](https://invidget.switchblade.xyz/autogpt)](https://discord.gg/autogpt)
 
-To report a bug or request a feature, create a [GitHub Issue](https://github.com/Significant-Gravitas/AutoGPT/issues/new/choose). Please ensure someone else hasn’t created an issue for the same topic.
+To report a bug or request a feature, create a [GitHub Issue](https://github.com/Significant-Gravitas/AutoGPT/issues/new/choose). Please ensure someone else hasn't created an issue for the same topic.
 
 ## 🤝 Sister projects
 
@@ -122,6 +218,8 @@ To maintain a uniform standard and ensure seamless compatibility with many curre
 
 ---
 
+## Stars stats
+
 <p align="center">
 <a href="https://star-history.com/#Significant-Gravitas/AutoGPT">
   <picture>
@@ -131,3 +229,10 @@ To maintain a uniform standard and ensure seamless compatibility with many curre
   </picture>
 </a>
 </p>
+
+
+## ⚡ Contributors
+
+<a href="https://github.com/Significant-Gravitas/AutoGPT/graphs/contributors" alt="View Contributors">
+  <img src="https://contrib.rocks/image?repo=Significant-Gravitas/AutoGPT&max=1000&columns=10" alt="Contributors" />
+</a>

SECURITY.md

@@ -1,66 +1,48 @@
 # Security Policy
 
- - [**Using AutoGPT Securely**](#using-AutoGPT-securely)
-   - [Restrict Workspace](#restrict-workspace)
-   - [Untrusted inputs](#untrusted-inputs)
-   - [Data privacy](#data-privacy)
-   - [Untrusted environments or networks](#untrusted-environments-or-networks)
-   - [Multi-Tenant environments](#multi-tenant-environments)
- - [**Reporting a Vulnerability**](#reporting-a-vulnerability)
+## Reporting Security Issues
 
-## Using AutoGPT Securely
+We take the security of our project seriously. If you believe you have found a security vulnerability, please report it to us privately. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
 
-### Restrict Workspace
+> **Important Note**: Any code within the `classic/` folder is considered legacy, unsupported, and out of scope for security reports. We will not address security vulnerabilities in this deprecated code.
 
-Since agents can read and write files, it is important to keep them restricted to a specific workspace. This happens by default *unless* RESTRICT_TO_WORKSPACE is set to False.
+Instead, please report them via:
+- [GitHub Security Advisory](https://github.com/Significant-Gravitas/AutoGPT/security/advisories/new)
+<!--- [Huntr.dev](https://huntr.com/repos/significant-gravitas/autogpt) - where you may be eligible for a bounty-->
 
-Disabling RESTRICT_TO_WORKSPACE can increase security risks. However, if you still need to disable it, consider running AutoGPT inside a [sandbox](https://developers.google.com/code-sandboxing), to mitigate some of these risks.
+### Reporting Process
+1. **Submit Report**: Use one of the above channels to submit your report
+2. **Response Time**: Our team will acknowledge receipt of your report within 14 business days.
+3. **Collaboration**: We will collaborate with you to understand and validate the issue
+4. **Resolution**: We will work on a fix and coordinate the release process
 
-### Untrusted inputs
+### Disclosure Policy
+- Please provide detailed reports with reproducible steps
+- Include the version/commit hash where you discovered the vulnerability
+- Allow us a 90-day security fix window before any public disclosure
+- After patch is released, allow 30 days for users to update before public disclosure (for a total of 120 days max between update time and fix time)
+- Share any potential mitigations or workarounds if known
 
-When handling untrusted inputs, it's crucial to isolate the execution and carefully pre-process inputs to mitigate script injection risks.
+## Supported Versions
+Only the following versions are eligible for security updates:
 
-For maximum security when handling untrusted inputs, you may need to employ the following:
+| Version | Supported |
+|---------|-----------|
+| Latest release on master branch | ✅ |
+| Development commits (pre-master) | ✅ |
+| Classic folder (deprecated) | ❌ |
+| All other versions | ❌ |
 
-* Sandboxing: Isolate the process.
-* Updates: Keep your libraries (including AutoGPT) updated with the latest security patches.
-* Input Sanitation: Before feeding data to the model, sanitize inputs rigorously. This involves techniques such as:
-    * Validation: Enforce strict rules on allowed characters and data types.
-    * Filtering: Remove potentially malicious scripts or code fragments.
-    * Encoding: Convert special characters into safe representations.
-    * Verification: Run tooling that identifies potential script injections (e.g. [models that detect prompt injection attempts](https://python.langchain.com/docs/guides/safety/hugging_face_prompt_injection)). 
+## Security Best Practices
+When using this project:
+1. Always use the latest stable version
+2. Review security advisories before updating
+3. Follow our security documentation and guidelines
+4. Keep your dependencies up to date
+5. Do not use code from the `classic/` folder as it is deprecated and unsupported
 
-### Data privacy
+## Past Security Advisories
+For a list of past security advisories, please visit our [Security Advisory Page](https://github.com/Significant-Gravitas/AutoGPT/security/advisories) and [Huntr Disclosures Page](https://huntr.com/repos/significant-gravitas/autogpt).
 
-To protect sensitive data from potential leaks or unauthorized access, it is crucial to sandbox the agent execution. This means running it in a secure, isolated environment, which helps mitigate many attack vectors.
-
-### Untrusted environments or networks
-
-Since AutoGPT performs network calls to the OpenAI API, it is important to always run it with trusted environments and networks. Running it on untrusted environments can expose your API KEY to attackers.
-Additionally, running it on an untrusted network can expose your data to potential network attacks. 
-
-However, even when running on trusted networks, it is important to always encrypt sensitive data while sending it over the network.
-
-### Multi-Tenant environments
-
-If you intend to run multiple AutoGPT brains in parallel, it is your responsibility to ensure the models do not interact or access each other's data.
-
-The primary areas of concern are tenant isolation, resource allocation, model sharing and hardware attacks.
-
-- Tenant Isolation: you must make sure that the tenants run separately to prevent unwanted access to the data from other tenants. Keeping model network traffic separate is also important because you not only prevent unauthorized access to data, but also prevent malicious users or tenants sending prompts to execute under another tenant’s identity.
-
-- Resource Allocation: a denial of service caused by one tenant can affect the overall system health. Implement safeguards like rate limits, access controls, and health monitoring.
-
-- Data Sharing: in a multi-tenant design with data sharing, ensure tenants and users understand the security risks and sandbox agent execution to mitigate risks.
-
-- Hardware Attacks: the hardware (GPUs or TPUs) can also be attacked. [Research](https://scholar.google.com/scholar?q=gpu+side+channel) has shown that side channel attacks on GPUs are possible, which can make data leak from other brains or processes running on the same system at the same time.
-
-## Reporting a Vulnerability
-
-Beware that none of the topics under [Using AutoGPT Securely](#using-AutoGPT-securely) are considered vulnerabilities on AutoGPT.
-
-However, If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
-
-Please disclose it as a private [security advisory](https://github.com/Significant-Gravitas/AutoGPT/security/advisories/new).
-
-A team of volunteers on a reasonable-effort basis maintains this project. As such, please give us at least 90 days to work on a fix before public exposure.
+---
+Last updated: November 2024

autogpt/.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-  "python.analysis.typeCheckingMode": "basic",
-}

autogpt_platform/.env.default

@@ -0,0 +1,123 @@
+############
+# Secrets
+# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION
+############
+
+POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password
+JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
+ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
+SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
+DASHBOARD_USERNAME=supabase
+DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
+SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
+VAULT_ENC_KEY=your-encryption-key-32-chars-min
+
+
+############
+# Database - You can change these to any PostgreSQL database that has logical replication enabled.
+############
+
+POSTGRES_HOST=db
+POSTGRES_DB=postgres
+POSTGRES_PORT=5432
+# default user is postgres
+
+
+############
+# Supavisor -- Database pooler
+############
+POOLER_PROXY_PORT_TRANSACTION=6543
+POOLER_DEFAULT_POOL_SIZE=20
+POOLER_MAX_CLIENT_CONN=100
+POOLER_TENANT_ID=your-tenant-id
+
+
+############
+# API Proxy - Configuration for the Kong Reverse proxy.
+############
+
+KONG_HTTP_PORT=8000
+KONG_HTTPS_PORT=8443
+
+
+############
+# API - Configuration for PostgREST.
+############
+
+PGRST_DB_SCHEMAS=public,storage,graphql_public
+
+
+############
+# Auth - Configuration for the GoTrue authentication server.
+############
+
+## General
+SITE_URL=http://localhost:3000
+ADDITIONAL_REDIRECT_URLS=
+JWT_EXPIRY=3600
+DISABLE_SIGNUP=false
+API_EXTERNAL_URL=http://localhost:8000
+
+## Mailer Config
+MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
+MAILER_URLPATHS_INVITE="/auth/v1/verify"
+MAILER_URLPATHS_RECOVERY="/auth/v1/verify"
+MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"
+
+## Email auth
+ENABLE_EMAIL_SIGNUP=true
+ENABLE_EMAIL_AUTOCONFIRM=false
+SMTP_ADMIN_EMAIL=admin@example.com
+SMTP_HOST=supabase-mail
+SMTP_PORT=2500
+SMTP_USER=fake_mail_user
+SMTP_PASS=fake_mail_password
+SMTP_SENDER_NAME=fake_sender
+ENABLE_ANONYMOUS_USERS=false
+
+## Phone auth
+ENABLE_PHONE_SIGNUP=true
+ENABLE_PHONE_AUTOCONFIRM=true
+
+
+############
+# Studio - Configuration for the Dashboard
+############
+
+STUDIO_DEFAULT_ORGANIZATION=Default Organization
+STUDIO_DEFAULT_PROJECT=Default Project
+
+STUDIO_PORT=3000
+# replace if you intend to use Studio outside of localhost
+SUPABASE_PUBLIC_URL=http://localhost:8000
+
+# Enable webp support
+IMGPROXY_ENABLE_WEBP_DETECTION=true
+
+# Add your OpenAI API key to enable SQL Editor Assistant
+OPENAI_API_KEY=
+
+
+############
+# Functions - Configuration for Functions
+############
+# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
+FUNCTIONS_VERIFY_JWT=false
+
+
+############
+# Logs - Configuration for Logflare
+# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
+############
+
+LOGFLARE_LOGGER_BACKEND_API_KEY=your-super-secret-and-long-logflare-key
+
+# Change vector.toml sinks to reflect this change
+LOGFLARE_API_KEY=your-super-secret-and-long-logflare-key
+
+# Docker socket location - this value will differ depending on your OS
+DOCKER_SOCKET_LOCATION=/var/run/docker.sock
+
+# Google Cloud Project details
+GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
+GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER

autogpt_platform/.gitignore

@@ -0,0 +1,2 @@
+*.ignore.*
+*.ign.*

autogpt_platform/CLAUDE.md

@@ -0,0 +1,242 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Repository Overview
+
+AutoGPT Platform is a monorepo containing:
+
+- **Backend** (`/backend`): Python FastAPI server with async support
+- **Frontend** (`/frontend`): Next.js React application
+- **Shared Libraries** (`/autogpt_libs`): Common Python utilities
+
+## Essential Commands
+
+### Backend Development
+
+```bash
+# Install dependencies
+cd backend && poetry install
+
+# Run database migrations
+poetry run prisma migrate dev
+
+# Start all services (database, redis, rabbitmq, clamav)
+docker compose up -d
+
+# Run the backend server
+poetry run serve
+
+# Run tests
+poetry run test
+
+# Run specific test
+poetry run pytest path/to/test_file.py::test_function_name
+
+# Run block tests (tests that validate all blocks work correctly)
+poetry run pytest backend/blocks/test/test_block.py -xvs
+
+# Run tests for a specific block (e.g., GetCurrentTimeBlock)
+poetry run pytest 'backend/blocks/test/test_block.py::test_available_blocks[GetCurrentTimeBlock]' -xvs
+
+# Lint and format
+# prefer format if you want to just "fix" it and only get the errors that can't be autofixed
+poetry run format  # Black + isort
+poetry run lint    # ruff
+```
+
+More details can be found in TESTING.md
+
+#### Creating/Updating Snapshots
+
+When you first write a test or when the expected output changes:
+
+```bash
+poetry run pytest path/to/test.py --snapshot-update
+```
+
+⚠️ **Important**: Always review snapshot changes before committing! Use `git diff` to verify the changes are expected.
+
+### Frontend Development
+
+```bash
+# Install dependencies
+cd frontend && pnpm i
+
+# Start development server
+pnpm dev
+
+# Run E2E tests
+pnpm test
+
+# Run Storybook for component development
+pnpm storybook
+
+# Build production
+pnpm build
+
+# Type checking
+pnpm types
+```
+
+We have a components library in autogpt_platform/frontend/src/components/atoms that should be used when adding new pages and components. 
+
+
+## Architecture Overview
+
+### Backend Architecture
+
+- **API Layer**: FastAPI with REST and WebSocket endpoints
+- **Database**: PostgreSQL with Prisma ORM, includes pgvector for embeddings
+- **Queue System**: RabbitMQ for async task processing
+- **Execution Engine**: Separate executor service processes agent workflows
+- **Authentication**: JWT-based with Supabase integration
+- **Security**: Cache protection middleware prevents sensitive data caching in browsers/proxies
+
+### Frontend Architecture
+
+- **Framework**: Next.js App Router with React Server Components
+- **State Management**: React hooks + Supabase client for real-time updates
+- **Workflow Builder**: Visual graph editor using @xyflow/react
+- **UI Components**: Radix UI primitives with Tailwind CSS styling
+- **Feature Flags**: LaunchDarkly integration
+
+### Key Concepts
+
+1. **Agent Graphs**: Workflow definitions stored as JSON, executed by the backend
+2. **Blocks**: Reusable components in `/backend/blocks/` that perform specific tasks
+3. **Integrations**: OAuth and API connections stored per user
+4. **Store**: Marketplace for sharing agent templates
+5. **Virus Scanning**: ClamAV integration for file upload security
+
+### Testing Approach
+
+- Backend uses pytest with snapshot testing for API responses
+- Test files are colocated with source files (`*_test.py`)
+- Frontend uses Playwright for E2E tests
+- Component testing via Storybook
+
+### Database Schema
+
+Key models (defined in `/backend/schema.prisma`):
+
+- `User`: Authentication and profile data
+- `AgentGraph`: Workflow definitions with version control
+- `AgentGraphExecution`: Execution history and results
+- `AgentNode`: Individual nodes in a workflow
+- `StoreListing`: Marketplace listings for sharing agents
+
+### Environment Configuration
+
+#### Configuration Files
+
+- **Backend**: `/backend/.env.default` (defaults) → `/backend/.env` (user overrides)
+- **Frontend**: `/frontend/.env.default` (defaults) → `/frontend/.env` (user overrides)
+- **Platform**: `/.env.default` (Supabase/shared defaults) → `/.env` (user overrides)
+
+#### Docker Environment Loading Order
+
+1. `.env.default` files provide base configuration (tracked in git)
+2. `.env` files provide user-specific overrides (gitignored)
+3. Docker Compose `environment:` sections provide service-specific overrides
+4. Shell environment variables have highest precedence
+
+#### Key Points
+
+- All services use hardcoded defaults in docker-compose files (no `${VARIABLE}` substitutions)
+- The `env_file` directive loads variables INTO containers at runtime
+- Backend/Frontend services use YAML anchors for consistent configuration
+- Supabase services (`db/docker/docker-compose.yml`) follow the same pattern
+
+### Common Development Tasks
+
+**Adding a new block:**
+
+Follow the comprehensive [Block SDK Guide](../../../docs/content/platform/block-sdk-guide.md) which covers:
+- Provider configuration with `ProviderBuilder`
+- Block schema definition
+- Authentication (API keys, OAuth, webhooks)
+- Testing and validation
+- File organization
+
+Quick steps:
+1. Create new file in `/backend/backend/blocks/`
+2. Configure provider using `ProviderBuilder` in `_config.py`
+3. Inherit from `Block` base class
+4. Define input/output schemas using `BlockSchema`
+5. Implement async `run` method
+6. Generate unique block ID using `uuid.uuid4()`
+7. Test with `poetry run pytest backend/blocks/test/test_block.py`
+
+Note: when making many new blocks analyze the interfaces for each of these blocks and picture if they would go well together in a graph based editor or would they struggle to connect productively?
+ex: do the inputs and outputs tie well together?
+
+**Modifying the API:**
+
+1. Update route in `/backend/backend/server/routers/`
+2. Add/update Pydantic models in same directory
+3. Write tests alongside the route file
+4. Run `poetry run test` to verify
+
+**Frontend feature development:**
+
+1. Components go in `/frontend/src/components/`
+2. Use existing UI components from `/frontend/src/components/ui/`
+3. Add Storybook stories for new components
+4. Test with Playwright if user-facing
+
+### Security Implementation
+
+**Cache Protection Middleware:**
+
+- Located in `/backend/backend/server/middleware/security.py`
+- Default behavior: Disables caching for ALL endpoints with `Cache-Control: no-store, no-cache, must-revalidate, private`
+- Uses an allow list approach - only explicitly permitted paths can be cached
+- Cacheable paths include: static assets (`/static/*`, `/_next/static/*`), health checks, public store pages, documentation
+- Prevents sensitive data (auth tokens, API keys, user data) from being cached by browsers/proxies
+- To allow caching for a new endpoint, add it to `CACHEABLE_PATHS` in the middleware
+- Applied to both main API server and external API applications
+
+### Creating Pull Requests
+
+- Create the PR aginst the `dev` branch of the repository.
+- Ensure the branch name is descriptive (e.g., `feature/add-new-block`)/
+- Use conventional commit messages (see below)/
+- Fill out the .github/PULL_REQUEST_TEMPLATE.md template as the PR description/
+- Run the github pre-commit hooks to ensure code quality.
+
+### Reviewing/Revising Pull Requests
+
+- When the user runs /pr-comments or tries to fetch them, also run gh api /repos/Significant-Gravitas/AutoGPT/pulls/[issuenum]/reviews to get the reviews
+- Use gh api /repos/Significant-Gravitas/AutoGPT/pulls/[issuenum]/reviews/[review_id]/comments to get the review contents
+- Use gh api /repos/Significant-Gravitas/AutoGPT/issues/9924/comments to get the pr specific comments
+
+### Conventional Commits
+
+Use this format for commit messages and Pull Request titles:
+
+**Conventional Commit Types:**
+
+- `feat`: Introduces a new feature to the codebase
+- `fix`: Patches a bug in the codebase
+- `refactor`: Code change that neither fixes a bug nor adds a feature; also applies to removing features
+- `ci`: Changes to CI configuration
+- `docs`: Documentation-only changes
+- `dx`: Improvements to the developer experience
+
+**Recommended Base Scopes:**
+
+- `platform`: Changes affecting both frontend and backend
+- `frontend`
+- `backend`
+- `infra`
+- `blocks`: Modifications/additions of individual blocks
+
+**Subscope Examples:**
+
+- `backend/executor`
+- `backend/db`
+- `frontend/builder` (includes changes to the block UI component)
+- `infra/prod`
+
+Use these scopes and subscopes for clarity and consistency in commit messages.

