Merge branch 'dev' into pwuts/open-2923-v2-external-api

### Changes 🏗️

- Added a placeholder UI for Google Drive Picker in INPUT block type
- Improved detection of Google Drive file objects in schema validation
- Extracted `isGoogleDrivePickerSchema` function for better code
organization
- Added spacing between array field elements with a gap-2 class
- Added debug logging for preprocessed schema in FormRenderer

### Checklist 📋

#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
  - [x] Verified Google Drive Picker shows placeholder in INPUT blocks
  - [x] Confirmed array field elements have proper spacing
  - [x] Tested that Google Drive file objects are properly detected

.branchlet.json

@@ -0,0 +1,37 @@
+{
+  "worktreeCopyPatterns": [
+    ".env*",
+    ".vscode/**",
+    ".auth/**",
+    ".claude/**",
+    "autogpt_platform/.env*",
+    "autogpt_platform/backend/.env*",
+    "autogpt_platform/frontend/.env*",
+    "autogpt_platform/frontend/.auth/**",
+    "autogpt_platform/db/docker/.env*"
+  ],
+  "worktreeCopyIgnores": [
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/.git/**",
+    "**/Thumbs.db",
+    "**/.DS_Store",
+    "**/.next/**",
+    "**/__pycache__/**",
+    "**/.ruff_cache/**",
+    "**/.pytest_cache/**",
+    "**/*.pyc",
+    "**/playwright-report/**",
+    "**/logs/**",
+    "**/site/**"
+  ],
+  "worktreePathTemplate": "$BASE_PATH.worktree",
+  "postCreateCmd": [
+    "cd autogpt_platform/autogpt_libs && poetry install",
+    "cd autogpt_platform/backend && poetry install && poetry run prisma generate",
+    "cd autogpt_platform/frontend && pnpm install",
+    "cd docs && pip install -r requirements.txt"
+  ],
+  "terminalCommand": "code .",
+  "deleteBranchWithWorktree": false
+}

.dockerignore

@@ -1,6 +1,9 @@
 # Ignore everything by default, selectively add things to context
 *
 
+# Documentation (for embeddings/search)
+!docs/
+
 # Platform - Libs
 !autogpt_platform/autogpt_libs/autogpt_libs/
 !autogpt_platform/autogpt_libs/pyproject.toml
@@ -16,6 +19,7 @@
 !autogpt_platform/backend/poetry.lock
 !autogpt_platform/backend/README.md
 !autogpt_platform/backend/.env
+!autogpt_platform/backend/gen_prisma_types_stub.py
 
 # Platform - Market
 !autogpt_platform/market/market/

.github/copilot-instructions.md

@@ -142,7 +142,7 @@ pnpm storybook                      # Start component development server
 ### Security & Middleware
 
 **Cache Protection**: Backend includes middleware preventing sensitive data caching in browsers/proxies
-**Authentication**: JWT-based with native authentication
+**Authentication**: JWT-based with Supabase integration
 **User ID Validation**: All data access requires user ID checks - verify this for any `data/*.py` changes
 
 ### Development Workflow
@@ -168,9 +168,9 @@ pnpm storybook                      # Start component development server
 
 - `frontend/src/app/layout.tsx` - Root application layout
 - `frontend/src/app/page.tsx` - Home page
-- `frontend/src/lib/auth/` - Authentication client
+- `frontend/src/lib/supabase/` - Authentication and database client
 
-**Protected Routes**: Update `frontend/middleware.ts` when adding protected routes
+**Protected Routes**: Update `frontend/lib/supabase/middleware.ts` when adding protected routes
 
 ### Agent Block System
 
@@ -194,7 +194,7 @@ Agents are built using a visual block-based system where each block performs a s
 
 1. **Backend**: `/backend/.env.default` → `/backend/.env` (user overrides)
 2. **Frontend**: `/frontend/.env.default` → `/frontend/.env` (user overrides)
-3. **Platform**: `/.env.default` (shared) → `/.env` (user overrides)
+3. **Platform**: `/.env.default` (Supabase/shared) → `/.env` (user overrides)
 4. Docker Compose `environment:` sections override file-based config
 5. Shell environment variables have highest precedence
 

.github/workflows/claude-dependabot.yml

@@ -74,7 +74,7 @@ jobs:
 
       - name: Generate Prisma Client
         working-directory: autogpt_platform/backend
-        run: poetry run prisma generate
+        run: poetry run prisma generate && poetry run gen-prisma-stub
 
       # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
       - name: Set up Node.js
@@ -144,7 +144,11 @@ jobs:
             "rabbitmq:management"
             "clamav/clamav-debian:latest"
             "busybox:latest"
-            "pgvector/pgvector:pg18"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+            "supabase/postgres-meta:v0.86.1"
+            "supabase/studio:20250224-d10db0f"
           )
           
           # Check if any cached tar files exist (more reliable than cache-hit)

.github/workflows/claude.yml

@@ -90,7 +90,7 @@ jobs:
 
       - name: Generate Prisma Client
         working-directory: autogpt_platform/backend
-        run: poetry run prisma generate
+        run: poetry run prisma generate && poetry run gen-prisma-stub
 
       # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
       - name: Set up Node.js
@@ -160,7 +160,11 @@ jobs:
             "rabbitmq:management"
             "clamav/clamav-debian:latest"
             "busybox:latest"
-            "pgvector/pgvector:pg18"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+            "supabase/postgres-meta:v0.86.1"
+            "supabase/studio:20250224-d10db0f"
           )
           
           # Check if any cached tar files exist (more reliable than cache-hit)

.github/workflows/copilot-setup-steps.yml

@@ -72,7 +72,7 @@ jobs:
 
       - name: Generate Prisma Client
         working-directory: autogpt_platform/backend
-        run: poetry run prisma generate
+        run: poetry run prisma generate && poetry run gen-prisma-stub
 
       # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
       - name: Set up Node.js
@@ -108,6 +108,16 @@ jobs:
       #   run: pnpm playwright install --with-deps chromium
 
       # Docker setup for development environment
+      - name: Free up disk space
+        run: |
+          # Remove large unused tools to free disk space for Docker builds
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/lib/android
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /opt/hostedtoolcache/CodeQL
+          sudo docker system prune -af
+          df -h
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -142,7 +152,11 @@ jobs:
             "rabbitmq:management"
             "clamav/clamav-debian:latest"
             "busybox:latest"
-            "pgvector/pgvector:pg18"
+            "kong:2.8.1"
+            "supabase/gotrue:v2.170.0"
+            "supabase/postgres:15.8.1.049"
+            "supabase/postgres-meta:v0.86.1"
+            "supabase/studio:20250224-d10db0f"
           )
           
           # Check if any cached tar files exist (more reliable than cache-hit)

.github/workflows/platform-backend-ci.yml

@@ -2,13 +2,13 @@ name: AutoGPT Platform - Backend CI
 
 on:
   push:
-    branches: [master, dev, ci-test*, native-auth]
+    branches: [master, dev, ci-test*]
     paths:
       - ".github/workflows/platform-backend-ci.yml"
       - "autogpt_platform/backend/**"
       - "autogpt_platform/autogpt_libs/**"
   pull_request:
-    branches: [master, dev, release-*, native-auth]
+    branches: [master, dev, release-*]
     paths:
       - ".github/workflows/platform-backend-ci.yml"
       - "autogpt_platform/backend/**"
@@ -36,19 +36,6 @@ jobs:
     runs-on: ubuntu-latest
 
     services:
-      postgres:
-        image: pgvector/pgvector:pg18
-        ports:
-          - 5432:5432
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: your-super-secret-and-long-postgres-password
-          POSTGRES_DB: postgres
-        options: >-
-          --health-cmd "pg_isready -U postgres"
-          --health-interval 5s
-          --health-timeout 5s
-          --health-retries 10
       redis:
         image: redis:latest
         ports:
@@ -91,6 +78,11 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
 
+      - name: Setup Supabase
+        uses: supabase/setup-cli@v1
+        with:
+          version: 1.178.1
+
       - id: get_date
         name: Get date
         run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
@@ -142,7 +134,17 @@ jobs:
         run: poetry install
 
       - name: Generate Prisma Client
-        run: poetry run prisma generate
+        run: poetry run prisma generate && poetry run gen-prisma-stub
+
+      - id: supabase
+        name: Start Supabase
+        working-directory: .
+        run: |
+          supabase init
+          supabase start --exclude postgres-meta,realtime,storage-api,imgproxy,inbucket,studio,edge-runtime,logflare,vector,supavisor
+          supabase status -o env | sed 's/="/=/; s/"$//' >> $GITHUB_OUTPUT
+        # outputs:
+        # DB_URL, API_URL, GRAPHQL_URL, ANON_KEY, SERVICE_ROLE_KEY, JWT_SECRET
 
       - name: Wait for ClamAV to be ready
         run: |
@@ -174,10 +176,10 @@ jobs:
           }
 
       - name: Run Database Migrations
-        run: poetry run prisma migrate dev --name updates
+        run: poetry run prisma migrate deploy
         env:
-          DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@localhost:5432/postgres
-          DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@localhost:5432/postgres
+          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
+          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
 
       - id: lint
         name: Run Linter
@@ -193,9 +195,11 @@ jobs:
         if: success() || (failure() && steps.lint.outcome == 'failure')
         env:
           LOG_LEVEL: ${{ runner.debug && 'DEBUG' || 'INFO' }}
-          DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@localhost:5432/postgres
-          DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@localhost:5432/postgres
-          JWT_SECRET: your-super-secret-jwt-token-with-at-least-32-characters-long
+          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
+          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
+          SUPABASE_URL: ${{ steps.supabase.outputs.API_URL }}
+          SUPABASE_SERVICE_ROLE_KEY: ${{ steps.supabase.outputs.SERVICE_ROLE_KEY }}
+          JWT_VERIFY_KEY: ${{ steps.supabase.outputs.JWT_SECRET }}
           REDIS_HOST: "localhost"
           REDIS_PORT: "6379"
           ENCRYPTION_KEY: "dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw=" # DO NOT USE IN PRODUCTION!!

