Merge remote-tracking branch 'origin/dev' into fix/flaky-e2e-again

Two targeted changes to the CoPilot feature request tools:

1. **Remove description from search results** — The
`search_feature_requests` tool no longer returns issue descriptions.
Only the title is needed for duplicate detection, reducing unnecessary
data exposure.

2. **Prevent PII in created issues** — Updated the
`create_feature_request` tool description and parameter descriptions to
explicitly instruct the LLM to never include personally identifiable
information (names, emails, company names, etc.) in Linear issue titles
and descriptions.

Resolves [SECRT-2010](https://linear.app/autogpt/issue/SECRT-2010)

autogpt_platform/backend/backend/copilot/executor/manager.py

@@ -164,21 +164,23 @@ class CoPilotExecutor(AppProcess):
                 self._cancel_thread, self.cancel_client, "[cleanup][cancel]"
             )
 
-        # Shutdown executor
+        # Clean up worker threads (closes per-loop workspace storage sessions)
         if self._executor:
+            from .processor import cleanup_worker
+
+            logger.info(f"[cleanup {pid}] Cleaning up workers...")
+            futures = []
+            for _ in range(self._executor._max_workers):
+                futures.append(self._executor.submit(cleanup_worker))
+            for f in futures:
+                try:
+                    f.result(timeout=10)
+                except Exception as e:
+                    logger.warning(f"[cleanup {pid}] Worker cleanup error: {e}")
+
             logger.info(f"[cleanup {pid}] Shutting down executor...")
             self._executor.shutdown(wait=False)
 
-        # Close async resources (workspace storage aiohttp session, etc.)
-        try:
-            from backend.util.workspace_storage import shutdown_workspace_storage
-
-            loop = asyncio.new_event_loop()
-            loop.run_until_complete(shutdown_workspace_storage())
-            loop.close()
-        except Exception as e:
-            logger.warning(f"[cleanup {pid}] Error closing workspace storage: {e}")
-
         # Release any remaining locks
         for task_id, lock in list(self._task_locks.items()):
             try:

autogpt_platform/backend/backend/copilot/executor/processor.py

@@ -60,6 +60,18 @@ def init_worker():
     _tls.processor.on_executor_start()
 
 
+def cleanup_worker():
+    """Clean up the processor for the current worker thread.
+
+    Should be called before the worker thread's event loop is destroyed so
+    that event-loop-bound resources (e.g. ``aiohttp.ClientSession``) are
+    closed on the correct loop.
+    """
+    processor: CoPilotProcessor | None = getattr(_tls, "processor", None)
+    if processor is not None:
+        processor.cleanup()
+
+
 # ============ Processor Class ============ #
 
 
@@ -98,6 +110,28 @@ class CoPilotProcessor:
 
         logger.info(f"[CoPilotExecutor] Worker {self.tid} started")
 
+    def cleanup(self):
+        """Clean up event-loop-bound resources before the loop is destroyed.
+
+        Shuts down the workspace storage instance that belongs to this
+        worker's event loop, ensuring ``aiohttp.ClientSession.close()``
+        runs on the same loop that created the session.
+        """
+        from backend.util.workspace_storage import shutdown_workspace_storage
+
+        try:
+            future = asyncio.run_coroutine_threadsafe(
+                shutdown_workspace_storage(), self.execution_loop
+            )
+            future.result(timeout=5)
+        except Exception as e:
+            logger.warning(f"[CoPilotExecutor] Worker {self.tid} cleanup error: {e}")
+
+        # Stop the event loop
+        self.execution_loop.call_soon_threadsafe(self.execution_loop.stop)
+        self.execution_thread.join(timeout=5)
+        logger.info(f"[CoPilotExecutor] Worker {self.tid} cleaned up")
+
     @error_logged(swallow=False)
     def execute(
         self,

autogpt_platform/backend/backend/copilot/tools/feature_requests.py

@@ -33,7 +33,6 @@ query SearchFeatureRequests($term: String!, $filter: IssueFilter, $first: Int) {
       id
       identifier
       title
-      description
     }
   }
 }
@@ -205,7 +204,6 @@ class SearchFeatureRequestsTool(BaseTool):
                     id=node["id"],
                     identifier=node["identifier"],
                     title=node["title"],
-                    description=node.get("description"),
                 )
                 for node in nodes
             ]
@@ -239,7 +237,11 @@ class CreateFeatureRequestTool(BaseTool):
             "Create a new feature request or add a customer need to an existing one. "
             "Always search first with search_feature_requests to avoid duplicates. "
             "If a matching request exists, pass its ID as existing_issue_id to add "
-            "the user's need to it instead of creating a duplicate."
+            "the user's need to it instead of creating a duplicate. "
+            "IMPORTANT: Never include personally identifiable information (PII) in "
+            "the title or description — no names, emails, phone numbers, company "
+            "names, or other identifying details. Write titles and descriptions in "
+            "generic, feature-focused language."
         )
 