autogpt_platform/Contributor License Agreement (CLA).md

@@ -0,0 +1,21 @@
+**Determinist Ltd** 
+
+**Contributor License Agreement (“Agreement”)**
+
+Thank you for your interest in the AutoGPT open source project at [https://github.com/Significant-Gravitas/AutoGPT](https://github.com/Significant-Gravitas/AutoGPT) stewarded by Determinist Ltd (“**Determinist**”), with offices at 3rd Floor 1 Ashley Road, Altrincham, Cheshire, WA14 2DT, United Kingdom. The form of license below is a document that clarifies the terms under which You, the person listed below, may contribute software code described below (the “**Contribution**”) to the project.  We appreciate your participation in our project, and your help in improving our products, so we want you to understand what will be done with the Contributions.  This license is for your protection as well as the protection of Determinist and its licensees; it does not change your rights to use your own Contributions for any other purpose.        
+
+By submitting a Pull Request which modifies the content of the “autogpt\_platform” folder at [https://github.com/Significant-Gravitas/AutoGPT/tree/master/autogpt\_platform](https://github.com/Significant-Gravitas/AutoGPT/tree/master/autogpt_platform), You hereby agree:  
+
+1\.	**You grant us the ability to use the Contributions in any way**.  You hereby grant to Determinist  a non-exclusive, irrevocable, worldwide, royalty-free, sublicenseable, transferable license under all of Your relevant intellectual property rights (including copyright, patent, and any other rights), to use, copy, prepare derivative works of, distribute and publicly perform and display the Contributions on any licensing terms, including without limitation: (a) open source licenses like the GNU General Public License (GPL), the GNU Lesser General Public License (LGPL), the Common Public License, or the Berkeley Science Division license (BSD); and (b) binary, proprietary, or commercial licenses.
+
+2\. 	**Grant of Patent License**. You hereby grant to Determinist a worldwide, non-exclusive, royalty-free, irrevocable, license, under any rights you may have, now or in the future, in any patents or patent applications, to make, have made, use, offer to sell, sell, and import products containing the Contribution or portions of the Contribution.  This license extends to patent claims that are infringed by the Contribution alone or by combination of the Contribution with other inventions.  
+
+4\. 	**Limitations on Licenses**.  The licenses granted in this Agreement will continue for the duration of the applicable patent or intellectual property right under which such license is granted.   The licenses granted in this Agreement will include the right to grant and authorize sublicenses, so long as the sublicenses are within the scope of the licenses granted in this Agreement.  Except for the licenses granted herein, You reserve all right, title, and interest in and to the Contribution.    
+
+5\. 	**You are able to grant us these rights**.  You represent that You are legally entitled to grant the above license.  If Your employer has rights to intellectual property that You create, You represent that You are authorized to make the Contributions on behalf of that employer, or that Your employer has waived such rights for the Contributions.  
+
+3\.	**The Contributions are your original work**.  You represent that the Contributions are Your original works of authorship, and to Your knowledge, no other person claims, or has the right to claim, any right in any invention or patent related to the Contributions.  You also represent that You are not legally obligated, whether by entering into an agreement or otherwise, in any way that conflicts with the terms of this license.  For example, if you have signed an agreement requiring you to assign the intellectual property rights in the Contributions to an employer or customer, that would conflict with the terms of this license.  
+    
+6\.  **We determine the code that is in our products**.  You understand that the decision to include the Contribution in any product or source repository is entirely that of Determinist, and this agreement does not guarantee that the Contributions will be included in any product. 
+
+7\. **No Implied Warranties.**  Determinist acknowledges that, except as explicitly described in this Agreement, the Contribution is provided on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT   LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.    

autogpt_platform/LICENSE.md

@@ -0,0 +1,164 @@
+# PolyForm Shield License 1.0.0
+
+<https://polyformproject.org/licenses/shield/1.0.0>
+
+## Acceptance
+
+In order to get any license under these terms, you must agree
+to them as both strict obligations and conditions to all
+your licenses.
+
+## Copyright License
+
+The licensor grants you a copyright license for the
+software to do everything you might do with the software
+that would otherwise infringe the licensor's copyright
+in it for any permitted purpose.  However, you may
+only distribute the software according to [Distribution
+License](#distribution-license) and make changes or new works
+based on the software according to [Changes and New Works
+License](#changes-and-new-works-license).
+
+## Distribution License
+
+The licensor grants you an additional copyright license
+to distribute copies of the software.  Your license
+to distribute covers distributing the software with
+changes and new works permitted by [Changes and New Works
+License](#changes-and-new-works-license).
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of
+the software from you also gets a copy of these terms or the
+URL for them above, as well as copies of any plain-text lines
+beginning with `Required Notice:` that the licensor provided
+with the software.  For example:
+
+> Required Notice: Copyright Yoyodyne, Inc. (http://example.com)
+
+## Changes and New Works License
+
+The licensor grants you an additional copyright license to
+make changes and new works based on the software for any
+permitted purpose.
+
+## Patent License
+
+The licensor grants you a patent license for the software that
+covers patent claims the licensor can license, or becomes able
+to license, that you would infringe by using the software.
+
+## Noncompete
+
+Any purpose is a permitted purpose, except for providing any
+product that competes with the software or any product the
+licensor or any of its affiliates provides using the software.
+
+## Competition
+
+Goods and services compete even when they provide functionality
+through different kinds of interfaces or for different technical
+platforms.  Applications can compete with services, libraries
+with plugins, frameworks with development tools, and so on,
+even if they're written in different programming languages
+or for different computer architectures.  Goods and services
+compete even when provided free of charge.  If you market a
+product as a practical substitute for the software or another
+product, it definitely competes.
+
+## New Products
+
+If you are using the software to provide a product that does
+not compete, but the licensor or any of its affiliates brings
+your product into competition by providing a new version of
+the software or another product using the software, you may
+continue using versions of the software available under these
+terms beforehand to provide your competing product, but not
+any later versions.
+
+## Discontinued Products
+
+You may begin using the software to compete with a product
+or service that the licensor or any of its affiliates has
+stopped providing, unless the licensor includes a plain-text
+line beginning with `Licensor Line of Business:` with the
+software that mentions that line of business.  For example:
+
+> Licensor Line of Business: YoyodyneCMS Content Management
+System (http://example.com/cms)
+
+## Sales of Business
+
+If the licensor or any of its affiliates sells a line of
+business developing the software or using the software
+to provide a product, the buyer can also enforce
+[Noncompete](#noncompete) for that product.
+
+## Fair Use
+
+You may have "fair use" rights for the software under the
+law. These terms do not limit them.
+
+## No Other Rights
+
+These terms do not allow you to sublicense or transfer any of
+your licenses to anyone else, or prevent the licensor from
+granting licenses to anyone else.  These terms do not imply
+any other licenses.
+
+## Patent Defense
+
+If you make any written claim that the software infringes or
+contributes to infringement of any patent, your patent license
+for the software granted under these terms ends immediately. If
+your company makes such a claim, your patent license ends
+immediately for work on behalf of your company.
+
+## Violations
+
+The first time you are notified in writing that you have
+violated any of these terms, or done anything with the software
+not covered by your licenses, your licenses can nonetheless
+continue if you come into full compliance with these terms,
+and take practical steps to correct past violations, within
+32 days of receiving notice.  Otherwise, all your licenses
+end immediately.
+
+## No Liability
+
+***As far as the law allows, the software comes as is, without
+any warranty or condition, and the licensor will not be liable
+to you for any damages arising out of these terms or the use
+or nature of the software, under any kind of legal claim.***
+
+## Definitions
+
+The **licensor** is the individual or entity offering these
+terms, and the **software** is the software the licensor makes
+available under these terms.
+
+A **product** can be a good or service, or a combination
+of them.
+
+**You** refers to the individual or entity agreeing to these
+terms.
+
+**Your company** is any legal entity, sole proprietorship,
+or other kind of organization that you work for, plus all
+its affiliates.
+
+**Affiliates** means the other organizations than an
+organization has control over, is under the control of, or is
+under common control with.
+
+**Control** means ownership of substantially all the assets of
+an entity, or the power to direct its management and policies
+by vote, contract, or otherwise.  Control can be direct or
+indirect.
+
+**Your licenses** are all the licenses granted to you for the
+software under these terms.
+
+**Use** means anything you do with the software requiring one
+of your licenses.

autogpt_platform/Makefile

@@ -0,0 +1,47 @@
+.PHONY: start-core stop-core logs-core format lint migrate run-backend run-frontend
+
+# Run just Supabase + Redis + RabbitMQ
+start-core:
+	docker compose up -d deps
+
+# Stop core services
+stop-core:
+	docker compose stop deps
+
+# View logs for core services
+logs-core:
+	docker compose logs -f deps
+
+# Run formatting and linting for backend and frontend
+format:
+	cd backend && poetry run format
+	cd frontend && pnpm format
+	cd frontend && pnpm lint
+
+init-env:
+	cp -n .env.default .env || true
+	cd backend && cp -n .env.default .env || true
+	cd frontend && cp -n .env.default .env || true
+
+
+# Run migrations for backend
+migrate:
+	cd backend && poetry run prisma migrate deploy
+	cd backend && poetry run prisma generate
+
+run-backend:
+	cd backend && poetry run app
+
+run-frontend:
+	cd frontend && pnpm dev
+
+help:
+	@echo "Usage: make <target>"
+	@echo "Targets:"
+	@echo "  start-core - Start just the core services (Supabase, Redis, RabbitMQ) in background"
+	@echo "  stop-core - Stop the core services"
+	@echo "  logs-core - Tail the logs for core services"
+	@echo "  format - Format & lint backend (Python) and frontend (TypeScript) code"
+	@echo "  migrate - Run backend database migrations"
+	@echo "  run-backend - Run the backend FastAPI server"
+	@echo "  run-frontend - Run the frontend Next.js development server"

autogpt_platform/README.md

@@ -13,15 +13,61 @@ Welcome to the AutoGPT Platform - a powerful system for creating and running AI
 
 To run the AutoGPT Platform, follow these steps:
 
-1. Clone this repository to your local machine.
-2. Navigate to the project directory.
+1. Clone this repository to your local machine and navigate to the `autogpt_platform` directory within the repository:
+
+   ```
+   git clone <https://github.com/Significant-Gravitas/AutoGPT.git | git@github.com:Significant-Gravitas/AutoGPT.git>
+   cd AutoGPT/autogpt_platform
+   ```
+
+2. Run the following command:
+
+   ```
+   cp .env.default .env
+   ```
+
+   This command will copy the `.env.default` file to `.env`. You can modify the `.env` file to add your own environment variables.
+
 3. Run the following command:
 
    ```
    docker compose up -d
    ```
 
-   This command will start all the necessary services defined in the `docker-compose.yml` file in detached mode.
+   This command will start all the necessary backend services defined in the `docker-compose.yml` file in detached mode.
+
+4. After all the services are in ready state, open your browser and navigate to `http://localhost:3000` to access the AutoGPT Platform frontend.
+
+### Running Just Core services
+
+You can now run the following to enable just the core services.
+
+```
+# For help
+make help
+
+# Run just Supabase + Redis + RabbitMQ
+make start-core
+
+# Stop core services
+make stop-core
+
+# View logs from core services 
+make logs-core
+
+# Run formatting and linting for backend and frontend
+make format
+
+# Run migrations for backend database
+make migrate
+
+# Run backend server
+make run-backend
+
+# Run frontend development server
+make run-frontend
+
+```
 
 ### Docker Compose Commands
 
@@ -34,43 +80,52 @@ Here are some useful Docker Compose commands for managing your AutoGPT Platform:
 - `docker compose down`: Stop and remove containers, networks, and volumes.
 - `docker compose watch`: Watch for changes in your services and automatically update them.
 
-
 ### Sample Scenarios
 
 Here are some common scenarios where you might use multiple Docker Compose commands:
 
 1. Updating and restarting a specific service:
+
    ```
    docker compose build api_srv
    docker compose up -d --no-deps api_srv
    ```
+
    This rebuilds the `api_srv` service and restarts it without affecting other services.
 
 2. Viewing logs for troubleshooting:
+
    ```
    docker compose logs -f api_srv ws_srv
    ```
+
    This shows and follows the logs for both `api_srv` and `ws_srv` services.
 
 3. Scaling a service for increased load:
+
    ```
    docker compose up -d --scale executor=3
    ```
+
    This scales the `executor` service to 3 instances to handle increased load.
 
 4. Stopping the entire system for maintenance:
+
    ```
    docker compose stop
    docker compose rm -f
    docker compose pull
    docker compose up -d
    ```
+
    This stops all services, removes containers, pulls the latest images, and restarts the system.
 