.github/workflows/platform-frontend-ci.yml

@@ -2,16 +2,16 @@ name: AutoGPT Platform - Frontend CI
 
 on:
   push:
-    branches: [master, dev, native-auth]
+    branches: [master, dev]
     paths:
       - ".github/workflows/platform-frontend-ci.yml"
       - "autogpt_platform/frontend/**"
   pull_request:
-    branches: [master, dev, native-auth]
     paths:
       - ".github/workflows/platform-frontend-ci.yml"
       - "autogpt_platform/frontend/**"
   merge_group:
+  workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event_name == 'merge_group' && format('merge-queue-{0}', github.ref) || format('{0}-{1}', github.ref, github.event.pull_request.number || github.sha) }}
@@ -148,10 +148,18 @@ jobs:
       - name: Enable corepack
         run: corepack enable
 
-      - name: Copy default platform .env
+      - name: Copy default supabase .env
         run: |
           cp ../.env.default ../.env
 
+      - name: Copy backend .env and set OpenAI API key
+        run: |
+          cp ../backend/.env.default ../backend/.env
+          echo "OPENAI_INTERNAL_API_KEY=${{ secrets.OPENAI_API_KEY }}" >> ../backend/.env
+        env:
+          # Used by E2E test data script to generate embeddings for approved store agents
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -227,13 +235,25 @@ jobs:
 
       - name: Run Playwright tests
         run: pnpm test:no-build
+        continue-on-error: false
 
-      - name: Upload Playwright artifacts
-        if: failure()
+      - name: Upload Playwright report
+        if: always()
         uses: actions/upload-artifact@v4
         with:
           name: playwright-report
           path: playwright-report
+          if-no-files-found: ignore
+          retention-days: 3
+
+      - name: Upload Playwright test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-test-results
+          path: test-results
+          if-no-files-found: ignore
+          retention-days: 3
 
       - name: Print Final Docker Compose logs
         if: always()

.github/workflows/platform-fullstack-ci.yml

@@ -1,13 +1,12 @@
-name: AutoGPT Platform - Fullstack CI
+name: AutoGPT Platform - Frontend CI
 
 on:
   push:
-    branches: [master, dev, native-auth]
+    branches: [master, dev]
     paths:
       - ".github/workflows/platform-fullstack-ci.yml"
       - "autogpt_platform/**"
   pull_request:
-    branches: [master, dev, native-auth]
     paths:
       - ".github/workflows/platform-fullstack-ci.yml"
       - "autogpt_platform/**"
@@ -59,11 +58,14 @@ jobs:
   types:
     runs-on: ubuntu-latest
     needs: setup
-    timeout-minutes: 10
+    strategy:
+      fail-fast: false
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
@@ -73,6 +75,18 @@ jobs:
       - name: Enable corepack
         run: corepack enable
 
+      - name: Copy default supabase .env
+        run: |
+          cp ../.env.default ../.env
+
+      - name: Copy backend .env
+        run: |
+          cp ../backend/.env.default ../backend/.env
+
+      - name: Run docker compose
+        run: |
+          docker compose -f ../docker-compose.yml --profile local --profile deps_backend up -d
+
       - name: Restore dependencies cache
         uses: actions/cache@v4
         with:
@@ -87,12 +101,36 @@ jobs:
       - name: Setup .env
         run: cp .env.default .env
 
+      - name: Wait for services to be ready
+        run: |
+          echo "Waiting for rest_server to be ready..."
+          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
+          echo "Waiting for database to be ready..."
+          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
+
       - name: Generate API queries
-        run: pnpm generate:api
+        run: pnpm generate:api:force
+
+      - name: Check for API schema changes
+        run: |
+          if ! git diff --exit-code src/app/api/openapi.json; then
+            echo "❌ API schema changes detected in src/app/api/openapi.json"
+            echo ""
+            echo "The openapi.json file has been modified after running 'pnpm generate:api-all'."
+            echo "This usually means changes have been made in the BE endpoints without updating the Frontend."
+            echo "The API schema is now out of sync with the Front-end queries."
+            echo ""
+            echo "To fix this:"
+            echo "1. Pull the backend 'docker compose pull && docker compose up -d --build --force-recreate'"
+            echo "2. Run 'pnpm generate:api' locally"
+            echo "3. Run 'pnpm types' locally"
+            echo "4. Fix any TypeScript errors that may have been introduced"
+            echo "5. Commit and push your changes"
+            echo ""
+            exit 1
+          else
+            echo "✅ No API schema changes detected"
+          fi
 
       - name: Run Typescript checks
         run: pnpm types
-
-    env:
-      CI: true
-      PLAIN_OUTPUT: True

AGENTS.md

@@ -49,5 +49,5 @@ Use conventional commit messages for all commits (e.g. `feat(backend): add API`)
 - Keep out-of-scope changes under 20% of the PR.
 - Ensure PR descriptions are complete.
 - For changes touching `data/*.py`, validate user ID checks or explain why not needed.
-- If adding protected frontend routes, update `frontend/lib/auth/helpers.ts`.
+- If adding protected frontend routes, update `frontend/lib/supabase/middleware.ts`.
 - Use the linear ticket branch structure if given codex/open-1668-resume-dropped-runs

autogpt_platform/.env.default

@@ -5,6 +5,12 @@
 
 POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password
 JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
+ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
+SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
+DASHBOARD_USERNAME=supabase
+DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
+SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
+VAULT_ENC_KEY=your-encryption-key-32-chars-min
 
 
 ############
@@ -18,31 +24,100 @@ POSTGRES_PORT=5432
 
 
 ############
-# Auth - Native authentication configuration
+# Supavisor -- Database pooler
+############
+POOLER_PROXY_PORT_TRANSACTION=6543
+POOLER_DEFAULT_POOL_SIZE=20
+POOLER_MAX_CLIENT_CONN=100
+POOLER_TENANT_ID=your-tenant-id
+
+
+############
+# API Proxy - Configuration for the Kong Reverse proxy.
 ############
 
+KONG_HTTP_PORT=8000
+KONG_HTTPS_PORT=8443
+
+
+############
+# API - Configuration for PostgREST.
+############
+
+PGRST_DB_SCHEMAS=public,storage,graphql_public
+
+
+############
+# Auth - Configuration for the GoTrue authentication server.
+############
+
+## General
 SITE_URL=http://localhost:3000
+ADDITIONAL_REDIRECT_URLS=
+JWT_EXPIRY=3600
+DISABLE_SIGNUP=false
+API_EXTERNAL_URL=http://localhost:8000
 
-# JWT token configuration
-ACCESS_TOKEN_EXPIRE_MINUTES=15
-REFRESH_TOKEN_EXPIRE_DAYS=7
-JWT_ISSUER=autogpt-platform
+## Mailer Config
+MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
+MAILER_URLPATHS_INVITE="/auth/v1/verify"
+MAILER_URLPATHS_RECOVERY="/auth/v1/verify"
+MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"
 
-# Google OAuth (optional)
-GOOGLE_CLIENT_ID=
-GOOGLE_CLIENT_SECRET=
+## Email auth
+ENABLE_EMAIL_SIGNUP=true
+ENABLE_EMAIL_AUTOCONFIRM=false
+SMTP_ADMIN_EMAIL=admin@example.com
+SMTP_HOST=supabase-mail
+SMTP_PORT=2500
+SMTP_USER=fake_mail_user
+SMTP_PASS=fake_mail_password
+SMTP_SENDER_NAME=fake_sender
+ENABLE_ANONYMOUS_USERS=false
+
+## Phone auth
+ENABLE_PHONE_SIGNUP=true
+ENABLE_PHONE_AUTOCONFIRM=true
 
 
 ############
-# Email configuration (optional)
+# Studio - Configuration for the Dashboard
 ############
 
-SMTP_HOST=
-SMTP_PORT=587
-SMTP_USER=
-SMTP_PASS=
-SMTP_FROM_EMAIL=noreply@example.com
+STUDIO_DEFAULT_ORGANIZATION=Default Organization
+STUDIO_DEFAULT_PROJECT=Default Project
 
+STUDIO_PORT=3000
+# replace if you intend to use Studio outside of localhost
+SUPABASE_PUBLIC_URL=http://localhost:8000
+
+# Enable webp support
+IMGPROXY_ENABLE_WEBP_DETECTION=true
+
+# Add your OpenAI API key to enable SQL Editor Assistant
+OPENAI_API_KEY=
+
+
+############
+# Functions - Configuration for Functions
+############
+# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
+FUNCTIONS_VERIFY_JWT=false
+
+
+############
+# Logs - Configuration for Logflare
+# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
+############
+
+LOGFLARE_LOGGER_BACKEND_API_KEY=your-super-secret-and-long-logflare-key
+
+# Change vector.toml sinks to reflect this change
+LOGFLARE_API_KEY=your-super-secret-and-long-logflare-key
 
 # Docker socket location - this value will differ depending on your OS
 DOCKER_SOCKET_LOCATION=/var/run/docker.sock
+
+# Google Cloud Project details
+GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
+GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER

autogpt_platform/Makefile

@@ -1,17 +1,19 @@
 .PHONY: start-core stop-core logs-core format lint migrate run-backend run-frontend load-store-agents
 
-# Run just PostgreSQL + Redis + RabbitMQ + ClamAV
+# Run just Supabase + Redis + RabbitMQ
 start-core:
 	docker compose up -d deps
 
 # Stop core services
 stop-core:
-	docker compose stop deps
+	docker compose stop 
 
 reset-db:
+	docker compose stop db
 	rm -rf db/docker/volumes/db/data
 	cd backend && poetry run prisma migrate deploy
 	cd backend && poetry run prisma generate
+	cd backend && poetry run gen-prisma-stub
 	
 # View logs for core services
 logs-core:
@@ -33,6 +35,7 @@ init-env:
 migrate:
 	cd backend && poetry run prisma migrate deploy
 	cd backend && poetry run prisma generate
+	cd backend && poetry run gen-prisma-stub
 
 run-backend:
 	cd backend && poetry run app
@@ -49,7 +52,7 @@ load-store-agents:
 help:
 	@echo "Usage: make <target>"
 	@echo "Targets:"
-	@echo "  start-core - Start just the core services (PostgreSQL, Redis, RabbitMQ, ClamAV) in background"
+	@echo "  start-core - Start just the core services (Supabase, Redis, RabbitMQ) in background"
 	@echo "  stop-core - Stop the core services"
 	@echo "  reset-db - Reset the database by deleting the volume"
 	@echo "  logs-core - Tail the logs for core services"
@@ -58,4 +61,4 @@ help:
 	@echo "  run-backend - Run the backend FastAPI server"
 	@echo "  run-frontend - Run the frontend Next.js development server"
 	@echo "  test-data - Run the test data creator"
-	@echo "  load-store-agents - Load store agents from agents/ folder into test database"
+	@echo "  load-store-agents - Load store agents from agents/ folder into test database"

autogpt_platform/autogpt_libs/autogpt_libs/auth/config.py

@@ -16,37 +16,17 @@ ALGO_RECOMMENDATION = (
     "We highly recommend using an asymmetric algorithm such as ES256, "
     "because when leaked, a shared secret would allow anyone to "
     "forge valid tokens and impersonate users. "
-    "More info: https://pyjwt.readthedocs.io/en/stable/algorithms.html"
+    "More info: https://supabase.com/docs/guides/auth/signing-keys#choosing-the-right-signing-algorithm"  # noqa
 )
 
 
 class Settings:
     def __init__(self):
-        # JWT verification key (public key for asymmetric, shared secret for symmetric)
         self.JWT_VERIFY_KEY: str = os.getenv(
             "JWT_VERIFY_KEY", os.getenv("SUPABASE_JWT_SECRET", "")
         ).strip()
-
-        # JWT signing key (private key for asymmetric, shared secret for symmetric)
-        # Falls back to JWT_VERIFY_KEY for symmetric algorithms like HS256
-        self.JWT_SIGN_KEY: str = os.getenv("JWT_SIGN_KEY", self.JWT_VERIFY_KEY).strip()
-
         self.JWT_ALGORITHM: str = os.getenv("JWT_SIGN_ALGORITHM", "HS256").strip()
 
-        # Token expiration settings
-        self.ACCESS_TOKEN_EXPIRE_MINUTES: int = int(
-            os.getenv("ACCESS_TOKEN_EXPIRE_MINUTES", "15")
-        )
-        self.REFRESH_TOKEN_EXPIRE_DAYS: int = int(
-            os.getenv("REFRESH_TOKEN_EXPIRE_DAYS", "7")
-        )
-
-        # JWT issuer claim
-        self.JWT_ISSUER: str = os.getenv("JWT_ISSUER", "autogpt-platform").strip()
-
-        # JWT audience claim
-        self.JWT_AUDIENCE: str = os.getenv("JWT_AUDIENCE", "authenticated").strip()
-
         self.validate()
 
     def validate(self):

autogpt_platform/autogpt_libs/autogpt_libs/auth/helpers.py

@@ -1,29 +1,25 @@
 from fastapi import FastAPI
-from fastapi.openapi.utils import get_openapi
 
 from .jwt_utils import bearer_jwt_auth
 
 
 def add_auth_responses_to_openapi(app: FastAPI) -> None:
     """
-    Set up custom OpenAPI schema generation that adds 401 responses
+    Patch a FastAPI instance's `openapi()` method to add 401 responses
     to all authenticated endpoints.
 