     @property
@@ -249,11 +251,20 @@ class CreateFeatureRequestTool(BaseTool):
             "properties": {
                 "title": {
                     "type": "string",
-                    "description": "Title for the feature request.",
+                    "description": (
+                        "Title for the feature request. Must be generic and "
+                        "feature-focused — do not include any user names, emails, "
+                        "company names, or other PII."
+                    ),
                 },
                 "description": {
                     "type": "string",
-                    "description": "Detailed description of what the user wants and why.",
+                    "description": (
+                        "Detailed description of what the user wants and why. "
+                        "Must not contain any personally identifiable information "
+                        "(PII) — describe the feature need generically without "
+                        "referencing specific users, companies, or contact details."
+                    ),
                 },
                 "existing_issue_id": {
                     "type": "string",

autogpt_platform/backend/backend/copilot/tools/feature_requests_test.py

@@ -117,13 +117,11 @@ class TestSearchFeatureRequestsTool:
                 "id": "id-1",
                 "identifier": "FR-1",
                 "title": "Dark mode",
-                "description": "Add dark mode support",
             },
             {
                 "id": "id-2",
                 "identifier": "FR-2",
                 "title": "Dark theme",
-                "description": None,
             },
         ]
         patcher, _ = _mock_linear_config(query_return=_search_response(nodes))

autogpt_platform/backend/backend/copilot/tools/models.py

@@ -486,7 +486,6 @@ class FeatureRequestInfo(BaseModel):
     id: str
     identifier: str
     title: str
-    description: str | None = None
 
 
 class FeatureRequestSearchResponse(ToolResponseBase):

autogpt_platform/backend/backend/util/workspace_storage.py

@@ -93,7 +93,14 @@ class WorkspaceStorageBackend(ABC):
 
 
 class GCSWorkspaceStorage(WorkspaceStorageBackend):
-    """Google Cloud Storage implementation for workspace storage."""
+    """Google Cloud Storage implementation for workspace storage.
+
+    Each instance owns a single ``aiohttp.ClientSession`` and GCS async
+    client.  Because ``ClientSession`` is bound to the event loop on which it
+    was created, callers that run on separate loops (e.g. copilot executor
+    worker threads) **must** obtain their own ``GCSWorkspaceStorage`` instance
+    via :func:`get_workspace_storage` which is event-loop-aware.
+    """
 
     def __init__(self, bucket_name: str):
         self.bucket_name = bucket_name
@@ -337,60 +344,73 @@ class LocalWorkspaceStorage(WorkspaceStorageBackend):
             raise ValueError(f"Invalid storage path format: {storage_path}")
 
 
-# Global storage backend instance
-_workspace_storage: Optional[WorkspaceStorageBackend] = None
+# ---------------------------------------------------------------------------
+# Storage instance management
+# ---------------------------------------------------------------------------
+# ``aiohttp.ClientSession`` is bound to the event loop where it is created.
+# The copilot executor runs each worker in its own thread with a dedicated
+# event loop, so a single global ``GCSWorkspaceStorage`` instance would break.
+#
+# For **local storage** a single shared instance is fine (no async I/O).
+# For **GCS storage** we keep one instance *per event loop* so every loop
+# gets its own ``ClientSession``.
+# ---------------------------------------------------------------------------
+
+_local_storage: Optional[LocalWorkspaceStorage] = None
+_gcs_storages: dict[int, GCSWorkspaceStorage] = {}
 _storage_lock = asyncio.Lock()
 
 
 async def get_workspace_storage() -> WorkspaceStorageBackend:
+    """Return a workspace storage backend for the **current** event loop.
+
+    * Local storage → single shared instance (no event-loop affinity).
+    * GCS storage   → one instance per event loop to avoid cross-loop
+      ``aiohttp`` errors.
     """
-    Get the workspace storage backend instance.
+    global _local_storage
 
-    Uses GCS if media_gcs_bucket_name is configured, otherwise uses local storage.
-    """
-    global _workspace_storage
+    config = Config()
 