 5. Developing with live updates:
+
    ```
    docker compose watch
    ```
+
    This watches for changes in your code and automatically updates the relevant services.
 
 6. Checking the status of services:
@@ -81,7 +136,6 @@ Here are some common scenarios where you might use multiple Docker Compose comma
 
 These scenarios demonstrate how to use Docker Compose commands in combination to manage your AutoGPT Platform effectively.
 
-
 ### Persisting Data
 
 To persist data for PostgreSQL and Redis, you can modify the `docker-compose.yml` file to add volumes. Here's how:
@@ -110,5 +164,27 @@ To persist data for PostgreSQL and Redis, you can modify the `docker-compose.yml
 
 This configuration will create named volumes for PostgreSQL and Redis, ensuring that your data persists across container restarts.
 
+### API Client Generation
 
+The platform includes scripts for generating and managing the API client:
 
+- `pnpm fetch:openapi`: Fetches the OpenAPI specification from the backend service (requires backend to be running on port 8006)
+- `pnpm generate:api-client`: Generates the TypeScript API client from the OpenAPI specification using Orval
+- `pnpm generate:api`: Runs both fetch and generate commands in sequence
+
+#### Manual API Client Updates
+
+If you need to update the API client after making changes to the backend API:
+
+1. Ensure the backend services are running:
+
+   ```
+   docker compose up -d
+   ```
+
+2. Generate the updated API client:
+   ```
+   pnpm generate:api
+   ```
+
+This will fetch the latest OpenAPI specification and regenerate the TypeScript client code.

autogpt_platform/autogpt_libs/README.md

@@ -1,3 +1,3 @@
 # AutoGPT Libs
 
-This is a new project to store shared functionality across different services in NextGen AutoGPT (e.g. authentication)
+This is a new project to store shared functionality across different services in the AutoGPT Platform (e.g. authentication)

autogpt_platform/autogpt_libs/autogpt_libs/api_key/keysmith.py

@@ -0,0 +1,78 @@
+import hashlib
+import secrets
+from typing import NamedTuple
+
+from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
+
+
+class APIKeyContainer(NamedTuple):
+    """Container for API key parts."""
+
+    key: str
+    head: str
+    tail: str
+    hash: str
+    salt: str
+
+
+class APIKeySmith:
+    PREFIX: str = "agpt_"
+    HEAD_LENGTH: int = 8
+    TAIL_LENGTH: int = 8
+
+    def generate_key(self) -> APIKeyContainer:
+        """Generate a new API key with secure hashing."""
+        raw_key = f"{self.PREFIX}{secrets.token_urlsafe(32)}"
+        hash, salt = self.hash_key(raw_key)
+
+        return APIKeyContainer(
+            key=raw_key,
+            head=raw_key[: self.HEAD_LENGTH],
+            tail=raw_key[-self.TAIL_LENGTH :],
+            hash=hash,
+            salt=salt,
+        )
+
+    def verify_key(
+        self, provided_key: str, known_hash: str, known_salt: str | None = None
+    ) -> bool:
+        """
+        Verify an API key against a known hash (+ salt).
+        Supports verifying both legacy SHA256 and secure Scrypt hashes.
+        """
+        if not provided_key.startswith(self.PREFIX):
+            return False
+
+        # Handle legacy SHA256 hashes (migration support)
+        if known_salt is None:
+            legacy_hash = hashlib.sha256(provided_key.encode()).hexdigest()
+            return secrets.compare_digest(legacy_hash, known_hash)
+
+        try:
+            salt_bytes = bytes.fromhex(known_salt)
+            provided_hash = self._hash_key_with_salt(provided_key, salt_bytes)
+            return secrets.compare_digest(provided_hash, known_hash)
+        except (ValueError, TypeError):
+            return False
+
+    def hash_key(self, raw_key: str) -> tuple[str, str]:
+        """Migrate a legacy hash to secure hash format."""
+        salt = self._generate_salt()
+        hash = self._hash_key_with_salt(raw_key, salt)
+        return hash, salt.hex()
+
+    def _generate_salt(self) -> bytes:
+        """Generate a random salt for hashing."""
+        return secrets.token_bytes(32)
+
+    def _hash_key_with_salt(self, raw_key: str, salt: bytes) -> str:
+        """Hash API key using Scrypt with salt."""
+        kdf = Scrypt(
+            length=32,
+            salt=salt,
+            n=2**14,  # CPU/memory cost parameter
+            r=8,  # Block size parameter
+            p=1,  # Parallelization parameter
+        )
+        key_hash = kdf.derive(raw_key.encode())
+        return key_hash.hex()

autogpt_platform/autogpt_libs/autogpt_libs/api_key/test_keysmith.py

@@ -0,0 +1,79 @@
+import hashlib
+
+from autogpt_libs.api_key.keysmith import APIKeySmith
+
+
+def test_generate_api_key():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    assert key.key.startswith(keysmith.PREFIX)
+    assert key.head == key.key[: keysmith.HEAD_LENGTH]
+    assert key.tail == key.key[-keysmith.TAIL_LENGTH :]
+    assert len(key.hash) == 64  # 32 bytes hex encoded
+    assert len(key.salt) == 64  # 32 bytes hex encoded
+
+
+def test_verify_new_secure_key():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    # Test correct key validates
+    assert keysmith.verify_key(key.key, key.hash, key.salt) is True
+
+    # Test wrong key fails
+    wrong_key = f"{keysmith.PREFIX}wrongkey123"
+    assert keysmith.verify_key(wrong_key, key.hash, key.salt) is False
+
+
+def test_verify_legacy_key():
+    keysmith = APIKeySmith()
+    legacy_key = f"{keysmith.PREFIX}legacykey123"
+    legacy_hash = hashlib.sha256(legacy_key.encode()).hexdigest()
+
+    # Test legacy key validates without salt
+    assert keysmith.verify_key(legacy_key, legacy_hash) is True
+
+    # Test wrong legacy key fails
+    wrong_key = f"{keysmith.PREFIX}wronglegacy"
+    assert keysmith.verify_key(wrong_key, legacy_hash) is False
+
+
+def test_rehash_existing_key():
+    keysmith = APIKeySmith()
+    legacy_key = f"{keysmith.PREFIX}migratekey123"
+
+    # Migrate the legacy key
+    new_hash, new_salt = keysmith.hash_key(legacy_key)
+
+    # Verify migrated key works
+    assert keysmith.verify_key(legacy_key, new_hash, new_salt) is True
+
+    # Verify different key fails with migrated hash
+    wrong_key = f"{keysmith.PREFIX}wrongkey"
+    assert keysmith.verify_key(wrong_key, new_hash, new_salt) is False
+
+
+def test_invalid_key_prefix():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    # Test key without proper prefix fails
+    invalid_key = "invalid_prefix_key"
+    assert keysmith.verify_key(invalid_key, key.hash, key.salt) is False
+
+
+def test_secure_hash_requires_salt():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    # Secure hash without salt should fail
+    assert keysmith.verify_key(key.key, key.hash) is False
+
+
+def test_invalid_salt_format():
+    keysmith = APIKeySmith()
+    key = keysmith.generate_key()
+
+    # Invalid salt format should fail gracefully
+    assert keysmith.verify_key(key.key, key.hash, "invalid_hex") is False

autogpt_platform/autogpt_libs/autogpt_libs/auth/__init__.py

@@ -0,0 +1,13 @@
+from .config import verify_settings
+from .dependencies import get_user_id, requires_admin_user, requires_user
+from .helpers import add_auth_responses_to_openapi
+from .models import User
+
+__all__ = [
+    "verify_settings",
+    "get_user_id",
+    "requires_admin_user",
+    "requires_user",
+    "add_auth_responses_to_openapi",
+    "User",
+]

autogpt_platform/autogpt_libs/autogpt_libs/auth/config.py

@@ -0,0 +1,90 @@
+import logging
+import os
+
+from jwt.algorithms import get_default_algorithms, has_crypto
+
+logger = logging.getLogger(__name__)
+
+
+class AuthConfigError(ValueError):
+    """Raised when authentication configuration is invalid."""
+
+    pass
+
+
+ALGO_RECOMMENDATION = (
+    "We highly recommend using an asymmetric algorithm such as ES256, "
+    "because when leaked, a shared secret would allow anyone to "
+    "forge valid tokens and impersonate users. "
+    "More info: https://supabase.com/docs/guides/auth/signing-keys#choosing-the-right-signing-algorithm"  # noqa
+)
+
+
+class Settings:
+    def __init__(self):
+        self.JWT_VERIFY_KEY: str = os.getenv(
+            "JWT_VERIFY_KEY", os.getenv("SUPABASE_JWT_SECRET", "")
+        ).strip()
+        self.JWT_ALGORITHM: str = os.getenv("JWT_SIGN_ALGORITHM", "HS256").strip()
+
+        self.validate()
+
+    def validate(self):
+        if not self.JWT_VERIFY_KEY:
+            raise AuthConfigError(
+                "JWT_VERIFY_KEY must be set. "
+                "An empty JWT secret would allow anyone to forge valid tokens."
+            )
+
+        if len(self.JWT_VERIFY_KEY) < 32:
+            logger.warning(
+                "⚠️ JWT_VERIFY_KEY appears weak (less than 32 characters). "
+                "Consider using a longer, cryptographically secure secret."
+            )
+
+        supported_algorithms = get_default_algorithms().keys()
+
+        if not has_crypto:
+            logger.warning(
+                "⚠️ Asymmetric JWT verification is not available "
+                "because the 'cryptography' package is not installed. "
+                + ALGO_RECOMMENDATION
+            )
+
+        if (
+            self.JWT_ALGORITHM not in supported_algorithms
+            or self.JWT_ALGORITHM == "none"
+        ):
+            raise AuthConfigError(
+                f"Invalid JWT_SIGN_ALGORITHM: '{self.JWT_ALGORITHM}'. "
+                "Supported algorithms are listed on "
+                "https://pyjwt.readthedocs.io/en/stable/algorithms.html"
+            )
+
+        if self.JWT_ALGORITHM.startswith("HS"):
+            logger.warning(
+                f"⚠️ JWT_SIGN_ALGORITHM is set to '{self.JWT_ALGORITHM}', "
+                "a symmetric shared-key signature algorithm. " + ALGO_RECOMMENDATION
+            )
+
+
+_settings: Settings = None  # type: ignore
+
+
+def get_settings() -> Settings:
+    global _settings
+
+    if not _settings:
+        _settings = Settings()
+
+    return _settings
+
+
+def verify_settings() -> None:
+    global _settings
+
+    if not _settings:
+        _settings = Settings()  # calls validation indirectly
+        return
+
+    _settings.validate()

autogpt_platform/autogpt_libs/autogpt_libs/auth/config_test.py

@@ -0,0 +1,306 @@
+"""
+Comprehensive tests for auth configuration to ensure 100% line and branch coverage.
+These tests verify critical security checks preventing JWT token forgery.
+"""
+
+import logging
+import os
+
+import pytest
+from pytest_mock import MockerFixture
+
+from autogpt_libs.auth.config import AuthConfigError, Settings
+
+
+def test_environment_variable_precedence(mocker: MockerFixture):
+    """Test that environment variables take precedence over defaults."""
+    secret = "environment-secret-key-with-proper-length-123456"
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == secret
+
+
+def test_environment_variable_backwards_compatible(mocker: MockerFixture):
+    """Test that SUPABASE_JWT_SECRET is read if JWT_VERIFY_KEY is not set."""
+    secret = "environment-secret-key-with-proper-length-123456"
+    mocker.patch.dict(os.environ, {"SUPABASE_JWT_SECRET": secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == secret
+
+
+def test_auth_config_error_inheritance():
+    """Test that AuthConfigError is properly defined as an Exception."""
+    assert issubclass(AuthConfigError, Exception)
+    error = AuthConfigError("test message")
+    assert str(error) == "test message"
+
+
+def test_settings_static_after_creation(mocker: MockerFixture):
+    """Test that settings maintain their values after creation."""
+    secret = "immutable-secret-key-with-proper-length-12345"
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret}, clear=True)
+
+    settings = Settings()
+    original_secret = settings.JWT_VERIFY_KEY
+
+    # Changing environment after creation shouldn't affect settings
+    os.environ["JWT_VERIFY_KEY"] = "different-secret"
+
+    assert settings.JWT_VERIFY_KEY == original_secret
+
+
+def test_settings_load_with_valid_secret(mocker: MockerFixture):
+    """Test auth enabled with a valid JWT secret."""
+    valid_secret = "a" * 32  # 32 character secret
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": valid_secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == valid_secret
+
+
+def test_settings_load_with_strong_secret(mocker: MockerFixture):
+    """Test auth enabled with a cryptographically strong secret."""
+    strong_secret = "super-secret-jwt-token-with-at-least-32-characters-long"
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": strong_secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == strong_secret
+    assert len(settings.JWT_VERIFY_KEY) >= 32
+
+
+def test_secret_empty_raises_error(mocker: MockerFixture):
+    """Test that auth enabled with empty secret raises AuthConfigError."""
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": ""}, clear=True)
+
+    with pytest.raises(Exception) as exc_info:
+        Settings()
+    assert "JWT_VERIFY_KEY" in str(exc_info.value)
+
+
+def test_secret_missing_raises_error(mocker: MockerFixture):
+    """Test that auth enabled without secret env var raises AuthConfigError."""
+    mocker.patch.dict(os.environ, {}, clear=True)
+
+    with pytest.raises(Exception) as exc_info:
+        Settings()
+    assert "JWT_VERIFY_KEY" in str(exc_info.value)
+
+
+@pytest.mark.parametrize("secret", [" ", "  ", "\t", "\n", " \t\n "])
+def test_secret_only_whitespace_raises_error(mocker: MockerFixture, secret: str):
+    """Test that auth enabled with whitespace-only secret raises error."""
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret}, clear=True)
+
+    with pytest.raises(ValueError):
+        Settings()
+
+
+def test_secret_weak_logs_warning(
+    mocker: MockerFixture, caplog: pytest.LogCaptureFixture
+):
+    """Test that weak JWT secret triggers warning log."""
+    weak_secret = "short"  # Less than 32 characters
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": weak_secret}, clear=True)
+
+    with caplog.at_level(logging.WARNING):
+        settings = Settings()
+        assert settings.JWT_VERIFY_KEY == weak_secret
+        assert "key appears weak" in caplog.text.lower()
+        assert "less than 32 characters" in caplog.text
+
+
+def test_secret_31_char_logs_warning(
+    mocker: MockerFixture, caplog: pytest.LogCaptureFixture
+):
+    """Test that 31-character secret triggers warning (boundary test)."""
+    secret_31 = "a" * 31  # Exactly 31 characters
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret_31}, clear=True)
+
+    with caplog.at_level(logging.WARNING):
+        settings = Settings()
+        assert len(settings.JWT_VERIFY_KEY) == 31
+        assert "key appears weak" in caplog.text.lower()
+
+
+def test_secret_32_char_no_warning(
+    mocker: MockerFixture, caplog: pytest.LogCaptureFixture
+):
+    """Test that 32-character secret does not trigger warning (boundary test)."""
+    secret_32 = "a" * 32  # Exactly 32 characters
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret_32}, clear=True)
+
+    with caplog.at_level(logging.WARNING):
+        settings = Settings()
+        assert len(settings.JWT_VERIFY_KEY) == 32
+        assert "JWT secret appears weak" not in caplog.text
+
+
+def test_secret_whitespace_stripped(mocker: MockerFixture):
+    """Test that JWT secret whitespace is stripped."""
+    secret = "a" * 32
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": f"  {secret}  "}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == secret
+
+
+def test_secret_with_special_characters(mocker: MockerFixture):
+    """Test JWT secret with special characters."""
+    special_secret = "!@#$%^&*()_+-=[]{}|;:,.<>?`~" + "a" * 10  # 40 chars total
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": special_secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == special_secret
+
+
+def test_secret_with_unicode(mocker: MockerFixture):
+    """Test JWT secret with unicode characters."""
+    unicode_secret = "秘密🔐キー" + "a" * 25  # Ensure >32 bytes
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": unicode_secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == unicode_secret
+
+
+def test_secret_very_long(mocker: MockerFixture):
+    """Test JWT secret with excessive length."""
+    long_secret = "a" * 1000  # 1000 character secret
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": long_secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == long_secret
+    assert len(settings.JWT_VERIFY_KEY) == 1000
+
+
+def test_secret_with_newline(mocker: MockerFixture):
+    """Test JWT secret containing newlines."""
+    multiline_secret = "secret\nwith\nnewlines" + "a" * 20
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": multiline_secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == multiline_secret
+
+
+def test_secret_base64_encoded(mocker: MockerFixture):
+    """Test JWT secret that looks like base64."""
+    base64_secret = "dGhpc19pc19hX3NlY3JldF9rZXlfd2l0aF9wcm9wZXJfbGVuZ3Ro"
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": base64_secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == base64_secret
+
+
+def test_secret_numeric_only(mocker: MockerFixture):
+    """Test JWT secret with only numbers."""
+    numeric_secret = "1234567890" * 4  # 40 character numeric secret
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": numeric_secret}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_VERIFY_KEY == numeric_secret
+
+
+def test_algorithm_default_hs256(mocker: MockerFixture):
+    """Test that JWT algorithm defaults to HS256."""
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": "a" * 32}, clear=True)
+
+    settings = Settings()
+    assert settings.JWT_ALGORITHM == "HS256"
+
+
+def test_algorithm_whitespace_stripped(mocker: MockerFixture):
+    """Test that JWT algorithm whitespace is stripped."""
+    secret = "a" * 32
+    mocker.patch.dict(
+        os.environ,
+        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": "  HS256  "},
+        clear=True,
+    )
+
+    settings = Settings()
+    assert settings.JWT_ALGORITHM == "HS256"
+
+
+def test_no_crypto_warning(mocker: MockerFixture, caplog: pytest.LogCaptureFixture):
+    """Test warning when crypto package is not available."""
+    secret = "a" * 32
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": secret}, clear=True)
+
+    # Mock has_crypto to return False
+    mocker.patch("autogpt_libs.auth.config.has_crypto", False)
+
+    with caplog.at_level(logging.WARNING):
+        Settings()
+        assert "Asymmetric JWT verification is not available" in caplog.text
+        assert "cryptography" in caplog.text
+
+
+def test_algorithm_invalid_raises_error(mocker: MockerFixture):
+    """Test that invalid JWT algorithm raises AuthConfigError."""
+    secret = "a" * 32
+    mocker.patch.dict(
+        os.environ,
+        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": "INVALID_ALG"},
+        clear=True,
+    )
+
+    with pytest.raises(AuthConfigError) as exc_info:
+        Settings()
+    assert "Invalid JWT_SIGN_ALGORITHM" in str(exc_info.value)
+    assert "INVALID_ALG" in str(exc_info.value)
+
+
+def test_algorithm_none_raises_error(mocker: MockerFixture):
+    """Test that 'none' algorithm raises AuthConfigError."""
+    secret = "a" * 32
+    mocker.patch.dict(
+        os.environ,
+        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": "none"},
+        clear=True,
+    )
+
+    with pytest.raises(AuthConfigError) as exc_info:
+        Settings()
+    assert "Invalid JWT_SIGN_ALGORITHM" in str(exc_info.value)
+
+
+@pytest.mark.parametrize("algorithm", ["HS256", "HS384", "HS512"])
+def test_algorithm_symmetric_warning(
+    mocker: MockerFixture, caplog: pytest.LogCaptureFixture, algorithm: str
+):
+    """Test warning for symmetric algorithms (HS256, HS384, HS512)."""
+    secret = "a" * 32
+    mocker.patch.dict(
+        os.environ,
+        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": algorithm},
+        clear=True,
+    )
+
+    with caplog.at_level(logging.WARNING):
+        settings = Settings()
+        assert algorithm in caplog.text
+        assert "symmetric shared-key signature algorithm" in caplog.text
+        assert settings.JWT_ALGORITHM == algorithm
+
+
+@pytest.mark.parametrize(
+    "algorithm",
+    ["ES256", "ES384", "ES512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512"],
+)
+def test_algorithm_asymmetric_no_warning(
+    mocker: MockerFixture, caplog: pytest.LogCaptureFixture, algorithm: str
+):
+    """Test that asymmetric algorithms do not trigger warning."""
+    secret = "a" * 32
+    mocker.patch.dict(
+        os.environ,
+        {"JWT_VERIFY_KEY": secret, "JWT_SIGN_ALGORITHM": algorithm},
+        clear=True,
+    )
+
+    with caplog.at_level(logging.WARNING):
+        settings = Settings()
+        # Should not contain the symmetric algorithm warning
+        assert "symmetric shared-key signature algorithm" not in caplog.text
+        assert settings.JWT_ALGORITHM == algorithm

autogpt_platform/autogpt_libs/autogpt_libs/auth/dependencies.py