     This is needed when using HTTPBearer with auto_error=False to get proper
     401 responses instead of 403, but FastAPI only automatically adds security
     responses when auto_error=True.
     """
+    # Wrap current method to allow stacking OpenAPI schema modifiers like this
+    wrapped_openapi = app.openapi
 
     def custom_openapi():
         if app.openapi_schema:
             return app.openapi_schema
 
-        openapi_schema = get_openapi(
-            title=app.title,
-            version=app.version,
-            description=app.description,
-            routes=app.routes,
-        )
+        openapi_schema = wrapped_openapi()
 
         # Add 401 response to all endpoints that have security requirements
         for path, methods in openapi_schema["paths"].items():

autogpt_platform/autogpt_libs/autogpt_libs/auth/jwt_utils.py

@@ -1,8 +1,4 @@
-import hashlib
 import logging
-import secrets
-import uuid
-from datetime import datetime, timedelta, timezone
 from typing import Any
 
 import jwt
@@ -20,57 +16,6 @@ bearer_jwt_auth = HTTPBearer(
 )
 
 
-def create_access_token(
-    user_id: str,
-    email: str,
-    role: str = "authenticated",
-    email_verified: bool = False,
-) -> str:
-    """
-    Generate a new JWT access token.
-
-    :param user_id: The user's unique identifier
-    :param email: The user's email address
-    :param role: The user's role (default: "authenticated")
-    :param email_verified: Whether the user's email is verified
-    :return: Encoded JWT token
-    """
-    settings = get_settings()
-    now = datetime.now(timezone.utc)
-
-    payload = {
-        "sub": user_id,
-        "email": email,
-        "role": role,
-        "email_verified": email_verified,
-        "aud": settings.JWT_AUDIENCE,
-        "iss": settings.JWT_ISSUER,
-        "iat": now,
-        "exp": now + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES),
-        "jti": str(uuid.uuid4()),  # Unique token ID
-    }
-
-    return jwt.encode(payload, settings.JWT_SIGN_KEY, algorithm=settings.JWT_ALGORITHM)
-
-
-def create_refresh_token() -> tuple[str, str]:
-    """
-    Generate a new refresh token.
-
-    Returns a tuple of (raw_token, hashed_token).
-    The raw token should be sent to the client.
-    The hashed token should be stored in the database.
-    """
-    raw_token = secrets.token_urlsafe(64)
-    hashed_token = hashlib.sha256(raw_token.encode()).hexdigest()
-    return raw_token, hashed_token
-
-
-def hash_token(token: str) -> str:
-    """Hash a token using SHA-256."""
-    return hashlib.sha256(token.encode()).hexdigest()
-
-
 async def get_jwt_payload(
     credentials: HTTPAuthorizationCredentials | None = Security(bearer_jwt_auth),
 ) -> dict[str, Any]:
@@ -107,19 +52,11 @@ def parse_jwt_token(token: str) -> dict[str, Any]:
     """
     settings = get_settings()
     try:
-        # Build decode options
-        options = {
-            "verify_aud": True,
-            "verify_iss": bool(settings.JWT_ISSUER),
-        }
-
         payload = jwt.decode(
             token,
             settings.JWT_VERIFY_KEY,
             algorithms=[settings.JWT_ALGORITHM],
-            audience=settings.JWT_AUDIENCE,
-            issuer=settings.JWT_ISSUER if settings.JWT_ISSUER else None,
-            options=options,
+            audience="authenticated",
         )
         return payload
     except jwt.ExpiredSignatureError:

autogpt_platform/autogpt_libs/autogpt_libs/auth/models.py

@@ -11,7 +11,6 @@ class User:
     email: str
     phone_number: str
     role: str
-    email_verified: bool = False
 
     @classmethod
     def from_payload(cls, payload):
@@ -19,6 +18,5 @@ class User:
             user_id=payload["sub"],
             email=payload.get("email", ""),
             phone_number=payload.get("phone", ""),
-            role=payload.get("role", "authenticated"),
-            email_verified=payload.get("email_verified", False),
+            role=payload["role"],
         )

autogpt_platform/autogpt_libs/poetry.lock

@@ -48,21 +48,6 @@ files = [
     {file = "async_timeout-5.0.1.tar.gz", hash = "sha256:d9321a7a3d5a6a5e187e824d2fa0793ce379a202935782d555d6e9d2735677d3"},
 ]
 
-[[package]]
-name = "authlib"
-version = "1.6.6"
-description = "The ultimate Python library in building OAuth and OpenID Connect servers and clients."
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "authlib-1.6.6-py2.py3-none-any.whl", hash = "sha256:7d9e9bc535c13974313a87f53e8430eb6ea3d1cf6ae4f6efcd793f2e949143fd"},
-    {file = "authlib-1.6.6.tar.gz", hash = "sha256:45770e8e056d0f283451d9996fbb59b70d45722b45d854d58f32878d0a40c38e"},
-]
-
-[package.dependencies]
-cryptography = "*"
-
 [[package]]
 name = "backports-asyncio-runner"
 version = "1.2.0"
@@ -76,71 +61,6 @@ files = [
     {file = "backports_asyncio_runner-1.2.0.tar.gz", hash = "sha256:a5aa7b2b7d8f8bfcaa2b57313f70792df84e32a2a746f585213373f900b42162"},
 ]
 
-[[package]]
-name = "bcrypt"
-version = "4.3.0"
-description = "Modern password hashing for your software and your servers"
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "bcrypt-4.3.0-cp313-cp313t-macosx_10_12_universal2.whl", hash = "sha256:f01e060f14b6b57bbb72fc5b4a83ac21c443c9a2ee708e04a10e9192f90a6281"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c5eeac541cefd0bb887a371ef73c62c3cd78535e4887b310626036a7c0a817bb"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:59e1aa0e2cd871b08ca146ed08445038f42ff75968c7ae50d2fdd7860ade2180"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_28_aarch64.whl", hash = "sha256:0042b2e342e9ae3d2ed22727c1262f76cc4f345683b5c1715f0250cf4277294f"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:74a8d21a09f5e025a9a23e7c0fd2c7fe8e7503e4d356c0a2c1486ba010619f09"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_28_x86_64.whl", hash = "sha256:0142b2cb84a009f8452c8c5a33ace5e3dfec4159e7735f5afe9a4d50a8ea722d"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_34_aarch64.whl", hash = "sha256:12fa6ce40cde3f0b899729dbd7d5e8811cb892d31b6f7d0334a1f37748b789fd"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_34_x86_64.whl", hash = "sha256:5bd3cca1f2aa5dbcf39e2aa13dd094ea181f48959e1071265de49cc2b82525af"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-musllinux_1_1_aarch64.whl", hash = "sha256:335a420cfd63fc5bc27308e929bee231c15c85cc4c496610ffb17923abf7f231"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-musllinux_1_1_x86_64.whl", hash = "sha256:0e30e5e67aed0187a1764911af023043b4542e70a7461ad20e837e94d23e1d6c"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:3b8d62290ebefd49ee0b3ce7500f5dbdcf13b81402c05f6dafab9a1e1b27212f"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:2ef6630e0ec01376f59a006dc72918b1bf436c3b571b80fa1968d775fa02fe7d"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-win32.whl", hash = "sha256:7a4be4cbf241afee43f1c3969b9103a41b40bcb3a3f467ab19f891d9bc4642e4"},
-    {file = "bcrypt-4.3.0-cp313-cp313t-win_amd64.whl", hash = "sha256:5c1949bf259a388863ced887c7861da1df681cb2388645766c89fdfd9004c669"},
-    {file = "bcrypt-4.3.0-cp38-abi3-macosx_10_12_universal2.whl", hash = "sha256:f81b0ed2639568bf14749112298f9e4e2b28853dab50a8b357e31798686a036d"},
-    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:864f8f19adbe13b7de11ba15d85d4a428c7e2f344bac110f667676a0ff84924b"},
-    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3e36506d001e93bffe59754397572f21bb5dc7c83f54454c990c74a468cd589e"},
-    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:842d08d75d9fe9fb94b18b071090220697f9f184d4547179b60734846461ed59"},
-    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:7c03296b85cb87db865d91da79bf63d5609284fc0cab9472fdd8367bbd830753"},
-    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:62f26585e8b219cdc909b6a0069efc5e4267e25d4a3770a364ac58024f62a761"},
-    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:beeefe437218a65322fbd0069eb437e7c98137e08f22c4660ac2dc795c31f8bb"},
-    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:97eea7408db3a5bcce4a55d13245ab3fa566e23b4c67cd227062bb49e26c585d"},
-    {file = "bcrypt-4.3.0-cp38-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:191354ebfe305e84f344c5964c7cd5f924a3bfc5d405c75ad07f232b6dffb49f"},
-    {file = "bcrypt-4.3.0-cp38-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:41261d64150858eeb5ff43c753c4b216991e0ae16614a308a15d909503617732"},
-    {file = "bcrypt-4.3.0-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:33752b1ba962ee793fa2b6321404bf20011fe45b9afd2a842139de3011898fef"},
-    {file = "bcrypt-4.3.0-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:50e6e80a4bfd23a25f5c05b90167c19030cf9f87930f7cb2eacb99f45d1c3304"},
-    {file = "bcrypt-4.3.0-cp38-abi3-win32.whl", hash = "sha256:67a561c4d9fb9465ec866177e7aebcad08fe23aaf6fbd692a6fab69088abfc51"},
-    {file = "bcrypt-4.3.0-cp38-abi3-win_amd64.whl", hash = "sha256:584027857bc2843772114717a7490a37f68da563b3620f78a849bcb54dc11e62"},
-    {file = "bcrypt-4.3.0-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:0d3efb1157edebfd9128e4e46e2ac1a64e0c1fe46fb023158a407c7892b0f8c3"},
-    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:08bacc884fd302b611226c01014eca277d48f0a05187666bca23aac0dad6fe24"},
-    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f6746e6fec103fcd509b96bacdfdaa2fbde9a553245dbada284435173a6f1aef"},
-    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:afe327968aaf13fc143a56a3360cb27d4ad0345e34da12c7290f1b00b8fe9a8b"},
-    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:d9af79d322e735b1fc33404b5765108ae0ff232d4b54666d46730f8ac1a43676"},
-    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f1e3ffa1365e8702dc48c8b360fef8d7afeca482809c5e45e653af82ccd088c1"},
-    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:3004df1b323d10021fda07a813fd33e0fd57bef0e9a480bb143877f6cba996fe"},
-    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:531457e5c839d8caea9b589a1bcfe3756b0547d7814e9ce3d437f17da75c32b0"},
-    {file = "bcrypt-4.3.0-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:17a854d9a7a476a89dcef6c8bd119ad23e0f82557afbd2c442777a16408e614f"},
-    {file = "bcrypt-4.3.0-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:6fb1fd3ab08c0cbc6826a2e0447610c6f09e983a281b919ed721ad32236b8b23"},
-    {file = "bcrypt-4.3.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:e965a9c1e9a393b8005031ff52583cedc15b7884fce7deb8b0346388837d6cfe"},
-    {file = "bcrypt-4.3.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:79e70b8342a33b52b55d93b3a59223a844962bef479f6a0ea318ebbcadf71505"},
-    {file = "bcrypt-4.3.0-cp39-abi3-win32.whl", hash = "sha256:b4d4e57f0a63fd0b358eb765063ff661328f69a04494427265950c71b992a39a"},
-    {file = "bcrypt-4.3.0-cp39-abi3-win_amd64.whl", hash = "sha256:e53e074b120f2877a35cc6c736b8eb161377caae8925c17688bd46ba56daaa5b"},
-    {file = "bcrypt-4.3.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:c950d682f0952bafcceaf709761da0a32a942272fad381081b51096ffa46cea1"},
-    {file = "bcrypt-4.3.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:107d53b5c67e0bbc3f03ebf5b030e0403d24dda980f8e244795335ba7b4a027d"},
-    {file = "bcrypt-4.3.0-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:b693dbb82b3c27a1604a3dff5bfc5418a7e6a781bb795288141e5f80cf3a3492"},
-    {file = "bcrypt-4.3.0-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:b6354d3760fcd31994a14c89659dee887f1351a06e5dac3c1142307172a79f90"},
-    {file = "bcrypt-4.3.0-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a839320bf27d474e52ef8cb16449bb2ce0ba03ca9f44daba6d93fa1d8828e48a"},
-    {file = "bcrypt-4.3.0-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:bdc6a24e754a555d7316fa4774e64c6c3997d27ed2d1964d55920c7c227bc4ce"},
-    {file = "bcrypt-4.3.0-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:55a935b8e9a1d2def0626c4269db3fcd26728cbff1e84f0341465c31c4ee56d8"},
-    {file = "bcrypt-4.3.0-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:57967b7a28d855313a963aaea51bf6df89f833db4320da458e5b3c5ab6d4c938"},
-    {file = "bcrypt-4.3.0.tar.gz", hash = "sha256:3a3fd2204178b6d2adcf09cb4f6426ffef54762577a7c9b54c159008cb288c18"},
-]
-
-[package.extras]
-tests = ["pytest (>=3.2.1,!=3.3.0)"]
-typecheck = ["mypy"]
-
 [[package]]
 name = "cachetools"
 version = "5.5.2"
@@ -539,6 +459,21 @@ ssh = ["bcrypt (>=3.1.5)"]
 test = ["certifi (>=2024)", "cryptography-vectors (==45.0.6)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]
 