-    if _workspace_storage is None:
-        async with _storage_lock:
-            if _workspace_storage is None:
-                config = Config()
+    # --- Local storage (shared) ---
+    if not config.media_gcs_bucket_name:
+        if _local_storage is None:
+            storage_dir = (
+                config.workspace_storage_dir if config.workspace_storage_dir else None
+            )
+            logger.info(f"Using local workspace storage: {storage_dir or 'default'}")
+            _local_storage = LocalWorkspaceStorage(storage_dir)
+        return _local_storage
 
-                if config.media_gcs_bucket_name:
-                    logger.info(
-                        f"Using GCS workspace storage: {config.media_gcs_bucket_name}"
-                    )
-                    _workspace_storage = GCSWorkspaceStorage(
-                        config.media_gcs_bucket_name
-                    )
-                else:
-                    storage_dir = (
-                        config.workspace_storage_dir
-                        if config.workspace_storage_dir
-                        else None
-                    )
-                    logger.info(
-                        f"Using local workspace storage: {storage_dir or 'default'}"
-                    )
-                    _workspace_storage = LocalWorkspaceStorage(storage_dir)
-
-    return _workspace_storage
+    # --- GCS storage (per event loop) ---
+    loop_id = id(asyncio.get_running_loop())
+    if loop_id not in _gcs_storages:
+        logger.info(
+            f"Creating GCS workspace storage for loop {loop_id}: "
+            f"{config.media_gcs_bucket_name}"
+        )
+        _gcs_storages[loop_id] = GCSWorkspaceStorage(config.media_gcs_bucket_name)
+    return _gcs_storages[loop_id]
 
 
 async def shutdown_workspace_storage() -> None:
-    """
-    Properly shutdown the global workspace storage backend.
+    """Shut down workspace storage for the **current** event loop.
 
-    Closes aiohttp sessions and other resources for GCS backend.
-    Should be called during application shutdown.
+    Closes the ``aiohttp`` session owned by the current loop's GCS instance.
+    Each worker thread should call this on its own loop before the loop is
+    destroyed.  The REST API lifespan hook calls it for the main server loop.
     """
-    global _workspace_storage
+    global _local_storage
 
-    if _workspace_storage is not None:
-        async with _storage_lock:
-            if _workspace_storage is not None:
-                if isinstance(_workspace_storage, GCSWorkspaceStorage):
-                    await _workspace_storage.close()
-                _workspace_storage = None
+    loop_id = id(asyncio.get_running_loop())
+    storage = _gcs_storages.pop(loop_id, None)
+    if storage is not None:
+        await storage.close()
+
+    # Clear local storage only when the last GCS instance is gone
+    # (i.e. full shutdown, not just a single worker stopping).
+    if not _gcs_storages:
+        _local_storage = None
 
 
 def compute_file_checksum(content: bytes) -> str:

autogpt_platform/frontend/src/tests/marketplace-creator.spec.ts

@@ -69,12 +69,11 @@ test.describe("Marketplace Creator Page – Basic Functionality", () => {
       await marketplacePage.getFirstCreatorProfile(page);
     await firstCreatorProfile.click();
     await page.waitForURL("**/marketplace/creator/**");
-    await page.waitForLoadState("networkidle").catch(() => {});
 
     const firstAgent = page
       .locator('[data-testid="store-card"]:visible')
       .first();
-    await firstAgent.waitFor({ state: "visible", timeout: 30000 });
+    await firstAgent.waitFor({ state: "visible", timeout: 15000 });
 
     await firstAgent.click();
     await page.waitForURL("**/marketplace/agent/**");

autogpt_platform/frontend/src/tests/marketplace.spec.ts

@@ -115,18 +115,11 @@ test.describe("Marketplace – Basic Functionality", () => {
     const searchTerm = page.getByText("DummyInput").first();
     await isVisible(searchTerm);
 
-    await page.waitForLoadState("networkidle").catch(() => {});
-
-    await page
-      .waitForFunction(
-        () =>
-          document.querySelectorAll('[data-testid="store-card"]').length > 0,
-        { timeout: 15000 },
-      )
-      .catch(() => console.log("No search results appeared within timeout"));
-
-    const results = await marketplacePage.getSearchResultsCount(page);
-    expect(results).toBeGreaterThan(0);
+    await expect
+      .poll(() => marketplacePage.getSearchResultsCount(page), {
+        timeout: 15000,
+      })
+      .toBeGreaterThan(0);
 
     console.log("Complete search flow works correctly test passed ✅");
   });
@@ -135,7 +128,9 @@ test.describe("Marketplace – Basic Functionality", () => {
 });
 
 test.describe("Marketplace – Edge Cases", () => {
-  test("Search for non-existent item shows no results", async ({ page }) => {
+  test("Search for non-existent item renders search page correctly", async ({
+    page,
+  }) => {
     const marketplacePage = new MarketplacePage(page);
     await marketplacePage.goto(page);
 