@@ -0,0 +1,47 @@
+"""
+FastAPI dependency functions for JWT-based authentication and authorization.
+
+These are the high-level dependency functions used in route definitions.
+"""
+
+import fastapi
+
+from .jwt_utils import get_jwt_payload, verify_user
+from .models import User
+
+
+async def requires_user(jwt_payload: dict = fastapi.Security(get_jwt_payload)) -> User:
+    """
+    FastAPI dependency that requires a valid authenticated user.
+
+    Raises:
+        HTTPException: 401 for authentication failures
+    """
+    return verify_user(jwt_payload, admin_only=False)
+
+
+async def requires_admin_user(
+    jwt_payload: dict = fastapi.Security(get_jwt_payload),
+) -> User:
+    """
+    FastAPI dependency that requires a valid admin user.
+
+    Raises:
+        HTTPException: 401 for authentication failures, 403 for insufficient permissions
+    """
+    return verify_user(jwt_payload, admin_only=True)
+
+
+async def get_user_id(jwt_payload: dict = fastapi.Security(get_jwt_payload)) -> str:
+    """
+    FastAPI dependency that returns the ID of the authenticated user.
+
+    Raises:
+        HTTPException: 401 for authentication failures or missing user ID
+    """
+    user_id = jwt_payload.get("sub")
+    if not user_id:
+        raise fastapi.HTTPException(
+            status_code=401, detail="User ID not found in token"
+        )
+    return user_id

autogpt_platform/autogpt_libs/autogpt_libs/auth/dependencies_test.py

@@ -0,0 +1,335 @@
+"""
+Comprehensive integration tests for authentication dependencies.
+Tests the full authentication flow from HTTP requests to user validation.
+"""
+
+import os
+
+import pytest
+from fastapi import FastAPI, HTTPException, Security
+from fastapi.testclient import TestClient
+from pytest_mock import MockerFixture
+
+from autogpt_libs.auth.dependencies import (
+    get_user_id,
+    requires_admin_user,
+    requires_user,
+)
+from autogpt_libs.auth.models import User
+
+
+class TestAuthDependencies:
+    """Test suite for authentication dependency functions."""
+
+    @pytest.fixture
+    def app(self):
+        """Create a test FastAPI application."""
+        app = FastAPI()
+
+        @app.get("/user")
+        def get_user_endpoint(user: User = Security(requires_user)):
+            return {"user_id": user.user_id, "role": user.role}
+
+        @app.get("/admin")
+        def get_admin_endpoint(user: User = Security(requires_admin_user)):
+            return {"user_id": user.user_id, "role": user.role}
+
+        @app.get("/user-id")
+        def get_user_id_endpoint(user_id: str = Security(get_user_id)):
+            return {"user_id": user_id}
+
+        return app
+
+    @pytest.fixture
+    def client(self, app):
+        """Create a test client."""
+        return TestClient(app)
+
+    async def test_requires_user_with_valid_jwt_payload(self, mocker: MockerFixture):
+        """Test requires_user with valid JWT payload."""
+        jwt_payload = {"sub": "user-123", "role": "user", "email": "user@example.com"}
+
+        # Mock get_jwt_payload to return our test payload
+        mocker.patch(
+            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
+        )
+        user = await requires_user(jwt_payload)
+        assert isinstance(user, User)
+        assert user.user_id == "user-123"
+        assert user.role == "user"
+
+    async def test_requires_user_with_admin_jwt_payload(self, mocker: MockerFixture):
+        """Test requires_user accepts admin users."""
+        jwt_payload = {
+            "sub": "admin-456",
+            "role": "admin",
+            "email": "admin@example.com",
+        }
+
+        mocker.patch(
+            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
+        )
+        user = await requires_user(jwt_payload)
+        assert user.user_id == "admin-456"
+        assert user.role == "admin"
+
+    async def test_requires_user_missing_sub(self):
+        """Test requires_user with missing user ID."""
+        jwt_payload = {"role": "user", "email": "user@example.com"}
+
+        with pytest.raises(HTTPException) as exc_info:
+            await requires_user(jwt_payload)
+        assert exc_info.value.status_code == 401
+        assert "User ID not found" in exc_info.value.detail
+
+    async def test_requires_user_empty_sub(self):
+        """Test requires_user with empty user ID."""
+        jwt_payload = {"sub": "", "role": "user"}
+
+        with pytest.raises(HTTPException) as exc_info:
+            await requires_user(jwt_payload)
+        assert exc_info.value.status_code == 401
+
+    async def test_requires_admin_user_with_admin(self, mocker: MockerFixture):
+        """Test requires_admin_user with admin role."""
+        jwt_payload = {
+            "sub": "admin-789",
+            "role": "admin",
+            "email": "admin@example.com",
+        }
+
+        mocker.patch(
+            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
+        )
+        user = await requires_admin_user(jwt_payload)
+        assert user.user_id == "admin-789"
+        assert user.role == "admin"
+
+    async def test_requires_admin_user_with_regular_user(self):
+        """Test requires_admin_user rejects regular users."""
+        jwt_payload = {"sub": "user-123", "role": "user", "email": "user@example.com"}
+
+        with pytest.raises(HTTPException) as exc_info:
+            await requires_admin_user(jwt_payload)
+        assert exc_info.value.status_code == 403
+        assert "Admin access required" in exc_info.value.detail
+
+    async def test_requires_admin_user_missing_role(self):
+        """Test requires_admin_user with missing role."""
+        jwt_payload = {"sub": "user-123", "email": "user@example.com"}
+
+        with pytest.raises(KeyError):
+            await requires_admin_user(jwt_payload)
+
+    async def test_get_user_id_with_valid_payload(self, mocker: MockerFixture):
+        """Test get_user_id extracts user ID correctly."""
+        jwt_payload = {"sub": "user-id-xyz", "role": "user"}
+
+        mocker.patch(
+            "autogpt_libs.auth.dependencies.get_jwt_payload", return_value=jwt_payload
+        )
+        user_id = await get_user_id(jwt_payload)
+        assert user_id == "user-id-xyz"
+
+    async def test_get_user_id_missing_sub(self):
+        """Test get_user_id with missing user ID."""
+        jwt_payload = {"role": "user"}
+
+        with pytest.raises(HTTPException) as exc_info:
+            await get_user_id(jwt_payload)
+        assert exc_info.value.status_code == 401
+        assert "User ID not found" in exc_info.value.detail
+
+    async def test_get_user_id_none_sub(self):
+        """Test get_user_id with None user ID."""
+        jwt_payload = {"sub": None, "role": "user"}
+
+        with pytest.raises(HTTPException) as exc_info:
+            await get_user_id(jwt_payload)
+        assert exc_info.value.status_code == 401
+
+
+class TestAuthDependenciesIntegration:
+    """Integration tests for auth dependencies with FastAPI."""
+
+    acceptable_jwt_secret = "test-secret-with-proper-length-123456"
+
+    @pytest.fixture
+    def create_token(self, mocker: MockerFixture):
+        """Helper to create JWT tokens."""
+        import jwt
+
+        mocker.patch.dict(
+            os.environ,
+            {"JWT_VERIFY_KEY": self.acceptable_jwt_secret},
+            clear=True,
+        )
+
+        def _create_token(payload, secret=self.acceptable_jwt_secret):
+            return jwt.encode(payload, secret, algorithm="HS256")
+
+        return _create_token
+
+    async def test_endpoint_auth_enabled_no_token(self):
+        """Test endpoints require token when auth is enabled."""
+        app = FastAPI()
+
+        @app.get("/test")
+        def test_endpoint(user: User = Security(requires_user)):
+            return {"user_id": user.user_id}
+
+        client = TestClient(app)
+
+        # Should fail without auth header
+        response = client.get("/test")
+        assert response.status_code == 401
+
+    async def test_endpoint_with_valid_token(self, create_token):
+        """Test endpoint with valid JWT token."""
+        app = FastAPI()
+
+        @app.get("/test")
+        def test_endpoint(user: User = Security(requires_user)):
+            return {"user_id": user.user_id, "role": user.role}
+
+        client = TestClient(app)
+
+        token = create_token(
+            {"sub": "test-user", "role": "user", "aud": "authenticated"},
+            secret=self.acceptable_jwt_secret,
+        )
+
+        response = client.get("/test", headers={"Authorization": f"Bearer {token}"})
+        assert response.status_code == 200
+        assert response.json()["user_id"] == "test-user"
+
+    async def test_admin_endpoint_requires_admin_role(self, create_token):
+        """Test admin endpoint rejects non-admin users."""
+        app = FastAPI()
+
+        @app.get("/admin")
+        def admin_endpoint(user: User = Security(requires_admin_user)):
+            return {"user_id": user.user_id}
+
+        client = TestClient(app)
+
+        # Regular user token
+        user_token = create_token(
+            {"sub": "regular-user", "role": "user", "aud": "authenticated"},
+            secret=self.acceptable_jwt_secret,
+        )
+
+        response = client.get(
+            "/admin", headers={"Authorization": f"Bearer {user_token}"}
+        )
+        assert response.status_code == 403
+
+        # Admin token
+        admin_token = create_token(
+            {"sub": "admin-user", "role": "admin", "aud": "authenticated"},
+            secret=self.acceptable_jwt_secret,
+        )
+
+        response = client.get(
+            "/admin", headers={"Authorization": f"Bearer {admin_token}"}
+        )
+        assert response.status_code == 200
+        assert response.json()["user_id"] == "admin-user"
+
+
+class TestAuthDependenciesEdgeCases:
+    """Edge case tests for authentication dependencies."""
+
+    async def test_dependency_with_complex_payload(self):
+        """Test dependencies handle complex JWT payloads."""
+        complex_payload = {
+            "sub": "user-123",
+            "role": "admin",
+            "email": "test@example.com",
+            "app_metadata": {"provider": "email", "providers": ["email"]},
+            "user_metadata": {
+                "full_name": "Test User",
+                "avatar_url": "https://example.com/avatar.jpg",
+            },
+            "aud": "authenticated",
+            "iat": 1234567890,
+            "exp": 9999999999,
+        }
+
+        user = await requires_user(complex_payload)
+        assert user.user_id == "user-123"
+        assert user.email == "test@example.com"
+
+        admin = await requires_admin_user(complex_payload)
+        assert admin.role == "admin"
+
+    async def test_dependency_with_unicode_in_payload(self):
+        """Test dependencies handle unicode in JWT payloads."""
+        unicode_payload = {
+            "sub": "user-😀-123",
+            "role": "user",
+            "email": "测试@example.com",
+            "name": "日本語",
+        }
+
+        user = await requires_user(unicode_payload)
+        assert "😀" in user.user_id
+        assert user.email == "测试@example.com"
+
+    async def test_dependency_with_null_values(self):
+        """Test dependencies handle null values in payload."""
+        null_payload = {
+            "sub": "user-123",
+            "role": "user",
+            "email": None,
+            "phone": None,
+            "metadata": None,
+        }
+
+        user = await requires_user(null_payload)
+        assert user.user_id == "user-123"
+        assert user.email is None
+
+    async def test_concurrent_requests_isolation(self):
+        """Test that concurrent requests don't interfere with each other."""
+        payload1 = {"sub": "user-1", "role": "user"}
+        payload2 = {"sub": "user-2", "role": "admin"}
+
+        # Simulate concurrent processing
+        user1 = await requires_user(payload1)
+        user2 = await requires_admin_user(payload2)
+
+        assert user1.user_id == "user-1"
+        assert user2.user_id == "user-2"
+        assert user1.role == "user"
+        assert user2.role == "admin"
+
+    @pytest.mark.parametrize(
+        "payload,expected_error,admin_only",
+        [
+            (None, "Authorization header is missing", False),
+            ({}, "User ID not found", False),
+            ({"sub": ""}, "User ID not found", False),
+            ({"role": "user"}, "User ID not found", False),
+            ({"sub": "user", "role": "user"}, "Admin access required", True),
+        ],
+    )
+    async def test_dependency_error_cases(
+        self, payload, expected_error: str, admin_only: bool
+    ):
+        """Test that errors propagate correctly through dependencies."""
+        # Import verify_user to test it directly since dependencies use FastAPI Security
+        from autogpt_libs.auth.jwt_utils import verify_user
+
+        with pytest.raises(HTTPException) as exc_info:
+            verify_user(payload, admin_only=admin_only)
+        assert expected_error in exc_info.value.detail
+
+    async def test_dependency_valid_user(self):
+        """Test valid user case for dependency."""
+        # Import verify_user to test it directly since dependencies use FastAPI Security
+        from autogpt_libs.auth.jwt_utils import verify_user
+
+        # Valid case
+        user = verify_user({"sub": "user", "role": "user"}, admin_only=False)
+        assert user.user_id == "user"

autogpt_platform/autogpt_libs/autogpt_libs/auth/helpers.py

@@ -0,0 +1,68 @@
+from fastapi import FastAPI
+from fastapi.openapi.utils import get_openapi
+
+from .jwt_utils import bearer_jwt_auth
+
+
+def add_auth_responses_to_openapi(app: FastAPI) -> None:
+    """
+    Set up custom OpenAPI schema generation that adds 401 responses
+    to all authenticated endpoints.
+
+    This is needed when using HTTPBearer with auto_error=False to get proper
+    401 responses instead of 403, but FastAPI only automatically adds security
+    responses when auto_error=True.
+    """
+
+    def custom_openapi():
+        if app.openapi_schema:
+            return app.openapi_schema
+
+        openapi_schema = get_openapi(
+            title=app.title,
+            version=app.version,
+            description=app.description,
+            routes=app.routes,
+        )
+
+        # Add 401 response to all endpoints that have security requirements
+        for path, methods in openapi_schema["paths"].items():
+            for method, details in methods.items():
+                security_schemas = [
+                    schema
+                    for auth_option in details.get("security", [])
+                    for schema in auth_option.keys()
+                ]
+                if bearer_jwt_auth.scheme_name not in security_schemas:
+                    continue
+
+                if "responses" not in details:
+                    details["responses"] = {}
+
+                details["responses"]["401"] = {
+                    "$ref": "#/components/responses/HTTP401NotAuthenticatedError"
+                }
+
+        # Ensure #/components/responses exists
+        if "components" not in openapi_schema:
+            openapi_schema["components"] = {}
+        if "responses" not in openapi_schema["components"]:
+            openapi_schema["components"]["responses"] = {}
+
+        # Define 401 response
+        openapi_schema["components"]["responses"]["HTTP401NotAuthenticatedError"] = {
+            "description": "Authentication required",
+            "content": {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {"detail": {"type": "string"}},
+                    }
+                }
+            },
+        }
+
+        app.openapi_schema = openapi_schema
+        return app.openapi_schema
+
+    app.openapi = custom_openapi

autogpt_platform/autogpt_libs/autogpt_libs/auth/helpers_test.py

@@ -0,0 +1,435 @@
+"""
+Comprehensive tests for auth helpers module to achieve 100% coverage.
+Tests OpenAPI schema generation and authentication response handling.
+"""
+
+from unittest import mock
+
+from fastapi import FastAPI
+from fastapi.openapi.utils import get_openapi
+
+from autogpt_libs.auth.helpers import add_auth_responses_to_openapi
+from autogpt_libs.auth.jwt_utils import bearer_jwt_auth
+
+
+def test_add_auth_responses_to_openapi_basic():
+    """Test adding 401 responses to OpenAPI schema."""
+    app = FastAPI(title="Test App", version="1.0.0")
+
+    # Add some test endpoints with authentication
+    from fastapi import Depends
+
+    from autogpt_libs.auth.dependencies import requires_user
+
+    @app.get("/protected", dependencies=[Depends(requires_user)])
+    def protected_endpoint():
+        return {"message": "Protected"}
+
+    @app.get("/public")
+    def public_endpoint():
+        return {"message": "Public"}
+
+    # Apply the OpenAPI customization
+    add_auth_responses_to_openapi(app)
+
+    # Get the OpenAPI schema
+    schema = app.openapi()
+
+    # Verify basic schema properties
+    assert schema["info"]["title"] == "Test App"
+    assert schema["info"]["version"] == "1.0.0"
+
+    # Verify 401 response component is added
+    assert "components" in schema
+    assert "responses" in schema["components"]
+    assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
+
+    # Verify 401 response structure
+    error_response = schema["components"]["responses"]["HTTP401NotAuthenticatedError"]
+    assert error_response["description"] == "Authentication required"
+    assert "application/json" in error_response["content"]
+    assert "schema" in error_response["content"]["application/json"]
+
+    # Verify schema properties
+    response_schema = error_response["content"]["application/json"]["schema"]
+    assert response_schema["type"] == "object"
+    assert "detail" in response_schema["properties"]
+    assert response_schema["properties"]["detail"]["type"] == "string"
+
+
+def test_add_auth_responses_to_openapi_with_security():
+    """Test that 401 responses are added only to secured endpoints."""
+    app = FastAPI()
+
+    # Mock endpoint with security
+    from fastapi import Security
+
+    from autogpt_libs.auth.dependencies import get_user_id
+
+    @app.get("/secured")
+    def secured_endpoint(user_id: str = Security(get_user_id)):
+        return {"user_id": user_id}
+
+    @app.post("/also-secured")
+    def another_secured(user_id: str = Security(get_user_id)):
+        return {"status": "ok"}
+
+    @app.get("/unsecured")
+    def unsecured_endpoint():
+        return {"public": True}
+
+    # Apply OpenAPI customization
+    add_auth_responses_to_openapi(app)
+
+    # Get schema
+    schema = app.openapi()
+
+    # Check that secured endpoints have 401 responses
+    if "/secured" in schema["paths"]:
+        if "get" in schema["paths"]["/secured"]:
+            secured_get = schema["paths"]["/secured"]["get"]
+            if "responses" in secured_get:
+                assert "401" in secured_get["responses"]
+                assert (
+                    secured_get["responses"]["401"]["$ref"]
+                    == "#/components/responses/HTTP401NotAuthenticatedError"
+                )
+
+    if "/also-secured" in schema["paths"]:
+        if "post" in schema["paths"]["/also-secured"]:
+            secured_post = schema["paths"]["/also-secured"]["post"]
+            if "responses" in secured_post:
+                assert "401" in secured_post["responses"]
+
+    # Check that unsecured endpoint does not have 401 response
+    if "/unsecured" in schema["paths"]:
+        if "get" in schema["paths"]["/unsecured"]:
+            unsecured_get = schema["paths"]["/unsecured"]["get"]
+            if "responses" in unsecured_get:
+                assert "401" not in unsecured_get.get("responses", {})
+
+
+def test_add_auth_responses_to_openapi_cached_schema():
+    """Test that OpenAPI schema is cached after first generation."""
+    app = FastAPI()
+
+    # Apply customization
+    add_auth_responses_to_openapi(app)
+
+    # Get schema twice
+    schema1 = app.openapi()
+    schema2 = app.openapi()
+
+    # Should return the same cached object
+    assert schema1 is schema2
+
+
+def test_add_auth_responses_to_openapi_existing_responses():
+    """Test handling endpoints that already have responses defined."""
+    app = FastAPI()
+
+    from fastapi import Security
+
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    @app.get(
+        "/with-responses",
+        responses={
+            200: {"description": "Success"},
+            404: {"description": "Not found"},
+        },
+    )
+    def endpoint_with_responses(jwt: dict = Security(get_jwt_payload)):
+        return {"data": "test"}
+
+    # Apply customization
+    add_auth_responses_to_openapi(app)
+
+    schema = app.openapi()
+
+    # Check that existing responses are preserved and 401 is added
+    if "/with-responses" in schema["paths"]:
+        if "get" in schema["paths"]["/with-responses"]:
+            responses = schema["paths"]["/with-responses"]["get"].get("responses", {})