+[[package]]
+name = "deprecation"
+version = "2.1.0"
+description = "A library to handle automated deprecations"
+optional = false
+python-versions = "*"
+groups = ["main"]
+files = [
+    {file = "deprecation-2.1.0-py2.py3-none-any.whl", hash = "sha256:a10811591210e1fb0e768a8c25517cabeabcba6f0bf96564f8ff45189f90b14a"},
+    {file = "deprecation-2.1.0.tar.gz", hash = "sha256:72b3bde64e5d778694b0cf68178aed03d15e15477116add3fb773e581f9518ff"},
+]
+
+[package.dependencies]
+packaging = "*"
+
 [[package]]
 name = "exceptiongroup"
 version = "1.3.0"
@@ -760,6 +695,23 @@ protobuf = ">=3.20.2,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4
 [package.extras]
 grpc = ["grpcio (>=1.44.0,<2.0.0)"]
 
+[[package]]
+name = "gotrue"
+version = "2.12.3"
+description = "Python Client Library for Supabase Auth"
+optional = false
+python-versions = "<4.0,>=3.9"
+groups = ["main"]
+files = [
+    {file = "gotrue-2.12.3-py3-none-any.whl", hash = "sha256:b1a3c6a5fe3f92e854a026c4c19de58706a96fd5fbdcc3d620b2802f6a46a26b"},
+    {file = "gotrue-2.12.3.tar.gz", hash = "sha256:f874cf9d0b2f0335bfbd0d6e29e3f7aff79998cd1c14d2ad814db8c06cee3852"},
+]
+
+[package.dependencies]
+httpx = {version = ">=0.26,<0.29", extras = ["http2"]}
+pydantic = ">=1.10,<3"
+pyjwt = ">=2.10.1,<3.0.0"
+
 [[package]]
 name = "grpc-google-iam-v1"
 version = "0.14.2"
@@ -870,6 +822,94 @@ files = [
     {file = "h11-0.16.0.tar.gz", hash = "sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1"},
 ]
 
+[[package]]
+name = "h2"
+version = "4.2.0"
+description = "Pure-Python HTTP/2 protocol implementation"
+optional = false
+python-versions = ">=3.9"
+groups = ["main"]
+files = [
+    {file = "h2-4.2.0-py3-none-any.whl", hash = "sha256:479a53ad425bb29af087f3458a61d30780bc818e4ebcf01f0b536ba916462ed0"},
+    {file = "h2-4.2.0.tar.gz", hash = "sha256:c8a52129695e88b1a0578d8d2cc6842bbd79128ac685463b887ee278126ad01f"},
+]
+
+[package.dependencies]
+hpack = ">=4.1,<5"
+hyperframe = ">=6.1,<7"
+
+[[package]]
+name = "hpack"
+version = "4.1.0"
+description = "Pure-Python HPACK header encoding"
+optional = false
+python-versions = ">=3.9"
+groups = ["main"]
+files = [
+    {file = "hpack-4.1.0-py3-none-any.whl", hash = "sha256:157ac792668d995c657d93111f46b4535ed114f0c9c8d672271bbec7eae1b496"},
+    {file = "hpack-4.1.0.tar.gz", hash = "sha256:ec5eca154f7056aa06f196a557655c5b009b382873ac8d1e66e79e87535f1dca"},
+]
+
+[[package]]
+name = "httpcore"
+version = "1.0.9"
+description = "A minimal low-level HTTP client."
+optional = false
+python-versions = ">=3.8"
+groups = ["main"]
+files = [
+    {file = "httpcore-1.0.9-py3-none-any.whl", hash = "sha256:2d400746a40668fc9dec9810239072b40b4484b640a8c38fd654a024c7a1bf55"},
+    {file = "httpcore-1.0.9.tar.gz", hash = "sha256:6e34463af53fd2ab5d807f399a9b45ea31c3dfa2276f15a2c3f00afff6e176e8"},
+]
+
+[package.dependencies]
+certifi = "*"
+h11 = ">=0.16"
+
+[package.extras]
+asyncio = ["anyio (>=4.0,<5.0)"]
+http2 = ["h2 (>=3,<5)"]
+socks = ["socksio (==1.*)"]
+trio = ["trio (>=0.22.0,<1.0)"]
+
+[[package]]
+name = "httpx"
+version = "0.28.1"
+description = "The next generation HTTP client."
+optional = false
+python-versions = ">=3.8"
+groups = ["main"]
+files = [
+    {file = "httpx-0.28.1-py3-none-any.whl", hash = "sha256:d909fcccc110f8c7faf814ca82a9a4d816bc5a6dbfea25d6591d6985b8ba59ad"},
+    {file = "httpx-0.28.1.tar.gz", hash = "sha256:75e98c5f16b0f35b567856f597f06ff2270a374470a5c2392242528e3e3e42fc"},
+]
+
+[package.dependencies]
+anyio = "*"
+certifi = "*"
+h2 = {version = ">=3,<5", optional = true, markers = "extra == \"http2\""}
+httpcore = "==1.*"
+idna = "*"
+
+[package.extras]
+brotli = ["brotli ; platform_python_implementation == \"CPython\"", "brotlicffi ; platform_python_implementation != \"CPython\""]
+cli = ["click (==8.*)", "pygments (==2.*)", "rich (>=10,<14)"]
+http2 = ["h2 (>=3,<5)"]
+socks = ["socksio (==1.*)"]
+zstd = ["zstandard (>=0.18.0)"]
+
+[[package]]
+name = "hyperframe"
+version = "6.1.0"
+description = "Pure-Python HTTP/2 framing"
+optional = false
+python-versions = ">=3.9"
+groups = ["main"]
+files = [
+    {file = "hyperframe-6.1.0-py3-none-any.whl", hash = "sha256:b03380493a519fce58ea5af42e4a42317bf9bd425596f7a0835ffce80f1a42e5"},
+    {file = "hyperframe-6.1.0.tar.gz", hash = "sha256:f630908a00854a7adeabd6382b43923a4c4cd4b821fcb527e6ab9e15382a3b08"},
+]
+
 [[package]]
 name = "idna"
 version = "3.10"
@@ -996,7 +1036,7 @@ version = "25.0"
 description = "Core utilities for Python packages"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
+groups = ["main", "dev"]
 files = [
     {file = "packaging-25.0-py3-none-any.whl", hash = "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484"},
     {file = "packaging-25.0.tar.gz", hash = "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f"},
@@ -1018,6 +1058,24 @@ files = [
 dev = ["pre-commit", "tox"]
 testing = ["coverage", "pytest", "pytest-benchmark"]
 
+[[package]]
+name = "postgrest"
+version = "1.1.1"
+description = "PostgREST client for Python. This library provides an ORM interface to PostgREST."
+optional = false
+python-versions = "<4.0,>=3.9"
+groups = ["main"]
+files = [
+    {file = "postgrest-1.1.1-py3-none-any.whl", hash = "sha256:98a6035ee1d14288484bfe36235942c5fb2d26af6d8120dfe3efbe007859251a"},
+    {file = "postgrest-1.1.1.tar.gz", hash = "sha256:f3bb3e8c4602775c75c844a31f565f5f3dd584df4d36d683f0b67d01a86be322"},
+]
+
+[package.dependencies]
+deprecation = ">=2.1.0,<3.0.0"
+httpx = {version = ">=0.26,<0.29", extras = ["http2"]}
+pydantic = ">=1.9,<3.0"
+strenum = {version = ">=0.4.9,<0.5.0", markers = "python_version < \"3.11\""}
+
 [[package]]
 name = "proto-plus"
 version = "1.26.1"
@@ -1404,6 +1462,21 @@ pytest = ">=6.2.5"
 [package.extras]
 dev = ["pre-commit", "pytest-asyncio", "tox"]
 
+[[package]]
+name = "python-dateutil"
+version = "2.9.0.post0"
+description = "Extensions to the standard Python datetime module"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
+groups = ["main"]
+files = [
+    {file = "python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3"},
+    {file = "python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427"},
+]
+
+[package.dependencies]
+six = ">=1.5"
+
 [[package]]
 name = "python-dotenv"
 version = "1.1.1"
@@ -1419,6 +1492,22 @@ files = [
 [package.extras]
 cli = ["click (>=5.0)"]
 
+[[package]]
+name = "realtime"
+version = "2.5.3"
+description = ""
+optional = false
+python-versions = "<4.0,>=3.9"
+groups = ["main"]
+files = [
+    {file = "realtime-2.5.3-py3-none-any.whl", hash = "sha256:eb0994636946eff04c4c7f044f980c8c633c7eb632994f549f61053a474ac970"},
+    {file = "realtime-2.5.3.tar.gz", hash = "sha256:0587594f3bc1c84bf007ff625075b86db6528843e03250dc84f4f2808be3d99a"},
+]
+
+[package.dependencies]
+typing-extensions = ">=4.14.0,<5.0.0"
+websockets = ">=11,<16"
+
 [[package]]
 name = "redis"
 version = "6.2.0"
@@ -1517,6 +1606,18 @@ files = [
     {file = "semver-3.0.4.tar.gz", hash = "sha256:afc7d8c584a5ed0a11033af086e8af226a9c0b206f313e0301f8dd7b6b589602"},
 ]
 