@@ -151,9 +146,18 @@ test.describe("Marketplace – Edge Cases", () => {
     const searchTerm = page.getByText("xyznonexistentitemxyz123");
     await isVisible(searchTerm);
 
-    const results = await marketplacePage.getSearchResultsCount(page);
-    expect(results).toBe(0);
+    // The search page should render either results or a "No results found" message
+    await page.waitForLoadState("networkidle").catch(() => {});
+    const hasResults =
+      (await page.locator('[data-testid="store-card"]').count()) > 0;
+    const hasNoResultsMsg = await page
+      .getByText("No results found")
+      .isVisible()
+      .catch(() => false);
+    expect(hasResults || hasNoResultsMsg).toBe(true);
 
-    console.log("Search for non-existent item shows no results test passed ✅");
+    console.log(
+      "Search for non-existent item renders search page correctly test passed ✅",
+    );
   });
 });

autogpt_platform/frontend/src/tests/pages/build.page.ts

@@ -125,16 +125,8 @@ export class BuildPage extends BasePage {
       `[data-id="block-card-${blockCardId}"]`,
     );
 
-    try {
-      // Wait for the block card to be visible with a reasonable timeout
-      await blockCard.waitFor({ state: "visible", timeout: 10000 });
-      await blockCard.click();
-    } catch (error) {
-      console.log(
-        `Block ${block.name} (display: ${displayName}) returned from the API but not found in block list`,
-      );
-      console.log(`Error: ${error}`);
-    }
+    await blockCard.waitFor({ state: "visible", timeout: 10000 });
+    await blockCard.click();
   }
 
   async hasBlock(_block: Block) {

autogpt_platform/frontend/src/tests/pages/login.page.ts

@@ -65,7 +65,7 @@ export class LoginPage {
     await this.page.waitForLoadState("load", { timeout: 10_000 });
 
     console.log("➡️ Navigating to /marketplace ...");
-    await this.page.goto("/marketplace", { timeout: 10_000 });
+    await this.page.goto("/marketplace", { timeout: 20_000 });
     console.log("✅ Login process complete");
 
     // If Wallet popover auto-opens, close it to avoid blocking account menu interactions

autogpt_platform/frontend/src/tests/pages/marketplace.page.ts

@@ -9,7 +9,12 @@ export class MarketplacePage extends BasePage {
 
   async goto(page: Page) {
     await page.goto("/marketplace");
-    await page.waitForLoadState("networkidle").catch(() => {});
+    await page
+      .locator(
+        '[data-testid="store-card"], [data-testid="featured-store-card"]',
+      )
+      .first()
+      .waitFor({ state: "visible", timeout: 20000 });
   }
 
   async getMarketplaceTitle(page: Page) {
@@ -111,7 +116,7 @@ export class MarketplacePage extends BasePage {
   async getFirstFeaturedAgent(page: Page) {
     const { getId } = getSelectors(page);
     const card = getId("featured-store-card").first();
-    await card.waitFor({ state: "visible", timeout: 30000 });
+    await card.waitFor({ state: "visible", timeout: 15000 });
     return card;
   }
 
@@ -119,14 +124,14 @@ export class MarketplacePage extends BasePage {
     const card = this.page
       .locator('[data-testid="store-card"]:visible')
       .first();
-    await card.waitFor({ state: "visible", timeout: 30000 });
+    await card.waitFor({ state: "visible", timeout: 15000 });
     return card;
   }
 
   async getFirstCreatorProfile(page: Page) {
     const { getId } = getSelectors(page);
     const card = getId("creator-card").first();
-    await card.waitFor({ state: "visible", timeout: 30000 });
+    await card.waitFor({ state: "visible", timeout: 15000 });
     return card;
   }
 

autogpt_platform/frontend/src/tests/utils/assertion.ts

@@ -45,8 +45,9 @@ export async function isEnabled(el: Locator) {
 }
 
 export async function hasMinCount(el: Locator, minCount: number) {
-  const count = await el.count();
-  expect(count).toBeGreaterThanOrEqual(minCount);
+  await expect
+    .poll(async () => await el.count(), { timeout: 10000 })
+    .toBeGreaterThanOrEqual(minCount);
 }
 
 export async function matchesUrl(page: Page, pattern: RegExp) {