+            # Original responses should be preserved
+            if "200" in responses:
+                assert responses["200"]["description"] == "Success"
+            if "404" in responses:
+                assert responses["404"]["description"] == "Not found"
+            # 401 should be added
+            if "401" in responses:
+                assert (
+                    responses["401"]["$ref"]
+                    == "#/components/responses/HTTP401NotAuthenticatedError"
+                )
+
+
+def test_add_auth_responses_to_openapi_no_security_endpoints():
+    """Test with app that has no secured endpoints."""
+    app = FastAPI()
+
+    @app.get("/public1")
+    def public1():
+        return {"message": "public1"}
+
+    @app.post("/public2")
+    def public2():
+        return {"message": "public2"}
+
+    # Apply customization
+    add_auth_responses_to_openapi(app)
+
+    schema = app.openapi()
+
+    # Component should still be added for consistency
+    assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
+
+    # But no endpoints should have 401 responses
+    for path in schema["paths"].values():
+        for method in path.values():
+            if isinstance(method, dict) and "responses" in method:
+                assert "401" not in method["responses"]
+
+
+def test_add_auth_responses_to_openapi_multiple_security_schemes():
+    """Test endpoints with multiple security requirements."""
+    app = FastAPI()
+
+    from fastapi import Security
+
+    from autogpt_libs.auth.dependencies import requires_admin_user, requires_user
+    from autogpt_libs.auth.models import User
+
+    @app.get("/multi-auth")
+    def multi_auth(
+        user: User = Security(requires_user),
+        admin: User = Security(requires_admin_user),
+    ):
+        return {"status": "super secure"}
+
+    # Apply customization
+    add_auth_responses_to_openapi(app)
+
+    schema = app.openapi()
+
+    # Should have 401 response
+    if "/multi-auth" in schema["paths"]:
+        if "get" in schema["paths"]["/multi-auth"]:
+            responses = schema["paths"]["/multi-auth"]["get"].get("responses", {})
+            if "401" in responses:
+                assert (
+                    responses["401"]["$ref"]
+                    == "#/components/responses/HTTP401NotAuthenticatedError"
+                )
+
+
+def test_add_auth_responses_to_openapi_empty_components():
+    """Test when OpenAPI schema has no components section initially."""
+    app = FastAPI()
+
+    # Mock get_openapi to return schema without components
+    original_get_openapi = get_openapi
+
+    def mock_get_openapi(*args, **kwargs):
+        schema = original_get_openapi(*args, **kwargs)
+        # Remove components if it exists
+        if "components" in schema:
+            del schema["components"]
+        return schema
+
+    with mock.patch("autogpt_libs.auth.helpers.get_openapi", mock_get_openapi):
+        # Apply customization
+        add_auth_responses_to_openapi(app)
+
+        schema = app.openapi()
+
+        # Components should be created
+        assert "components" in schema
+        assert "responses" in schema["components"]
+        assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
+
+
+def test_add_auth_responses_to_openapi_all_http_methods():
+    """Test that all HTTP methods are handled correctly."""
+    app = FastAPI()
+
+    from fastapi import Security
+
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    @app.get("/resource")
+    def get_resource(jwt: dict = Security(get_jwt_payload)):
+        return {"method": "GET"}
+
+    @app.post("/resource")
+    def post_resource(jwt: dict = Security(get_jwt_payload)):
+        return {"method": "POST"}
+
+    @app.put("/resource")
+    def put_resource(jwt: dict = Security(get_jwt_payload)):
+        return {"method": "PUT"}
+
+    @app.patch("/resource")
+    def patch_resource(jwt: dict = Security(get_jwt_payload)):
+        return {"method": "PATCH"}
+
+    @app.delete("/resource")
+    def delete_resource(jwt: dict = Security(get_jwt_payload)):
+        return {"method": "DELETE"}
+
+    # Apply customization
+    add_auth_responses_to_openapi(app)
+
+    schema = app.openapi()
+
+    # All methods should have 401 response
+    if "/resource" in schema["paths"]:
+        for method in ["get", "post", "put", "patch", "delete"]:
+            if method in schema["paths"]["/resource"]:
+                method_spec = schema["paths"]["/resource"][method]
+                if "responses" in method_spec:
+                    assert "401" in method_spec["responses"]
+
+
+def test_bearer_jwt_auth_scheme_config():
+    """Test that bearer_jwt_auth is configured correctly."""
+    assert bearer_jwt_auth.scheme_name == "HTTPBearerJWT"
+    assert bearer_jwt_auth.auto_error is False
+
+
+def test_add_auth_responses_with_no_routes():
+    """Test OpenAPI generation with app that has no routes."""
+    app = FastAPI(title="Empty App")
+
+    # Apply customization to empty app
+    add_auth_responses_to_openapi(app)
+
+    schema = app.openapi()
+
+    # Should still have basic structure
+    assert schema["info"]["title"] == "Empty App"
+    assert "components" in schema
+    assert "responses" in schema["components"]
+    assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
+
+
+def test_custom_openapi_function_replacement():
+    """Test that the custom openapi function properly replaces the default."""
+    app = FastAPI()
+
+    # Store original function
+    original_openapi = app.openapi
+
+    # Apply customization
+    add_auth_responses_to_openapi(app)
+
+    # Function should be replaced
+    assert app.openapi != original_openapi
+    assert callable(app.openapi)
+
+
+def test_endpoint_without_responses_section():
+    """Test endpoint that has security but no responses section initially."""
+    app = FastAPI()
+
+    from fastapi import Security
+    from fastapi.openapi.utils import get_openapi as original_get_openapi
+
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    # Create endpoint
+    @app.get("/no-responses")
+    def endpoint_without_responses(jwt: dict = Security(get_jwt_payload)):
+        return {"data": "test"}
+
+    # Mock get_openapi to remove responses from the endpoint
+    def mock_get_openapi(*args, **kwargs):
+        schema = original_get_openapi(*args, **kwargs)
+        # Remove responses from our endpoint to trigger line 40
+        if "/no-responses" in schema.get("paths", {}):
+            if "get" in schema["paths"]["/no-responses"]:
+                # Delete responses to force the code to create it
+                if "responses" in schema["paths"]["/no-responses"]["get"]:
+                    del schema["paths"]["/no-responses"]["get"]["responses"]
+        return schema
+
+    with mock.patch("autogpt_libs.auth.helpers.get_openapi", mock_get_openapi):
+        # Apply customization
+        add_auth_responses_to_openapi(app)
+
+        # Get schema and verify 401 was added
+        schema = app.openapi()
+
+        # The endpoint should now have 401 response
+        if "/no-responses" in schema["paths"]:
+            if "get" in schema["paths"]["/no-responses"]:
+                responses = schema["paths"]["/no-responses"]["get"].get("responses", {})
+                assert "401" in responses
+                assert (
+                    responses["401"]["$ref"]
+                    == "#/components/responses/HTTP401NotAuthenticatedError"
+                )
+
+
+def test_components_with_existing_responses():
+    """Test when components already has a responses section."""
+    app = FastAPI()
+
+    # Mock get_openapi to return schema with existing components/responses
+    from fastapi.openapi.utils import get_openapi as original_get_openapi
+
+    def mock_get_openapi(*args, **kwargs):
+        schema = original_get_openapi(*args, **kwargs)
+        # Add existing components/responses
+        if "components" not in schema:
+            schema["components"] = {}
+        schema["components"]["responses"] = {
+            "ExistingResponse": {"description": "An existing response"}
+        }
+        return schema
+
+    with mock.patch("autogpt_libs.auth.helpers.get_openapi", mock_get_openapi):
+        # Apply customization
+        add_auth_responses_to_openapi(app)
+
+        schema = app.openapi()
+
+        # Both responses should exist
+        assert "ExistingResponse" in schema["components"]["responses"]
+        assert "HTTP401NotAuthenticatedError" in schema["components"]["responses"]
+
+        # Verify our 401 response structure
+        error_response = schema["components"]["responses"][
+            "HTTP401NotAuthenticatedError"
+        ]
+        assert error_response["description"] == "Authentication required"
+
+
+def test_openapi_schema_persistence():
+    """Test that modifications to OpenAPI schema persist correctly."""
+    app = FastAPI()
+
+    from fastapi import Security
+
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    @app.get("/test")
+    def test_endpoint(jwt: dict = Security(get_jwt_payload)):
+        return {"test": True}
+
+    # Apply customization
+    add_auth_responses_to_openapi(app)
+
+    # Get schema multiple times
+    schema1 = app.openapi()
+
+    # Modify the cached schema (shouldn't affect future calls)
+    schema1["info"]["title"] = "Modified Title"
+
+    # Clear cache and get again
+    app.openapi_schema = None
+    schema2 = app.openapi()
+
+    # Should regenerate with original title
+    assert schema2["info"]["title"] == app.title
+    assert schema2["info"]["title"] != "Modified Title"

autogpt_platform/autogpt_libs/autogpt_libs/auth/jwt_utils.py

@@ -0,0 +1,80 @@
+import logging
+from typing import Any
+
+import jwt
+from fastapi import HTTPException, Security
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from .config import get_settings
+from .models import User
+
+logger = logging.getLogger(__name__)
+
+# Bearer token authentication scheme
+bearer_jwt_auth = HTTPBearer(
+    bearerFormat="jwt", scheme_name="HTTPBearerJWT", auto_error=False
+)
+
+
+async def get_jwt_payload(
+    credentials: HTTPAuthorizationCredentials | None = Security(bearer_jwt_auth),
+) -> dict[str, Any]:
+    """
+    Extract and validate JWT payload from HTTP Authorization header.
+
+    This is the core authentication function that handles:
+    - Reading the `Authorization` header to obtain the JWT token
+    - Verifying the JWT token's signature
+    - Decoding the JWT token's payload
+
+    :param credentials: HTTP Authorization credentials from bearer token
+    :return: JWT payload dictionary
+    :raises HTTPException: 401 if authentication fails
+    """
+    if not credentials:
+        raise HTTPException(status_code=401, detail="Authorization header is missing")
+
+    try:
+        payload = parse_jwt_token(credentials.credentials)
+        logger.debug("Token decoded successfully")
+        return payload
+    except ValueError as e:
+        raise HTTPException(status_code=401, detail=str(e))
+
+
+def parse_jwt_token(token: str) -> dict[str, Any]:
+    """
+    Parse and validate a JWT token.
+
+    :param token: The token to parse
+    :return: The decoded payload
+    :raises ValueError: If the token is invalid or expired
+    """
+    settings = get_settings()
+    try:
+        payload = jwt.decode(
+            token,
+            settings.JWT_VERIFY_KEY,
+            algorithms=[settings.JWT_ALGORITHM],
+            audience="authenticated",
+        )
+        return payload
+    except jwt.ExpiredSignatureError:
+        raise ValueError("Token has expired")
+    except jwt.InvalidTokenError as e:
+        raise ValueError(f"Invalid token: {str(e)}")
+
+
+def verify_user(jwt_payload: dict | None, admin_only: bool) -> User:
+    if jwt_payload is None:
+        raise HTTPException(status_code=401, detail="Authorization header is missing")
+
+    user_id = jwt_payload.get("sub")
+
+    if not user_id:
+        raise HTTPException(status_code=401, detail="User ID not found in token")
+
+    if admin_only and jwt_payload["role"] != "admin":
+        raise HTTPException(status_code=403, detail="Admin access required")
+
+    return User.from_payload(jwt_payload)

autogpt_platform/autogpt_libs/autogpt_libs/auth/jwt_utils_test.py

@@ -0,0 +1,308 @@
+"""
+Comprehensive tests for JWT token parsing and validation.
+Ensures 100% line and branch coverage for JWT security functions.
+"""
+
+import os
+from datetime import datetime, timedelta, timezone
+
+import jwt
+import pytest
+from fastapi import HTTPException
+from fastapi.security import HTTPAuthorizationCredentials
+from pytest_mock import MockerFixture
+
+from autogpt_libs.auth import config, jwt_utils
+from autogpt_libs.auth.config import Settings
+from autogpt_libs.auth.models import User
+
+MOCK_JWT_SECRET = "test-secret-key-with-at-least-32-characters"
+TEST_USER_PAYLOAD = {
+    "sub": "test-user-id",
+    "role": "user",
+    "aud": "authenticated",
+    "email": "test@example.com",
+}
+TEST_ADMIN_PAYLOAD = {
+    "sub": "admin-user-id",
+    "role": "admin",
+    "aud": "authenticated",
+    "email": "admin@example.com",
+}
+
+
+@pytest.fixture(autouse=True)
+def mock_config(mocker: MockerFixture):
+    mocker.patch.dict(os.environ, {"JWT_VERIFY_KEY": MOCK_JWT_SECRET}, clear=True)
+    mocker.patch.object(config, "_settings", Settings())
+    yield
+
+
+def create_token(payload, secret=None, algorithm="HS256"):
+    """Helper to create JWT tokens."""
+    if secret is None:
+        secret = MOCK_JWT_SECRET
+    return jwt.encode(payload, secret, algorithm=algorithm)
+
+
+def test_parse_jwt_token_valid():
+    """Test parsing a valid JWT token."""
+    token = create_token(TEST_USER_PAYLOAD)
+    result = jwt_utils.parse_jwt_token(token)
+
+    assert result["sub"] == "test-user-id"
+    assert result["role"] == "user"
+    assert result["aud"] == "authenticated"
+
+
+def test_parse_jwt_token_expired():
+    """Test parsing an expired JWT token."""
+    expired_payload = {
+        **TEST_USER_PAYLOAD,
+        "exp": datetime.now(timezone.utc) - timedelta(hours=1),
+    }
+    token = create_token(expired_payload)
+
+    with pytest.raises(ValueError) as exc_info:
+        jwt_utils.parse_jwt_token(token)
+    assert "Token has expired" in str(exc_info.value)
+
+
+def test_parse_jwt_token_invalid_signature():
+    """Test parsing a token with invalid signature."""
+    # Create token with different secret
+    token = create_token(TEST_USER_PAYLOAD, secret="wrong-secret")
+
+    with pytest.raises(ValueError) as exc_info:
+        jwt_utils.parse_jwt_token(token)
+    assert "Invalid token" in str(exc_info.value)
+
+
+def test_parse_jwt_token_malformed():
+    """Test parsing a malformed token."""
+    malformed_tokens = [
+        "not.a.token",
+        "invalid",
+        "",
+        # Header only
+        "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9",
+        # No signature
+        "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0In0",
+    ]
+
+    for token in malformed_tokens:
+        with pytest.raises(ValueError) as exc_info:
+            jwt_utils.parse_jwt_token(token)
+        assert "Invalid token" in str(exc_info.value)
+
+
+def test_parse_jwt_token_wrong_audience():
+    """Test parsing a token with wrong audience."""
+    wrong_aud_payload = {**TEST_USER_PAYLOAD, "aud": "wrong-audience"}
+    token = create_token(wrong_aud_payload)
+
+    with pytest.raises(ValueError) as exc_info:
+        jwt_utils.parse_jwt_token(token)
+    assert "Invalid token" in str(exc_info.value)
+
+
+def test_parse_jwt_token_missing_audience():
+    """Test parsing a token without audience claim."""
+    no_aud_payload = {k: v for k, v in TEST_USER_PAYLOAD.items() if k != "aud"}
+    token = create_token(no_aud_payload)
+
+    with pytest.raises(ValueError) as exc_info:
+        jwt_utils.parse_jwt_token(token)
+    assert "Invalid token" in str(exc_info.value)
+
+
+async def test_get_jwt_payload_with_valid_token():
+    """Test extracting JWT payload with valid bearer token."""
+    token = create_token(TEST_USER_PAYLOAD)
+    credentials = HTTPAuthorizationCredentials(scheme="Bearer", credentials=token)
+
+    result = await jwt_utils.get_jwt_payload(credentials)
+    assert result["sub"] == "test-user-id"
+    assert result["role"] == "user"
+
+
+async def test_get_jwt_payload_no_credentials():
+    """Test JWT payload when no credentials provided."""
+    with pytest.raises(HTTPException) as exc_info:
+        await jwt_utils.get_jwt_payload(None)
+    assert exc_info.value.status_code == 401
+    assert "Authorization header is missing" in exc_info.value.detail
+
+
+async def test_get_jwt_payload_invalid_token():
+    """Test JWT payload extraction with invalid token."""
+    credentials = HTTPAuthorizationCredentials(
+        scheme="Bearer", credentials="invalid.token.here"
+    )
+
+    with pytest.raises(HTTPException) as exc_info:
+        await jwt_utils.get_jwt_payload(credentials)
+    assert exc_info.value.status_code == 401
+    assert "Invalid token" in exc_info.value.detail
+
+
+def test_verify_user_with_valid_user():
+    """Test verifying a valid user."""
+    user = jwt_utils.verify_user(TEST_USER_PAYLOAD, admin_only=False)
+    assert isinstance(user, User)
+    assert user.user_id == "test-user-id"
+    assert user.role == "user"
+    assert user.email == "test@example.com"
+
+
+def test_verify_user_with_admin():
+    """Test verifying an admin user."""
+    user = jwt_utils.verify_user(TEST_ADMIN_PAYLOAD, admin_only=True)
+    assert isinstance(user, User)
+    assert user.user_id == "admin-user-id"
+    assert user.role == "admin"
+
+
+def test_verify_user_admin_only_with_regular_user():
+    """Test verifying regular user when admin is required."""
+    with pytest.raises(HTTPException) as exc_info:
+        jwt_utils.verify_user(TEST_USER_PAYLOAD, admin_only=True)
+    assert exc_info.value.status_code == 403
+    assert "Admin access required" in exc_info.value.detail
+
+
+def test_verify_user_no_payload():
+    """Test verifying user with no payload."""
+    with pytest.raises(HTTPException) as exc_info:
+        jwt_utils.verify_user(None, admin_only=False)
+    assert exc_info.value.status_code == 401
+    assert "Authorization header is missing" in exc_info.value.detail
+
+
+def test_verify_user_missing_sub():
+    """Test verifying user with payload missing 'sub' field."""
+    invalid_payload = {"role": "user", "email": "test@example.com"}
+    with pytest.raises(HTTPException) as exc_info:
+        jwt_utils.verify_user(invalid_payload, admin_only=False)
+    assert exc_info.value.status_code == 401
+    assert "User ID not found in token" in exc_info.value.detail
+
+
+def test_verify_user_empty_sub():
+    """Test verifying user with empty 'sub' field."""
+    invalid_payload = {"sub": "", "role": "user"}
+    with pytest.raises(HTTPException) as exc_info:
+        jwt_utils.verify_user(invalid_payload, admin_only=False)
+    assert exc_info.value.status_code == 401
+    assert "User ID not found in token" in exc_info.value.detail
+
+
+def test_verify_user_none_sub():
+    """Test verifying user with None 'sub' field."""
+    invalid_payload = {"sub": None, "role": "user"}
+    with pytest.raises(HTTPException) as exc_info:
+        jwt_utils.verify_user(invalid_payload, admin_only=False)
+    assert exc_info.value.status_code == 401
+    assert "User ID not found in token" in exc_info.value.detail
+
+
+def test_verify_user_missing_role_admin_check():
+    """Test verifying admin when role field is missing."""
+    no_role_payload = {"sub": "user-id"}
+    with pytest.raises(KeyError):
+        # This will raise KeyError when checking payload["role"]
+        jwt_utils.verify_user(no_role_payload, admin_only=True)
+
+
+# ======================== EDGE CASES ======================== #
+
+
+def test_jwt_with_additional_claims():
+    """Test JWT token with additional custom claims."""
+    extra_claims_payload = {
+        "sub": "user-id",
+        "role": "user",
+        "aud": "authenticated",
+        "custom_claim": "custom_value",
+        "permissions": ["read", "write"],
+        "metadata": {"key": "value"},
+    }
+    token = create_token(extra_claims_payload)
+
+    result = jwt_utils.parse_jwt_token(token)
+    assert result["sub"] == "user-id"
+    assert result["custom_claim"] == "custom_value"
+    assert result["permissions"] == ["read", "write"]
+
+
+def test_jwt_with_numeric_sub():
+    """Test JWT token with numeric user ID."""
+    payload = {
+        "sub": 12345,  # Numeric ID
+        "role": "user",
+        "aud": "authenticated",
+    }
+    # Should convert to string internally
+    user = jwt_utils.verify_user(payload, admin_only=False)
+    assert user.user_id == 12345
+
+
+def test_jwt_with_very_long_sub():
+    """Test JWT token with very long user ID."""
+    long_id = "a" * 1000
+    payload = {
+        "sub": long_id,
+        "role": "user",
+        "aud": "authenticated",
+    }