+[[package]]
+name = "six"
+version = "1.17.0"
+description = "Python 2 and 3 compatibility utilities"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
+groups = ["main"]
+files = [
+    {file = "six-1.17.0-py2.py3-none-any.whl", hash = "sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"},
+    {file = "six-1.17.0.tar.gz", hash = "sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81"},
+]
+
 [[package]]
 name = "sniffio"
 version = "1.3.1"
@@ -1548,6 +1649,76 @@ typing-extensions = {version = ">=4.10.0", markers = "python_version < \"3.13\""
 [package.extras]
 full = ["httpx (>=0.27.0,<0.29.0)", "itsdangerous", "jinja2", "python-multipart (>=0.0.18)", "pyyaml"]
 
+[[package]]
+name = "storage3"
+version = "0.12.0"
+description = "Supabase Storage client for Python."
+optional = false
+python-versions = "<4.0,>=3.9"
+groups = ["main"]
+files = [
+    {file = "storage3-0.12.0-py3-none-any.whl", hash = "sha256:1c4585693ca42243ded1512b58e54c697111e91a20916cd14783eebc37e7c87d"},
+    {file = "storage3-0.12.0.tar.gz", hash = "sha256:94243f20922d57738bf42e96b9f5582b4d166e8bf209eccf20b146909f3f71b0"},
+]
+
+[package.dependencies]
+deprecation = ">=2.1.0,<3.0.0"
+httpx = {version = ">=0.26,<0.29", extras = ["http2"]}
+python-dateutil = ">=2.8.2,<3.0.0"
+
+[[package]]
+name = "strenum"
+version = "0.4.15"
+description = "An Enum that inherits from str."
+optional = false
+python-versions = "*"
+groups = ["main"]
+files = [
+    {file = "StrEnum-0.4.15-py3-none-any.whl", hash = "sha256:a30cda4af7cc6b5bf52c8055bc4bf4b2b6b14a93b574626da33df53cf7740659"},
+    {file = "StrEnum-0.4.15.tar.gz", hash = "sha256:878fb5ab705442070e4dd1929bb5e2249511c0bcf2b0eeacf3bcd80875c82eff"},
+]
+
+[package.extras]
+docs = ["myst-parser[linkify]", "sphinx", "sphinx-rtd-theme"]
+release = ["twine"]
+test = ["pylint", "pytest", "pytest-black", "pytest-cov", "pytest-pylint"]
+
+[[package]]
+name = "supabase"
+version = "2.16.0"
+description = "Supabase client for Python."
+optional = false
+python-versions = "<4.0,>=3.9"
+groups = ["main"]
+files = [
+    {file = "supabase-2.16.0-py3-none-any.whl", hash = "sha256:99065caab3d90a56650bf39fbd0e49740995da3738ab28706c61bd7f2401db55"},
+    {file = "supabase-2.16.0.tar.gz", hash = "sha256:98f3810158012d4ec0e3083f2e5515f5e10b32bd71e7d458662140e963c1d164"},
+]
+
+[package.dependencies]
+gotrue = ">=2.11.0,<3.0.0"
+httpx = ">=0.26,<0.29"
+postgrest = ">0.19,<1.2"
+realtime = ">=2.4.0,<2.6.0"
+storage3 = ">=0.10,<0.13"
+supafunc = ">=0.9,<0.11"
+
+[[package]]
+name = "supafunc"
+version = "0.10.1"
+description = "Library for Supabase Functions"
+optional = false
+python-versions = "<4.0,>=3.9"
+groups = ["main"]
+files = [
+    {file = "supafunc-0.10.1-py3-none-any.whl", hash = "sha256:26df9bd25ff2ef56cb5bfb8962de98f43331f7f8ff69572bac3ed9c3a9672040"},
+    {file = "supafunc-0.10.1.tar.gz", hash = "sha256:a5b33c8baecb6b5297d25da29a2503e2ec67ee6986f3d44c137e651b8a59a17d"},
+]
+
+[package.dependencies]
+httpx = {version = ">=0.26,<0.29", extras = ["http2"]}
+strenum = ">=0.4.15,<0.5.0"
+
 [[package]]
 name = "tomli"
 version = "2.2.1"
@@ -1656,6 +1827,85 @@ typing-extensions = {version = ">=4.0", markers = "python_version < \"3.11\""}
 [package.extras]
 standard = ["colorama (>=0.4) ; sys_platform == \"win32\"", "httptools (>=0.6.3)", "python-dotenv (>=0.13)", "pyyaml (>=5.1)", "uvloop (>=0.15.1) ; sys_platform != \"win32\" and sys_platform != \"cygwin\" and platform_python_implementation != \"PyPy\"", "watchfiles (>=0.13)", "websockets (>=10.4)"]
 
+[[package]]
+name = "websockets"
+version = "15.0.1"
+description = "An implementation of the WebSocket Protocol (RFC 6455 & 7692)"
+optional = false
+python-versions = ">=3.9"
+groups = ["main"]
+files = [
+    {file = "websockets-15.0.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:d63efaa0cd96cf0c5fe4d581521d9fa87744540d4bc999ae6e08595a1014b45b"},
+    {file = "websockets-15.0.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:ac60e3b188ec7574cb761b08d50fcedf9d77f1530352db4eef1707fe9dee7205"},
+    {file = "websockets-15.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:5756779642579d902eed757b21b0164cd6fe338506a8083eb58af5c372e39d9a"},
+    {file = "websockets-15.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0fdfe3e2a29e4db3659dbd5bbf04560cea53dd9610273917799f1cde46aa725e"},
+    {file = "websockets-15.0.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4c2529b320eb9e35af0fa3016c187dffb84a3ecc572bcee7c3ce302bfeba52bf"},
+    {file = "websockets-15.0.1-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ac1e5c9054fe23226fb11e05a6e630837f074174c4c2f0fe442996112a6de4fb"},
+    {file = "websockets-15.0.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:5df592cd503496351d6dc14f7cdad49f268d8e618f80dce0cd5a36b93c3fc08d"},
+    {file = "websockets-15.0.1-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:0a34631031a8f05657e8e90903e656959234f3a04552259458aac0b0f9ae6fd9"},
+    {file = "websockets-15.0.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:3d00075aa65772e7ce9e990cab3ff1de702aa09be3940d1dc88d5abf1ab8a09c"},
+    {file = "websockets-15.0.1-cp310-cp310-win32.whl", hash = "sha256:1234d4ef35db82f5446dca8e35a7da7964d02c127b095e172e54397fb6a6c256"},
+    {file = "websockets-15.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:39c1fec2c11dc8d89bba6b2bf1556af381611a173ac2b511cf7231622058af41"},
+    {file = "websockets-15.0.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:823c248b690b2fd9303ba00c4f66cd5e2d8c3ba4aa968b2779be9532a4dad431"},
+    {file = "websockets-15.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:678999709e68425ae2593acf2e3ebcbcf2e69885a5ee78f9eb80e6e371f1bf57"},
+    {file = "websockets-15.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:d50fd1ee42388dcfb2b3676132c78116490976f1300da28eb629272d5d93e905"},
+    {file = "websockets-15.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d99e5546bf73dbad5bf3547174cd6cb8ba7273062a23808ffea025ecb1cf8562"},
+    {file = "websockets-15.0.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:66dd88c918e3287efc22409d426c8f729688d89a0c587c88971a0faa2c2f3792"},
+    {file = "websockets-15.0.1-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8dd8327c795b3e3f219760fa603dcae1dcc148172290a8ab15158cf85a953413"},
+    {file = "websockets-15.0.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:8fdc51055e6ff4adeb88d58a11042ec9a5eae317a0a53d12c062c8a8865909e8"},
+    {file = "websockets-15.0.1-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:693f0192126df6c2327cce3baa7c06f2a117575e32ab2308f7f8216c29d9e2e3"},
+    {file = "websockets-15.0.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:54479983bd5fb469c38f2f5c7e3a24f9a4e70594cd68cd1fa6b9340dadaff7cf"},
+    {file = "websockets-15.0.1-cp311-cp311-win32.whl", hash = "sha256:16b6c1b3e57799b9d38427dda63edcbe4926352c47cf88588c0be4ace18dac85"},
+    {file = "websockets-15.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:27ccee0071a0e75d22cb35849b1db43f2ecd3e161041ac1ee9d2352ddf72f065"},
+    {file = "websockets-15.0.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:3e90baa811a5d73f3ca0bcbf32064d663ed81318ab225ee4f427ad4e26e5aff3"},
+    {file = "websockets-15.0.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:592f1a9fe869c778694f0aa806ba0374e97648ab57936f092fd9d87f8bc03665"},
+    {file = "websockets-15.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:0701bc3cfcb9164d04a14b149fd74be7347a530ad3bbf15ab2c678a2cd3dd9a2"},
+    {file = "websockets-15.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e8b56bdcdb4505c8078cb6c7157d9811a85790f2f2b3632c7d1462ab5783d215"},
+    {file = "websockets-15.0.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0af68c55afbd5f07986df82831c7bff04846928ea8d1fd7f30052638788bc9b5"},
+    {file = "websockets-15.0.1-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:64dee438fed052b52e4f98f76c5790513235efaa1ef7f3f2192c392cd7c91b65"},
+    {file = "websockets-15.0.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:d5f6b181bb38171a8ad1d6aa58a67a6aa9d4b38d0f8c5f496b9e42561dfc62fe"},
+    {file = "websockets-15.0.1-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:5d54b09eba2bada6011aea5375542a157637b91029687eb4fdb2dab11059c1b4"},
+    {file = "websockets-15.0.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:3be571a8b5afed347da347bfcf27ba12b069d9d7f42cb8c7028b5e98bbb12597"},
+    {file = "websockets-15.0.1-cp312-cp312-win32.whl", hash = "sha256:c338ffa0520bdb12fbc527265235639fb76e7bc7faafbb93f6ba80d9c06578a9"},
+    {file = "websockets-15.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:fcd5cf9e305d7b8338754470cf69cf81f420459dbae8a3b40cee57417f4614a7"},
+    {file = "websockets-15.0.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ee443ef070bb3b6ed74514f5efaa37a252af57c90eb33b956d35c8e9c10a1931"},
+    {file = "websockets-15.0.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:5a939de6b7b4e18ca683218320fc67ea886038265fd1ed30173f5ce3f8e85675"},
+    {file = "websockets-15.0.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:746ee8dba912cd6fc889a8147168991d50ed70447bf18bcda7039f7d2e3d9151"},
+    {file = "websockets-15.0.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:595b6c3969023ecf9041b2936ac3827e4623bfa3ccf007575f04c5a6aa318c22"},
+    {file = "websockets-15.0.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3c714d2fc58b5ca3e285461a4cc0c9a66bd0e24c5da9911e30158286c9b5be7f"},
+    {file = "websockets-15.0.1-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f3c1e2ab208db911594ae5b4f79addeb3501604a165019dd221c0bdcabe4db8"},
+    {file = "websockets-15.0.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:229cf1d3ca6c1804400b0a9790dc66528e08a6a1feec0d5040e8b9eb14422375"},
+    {file = "websockets-15.0.1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:756c56e867a90fb00177d530dca4b097dd753cde348448a1012ed6c5131f8b7d"},
+    {file = "websockets-15.0.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:558d023b3df0bffe50a04e710bc87742de35060580a293c2a984299ed83bc4e4"},
+    {file = "websockets-15.0.1-cp313-cp313-win32.whl", hash = "sha256:ba9e56e8ceeeedb2e080147ba85ffcd5cd0711b89576b83784d8605a7df455fa"},
+    {file = "websockets-15.0.1-cp313-cp313-win_amd64.whl", hash = "sha256:e09473f095a819042ecb2ab9465aee615bd9c2028e4ef7d933600a8401c79561"},
+    {file = "websockets-15.0.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:5f4c04ead5aed67c8a1a20491d54cdfba5884507a48dd798ecaf13c74c4489f5"},
+    {file = "websockets-15.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:abdc0c6c8c648b4805c5eacd131910d2a7f6455dfd3becab248ef108e89ab16a"},
+    {file = "websockets-15.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:a625e06551975f4b7ea7102bc43895b90742746797e2e14b70ed61c43a90f09b"},
+    {file = "websockets-15.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d591f8de75824cbb7acad4e05d2d710484f15f29d4a915092675ad3456f11770"},
+    {file = "websockets-15.0.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:47819cea040f31d670cc8d324bb6435c6f133b8c7a19ec3d61634e62f8d8f9eb"},
+    {file = "websockets-15.0.1-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ac017dd64572e5c3bd01939121e4d16cf30e5d7e110a119399cf3133b63ad054"},
+    {file = "websockets-15.0.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:4a9fac8e469d04ce6c25bb2610dc535235bd4aa14996b4e6dbebf5e007eba5ee"},
+    {file = "websockets-15.0.1-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:363c6f671b761efcb30608d24925a382497c12c506b51661883c3e22337265ed"},
+    {file = "websockets-15.0.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:2034693ad3097d5355bfdacfffcbd3ef5694f9718ab7f29c29689a9eae841880"},
+    {file = "websockets-15.0.1-cp39-cp39-win32.whl", hash = "sha256:3b1ac0d3e594bf121308112697cf4b32be538fb1444468fb0a6ae4feebc83411"},
+    {file = "websockets-15.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:b7643a03db5c95c799b89b31c036d5f27eeb4d259c798e878d6937d71832b1e4"},
+    {file = "websockets-15.0.1-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:0c9e74d766f2818bb95f84c25be4dea09841ac0f734d1966f415e4edfc4ef1c3"},
+    {file = "websockets-15.0.1-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:1009ee0c7739c08a0cd59de430d6de452a55e42d6b522de7aa15e6f67db0b8e1"},
+    {file = "websockets-15.0.1-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:76d1f20b1c7a2fa82367e04982e708723ba0e7b8d43aa643d3dcd404d74f1475"},
+    {file = "websockets-15.0.1-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f29d80eb9a9263b8d109135351caf568cc3f80b9928bccde535c235de55c22d9"},
+    {file = "websockets-15.0.1-pp310-pypy310_pp73-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b359ed09954d7c18bbc1680f380c7301f92c60bf924171629c5db97febb12f04"},
+    {file = "websockets-15.0.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:cad21560da69f4ce7658ca2cb83138fb4cf695a2ba3e475e0559e05991aa8122"},
+    {file = "websockets-15.0.1-pp39-pypy39_pp73-macosx_10_15_x86_64.whl", hash = "sha256:7f493881579c90fc262d9cdbaa05a6b54b3811c2f300766748db79f098db9940"},
+    {file = "websockets-15.0.1-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:47b099e1f4fbc95b701b6e85768e1fcdaf1630f3cbe4765fa216596f12310e2e"},
+    {file = "websockets-15.0.1-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:67f2b6de947f8c757db2db9c71527933ad0019737ec374a8a6be9a956786aaf9"},
+    {file = "websockets-15.0.1-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d08eb4c2b7d6c41da6ca0600c077e93f5adcfd979cd777d747e9ee624556da4b"},
+    {file = "websockets-15.0.1-pp39-pypy39_pp73-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4b826973a4a2ae47ba357e4e82fa44a463b8f168e1ca775ac64521442b19e87f"},
+    {file = "websockets-15.0.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:21c1fa28a6a7e3cbdc171c694398b6df4744613ce9b36b1a498e816787e28123"},
+    {file = "websockets-15.0.1-py3-none-any.whl", hash = "sha256:f7a866fbc1e97b5c617ee4116daaa09b722101d4a3c170c787450ba409f9736f"},
+    {file = "websockets-15.0.1.tar.gz", hash = "sha256:82544de02076bafba038ce055ee6412d68da13ab47f0c60cab827346de828dee"},
+]
+
 [[package]]
 name = "zipp"
 version = "3.23.0"
@@ -1679,4 +1929,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<4.0"
-content-hash = "de209c97aa0feb29d669a20e4422d51bdf3a0872ec37e85ce9b88ce726fcee7a"
+content-hash = "0c40b63c3c921846cf05ccfb4e685d4959854b29c2c302245f9832e20aac6954"