+    user = jwt_utils.verify_user(payload, admin_only=False)
+    assert user.user_id == long_id
+
+
+def test_jwt_with_special_characters_in_claims():
+    """Test JWT token with special characters in claims."""
+    payload = {
+        "sub": "user@example.com/special-chars!@#$%",
+        "role": "admin",
+        "aud": "authenticated",
+        "email": "test+special@example.com",
+    }
+    user = jwt_utils.verify_user(payload, admin_only=True)
+    assert "special-chars!@#$%" in user.user_id
+
+
+def test_jwt_with_future_iat():
+    """Test JWT token with issued-at time in future."""
+    future_payload = {
+        "sub": "user-id",
+        "role": "user",
+        "aud": "authenticated",
+        "iat": datetime.now(timezone.utc) + timedelta(hours=1),
+    }
+    token = create_token(future_payload)
+
+    # PyJWT validates iat claim and should reject future tokens
+    with pytest.raises(ValueError, match="not yet valid"):
+        jwt_utils.parse_jwt_token(token)
+
+
+def test_jwt_with_different_algorithms():
+    """Test that only HS256 algorithm is accepted."""
+    payload = {
+        "sub": "user-id",
+        "role": "user",
+        "aud": "authenticated",
+    }
+
+    # Try different algorithms
+    algorithms = ["HS384", "HS512", "none"]
+    for algo in algorithms:
+        if algo == "none":
+            # Special case for 'none' algorithm (security vulnerability if accepted)
+            token = create_token(payload, "", algorithm="none")
+        else:
+            token = create_token(payload, algorithm=algo)
+
+        with pytest.raises(ValueError) as exc_info:
+            jwt_utils.parse_jwt_token(token)
+        assert "Invalid token" in str(exc_info.value)

autogpt_platform/autogpt_libs/autogpt_libs/auth/models.py

@@ -1,5 +1,8 @@
 from dataclasses import dataclass
 
+DEFAULT_USER_ID = "3e53486c-cf57-477e-ba2a-cb02dc828e1a"
+DEFAULT_EMAIL = "default@example.com"
+
 
 # Using dataclass here to avoid adding dependency on pydantic
 @dataclass(frozen=True)

autogpt_platform/autogpt_libs/autogpt_libs/logging/config.py

@@ -1,13 +1,26 @@
 """Logging module for Auto-GPT."""
 
 import logging
+import os
+import socket
 import sys
+from logging.handlers import RotatingFileHandler
 from pathlib import Path
 
 from pydantic import Field, field_validator
 from pydantic_settings import BaseSettings, SettingsConfigDict
+
 from .filters import BelowLevelFilter
-from .formatters import AGPTFormatter, StructuredLoggingFormatter
+from .formatters import AGPTFormatter
+
+# Configure global socket timeout and gRPC keepalive to prevent deadlocks
+# This must be done at import time before any gRPC connections are established
+socket.setdefaulttimeout(30)  # 30-second socket timeout
+
+# Enable gRPC keepalive to detect dead connections faster
+os.environ.setdefault("GRPC_KEEPALIVE_TIME_MS", "30000")  # 30 seconds
+os.environ.setdefault("GRPC_KEEPALIVE_TIMEOUT_MS", "5000")  # 5 seconds
+os.environ.setdefault("GRPC_KEEPALIVE_PERMIT_WITHOUT_CALLS", "true")
 
 LOG_DIR = Path(__file__).parent.parent.parent.parent / "logs"
 LOG_FILE = "activity.log"
@@ -17,12 +30,11 @@ ERROR_LOG_FILE = "error.log"
 SIMPLE_LOG_FORMAT = "%(asctime)s %(levelname)s  %(title)s%(message)s"
 
 DEBUG_LOG_FORMAT = (
-    "%(asctime)s %(levelname)s %(filename)s:%(lineno)d" "  %(title)s%(message)s"
+    "%(asctime)s %(levelname)s %(filename)s:%(lineno)d  %(title)s%(message)s"
 )
 
 
 class LoggingConfig(BaseSettings):
-
     level: str = Field(
         default="INFO",
         description="Logging level",
@@ -79,46 +91,45 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
     Note: This function is typically called at the start of the application
     to set up the logging infrastructure.
     """
-
     config = LoggingConfig()
-
     log_handlers: list[logging.Handler] = []
 
+    # Console output handlers
+    stdout = logging.StreamHandler(stream=sys.stdout)
+    stdout.setLevel(config.level)
+    stdout.addFilter(BelowLevelFilter(logging.WARNING))
+    if config.level == logging.DEBUG:
+        stdout.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT))
+    else:
+        stdout.setFormatter(AGPTFormatter(SIMPLE_LOG_FORMAT))
+
+    stderr = logging.StreamHandler()
+    stderr.setLevel(logging.WARNING)
+    if config.level == logging.DEBUG:
+        stderr.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT))
+    else:
+        stderr.setFormatter(AGPTFormatter(SIMPLE_LOG_FORMAT))
+
+    log_handlers += [stdout, stderr]
+
     # Cloud logging setup
     if config.enable_cloud_logging or force_cloud_logging:
         import google.cloud.logging
         from google.cloud.logging.handlers import CloudLoggingHandler
-        from google.cloud.logging_v2.handlers.transports.sync import SyncTransport
+        from google.cloud.logging_v2.handlers.transports import (
+            BackgroundThreadTransport,
+        )
 
         client = google.cloud.logging.Client()
+        # Use BackgroundThreadTransport to prevent blocking the main thread
+        # and deadlocks when gRPC calls to Google Cloud Logging hang
         cloud_handler = CloudLoggingHandler(
             client,
             name="autogpt_logs",
-            transport=SyncTransport,
+            transport=BackgroundThreadTransport,
         )
         cloud_handler.setLevel(config.level)
-        cloud_handler.setFormatter(StructuredLoggingFormatter())
         log_handlers.append(cloud_handler)
-        print("Cloud logging enabled")
-    else:
-        # Console output handlers
-        stdout = logging.StreamHandler(stream=sys.stdout)
-        stdout.setLevel(config.level)
-        stdout.addFilter(BelowLevelFilter(logging.WARNING))
-        if config.level == logging.DEBUG:
-            stdout.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT))
-        else:
-            stdout.setFormatter(AGPTFormatter(SIMPLE_LOG_FORMAT))
-
-        stderr = logging.StreamHandler()
-        stderr.setLevel(logging.WARNING)
-        if config.level == logging.DEBUG:
-            stderr.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT))
-        else:
-            stderr.setFormatter(AGPTFormatter(SIMPLE_LOG_FORMAT))
-
-        log_handlers += [stdout, stderr]
-        print("Console logging enabled")
 
     # File logging setup
     if config.enable_file_logging:
@@ -129,8 +140,13 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
         print(f"Log directory: {config.log_dir}")
 
         # Activity log handler (INFO and above)
-        activity_log_handler = logging.FileHandler(
-            config.log_dir / LOG_FILE, "a", "utf-8"
+        # Security fix: Use RotatingFileHandler with size limits to prevent disk exhaustion
+        activity_log_handler = RotatingFileHandler(
+            config.log_dir / LOG_FILE,
+            mode="a",
+            encoding="utf-8",
+            maxBytes=10 * 1024 * 1024,  # 10MB per file
+            backupCount=3,  # Keep 3 backup files (40MB total)
         )
         activity_log_handler.setLevel(config.level)
         activity_log_handler.setFormatter(
@@ -140,8 +156,13 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
 
         if config.level == logging.DEBUG:
             # Debug log handler (all levels)
-            debug_log_handler = logging.FileHandler(
-                config.log_dir / DEBUG_LOG_FILE, "a", "utf-8"
+            # Security fix: Use RotatingFileHandler with size limits
+            debug_log_handler = RotatingFileHandler(
+                config.log_dir / DEBUG_LOG_FILE,
+                mode="a",
+                encoding="utf-8",
+                maxBytes=10 * 1024 * 1024,  # 10MB per file
+                backupCount=3,  # Keep 3 backup files (40MB total)
             )
             debug_log_handler.setLevel(logging.DEBUG)
             debug_log_handler.setFormatter(
@@ -150,13 +171,17 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
             log_handlers.append(debug_log_handler)
 
         # Error log handler (ERROR and above)
-        error_log_handler = logging.FileHandler(
-            config.log_dir / ERROR_LOG_FILE, "a", "utf-8"
+        # Security fix: Use RotatingFileHandler with size limits
+        error_log_handler = RotatingFileHandler(
+            config.log_dir / ERROR_LOG_FILE,
+            mode="a",
+            encoding="utf-8",
+            maxBytes=10 * 1024 * 1024,  # 10MB per file
+            backupCount=3,  # Keep 3 backup files (40MB total)
         )
         error_log_handler.setLevel(logging.ERROR)
         error_log_handler.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT, no_color=True))
         log_handlers.append(error_log_handler)
-        print("File logging enabled")
 
     # Configure the root logger
     logging.basicConfig(

autogpt_platform/autogpt_libs/autogpt_libs/logging/formatters.py

@@ -1,7 +1,6 @@
 import logging
 
 from colorama import Fore, Style
-from google.cloud.logging_v2.handlers import CloudLoggingFilter, StructuredLogHandler
 
 from .utils import remove_color_codes
 
@@ -80,16 +79,3 @@ class AGPTFormatter(FancyConsoleFormatter):
             return remove_color_codes(super().format(record))
         else:
             return super().format(record)
-
-
-class StructuredLoggingFormatter(StructuredLogHandler, logging.Formatter):
-    def __init__(self):
-        # Set up CloudLoggingFilter to add diagnostic info to the log records
-        self.cloud_logging_filter = CloudLoggingFilter()
-
-        # Init StructuredLogHandler
-        super().__init__()
-
-    def format(self, record: logging.LogRecord) -> str:
-        self.cloud_logging_filter.filter(record)
-        return super().format(record)

autogpt_platform/autogpt_libs/autogpt_libs/logging/test_utils.py

@@ -24,10 +24,10 @@ from .utils import remove_color_codes
         ),
         ("", ""),
         ("hello", "hello"),
-        ("hello\x1B[31m world", "hello world"),
-        ("\x1B[36mHello,\x1B[32m World!", "Hello, World!"),
+        ("hello\x1b[31m world", "hello world"),
+        ("\x1b[36mHello,\x1b[32m World!", "Hello, World!"),
         (
-            "\x1B[1m\x1B[31mError:\x1B[0m\x1B[31m file not found",
+            "\x1b[1m\x1b[31mError:\x1b[0m\x1b[31m file not found",
             "Error: file not found",
         ),
     ],

autogpt_platform/autogpt_libs/autogpt_libs/logging/utils.py

@@ -0,0 +1,5 @@
+import re
+
+
+def remove_color_codes(s: str) -> str:
+    return re.sub(r"\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])", "", s)

autogpt_platform/autogpt_libs/autogpt_libs/rate_limit/config.py

@@ -0,0 +1,33 @@
+from typing import Optional
+
+from pydantic import Field
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class RateLimitSettings(BaseSettings):
+    redis_host: str = Field(
+        default="redis://localhost:6379",
+        description="Redis host",
+        validation_alias="REDIS_HOST",
+    )
+
+    redis_port: str = Field(
+        default="6379", description="Redis port", validation_alias="REDIS_PORT"
+    )
+
+    redis_password: Optional[str] = Field(
+        default=None,
+        description="Redis password",
+        validation_alias="REDIS_PASSWORD",
+    )
+
+    requests_per_minute: int = Field(
+        default=60,
+        description="Maximum number of requests allowed per minute per API key",
+        validation_alias="RATE_LIMIT_REQUESTS_PER_MINUTE",
+    )
+
+    model_config = SettingsConfigDict(case_sensitive=True, extra="ignore")
+
+
+RATE_LIMIT_SETTINGS = RateLimitSettings()

autogpt_platform/autogpt_libs/autogpt_libs/rate_limit/limiter.py

@@ -0,0 +1,51 @@
+import time
+from typing import Tuple
+
+from redis import Redis
+
+from .config import RATE_LIMIT_SETTINGS
+
+
+class RateLimiter:
+    def __init__(
+        self,
+        redis_host: str = RATE_LIMIT_SETTINGS.redis_host,
+        redis_port: str = RATE_LIMIT_SETTINGS.redis_port,
+        redis_password: str | None = RATE_LIMIT_SETTINGS.redis_password,
+        requests_per_minute: int = RATE_LIMIT_SETTINGS.requests_per_minute,
+    ):
+        self.redis = Redis(
+            host=redis_host,
+            port=int(redis_port),
+            password=redis_password,
+            decode_responses=True,
+        )
+        self.window = 60
+        self.max_requests = requests_per_minute
+
+    async def check_rate_limit(self, api_key_id: str) -> Tuple[bool, int, int]:
+        """
+        Check if request is within rate limits.
+
+        Args:
+            api_key_id: The API key identifier to check
+
+        Returns:
+            Tuple of (is_allowed, remaining_requests, reset_time)
+        """
+        now = time.time()
+        window_start = now - self.window
+        key = f"ratelimit:{api_key_id}:1min"
+
+        pipe = self.redis.pipeline()
+        pipe.zremrangebyscore(key, 0, window_start)
+        pipe.zadd(key, {str(now): now})
+        pipe.zcount(key, window_start, now)
+        pipe.expire(key, self.window)
+
+        _, _, request_count, _ = pipe.execute()
+
+        remaining = max(0, self.max_requests - request_count)
+        reset_time = int(now + self.window)
+
+        return request_count <= self.max_requests, remaining, reset_time

autogpt_platform/autogpt_libs/autogpt_libs/rate_limit/middleware.py

@@ -0,0 +1,32 @@
+from fastapi import HTTPException, Request
+from starlette.middleware.base import RequestResponseEndpoint
+
+from .limiter import RateLimiter
+
+
+async def rate_limit_middleware(request: Request, call_next: RequestResponseEndpoint):
+    """FastAPI middleware for rate limiting API requests."""
+    limiter = RateLimiter()
+
+    if not request.url.path.startswith("/api"):
+        return await call_next(request)
+
+    api_key = request.headers.get("Authorization")
+    if not api_key:
+        return await call_next(request)
+
+    api_key = api_key.replace("Bearer ", "")
+
+    is_allowed, remaining, reset_time = await limiter.check_rate_limit(api_key)
+
+    if not is_allowed:
+        raise HTTPException(
+            status_code=429, detail="Rate limit exceeded. Please try again later."
+        )
+
+    response = await call_next(request)
+    response.headers["X-RateLimit-Limit"] = str(limiter.max_requests)
+    response.headers["X-RateLimit-Remaining"] = str(remaining)
+    response.headers["X-RateLimit-Reset"] = str(reset_time)
+
+    return response

autogpt_platform/autogpt_libs/autogpt_libs/supabase_integration_credentials_store/types.py

@@ -7,7 +7,7 @@ from pydantic import BaseModel, Field, SecretStr, field_serializer
 class _BaseCredentials(BaseModel):
     id: str = Field(default_factory=lambda: str(uuid4()))
     provider: str
-    title: str
+    title: Optional[str]
 
     @field_serializer("*")
     def dump_secret_strings(value: Any, _info):
@@ -18,6 +18,8 @@ class _BaseCredentials(BaseModel):
 
 class OAuth2Credentials(_BaseCredentials):
     type: Literal["oauth2"] = "oauth2"
+    username: Optional[str]
+    """Username of the third-party service user that these credentials belong to"""
     access_token: SecretStr
     access_token_expires_at: Optional[int]
     """Unix timestamp (seconds) indicating when the access token expires (if at all)"""
@@ -27,6 +29,9 @@ class OAuth2Credentials(_BaseCredentials):
     scopes: list[str]
     metadata: dict[str, Any] = Field(default_factory=dict)
 
+    def bearer(self) -> str:
+        return f"Bearer {self.access_token.get_secret_value()}"
+
 
 class APIKeyCredentials(_BaseCredentials):
     type: Literal["api_key"] = "api_key"
@@ -34,6 +39,9 @@ class APIKeyCredentials(_BaseCredentials):
     expires_at: Optional[int]
     """Unix timestamp (seconds) indicating when the API key expires (if at all)"""
 
+    def bearer(self) -> str:
+        return f"Bearer {self.api_key.get_secret_value()}"
+
 
 Credentials = Annotated[
     OAuth2Credentials | APIKeyCredentials,
@@ -41,10 +49,15 @@ Credentials = Annotated[
 ]
 
 
+CredentialsType = Literal["api_key", "oauth2"]
+
+
 class OAuthState(BaseModel):
     token: str
     provider: str
     expires_at: int
+    code_verifier: Optional[str] = None
+    scopes: list[str]
     """Unix timestamp (seconds) indicating when this OAuth state expires"""
 
 
@@ -56,3 +69,8 @@ class UserMetadata(BaseModel):
 class UserMetadataRaw(TypedDict, total=False):
     integration_credentials: list[dict]
     integration_oauth_states: list[dict]
+
+
+class UserIntegrations(BaseModel):
+    credentials: list[Credentials] = Field(default_factory=list)
+    oauth_states: list[OAuthState] = Field(default_factory=list)

autogpt_platform/autogpt_libs/autogpt_libs/utils/cache.py

@@ -0,0 +1,339 @@
+import asyncio
+import inspect
+import logging
+import threading
+import time
+from functools import wraps
+from typing import (
+    Any,
+    Callable,
+    ParamSpec,
+    Protocol,
+    TypeVar,
+    cast,
+    runtime_checkable,
+)
+
+P = ParamSpec("P")
+R = TypeVar("R")
+R_co = TypeVar("R_co", covariant=True)
+
+logger = logging.getLogger(__name__)
+
+
+def _make_hashable_key(
+    args: tuple[Any, ...], kwargs: dict[str, Any]
+) -> tuple[Any, ...]:
+    """
+    Convert args and kwargs into a hashable cache key.
+
+    Handles unhashable types like dict, list, set by converting them to
+    their sorted string representations.
+    """
+
+    def make_hashable(obj: Any) -> Any:
+        """Recursively convert an object to a hashable representation."""
+        if isinstance(obj, dict):
+            # Sort dict items to ensure consistent ordering
+            return (
+                "__dict__",
+                tuple(sorted((k, make_hashable(v)) for k, v in obj.items())),
+            )
+        elif isinstance(obj, (list, tuple)):
+            return ("__list__", tuple(make_hashable(item) for item in obj))
+        elif isinstance(obj, set):
+            return ("__set__", tuple(sorted(make_hashable(item) for item in obj)))
+        elif hasattr(obj, "__dict__"):
+            # Handle objects with __dict__ attribute
+            return ("__obj__", obj.__class__.__name__, make_hashable(obj.__dict__))
+        else:
+            # For basic hashable types (str, int, bool, None, etc.)
+            try:
+                hash(obj)
+                return obj
+            except TypeError:
+                # Fallback: convert to string representation
+                return ("__str__", str(obj))
+
+    hashable_args = tuple(make_hashable(arg) for arg in args)
+    hashable_kwargs = tuple(sorted((k, make_hashable(v)) for k, v in kwargs.items()))
+    return (hashable_args, hashable_kwargs)
+
+
+@runtime_checkable
+class CachedFunction(Protocol[P, R_co]):
+    """Protocol for cached functions with cache management methods."""
+
+    def cache_clear(self) -> None:
+        """Clear all cached entries."""
+        return None
+
+    def cache_info(self) -> dict[str, int | None]:
+        """Get cache statistics."""
+        return {}
+
+    def cache_delete(self, *args: P.args, **kwargs: P.kwargs) -> bool:
+        """Delete a specific cache entry by its arguments. Returns True if entry existed."""
+        return False
+
+    def __call__(self, *args: P.args, **kwargs: P.kwargs) -> R_co:
+        """Call the cached function."""
+        return None  # type: ignore
+
+
+def cached(
+    *,
+    maxsize: int = 128,
+    ttl_seconds: int | None = None,
+) -> Callable[[Callable], CachedFunction]:
+    """
+    Thundering herd safe cache decorator for both sync and async functions.
+
+    Uses double-checked locking to prevent multiple threads/coroutines from
+    executing the expensive operation simultaneously during cache misses.
+
+    Args:
+        func: The function to cache (when used without parentheses)
+        maxsize: Maximum number of cached entries
+        ttl_seconds: Time to live in seconds. If None, entries never expire
+
+    Returns:
+        Decorated function or decorator
+
+    Example:
+        @cache()  # Default: maxsize=128, no TTL
+        def expensive_sync_operation(param: str) -> dict:
+            return {"result": param}
+
+        @cache()  # Works with async too
+        async def expensive_async_operation(param: str) -> dict:
+            return {"result": param}
+
+        @cache(maxsize=1000, ttl_seconds=300)  # Custom maxsize and TTL
+        def another_operation(param: str) -> dict:
+            return {"result": param}
+    """
+
+    def decorator(target_func):
+        # Cache storage and per-event-loop locks
+        cache_storage = {}
+        _event_loop_locks = {}  # Maps event loop to its asyncio.Lock
+
+        if inspect.iscoroutinefunction(target_func):
+
+            def _get_cache_lock():
+                """Get or create an asyncio.Lock for the current event loop."""
+                try:
+                    loop = asyncio.get_running_loop()
+                except RuntimeError:
+                    # No event loop, use None as default key
+                    loop = None
+
+                if loop not in _event_loop_locks:
+                    return _event_loop_locks.setdefault(loop, asyncio.Lock())
+                return _event_loop_locks[loop]
+
+            @wraps(target_func)