autogpt_platform/autogpt_libs/pyproject.toml

@@ -18,8 +18,7 @@ pydantic = "^2.11.7"
 pydantic-settings = "^2.10.1"
 pyjwt = { version = "^2.10.1", extras = ["crypto"] }
 redis = "^6.2.0"
-bcrypt = "^4.1.0"
-authlib = "^1.3.0"
+supabase = "^2.16.0"
 uvicorn = "^0.35.0"
 
 [tool.poetry.group.dev.dependencies]

autogpt_platform/backend/.env.default

@@ -27,15 +27,10 @@ REDIS_PORT=6379
 RABBITMQ_DEFAULT_USER=rabbitmq_user_default
 RABBITMQ_DEFAULT_PASS=k0VMxyIJF9S35f3x2uaw5IWAl6Y536O7
 
-# JWT Authentication
-# Generate a secure random key: python -c "import secrets; print(secrets.token_urlsafe(32))"
-JWT_SIGN_KEY=your-super-secret-jwt-token-with-at-least-32-characters-long
+# Supabase Authentication
+SUPABASE_URL=http://localhost:8000
+SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
 JWT_VERIFY_KEY=your-super-secret-jwt-token-with-at-least-32-characters-long
-JWT_SIGN_ALGORITHM=HS256
-ACCESS_TOKEN_EXPIRE_MINUTES=15
-REFRESH_TOKEN_EXPIRE_DAYS=7
-JWT_ISSUER=autogpt-platform
-JWT_AUDIENCE=authenticated
 
 ## ===== REQUIRED SECURITY KEYS ===== ##
 # Generate using: from cryptography.fernet import Fernet;Fernet.generate_key().decode()
@@ -63,6 +58,13 @@ V0_API_KEY=
 OPEN_ROUTER_API_KEY=
 NVIDIA_API_KEY=
 
+# Langfuse Prompt Management
+# Used for managing the CoPilot system prompt externally
+# Get credentials from https://cloud.langfuse.com or your self-hosted instance
+LANGFUSE_PUBLIC_KEY=
+LANGFUSE_SECRET_KEY=
+LANGFUSE_HOST=https://cloud.langfuse.com
+
 # OAuth Credentials
 # For the OAuth callback URL, use <your_frontend_url>/auth/integrations/oauth_callback,
 # e.g. http://localhost:3000/auth/integrations/oauth_callback

autogpt_platform/backend/.gitignore

@@ -18,6 +18,4 @@ load-tests/results/
 load-tests/*.json
 load-tests/*.log
 load-tests/node_modules/*
-
-# Migration backups (contain user data)
-migration_backups/
+migrations/*/rollback*.sql

autogpt_platform/backend/Dockerfile

@@ -48,7 +48,8 @@ RUN poetry install --no-ansi --no-root
 # Generate Prisma client
 COPY autogpt_platform/backend/schema.prisma ./
 COPY autogpt_platform/backend/backend/data/partial_types.py ./backend/data/partial_types.py
-RUN poetry run prisma generate
+COPY autogpt_platform/backend/gen_prisma_types_stub.py ./
+RUN poetry run prisma generate && poetry run gen-prisma-stub
 
 FROM debian:13-slim AS server_dependencies
 
@@ -99,6 +100,7 @@ COPY autogpt_platform/backend/migrations /app/autogpt_platform/backend/migration
 FROM server_dependencies AS server
 
 COPY autogpt_platform/backend /app/autogpt_platform/backend
+COPY docs /app/docs
 RUN poetry install --no-ansi --only-root
 
 ENV PORT=8000

autogpt_platform/backend/TESTING.md

@@ -108,7 +108,7 @@ import fastapi.testclient
 import pytest
 from pytest_snapshot.plugin import Snapshot
 
-from backend.server.v2.myroute import router
+from backend.api.features.myroute import router
 
 app = fastapi.FastAPI()
 app.include_router(router)
@@ -149,7 +149,7 @@ These provide the easiest way to set up authentication mocking in test modules:
 import fastapi
 import fastapi.testclient
 import pytest
-from backend.server.v2.myroute import router
+from backend.api.features.myroute import router
 
 app = fastapi.FastAPI()
 app.include_router(router)

autogpt_platform/backend/backend/api/conn_manager.py

@@ -3,12 +3,12 @@ from typing import Dict, Set
 
 from fastapi import WebSocket
 
+from backend.api.model import NotificationPayload, WSMessage, WSMethod
 from backend.data.execution import (
     ExecutionEventType,
     GraphExecutionEvent,
     NodeExecutionEvent,
 )
-from backend.server.model import NotificationPayload, WSMessage, WSMethod
 
 _EVENT_TYPE_TO_METHOD_MAP: dict[ExecutionEventType, WSMethod] = {
     ExecutionEventType.GRAPH_EXEC_UPDATE: WSMethod.GRAPH_EXECUTION_EVENT,

autogpt_platform/backend/backend/api/conn_manager_test.py

@@ -4,13 +4,13 @@ from unittest.mock import AsyncMock
 import pytest
 from fastapi import WebSocket
 
+from backend.api.conn_manager import ConnectionManager
+from backend.api.model import NotificationPayload, WSMessage, WSMethod
 from backend.data.execution import (
     ExecutionStatus,
     GraphExecutionEvent,
     NodeExecutionEvent,
 )
-from backend.server.conn_manager import ConnectionManager
-from backend.server.model import NotificationPayload, WSMessage, WSMethod
 
 
 @pytest.fixture

autogpt_platform/backend/backend/api/external/fastapi_app.py

@@ -0,0 +1,61 @@
+"""
+External API Application
+
+This module defines the main FastAPI application for the external API,
+which mounts the v1 and v2 sub-applications.
+"""
+
+from fastapi import FastAPI
+from fastapi.responses import RedirectResponse
+
+from backend.monitoring.instrumentation import instrument_fastapi
+
+from .v1.app import v1_app
+from .v2.app import v2_app
+
+DESCRIPTION = """
+The external API provides programmatic access to the AutoGPT Platform for building
+integrations, automations, and custom applications.
+
+### API Versions
+
+| Version             | End of Life | Path                   | Documentation |
+|---------------------|-------------|------------------------|---------------|
+| **v2**              |             | `/external-api/v2/...` | [v2 docs](v2/docs) |
+| **v1** (deprecated) | 2025-05-01  | `/external-api/v1/...` | [v1 docs](v1/docs) |
+
+**Recommendation**: New integrations should use v2.
+
+For authentication details and usage examples, see the
+[API Integration Guide](https://docs.agpt.co/platform/integrating/api-guide/).
+"""
+
+external_api = FastAPI(
+    title="AutoGPT Platform API",
+    summary="External API for AutoGPT Platform integrations",
+    description=DESCRIPTION,
+    version="2.0.0",
+    docs_url="/docs",
+    redoc_url="/redoc",
+)
+
+
+@external_api.get("/", include_in_schema=False)
+async def root_redirect() -> RedirectResponse:
+    """Redirect root to API documentation."""
+    return RedirectResponse(url="/docs")
+
+
+# Mount versioned sub-applications
+# Each sub-app has its own /docs page at /v1/docs and /v2/docs
+external_api.mount("/v1", v1_app)
+external_api.mount("/v2", v2_app)
+
+# Add Prometheus instrumentation to the main app
+instrument_fastapi(
+    external_api,
+    service_name="external-api",
+    expose_endpoint=True,
+    endpoint="/metrics",
+    include_in_schema=True,
+)

autogpt_platform/backend/backend/api/external/v1/app.py

@@ -0,0 +1,39 @@
+"""
+V1 External API Application
+
+This module defines the FastAPI application for the v1 external API.
+"""
+
+from fastapi import FastAPI
+
+from backend.api.middleware.security import SecurityHeadersMiddleware
+
+from .routes import v1_router
+
+DESCRIPTION = """
+The v1 API provides access to core AutoGPT functionality for external integrations.
+
+For authentication details and usage examples, see the
+[API Integration Guide](https://docs.agpt.co/platform/integrating/api-guide/).
+"""
+
+v1_app = FastAPI(
+    title="AutoGPT Platform API",
+    summary="External API for AutoGPT Platform integrations (v1)",
+    description=DESCRIPTION,
+    version="1.0.0",
+    docs_url="/docs",
+    redoc_url="/redoc",
+    openapi_url="/openapi.json",
+    openapi_tags=[
+        {"name": "user", "description": "User information"},
+        {"name": "blocks", "description": "Block operations"},
+        {"name": "graphs", "description": "Graph execution"},
+        {"name": "store", "description": "Marketplace agents and creators"},
+        {"name": "integrations", "description": "OAuth credential management"},
+        {"name": "tools", "description": "AI assistant tools"},
+    ],
+)
+
+v1_app.add_middleware(SecurityHeadersMiddleware)
+v1_app.include_router(v1_router)

autogpt_platform/backend/backend/api/external/v1/integrations.py

@@ -16,6 +16,8 @@ from fastapi import APIRouter, Body, HTTPException, Path, Security, status
 from prisma.enums import APIKeyPermission
 from pydantic import BaseModel, Field, SecretStr
 
+from backend.api.external.middleware import require_permission
+from backend.api.features.integrations.models import get_all_provider_names
 from backend.data.auth.base import APIAuthorizationInfo
 from backend.data.model import (
     APIKeyCredentials,
@@ -28,8 +30,6 @@ from backend.data.model import (
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.oauth import CREDENTIALS_BY_PROVIDER, HANDLERS_BY_NAME
 from backend.integrations.providers import ProviderName
-from backend.server.external.middleware import require_permission
-from backend.server.integrations.models import get_all_provider_names
 from backend.util.settings import Settings
 
 if TYPE_CHECKING:

autogpt_platform/backend/backend/api/external/v1/routes.py

@@ -8,23 +8,29 @@ from prisma.enums import AgentExecutionStatus, APIKeyPermission
 from pydantic import BaseModel, Field
 from typing_extensions import TypedDict
 
+import backend.api.features.store.cache as store_cache
+import backend.api.features.store.model as store_model
 import backend.data.block
-import backend.server.v2.store.cache as store_cache
-import backend.server.v2.store.model as store_model
+from backend.api.external.middleware import require_permission
 from backend.data import execution as execution_db
 from backend.data import graph as graph_db
 from backend.data import user as user_db
 from backend.data.auth.base import APIAuthorizationInfo
 from backend.data.block import BlockInput, CompletedBlockOutput
 from backend.executor.utils import add_graph_execution
-from backend.server.external.middleware import require_permission
 from backend.util.settings import Settings
 
+from .integrations import integrations_router
+from .tools import tools_router
+
 settings = Settings()
 logger = logging.getLogger(__name__)
 
 v1_router = APIRouter()
 
+v1_router.include_router(integrations_router)
+v1_router.include_router(tools_router)
+
 
 class UserInfoResponse(BaseModel):
     id: str

autogpt_platform/backend/backend/api/external/v1/tools.py

@@ -14,11 +14,11 @@ from fastapi import APIRouter, Security
 from prisma.enums import APIKeyPermission
 from pydantic import BaseModel, Field
 
+from backend.api.external.middleware import require_permission
+from backend.api.features.chat.model import ChatSession
+from backend.api.features.chat.tools import find_agent_tool, run_agent_tool
+from backend.api.features.chat.tools.models import ToolResponseBase
 from backend.data.auth.base import APIAuthorizationInfo
-from backend.server.external.middleware import require_permission
-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.chat.tools import find_agent_tool, run_agent_tool
-from backend.server.v2.chat.tools.models import ToolResponseBase
 
 logger = logging.getLogger(__name__)
 
@@ -70,7 +70,7 @@ class RunAgentRequest(BaseModel):
     )
 
 
-def _create_ephemeral_session(user_id: str | None) -> ChatSession:
+def _create_ephemeral_session(user_id: str) -> ChatSession:
     """Create an ephemeral session for stateless API requests."""
     return ChatSession.new(user_id)
 

autogpt_platform/backend/backend/api/external/v2/__init__.py

@@ -0,0 +1,9 @@
+"""
+V2 External API
+
+This module provides the v2 external API for programmatic access to the AutoGPT Platform.
+"""
+
+from .routes import v2_router
+
+__all__ = ["v2_router"]

autogpt_platform/backend/backend/api/external/v2/app.py

@@ -0,0 +1,82 @@
+"""
+V2 External API Application
+
+This module defines the FastAPI application for the v2 external API.
+"""
+
+from fastapi import FastAPI
+
+from backend.api.middleware.security import SecurityHeadersMiddleware
+
+from .routes import v2_router
+
+DESCRIPTION = """
+The v2 API provides comprehensive access to the AutoGPT Platform for building
+integrations, automations, and custom applications.
+
+### Key Improvements over v1
+
+- **Consistent naming**: Uses `graph_id`/`graph_version` consistently
+- **Better pagination**: All list endpoints support pagination
+- **Comprehensive coverage**: Access to library, runs, schedules, credits, and more
+- **Human-in-the-loop**: Review and approve agent decisions via the API
+
+For authentication details and usage examples, see the
+[API Integration Guide](https://docs.agpt.co/platform/integrating/api-guide/).
+
+### Pagination
+
+List endpoints return paginated responses. Use `page` and `page_size` query
+parameters to navigate results. Maximum page size is 100 items.
+"""
+
+v2_app = FastAPI(
+    title="AutoGPT Platform External API",
+    summary="External API for AutoGPT Platform integrations (v2)",
+    description=DESCRIPTION,
+    version="2.0.0",
+    docs_url="/docs",
+    redoc_url="/redoc",
+    openapi_url="/openapi.json",
+    openapi_tags=[
+        {
+            "name": "graphs",
+            "description": "Create, update, and manage agent graphs",
+        },
+        {
+            "name": "schedules",
+            "description": "Manage scheduled graph executions",
+        },
+        {
+            "name": "blocks",
+            "description": "Discover available building blocks",
+        },
+        {
+            "name": "marketplace",
+            "description": "Browse agents and creators, manage submissions",
+        },
+        {
+            "name": "library",
+            "description": "Access your agent library and execute agents",
+        },
+        {
+            "name": "runs",
+            "description": "Monitor execution runs and human-in-the-loop reviews",
+        },
+        {
+            "name": "credits",
+            "description": "Check balance and view transaction history",
+        },
+        {
+            "name": "integrations",
+            "description": "Manage OAuth credentials for external services",
+        },
+        {
+            "name": "files",
+            "description": "Upload files for agent input",
+        },
+    ],
+)
+
+v2_app.add_middleware(SecurityHeadersMiddleware)
+v2_app.include_router(v2_router)

autogpt_platform/backend/backend/api/external/v2/blocks.py

@@ -0,0 +1,140 @@
+"""
+V2 External API - Blocks Endpoints
+
+Provides read-only access to available building blocks.
+"""
+
+import logging
+from typing import Any
+
+from fastapi import APIRouter, Response, Security
+from fastapi.concurrency import run_in_threadpool
+from prisma.enums import APIKeyPermission
+from pydantic import BaseModel, Field
+
+from backend.api.external.middleware import require_permission
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.block import get_blocks
+from backend.util.cache import cached
+from backend.util.json import dumps
+
+logger = logging.getLogger(__name__)
+
+blocks_router = APIRouter()
+
+
+# ============================================================================
+# Models
+# ============================================================================
+
+
+class BlockCost(BaseModel):
+    """Cost information for a block."""
+
+    cost_type: str = Field(description="Type of cost (e.g., 'per_call', 'per_token')")
+    cost_filter: dict[str, Any] = Field(
+        default_factory=dict, description="Conditions for this cost"
+    )
+    cost_amount: int = Field(description="Cost amount in credits")
+
+
+class Block(BaseModel):
+    """A building block that can be used in graphs."""
+
+    id: str
+    name: str
+    description: str
+    categories: list[str] = Field(default_factory=list)
+    input_schema: dict[str, Any]
+    output_schema: dict[str, Any]
+    costs: list[BlockCost] = Field(default_factory=list)
+    disabled: bool = Field(default=False)
+
+
+class BlocksListResponse(BaseModel):
+    """Response for listing blocks."""
+
+    blocks: list[Block]
+    total_count: int
+
+
+# ============================================================================
+# Internal Functions
+# ============================================================================
+
+
+def _compute_blocks_sync() -> str:
+    """
+    Synchronous function to compute blocks data.
+    This does the heavy lifting: instantiate 226+ blocks, compute costs, serialize.
+    """
+    from backend.data.credit import get_block_cost
+
+    block_classes = get_blocks()
+    result = []
+
+    for block_class in block_classes.values():
+        block_instance = block_class()
+        if not block_instance.disabled:
+            costs = get_block_cost(block_instance)
+            # Convert BlockCost BaseModel objects to dictionaries
+            costs_dict = [
+                cost.model_dump() if isinstance(cost, BaseModel) else cost
+                for cost in costs
+            ]
+            result.append({**block_instance.to_dict(), "costs": costs_dict})
+
+    return dumps(result)
+
+
+@cached(ttl_seconds=3600)
+async def _get_cached_blocks() -> str:
+    """
+    Async cached function with thundering herd protection.
+    On cache miss: runs heavy work in thread pool
+    On cache hit: returns cached string immediately
+    """
+    return await run_in_threadpool(_compute_blocks_sync)
+
+
+# ============================================================================
+# Endpoints
+# ============================================================================
+
+
+@blocks_router.get(
+    path="",
+    summary="List available blocks",
+    responses={
+        200: {
+            "description": "List of available building blocks",
+            "content": {
+                "application/json": {
+                    "schema": {
+                        "items": {"additionalProperties": True, "type": "object"},
+                        "type": "array",
+                    }
+                }
+            },
+        }
+    },
+)
+async def list_blocks(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_BLOCK)
+    ),
+) -> Response:
+    """
+    List all available building blocks that can be used in graphs.
+
+    Each block represents a specific capability (e.g., HTTP request, text processing,
+    AI completion, etc.) that can be connected in a graph to create an agent.
+
+    The response includes input/output schemas for each block, as well as
+    cost information for blocks that consume credits.
+    """
+    content = await _get_cached_blocks()
+    return Response(
+        content=content,
+        media_type="application/json",
+    )