+            async def async_wrapper(*args: P.args, **kwargs: P.kwargs):
+                key = _make_hashable_key(args, kwargs)
+                current_time = time.time()
+
+                # Fast path: check cache without lock
+                if key in cache_storage:
+                    if ttl_seconds is None:
+                        logger.debug(f"Cache hit for {target_func.__name__}")
+                        return cache_storage[key]
+                    else:
+                        cached_data = cache_storage[key]
+                        if isinstance(cached_data, tuple):
+                            result, timestamp = cached_data
+                            if current_time - timestamp < ttl_seconds:
+                                logger.debug(f"Cache hit for {target_func.__name__}")
+                                return result
+
+                # Slow path: acquire lock for cache miss/expiry
+                async with _get_cache_lock():
+                    # Double-check: another coroutine might have populated cache
+                    if key in cache_storage:
+                        if ttl_seconds is None:
+                            return cache_storage[key]
+                        else:
+                            cached_data = cache_storage[key]
+                            if isinstance(cached_data, tuple):
+                                result, timestamp = cached_data
+                                if current_time - timestamp < ttl_seconds:
+                                    return result
+
+                    # Cache miss - execute function
+                    logger.debug(f"Cache miss for {target_func.__name__}")
+                    result = await target_func(*args, **kwargs)
+
+                    # Store result
+                    if ttl_seconds is None:
+                        cache_storage[key] = result
+                    else:
+                        cache_storage[key] = (result, current_time)
+
+                    # Cleanup if needed
+                    if len(cache_storage) > maxsize:
+                        cutoff = maxsize // 2
+                        oldest_keys = (
+                            list(cache_storage.keys())[:-cutoff] if cutoff > 0 else []
+                        )
+                        for old_key in oldest_keys:
+                            cache_storage.pop(old_key, None)
+
+                    return result
+
+            wrapper = async_wrapper
+
+        else:
+            # Sync function with threading.Lock
+            cache_lock = threading.Lock()
+
+            @wraps(target_func)
+            def sync_wrapper(*args: P.args, **kwargs: P.kwargs):
+                key = _make_hashable_key(args, kwargs)
+                current_time = time.time()
+
+                # Fast path: check cache without lock
+                if key in cache_storage:
+                    if ttl_seconds is None:
+                        logger.debug(f"Cache hit for {target_func.__name__}")
+                        return cache_storage[key]
+                    else:
+                        cached_data = cache_storage[key]
+                        if isinstance(cached_data, tuple):
+                            result, timestamp = cached_data
+                            if current_time - timestamp < ttl_seconds:
+                                logger.debug(f"Cache hit for {target_func.__name__}")
+                                return result
+
+                # Slow path: acquire lock for cache miss/expiry
+                with cache_lock:
+                    # Double-check: another thread might have populated cache
+                    if key in cache_storage:
+                        if ttl_seconds is None:
+                            return cache_storage[key]
+                        else:
+                            cached_data = cache_storage[key]
+                            if isinstance(cached_data, tuple):
+                                result, timestamp = cached_data
+                                if current_time - timestamp < ttl_seconds:
+                                    return result
+
+                    # Cache miss - execute function
+                    logger.debug(f"Cache miss for {target_func.__name__}")
+                    result = target_func(*args, **kwargs)
+
+                    # Store result
+                    if ttl_seconds is None:
+                        cache_storage[key] = result
+                    else:
+                        cache_storage[key] = (result, current_time)
+
+                    # Cleanup if needed
+                    if len(cache_storage) > maxsize:
+                        cutoff = maxsize // 2
+                        oldest_keys = (
+                            list(cache_storage.keys())[:-cutoff] if cutoff > 0 else []
+                        )
+                        for old_key in oldest_keys:
+                            cache_storage.pop(old_key, None)
+
+                    return result
+
+            wrapper = sync_wrapper
+
+        # Add cache management methods
+        def cache_clear() -> None:
+            cache_storage.clear()
+
+        def cache_info() -> dict[str, int | None]:
+            return {
+                "size": len(cache_storage),
+                "maxsize": maxsize,
+                "ttl_seconds": ttl_seconds,
+            }
+
+        def cache_delete(*args, **kwargs) -> bool:
+            """Delete a specific cache entry. Returns True if entry existed."""
+            key = _make_hashable_key(args, kwargs)
+            if key in cache_storage:
+                del cache_storage[key]
+                return True
+            return False
+
+        setattr(wrapper, "cache_clear", cache_clear)
+        setattr(wrapper, "cache_info", cache_info)
+        setattr(wrapper, "cache_delete", cache_delete)
+
+        return cast(CachedFunction, wrapper)
+
+    return decorator
+
+
+def thread_cached(func):
+    """
+    Thread-local cache decorator for both sync and async functions.
+
+    Each thread gets its own cache, which is useful for request-scoped caching
+    in web applications where you want to cache within a single request but
+    not across requests.
+
+    Args:
+        func: The function to cache
+
+    Returns:
+        Decorated function with thread-local caching
+
+    Example:
+        @thread_cached
+        def expensive_operation(param: str) -> dict:
+            return {"result": param}
+
+        @thread_cached  # Works with async too
+        async def expensive_async_operation(param: str) -> dict:
+            return {"result": param}
+    """
+    thread_local = threading.local()
+
+    def _clear():
+        if hasattr(thread_local, "cache"):
+            del thread_local.cache
+
+    if inspect.iscoroutinefunction(func):
+
+        @wraps(func)
+        async def async_wrapper(*args, **kwargs):
+            cache = getattr(thread_local, "cache", None)
+            if cache is None:
+                cache = thread_local.cache = {}
+            key = _make_hashable_key(args, kwargs)
+            if key not in cache:
+                cache[key] = await func(*args, **kwargs)
+            return cache[key]
+
+        setattr(async_wrapper, "clear_cache", _clear)
+        return async_wrapper
+
+    else:
+
+        @wraps(func)
+        def sync_wrapper(*args, **kwargs):
+            cache = getattr(thread_local, "cache", None)
+            if cache is None:
+                cache = thread_local.cache = {}
+            key = _make_hashable_key(args, kwargs)
+            if key not in cache:
+                cache[key] = func(*args, **kwargs)
+            return cache[key]
+
+        setattr(sync_wrapper, "clear_cache", _clear)
+        return sync_wrapper
+
+
+def clear_thread_cache(func: Callable) -> None:
+    """Clear thread-local cache for a function."""
+    if clear := getattr(func, "clear_cache", None):
+        clear()

autogpt_platform/autogpt_libs/autogpt_libs/utils/cache_test.py

@@ -0,0 +1,676 @@
+"""Tests for the @thread_cached decorator.
+
+This module tests the thread-local caching functionality including:
+- Basic caching for sync and async functions
+- Thread isolation (each thread has its own cache)
+- Cache clearing functionality
+- Exception handling (exceptions are not cached)
+- Argument handling (positional vs keyword arguments)
+"""
+
+import asyncio
+import threading
+import time
+from concurrent.futures import ThreadPoolExecutor
+from unittest.mock import Mock
+
+import pytest
+
+from autogpt_libs.utils.cache import cached, clear_thread_cache, thread_cached
+
+
+class TestThreadCached:
+    def test_sync_function_caching(self):
+        call_count = 0
+
+        @thread_cached
+        def expensive_function(x: int, y: int = 0) -> int:
+            nonlocal call_count
+            call_count += 1
+            return x + y
+
+        assert expensive_function(1, 2) == 3
+        assert call_count == 1
+
+        assert expensive_function(1, 2) == 3
+        assert call_count == 1
+
+        assert expensive_function(1, y=2) == 3
+        assert call_count == 2
+
+        assert expensive_function(2, 3) == 5
+        assert call_count == 3
+
+        assert expensive_function(1) == 1
+        assert call_count == 4
+
+    @pytest.mark.asyncio
+    async def test_async_function_caching(self):
+        call_count = 0
+
+        @thread_cached
+        async def expensive_async_function(x: int, y: int = 0) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return x + y
+
+        assert await expensive_async_function(1, 2) == 3
+        assert call_count == 1
+
+        assert await expensive_async_function(1, 2) == 3
+        assert call_count == 1
+
+        assert await expensive_async_function(1, y=2) == 3
+        assert call_count == 2
+
+        assert await expensive_async_function(2, 3) == 5
+        assert call_count == 3
+
+    def test_thread_isolation(self):
+        call_count = 0
+        results = {}
+
+        @thread_cached
+        def thread_specific_function(x: int) -> str:
+            nonlocal call_count
+            call_count += 1
+            return f"{threading.current_thread().name}-{x}"
+
+        def worker(thread_id: int):
+            result1 = thread_specific_function(1)
+            result2 = thread_specific_function(1)
+            result3 = thread_specific_function(2)
+            results[thread_id] = (result1, result2, result3)
+
+        with ThreadPoolExecutor(max_workers=3) as executor:
+            futures = [executor.submit(worker, i) for i in range(3)]
+            for future in futures:
+                future.result()
+
+        assert call_count >= 2
+
+        for thread_id, (r1, r2, r3) in results.items():
+            assert r1 == r2
+            assert r1 != r3
+
+    @pytest.mark.asyncio
+    async def test_async_thread_isolation(self):
+        call_count = 0
+        results = {}
+
+        @thread_cached
+        async def async_thread_specific_function(x: int) -> str:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return f"{threading.current_thread().name}-{x}"
+
+        async def async_worker(worker_id: int):
+            result1 = await async_thread_specific_function(1)
+            result2 = await async_thread_specific_function(1)
+            result3 = await async_thread_specific_function(2)
+            results[worker_id] = (result1, result2, result3)
+
+        tasks = [async_worker(i) for i in range(3)]
+        await asyncio.gather(*tasks)
+
+        for worker_id, (r1, r2, r3) in results.items():
+            assert r1 == r2
+            assert r1 != r3
+
+    def test_clear_cache_sync(self):
+        call_count = 0
+
+        @thread_cached
+        def clearable_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            return x * 2
+
+        assert clearable_function(5) == 10
+        assert call_count == 1
+
+        assert clearable_function(5) == 10
+        assert call_count == 1
+
+        clear_thread_cache(clearable_function)
+
+        assert clearable_function(5) == 10
+        assert call_count == 2
+
+    @pytest.mark.asyncio
+    async def test_clear_cache_async(self):
+        call_count = 0
+
+        @thread_cached
+        async def clearable_async_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return x * 2
+
+        assert await clearable_async_function(5) == 10
+        assert call_count == 1
+
+        assert await clearable_async_function(5) == 10
+        assert call_count == 1
+
+        clear_thread_cache(clearable_async_function)
+
+        assert await clearable_async_function(5) == 10
+        assert call_count == 2
+
+    def test_simple_arguments(self):
+        call_count = 0
+
+        @thread_cached
+        def simple_function(a: str, b: int, c: str = "default") -> str:
+            nonlocal call_count
+            call_count += 1
+            return f"{a}-{b}-{c}"
+
+        # First call with all positional args
+        result1 = simple_function("test", 42, "custom")
+        assert call_count == 1
+
+        # Same args, all positional - should hit cache
+        result2 = simple_function("test", 42, "custom")
+        assert call_count == 1
+        assert result1 == result2
+
+        # Same values but last arg as keyword - creates different cache key
+        result3 = simple_function("test", 42, c="custom")
+        assert call_count == 2
+        assert result1 == result3  # Same result, different cache entry
+
+        # Different value - new cache entry
+        result4 = simple_function("test", 43, "custom")
+        assert call_count == 3
+        assert result1 != result4
+
+    def test_positional_vs_keyword_args(self):
+        """Test that positional and keyword arguments create different cache entries."""
+        call_count = 0
+
+        @thread_cached
+        def func(a: int, b: int = 10) -> str:
+            nonlocal call_count
+            call_count += 1
+            return f"result-{a}-{b}"
+
+        # All positional
+        result1 = func(1, 2)
+        assert call_count == 1
+        assert result1 == "result-1-2"
+
+        # Same values, but second arg as keyword
+        result2 = func(1, b=2)
+        assert call_count == 2  # Different cache key!
+        assert result2 == "result-1-2"  # Same result
+
+        # Verify both are cached separately
+        func(1, 2)  # Uses first cache entry
+        assert call_count == 2
+
+        func(1, b=2)  # Uses second cache entry
+        assert call_count == 2
+
+    def test_exception_handling(self):
+        call_count = 0
+
+        @thread_cached
+        def failing_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            if x < 0:
+                raise ValueError("Negative value")
+            return x * 2
+
+        assert failing_function(5) == 10
+        assert call_count == 1
+
+        with pytest.raises(ValueError):
+            failing_function(-1)
+        assert call_count == 2
+
+        with pytest.raises(ValueError):
+            failing_function(-1)
+        assert call_count == 3
+
+        assert failing_function(5) == 10
+        assert call_count == 3
+
+    @pytest.mark.asyncio
+    async def test_async_exception_handling(self):
+        call_count = 0
+
+        @thread_cached
+        async def async_failing_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            if x < 0:
+                raise ValueError("Negative value")
+            return x * 2
+
+        assert await async_failing_function(5) == 10
+        assert call_count == 1
+
+        with pytest.raises(ValueError):
+            await async_failing_function(-1)
+        assert call_count == 2
+
+        with pytest.raises(ValueError):
+            await async_failing_function(-1)
+        assert call_count == 3
+
+    def test_sync_caching_performance(self):
+        @thread_cached
+        def slow_function(x: int) -> int:
+            print(f"slow_function called with x={x}")
+            time.sleep(0.1)
+            return x * 2
+
+        start = time.time()
+        result1 = slow_function(5)
+        first_call_time = time.time() - start
+        print(f"First call took {first_call_time:.4f} seconds")
+
+        start = time.time()
+        result2 = slow_function(5)
+        second_call_time = time.time() - start
+        print(f"Second call took {second_call_time:.4f} seconds")
+
+        assert result1 == result2 == 10
+        assert first_call_time > 0.09
+        assert second_call_time < 0.01
+
+    @pytest.mark.asyncio
+    async def test_async_caching_performance(self):
+        @thread_cached
+        async def slow_async_function(x: int) -> int:
+            print(f"slow_async_function called with x={x}")
+            await asyncio.sleep(0.1)
+            return x * 2
+
+        start = time.time()
+        result1 = await slow_async_function(5)
+        first_call_time = time.time() - start
+        print(f"First async call took {first_call_time:.4f} seconds")
+
+        start = time.time()
+        result2 = await slow_async_function(5)
+        second_call_time = time.time() - start
+        print(f"Second async call took {second_call_time:.4f} seconds")
+
+        assert result1 == result2 == 10
+        assert first_call_time > 0.09
+        assert second_call_time < 0.01
+
+    def test_with_mock_objects(self):
+        mock = Mock(return_value=42)
+
+        @thread_cached
+        def function_using_mock(x: int) -> int:
+            return mock(x)
+
+        assert function_using_mock(1) == 42
+        assert mock.call_count == 1
+
+        assert function_using_mock(1) == 42
+        assert mock.call_count == 1
+
+        assert function_using_mock(2) == 42
+        assert mock.call_count == 2
+
+
+class TestCache:
+    """Tests for the unified @cache decorator (works for both sync and async)."""
+
+    def test_basic_sync_caching(self):
+        """Test basic sync caching functionality."""
+        call_count = 0
+
+        @cached()
+        def expensive_sync_function(x: int, y: int = 0) -> int:
+            nonlocal call_count
+            call_count += 1
+            return x + y
+
+        # First call
+        result1 = expensive_sync_function(1, 2)
+        assert result1 == 3
+        assert call_count == 1
+
+        # Second call with same args - should use cache
+        result2 = expensive_sync_function(1, 2)
+        assert result2 == 3
+        assert call_count == 1
+
+        # Different args - should call function again
+        result3 = expensive_sync_function(2, 3)
+        assert result3 == 5
+        assert call_count == 2
+
+    @pytest.mark.asyncio
+    async def test_basic_async_caching(self):
+        """Test basic async caching functionality."""
+        call_count = 0
+
+        @cached()
+        async def expensive_async_function(x: int, y: int = 0) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)  # Simulate async work
+            return x + y
+
+        # First call
+        result1 = await expensive_async_function(1, 2)
+        assert result1 == 3
+        assert call_count == 1
+
+        # Second call with same args - should use cache
+        result2 = await expensive_async_function(1, 2)
+        assert result2 == 3
+        assert call_count == 1
+
+        # Different args - should call function again
+        result3 = await expensive_async_function(2, 3)
+        assert result3 == 5
+        assert call_count == 2
+
+    def test_sync_thundering_herd_protection(self):
+        """Test that concurrent sync calls don't cause thundering herd."""
+        call_count = 0
+        results = []
+
+        @cached()
+        def slow_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            time.sleep(0.1)  # Simulate expensive operation
+            return x * x
+
+        def worker():
+            result = slow_function(5)
+            results.append(result)
+
+        # Launch multiple concurrent threads
+        with ThreadPoolExecutor(max_workers=5) as executor:
+            futures = [executor.submit(worker) for _ in range(5)]
+            for future in futures:
+                future.result()
+
+        # All results should be the same
+        assert all(result == 25 for result in results)
+        # Only one thread should have executed the expensive operation
+        assert call_count == 1
+
+    @pytest.mark.asyncio
+    async def test_async_thundering_herd_protection(self):
+        """Test that concurrent async calls don't cause thundering herd."""
+        call_count = 0
+
+        @cached()
+        async def slow_async_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.1)  # Simulate expensive operation
+            return x * x
+
+        # Launch concurrent coroutines
+        tasks = [slow_async_function(7) for _ in range(5)]
+        results = await asyncio.gather(*tasks)
+
+        # All results should be the same
+        assert all(result == 49 for result in results)
+        # Only one coroutine should have executed the expensive operation
+        assert call_count == 1
+
+    def test_ttl_functionality(self):
+        """Test TTL functionality with sync function."""
+        call_count = 0
+
+        @cached(maxsize=10, ttl_seconds=1)  # Short TTL
+        def ttl_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            return x * 3
+
+        # First call
+        result1 = ttl_function(3)
+        assert result1 == 9
+        assert call_count == 1
+
+        # Second call immediately - should use cache
+        result2 = ttl_function(3)
+        assert result2 == 9
+        assert call_count == 1
+
+        # Wait for TTL to expire
+        time.sleep(1.1)
+
+        # Third call after expiration - should call function again
+        result3 = ttl_function(3)
+        assert result3 == 9
+        assert call_count == 2
+
+    @pytest.mark.asyncio
+    async def test_async_ttl_functionality(self):
+        """Test TTL functionality with async function."""
+        call_count = 0
+
+        @cached(maxsize=10, ttl_seconds=1)  # Short TTL
+        async def async_ttl_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return x * 4
+
+        # First call
+        result1 = await async_ttl_function(3)
+        assert result1 == 12
+        assert call_count == 1
+
+        # Second call immediately - should use cache
+        result2 = await async_ttl_function(3)
+        assert result2 == 12
+        assert call_count == 1
+
+        # Wait for TTL to expire
+        await asyncio.sleep(1.1)
+
+        # Third call after expiration - should call function again
+        result3 = await async_ttl_function(3)
+        assert result3 == 12
+        assert call_count == 2
+
+    def test_cache_info(self):
+        """Test cache info functionality."""
+
+        @cached(maxsize=10, ttl_seconds=60)
+        def info_test_function(x: int) -> int:
+            return x * 3
+
+        # Check initial cache info
+        info = info_test_function.cache_info()
+        assert info["size"] == 0
+        assert info["maxsize"] == 10
+        assert info["ttl_seconds"] == 60
+
+        # Add an entry
+        info_test_function(1)
+        info = info_test_function.cache_info()
+        assert info["size"] == 1
+
+    def test_cache_clear(self):
+        """Test cache clearing functionality."""
+        call_count = 0
+
+        @cached()
+        def clearable_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            return x * 4
+
+        # First call
+        result1 = clearable_function(2)
+        assert result1 == 8
+        assert call_count == 1
+
+        # Second call - should use cache
+        result2 = clearable_function(2)
+        assert result2 == 8
+        assert call_count == 1
+
+        # Clear cache
+        clearable_function.cache_clear()
+
+        # Third call after clear - should call function again
+        result3 = clearable_function(2)
+        assert result3 == 8
+        assert call_count == 2
+
+    @pytest.mark.asyncio
+    async def test_async_cache_clear(self):
+        """Test cache clearing functionality with async function."""
+        call_count = 0
+
+        @cached()
+        async def async_clearable_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return x * 5
+
+        # First call
+        result1 = await async_clearable_function(2)
+        assert result1 == 10
+        assert call_count == 1
+
+        # Second call - should use cache
+        result2 = await async_clearable_function(2)
+        assert result2 == 10
+        assert call_count == 1
+
+        # Clear cache
+        async_clearable_function.cache_clear()
+
+        # Third call after clear - should call function again
+        result3 = await async_clearable_function(2)
+        assert result3 == 10
+        assert call_count == 2
+
+    @pytest.mark.asyncio
+    async def test_async_function_returns_results_not_coroutines(self):
+        """Test that cached async functions return actual results, not coroutines."""
+        call_count = 0
+
+        @cached()
+        async def async_result_function(x: int) -> str:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return f"result_{x}"
+
+        # First call
+        result1 = await async_result_function(1)
+        assert result1 == "result_1"
+        assert isinstance(result1, str)  # Should be string, not coroutine
+        assert call_count == 1
+
+        # Second call - should return cached result (string), not coroutine
+        result2 = await async_result_function(1)
+        assert result2 == "result_1"
+        assert isinstance(result2, str)  # Should be string, not coroutine
+        assert call_count == 1  # Function should not be called again
+
+        # Verify results are identical
+        assert result1 is result2  # Should be same cached object
+
+    def test_cache_delete(self):
+        """Test selective cache deletion functionality."""
+        call_count = 0
+
+        @cached()
+        def deletable_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            return x * 6
+
+        # First call for x=1
+        result1 = deletable_function(1)
+        assert result1 == 6
+        assert call_count == 1
+
+        # First call for x=2
+        result2 = deletable_function(2)
+        assert result2 == 12
+        assert call_count == 2
+
+        # Second calls - should use cache
+        assert deletable_function(1) == 6
+        assert deletable_function(2) == 12
+        assert call_count == 2
+
+        # Delete specific entry for x=1
+        was_deleted = deletable_function.cache_delete(1)
+        assert was_deleted is True
+
+        # Call with x=1 should execute function again
+        result3 = deletable_function(1)
+        assert result3 == 6
+        assert call_count == 3
+
+        # Call with x=2 should still use cache
+        assert deletable_function(2) == 12
+        assert call_count == 3
+
+        # Try to delete non-existent entry
+        was_deleted = deletable_function.cache_delete(99)
+        assert was_deleted is False
+
+    @pytest.mark.asyncio
+    async def test_async_cache_delete(self):
+        """Test selective cache deletion functionality with async function."""
+        call_count = 0
+
+        @cached()
+        async def async_deletable_function(x: int) -> int:
+            nonlocal call_count
+            call_count += 1
+            await asyncio.sleep(0.01)
+            return x * 7
+
+        # First call for x=1
+        result1 = await async_deletable_function(1)
+        assert result1 == 7
+        assert call_count == 1
+
+        # First call for x=2
+        result2 = await async_deletable_function(2)
+        assert result2 == 14
+        assert call_count == 2
+
+        # Second calls - should use cache
+        assert await async_deletable_function(1) == 7
+        assert await async_deletable_function(2) == 14
+        assert call_count == 2
+
+        # Delete specific entry for x=1
+        was_deleted = async_deletable_function.cache_delete(1)
+        assert was_deleted is True
+
+        # Call with x=1 should execute function again
+        result3 = await async_deletable_function(1)
+        assert result3 == 7
+        assert call_count == 3
+
+        # Call with x=2 should still use cache
+        assert await async_deletable_function(2) == 14
+        assert call_count == 3
+
+        # Try to delete non-existent entry
+        was_deleted = async_deletable_function.cache_delete(99)
+        assert was_deleted is False

autogpt_platform/autogpt_libs/autogpt_libs/utils/synchronize.py

@@ -0,0 +1,61 @@
+import asyncio
+from contextlib import asynccontextmanager
+from typing import TYPE_CHECKING, Any
+
+from expiringdict import ExpiringDict
+
+if TYPE_CHECKING:
+    from redis.asyncio import Redis as AsyncRedis
+    from redis.asyncio.lock import Lock as AsyncRedisLock
+
+
+class AsyncRedisKeyedMutex:
+    """
+    This class provides a mutex that can be locked and unlocked by a specific key,
+    using Redis as a distributed locking provider.
+    It uses an ExpiringDict to automatically clear the mutex after a specified timeout,
+    in case the key is not unlocked for a specified duration, to prevent memory leaks.
+    """
+
+    def __init__(self, redis: "AsyncRedis", timeout: int | None = 60):
+        self.redis = redis
+        self.timeout = timeout
+        self.locks: dict[Any, "AsyncRedisLock"] = ExpiringDict(
+            max_len=6000, max_age_seconds=self.timeout
+        )
+        self.locks_lock = asyncio.Lock()
+
+    @asynccontextmanager
+    async def locked(self, key: Any):
+        lock = await self.acquire(key)
+        try:
+            yield
+        finally:
+            if (await lock.locked()) and (await lock.owned()):
+                await lock.release()
+
+    async def acquire(self, key: Any) -> "AsyncRedisLock":
+        """Acquires and returns a lock with the given key"""
+        async with self.locks_lock:
+            if key not in self.locks:
+                self.locks[key] = self.redis.lock(
+                    str(key), self.timeout, thread_local=False
+                )
+            lock = self.locks[key]
+        await lock.acquire()
+        return lock
+
+    async def release(self, key: Any):
+        if (
+            (lock := self.locks.get(key))
+            and (await lock.locked())
+            and (await lock.owned())
+        ):
+            await lock.release()
+
+    async def release_all_locks(self):
+        """Call this on process termination to ensure all locks are released"""
+        async with self.locks_lock:
+            for lock in self.locks.values():
+                if (await lock.locked()) and (await lock.owned()):
+                    await lock.release()

autogpt_platform/autogpt_libs/pyproject.toml

@@ -0,0 +1,40 @@
+[tool.poetry]
+name = "autogpt-libs"
+version = "0.2.0"
+description = "Shared libraries across AutoGPT Platform"
+authors = ["AutoGPT team <info@agpt.co>"]
+readme = "README.md"
+packages = [{ include = "autogpt_libs" }]
+
+[tool.poetry.dependencies]
+python = ">=3.10,<4.0"
+colorama = "^0.4.6"
+cryptography = "^45.0"
+expiringdict = "^1.2.2"
+fastapi = "^0.116.1"
+google-cloud-logging = "^3.12.1"
+launchdarkly-server-sdk = "^9.12.0"
+pydantic = "^2.11.7"
+pydantic-settings = "^2.10.1"
+pyjwt = { version = "^2.10.1", extras = ["crypto"] }
+redis = "^6.2.0"
+supabase = "^2.16.0"
+uvicorn = "^0.35.0"
+
+[tool.poetry.group.dev.dependencies]
+pyright = "^1.1.404"
+pytest = "^8.4.1"
+pytest-asyncio = "^1.1.0"
+pytest-mock = "^3.14.1"
+pytest-cov = "^6.2.1"
+ruff = "^0.12.11"
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
+
+[tool.ruff]
+line-length = 88
+
+[tool.ruff.lint]
+extend-select = ["I"]  # sort dependencies

autogpt_platform/backend/.dockerignore

@@ -0,0 +1,52 @@
+# Development and testing files
+**/__pycache__
+**/*.pyc
+**/*.pyo
+**/*.pyd
+**/.Python
+**/env/
+**/venv/
+**/.venv/
+**/pip-log.txt
+**/.pytest_cache/
+**/test-results/
+**/snapshots/
+**/test/
+
+# IDE and editor files
+**/.vscode/
+**/.idea/
+**/*.swp
+**/*.swo
+*~
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Logs
+**/*.log
+**/logs/
+
+# Git
+.git/
+.gitignore
+
+# Documentation
+**/*.md
+!README.md
+
+# Local development files
+.env
+.env.local
+**/.env.test
+
+# Build artifacts
+**/dist/
+**/build/
+**/target/
+
+# Docker files (avoid recursion)
+Dockerfile*
+docker-compose*
+.dockerignore

autogpt_platform/backend/.env.default

@@ -0,0 +1,182 @@
+# Backend Configuration
+# This file contains environment variables that MUST be set for the AutoGPT platform
+# Variables with working defaults in settings.py are not included here
+
+## ===== REQUIRED DATABASE CONFIGURATION ===== ##
+# PostgreSQL Database Connection
+DB_USER=postgres
+DB_PASS=your-super-secret-and-long-postgres-password
+DB_NAME=postgres
+DB_PORT=5432
+DB_HOST=localhost
+DB_CONNECTION_LIMIT=12
+DB_CONNECT_TIMEOUT=60
+DB_POOL_TIMEOUT=300
+DB_SCHEMA=platform
+DATABASE_URL="postgresql://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=${DB_SCHEMA}&connect_timeout=${DB_CONNECT_TIMEOUT}"
+DIRECT_URL="postgresql://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=${DB_SCHEMA}&connect_timeout=${DB_CONNECT_TIMEOUT}"
+PRISMA_SCHEMA="postgres/schema.prisma"
+
+## ===== REQUIRED SERVICE CREDENTIALS ===== ##
+# Redis Configuration
+REDIS_HOST=localhost
+REDIS_PORT=6379
+# REDIS_PASSWORD=
+
+# RabbitMQ Credentials
+RABBITMQ_DEFAULT_USER=rabbitmq_user_default
+RABBITMQ_DEFAULT_PASS=k0VMxyIJF9S35f3x2uaw5IWAl6Y536O7
+
+# Supabase Authentication
+SUPABASE_URL=http://localhost:8000
+SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
+JWT_VERIFY_KEY=your-super-secret-jwt-token-with-at-least-32-characters-long
+
+## ===== REQUIRED SECURITY KEYS ===== ##
+# Generate using: from cryptography.fernet import Fernet;Fernet.generate_key().decode()
+ENCRYPTION_KEY=dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw=
+UNSUBSCRIBE_SECRET_KEY=HlP8ivStJjmbf6NKi78m_3FnOogut0t5ckzjsIqeaio=
+
+## ===== IMPORTANT OPTIONAL CONFIGURATION ===== ##
+# Platform URLs (set these for webhooks and OAuth to work)
+PLATFORM_BASE_URL=http://localhost:8000
+FRONTEND_BASE_URL=http://localhost:3000
+
+# Media Storage (required for marketplace and library functionality)
+MEDIA_GCS_BUCKET_NAME=
+
+## ===== API KEYS AND OAUTH CREDENTIALS ===== ##
+# All API keys below are optional - only add what you need
+
+# AI/LLM Services
+OPENAI_API_KEY=
+ANTHROPIC_API_KEY=
+GROQ_API_KEY=
+LLAMA_API_KEY=
+AIML_API_KEY=
+V0_API_KEY=
+OPEN_ROUTER_API_KEY=
+NVIDIA_API_KEY=
+
+# OAuth Credentials
+# For the OAuth callback URL, use <your_frontend_url>/auth/integrations/oauth_callback,
+# e.g. http://localhost:3000/auth/integrations/oauth_callback
+
+# GitHub OAuth App server credentials - https://github.com/settings/developers
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+
+# Notion OAuth App server credentials - https://developers.notion.com/docs/authorization
+# Configure a public integration
+NOTION_CLIENT_ID=
+NOTION_CLIENT_SECRET=
+
+# Google OAuth App server credentials - https://console.cloud.google.com/apis/credentials, and enable gmail api and set scopes
+# https://console.cloud.google.com/apis/credentials/consent ?project=<your_project_id>
+# You'll need to add/enable the following scopes (minimum):
+# https://console.developers.google.com/apis/api/gmail.googleapis.com/overview ?project=<your_project_id>
+# https://console.cloud.google.com/apis/library/sheets.googleapis.com/ ?project=<your_project_id>
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+
+# Twitter (X) OAuth 2.0 with PKCE Configuration
+# 1. Create a Twitter Developer Account:
+#    - Visit https://developer.x.com/en and sign up
+# 2. Set up your application:
+#    - Navigate to Developer Portal > Projects > Create Project
+#    - Add a new app to your project
+# 3. Configure app settings:
+#    - App Permissions: Read + Write + Direct Messages
+#    - App Type: Web App, Automated App or Bot
+#    - OAuth 2.0 Callback URL: http://localhost:3000/auth/integrations/oauth_callback
+#    - Save your Client ID and Client Secret below
+TWITTER_CLIENT_ID=
+TWITTER_CLIENT_SECRET=
+
+# Linear App
+# Make a new workspace for your OAuth APP -- trust me
+# https://linear.app/settings/api/applications/new
+# Callback URL: http://localhost:3000/auth/integrations/oauth_callback
+LINEAR_CLIENT_ID=
+LINEAR_CLIENT_SECRET=
+
+# To obtain Todoist API credentials:
+# 1. Create a Todoist account at todoist.com
+# 2. Visit the Developer Console: https://developer.todoist.com/appconsole.html
+# 3. Click "Create new app"
+# 4. Once created, copy your Client ID and Client Secret below
+TODOIST_CLIENT_ID=
+TODOIST_CLIENT_SECRET=
+
+NOTION_CLIENT_ID=
+NOTION_CLIENT_SECRET=
+
+# Discord OAuth App credentials
+# 1. Go to https://discord.com/developers/applications
+# 2. Create a new application
+# 3. Go to OAuth2 section and add redirect URI: http://localhost:3000/auth/integrations/oauth_callback
+# 4. Copy Client ID and Client Secret below
+DISCORD_CLIENT_ID=
+DISCORD_CLIENT_SECRET=
+
+REDDIT_CLIENT_ID=
+REDDIT_CLIENT_SECRET=
+
+# Payment Processing
+STRIPE_API_KEY=
+STRIPE_WEBHOOK_SECRET=
+
+# Email Service (for sending notifications and confirmations)
+POSTMARK_SERVER_API_TOKEN=
+POSTMARK_SENDER_EMAIL=invalid@invalid.com
+POSTMARK_WEBHOOK_TOKEN=
+
+# Error Tracking
+SENTRY_DSN=
+
+# Cloudflare Turnstile (CAPTCHA) Configuration
+# Get these from the Cloudflare Turnstile dashboard: https://dash.cloudflare.com/?to=/:account/turnstile
+# This is the backend secret key
+TURNSTILE_SECRET_KEY=
+# This is the verify URL
+TURNSTILE_VERIFY_URL=https://challenges.cloudflare.com/turnstile/v0/siteverify
+
+# Feature Flags
+LAUNCH_DARKLY_SDK_KEY=
+
+# Content Generation & Media
+DID_API_KEY=
+FAL_API_KEY=
+IDEOGRAM_API_KEY=
+REPLICATE_API_KEY=
+REVID_API_KEY=
+SCREENSHOTONE_API_KEY=
+UNREAL_SPEECH_API_KEY=
+
+# Data & Search Services
+E2B_API_KEY=
+EXA_API_KEY=
+JINA_API_KEY=
+MEM0_API_KEY=
+OPENWEATHERMAP_API_KEY=
+GOOGLE_MAPS_API_KEY=
+
+# Communication Services
+DISCORD_BOT_TOKEN=
+MEDIUM_API_KEY=
+MEDIUM_AUTHOR_ID=
+SMTP_SERVER=
+SMTP_PORT=
+SMTP_USERNAME=
+SMTP_PASSWORD=
+
+# Business & Marketing Tools
+APOLLO_API_KEY=
+ENRICHLAYER_API_KEY=
+AYRSHARE_API_KEY=
+AYRSHARE_JWT_KEY=
+SMARTLEAD_API_KEY=
+ZEROBOUNCE_API_KEY=
+
+# Other Services
+AUTOMOD_API_KEY=

autogpt_platform/backend/.gitignore

@@ -0,0 +1,20 @@
+.env
+database.db
+database.db-journal
+dev.db
+dev.db-journal
+build/
+config.json
+secrets/*
+!secrets/.gitkeep
+
+*.ignore.*
+*.ign.*
+
+# Load test results and reports
+load-tests/*_RESULTS.md
+load-tests/*_REPORT.md
+load-tests/results/
+load-tests/*.json
+load-tests/*.log
+load-tests/node_modules/*

autogpt_platform/backend/Dockerfile

@@ -0,0 +1,104 @@
+FROM debian:13-slim AS builder
+
+# Set environment variables
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV DEBIAN_FRONTEND=noninteractive
+
+WORKDIR /app
+
+RUN echo 'Acquire::http::Pipeline-Depth 0;\nAcquire::http::No-Cache true;\nAcquire::BrokenProxy true;\n' > /etc/apt/apt.conf.d/99fixbadproxy
+
+# Install Node.js repository key and setup
+RUN apt-get update --allow-releaseinfo-change --fix-missing \
+    && apt-get install -y curl ca-certificates gnupg \
+    && mkdir -p /etc/apt/keyrings \
+    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+    && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+
+# Update package list and install Python, Node.js, and build dependencies
+RUN apt-get update \
+    && apt-get install -y \
+    python3.13 \
+    python3.13-dev \
+    python3.13-venv \
+    python3-pip \
+    build-essential \
+    libpq5 \
+    libz-dev \
+    libssl-dev \
+    postgresql-client \
+    nodejs \
+    && rm -rf /var/lib/apt/lists/*
+
+ENV POETRY_HOME=/opt/poetry
+ENV POETRY_NO_INTERACTION=1
+ENV POETRY_VIRTUALENVS_CREATE=true
+ENV POETRY_VIRTUALENVS_IN_PROJECT=true
+ENV PATH=/opt/poetry/bin:$PATH
+
+RUN pip3 install poetry --break-system-packages
+
+# Copy and install dependencies
+COPY autogpt_platform/autogpt_libs /app/autogpt_platform/autogpt_libs
+COPY autogpt_platform/backend/poetry.lock autogpt_platform/backend/pyproject.toml /app/autogpt_platform/backend/
+WORKDIR /app/autogpt_platform/backend
+RUN poetry install --no-ansi --no-root
+
+# Generate Prisma client
+COPY autogpt_platform/backend/schema.prisma ./
+RUN poetry run prisma generate
+
+FROM debian:13-slim AS server_dependencies
+
+WORKDIR /app
+
+ENV POETRY_HOME=/opt/poetry \
+    POETRY_NO_INTERACTION=1 \
+    POETRY_VIRTUALENVS_CREATE=true \
+    POETRY_VIRTUALENVS_IN_PROJECT=true \
+    DEBIAN_FRONTEND=noninteractive
+ENV PATH=/opt/poetry/bin:$PATH
+
+# Install Python without upgrading system-managed packages
+RUN apt-get update && apt-get install -y \
+    python3.13 \
+    python3-pip \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy only necessary files from builder
+COPY --from=builder /app /app
+COPY --from=builder /usr/local/lib/python3* /usr/local/lib/python3*
+COPY --from=builder /usr/local/bin/poetry /usr/local/bin/poetry
+# Copy Node.js installation for Prisma
+COPY --from=builder /usr/bin/node /usr/bin/node
+COPY --from=builder /usr/lib/node_modules /usr/lib/node_modules
+COPY --from=builder /usr/bin/npm /usr/bin/npm
+COPY --from=builder /usr/bin/npx /usr/bin/npx
+COPY --from=builder /root/.cache/prisma-python/binaries /root/.cache/prisma-python/binaries
+
+ENV PATH="/app/autogpt_platform/backend/.venv/bin:$PATH"
+
+RUN mkdir -p /app/autogpt_platform/autogpt_libs
+RUN mkdir -p /app/autogpt_platform/backend
+
+COPY autogpt_platform/autogpt_libs /app/autogpt_platform/autogpt_libs
+
+COPY autogpt_platform/backend/poetry.lock autogpt_platform/backend/pyproject.toml /app/autogpt_platform/backend/
+
+WORKDIR /app/autogpt_platform/backend
+
+FROM server_dependencies AS migrate
+
+# Migration stage only needs schema and migrations - much lighter than full backend
+COPY autogpt_platform/backend/schema.prisma /app/autogpt_platform/backend/
+COPY autogpt_platform/backend/migrations /app/autogpt_platform/backend/migrations
+
+FROM server_dependencies AS server
+
+COPY autogpt_platform/backend /app/autogpt_platform/backend
+RUN poetry install --no-ansi --only-root
+
+ENV PORT=8000
+
+CMD ["poetry", "run", "rest"]