autogpt_platform/backend/backend/api/external/v2/common.py

@@ -0,0 +1,36 @@
+"""
+Common utilities for V2 External API
+"""
+
+from typing import TypeVar
+
+from pydantic import BaseModel, Field
+
+# Constants for pagination
+MAX_PAGE_SIZE = 100
+DEFAULT_PAGE_SIZE = 20
+
+
+class PaginationParams(BaseModel):
+    """Common pagination parameters."""
+
+    page: int = Field(default=1, ge=1, description="Page number (1-indexed)")
+    page_size: int = Field(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Number of items per page (max {MAX_PAGE_SIZE})",
+    )
+
+
+T = TypeVar("T")
+
+
+class PaginatedResponse(BaseModel):
+    """Generic paginated response wrapper."""
+
+    items: list
+    total_count: int = Field(description="Total number of items across all pages")
+    page: int = Field(description="Current page number (1-indexed)")
+    page_size: int = Field(description="Number of items per page")
+    total_pages: int = Field(description="Total number of pages")

autogpt_platform/backend/backend/api/external/v2/credits.py

@@ -0,0 +1,141 @@
+"""
+V2 External API - Credits Endpoints
+
+Provides access to credit balance and transaction history.
+"""
+
+import logging
+from datetime import datetime
+from typing import Optional
+
+from fastapi import APIRouter, Query, Security
+from prisma.enums import APIKeyPermission
+from pydantic import BaseModel, Field
+
+from backend.api.external.middleware import require_permission
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.credit import get_user_credit_model
+
+from .common import DEFAULT_PAGE_SIZE, MAX_PAGE_SIZE
+
+logger = logging.getLogger(__name__)
+
+credits_router = APIRouter()
+
+
+# ============================================================================
+# Models
+# ============================================================================
+
+
+class CreditBalance(BaseModel):
+    """User's credit balance."""
+
+    balance: int = Field(description="Current credit balance")
+
+
+class CreditTransaction(BaseModel):
+    """A credit transaction."""
+
+    transaction_key: str
+    amount: int = Field(description="Transaction amount (positive or negative)")
+    type: str = Field(description="One of: TOP_UP, USAGE, GRANT, REFUND")
+    transaction_time: datetime
+    running_balance: Optional[int] = Field(
+        default=None, description="Balance after this transaction"
+    )
+    description: Optional[str] = None
+
+
+class CreditTransactionsResponse(BaseModel):
+    """Response for listing credit transactions."""
+
+    transactions: list[CreditTransaction]
+    total_count: int
+    page: int
+    page_size: int
+    total_pages: int
+
+
+# ============================================================================
+# Endpoints
+# ============================================================================
+
+
+@credits_router.get(
+    path="",
+    summary="Get credit balance",
+    response_model=CreditBalance,
+)
+async def get_balance(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_CREDITS)
+    ),
+) -> CreditBalance:
+    """
+    Get the current credit balance for the authenticated user.
+    """
+    user_credit_model = await get_user_credit_model(auth.user_id)
+    balance = await user_credit_model.get_credits(auth.user_id)
+
+    return CreditBalance(balance=balance)
+
+
+@credits_router.get(
+    path="/transactions",
+    summary="Get transaction history",
+    response_model=CreditTransactionsResponse,
+)
+async def get_transactions(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_CREDITS)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+    transaction_type: Optional[str] = Query(
+        default=None,
+        description="Filter by transaction type (TOP_UP, USAGE, GRANT, REFUND)",
+    ),
+) -> CreditTransactionsResponse:
+    """
+    Get credit transaction history for the authenticated user.
+
+    Returns transactions sorted by most recent first.
+    """
+    user_credit_model = await get_user_credit_model(auth.user_id)
+
+    history = await user_credit_model.get_transaction_history(
+        user_id=auth.user_id,
+        transaction_count_limit=page_size,
+        transaction_type=transaction_type,
+    )
+
+    transactions = [
+        CreditTransaction(
+            transaction_key=t.transaction_key,
+            amount=t.amount,
+            type=t.transaction_type.value,
+            transaction_time=t.transaction_time,
+            running_balance=t.running_balance,
+            description=t.description,
+        )
+        for t in history.transactions
+    ]
+
+    # Note: The current credit module doesn't support true pagination,
+    # so we're returning what we have
+    total_count = len(transactions)
+    total_pages = 1  # Without true pagination support
+
+    return CreditTransactionsResponse(
+        transactions=transactions,
+        total_count=total_count,
+        page=page,
+        page_size=page_size,
+        total_pages=total_pages,
+    )

autogpt_platform/backend/backend/api/external/v2/files.py

@@ -0,0 +1,132 @@
+"""
+V2 External API - Files Endpoints
+
+Provides file upload functionality for agent inputs.
+"""
+
+import base64
+import logging
+
+from fastapi import APIRouter, File, HTTPException, Query, Security, UploadFile
+from prisma.enums import APIKeyPermission
+from pydantic import BaseModel, Field
+
+from backend.api.external.middleware import require_permission
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.util.cloud_storage import get_cloud_storage_handler
+from backend.util.settings import Settings
+from backend.util.virus_scanner import scan_content_safe
+
+logger = logging.getLogger(__name__)
+settings = Settings()
+
+files_router = APIRouter()
+
+
+# ============================================================================
+# Models
+# ============================================================================
+
+
+class UploadFileResponse(BaseModel):
+    """Response after uploading a file."""
+
+    file_uri: str = Field(description="URI to reference the uploaded file in agents")
+    file_name: str
+    size: int = Field(description="File size in bytes")
+    content_type: str
+    expires_in_hours: int
+
+
+# ============================================================================
+# Endpoints
+# ============================================================================
+
+
+def _create_file_size_error(size_bytes: int, max_size_mb: int) -> HTTPException:
+    """Create standardized file size error response."""
+    return HTTPException(
+        status_code=400,
+        detail=f"File size ({size_bytes} bytes) exceeds the maximum allowed size of {max_size_mb}MB",
+    )
+
+
+@files_router.post(
+    path="/upload",
+    summary="Upload a file",
+    response_model=UploadFileResponse,
+)
+async def upload_file(
+    file: UploadFile = File(...),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.UPLOAD_FILES)
+    ),
+    provider: str = Query(
+        default="gcs", description="Storage provider (gcs, s3, azure)"
+    ),
+    expiration_hours: int = Query(
+        default=24, ge=1, le=48, description="Hours until file expires (1-48)"
+    ),
+) -> UploadFileResponse:
+    """
+    Upload a file to cloud storage for use with agents.
+
+    The returned `file_uri` can be used as input to agents that accept file inputs
+    (e.g., FileStoreBlock, AgentFileInputBlock).
+
+    Files are automatically scanned for viruses before storage.
+    """
+    # Check file size limit
+    max_size_mb = settings.config.upload_file_size_limit_mb
+    max_size_bytes = max_size_mb * 1024 * 1024
+
+    # Try to get file size from headers first
+    if hasattr(file, "size") and file.size is not None and file.size > max_size_bytes:
+        raise _create_file_size_error(file.size, max_size_mb)
+
+    # Read file content
+    content = await file.read()
+    content_size = len(content)
+
+    # Double-check file size after reading
+    if content_size > max_size_bytes:
+        raise _create_file_size_error(content_size, max_size_mb)
+
+    # Extract file info
+    file_name = file.filename or "uploaded_file"
+    content_type = file.content_type or "application/octet-stream"
+
+    # Virus scan the content
+    await scan_content_safe(content, filename=file_name)
+
+    # Check if cloud storage is configured
+    cloud_storage = await get_cloud_storage_handler()
+    if not cloud_storage.config.gcs_bucket_name:
+        # Fallback to base64 data URI when GCS is not configured
+        base64_content = base64.b64encode(content).decode("utf-8")
+        data_uri = f"data:{content_type};base64,{base64_content}"
+
+        return UploadFileResponse(
+            file_uri=data_uri,
+            file_name=file_name,
+            size=content_size,
+            content_type=content_type,
+            expires_in_hours=expiration_hours,
+        )
+
+    # Store in cloud storage
+    storage_path = await cloud_storage.store_file(
+        content=content,
+        filename=file_name,
+        provider=provider,
+        expiration_hours=expiration_hours,
+        user_id=auth.user_id,
+    )
+
+    return UploadFileResponse(
+        file_uri=storage_path,
+        file_name=file_name,
+        size=content_size,
+        content_type=content_type,
+        expires_in_hours=expiration_hours,
+    )

autogpt_platform/backend/backend/api/external/v2/graphs.py

@@ -0,0 +1,445 @@
+"""
+V2 External API - Graphs Endpoints
+
+Provides endpoints for managing agent graphs (CRUD operations).
+"""
+
+import logging
+
+from fastapi import APIRouter, HTTPException, Query, Security
+from prisma.enums import APIKeyPermission
+
+from backend.api.external.middleware import require_permission
+from backend.data import graph as graph_db
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.integrations.webhooks.graph_lifecycle_hooks import (
+    on_graph_activate,
+    on_graph_deactivate,
+)
+
+from .common import DEFAULT_PAGE_SIZE, MAX_PAGE_SIZE
+from .models import (
+    CreateGraphRequest,
+    DeleteGraphResponse,
+    GraphDetails,
+    GraphLink,
+    GraphMeta,
+    GraphNode,
+    GraphSettings,
+    GraphsListResponse,
+    SetActiveVersionRequest,
+)
+
+logger = logging.getLogger(__name__)
+
+graphs_router = APIRouter()
+
+
+def _convert_graph_meta(graph: graph_db.GraphMeta) -> GraphMeta:
+    """Convert internal GraphMeta to v2 API model."""
+    return GraphMeta(
+        id=graph.id,
+        version=graph.version,
+        is_active=graph.is_active,
+        name=graph.name,
+        description=graph.description,
+        created_at=graph.created_at,
+        input_schema=graph.input_schema,
+        output_schema=graph.output_schema,
+    )
+
+
+def _convert_graph_details(graph: graph_db.GraphModel) -> GraphDetails:
+    """Convert internal GraphModel to v2 API GraphDetails model."""
+    return GraphDetails(
+        id=graph.id,
+        version=graph.version,
+        is_active=graph.is_active,
+        name=graph.name,
+        description=graph.description,
+        created_at=graph.created_at,
+        input_schema=graph.input_schema,
+        output_schema=graph.output_schema,
+        nodes=[
+            GraphNode(
+                id=node.id,
+                block_id=node.block_id,
+                input_default=node.input_default,
+                metadata=node.metadata,
+            )
+            for node in graph.nodes
+        ],
+        links=[
+            GraphLink(
+                id=link.id,
+                source_id=link.source_id,
+                sink_id=link.sink_id,
+                source_name=link.source_name,
+                sink_name=link.sink_name,
+                is_static=link.is_static,
+            )
+            for link in graph.links
+        ],
+        credentials_input_schema=graph.credentials_input_schema,
+    )
+
+
+@graphs_router.get(
+    path="",
+    summary="List user's graphs",
+    response_model=GraphsListResponse,
+)
+async def list_graphs(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_GRAPH)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> GraphsListResponse:
+    """
+    List all graphs owned by the authenticated user.
+
+    Returns a paginated list of graph metadata (not full graph details).
+    """
+    graphs, pagination_info = await graph_db.list_graphs_paginated(
+        user_id=auth.user_id,
+        page=page,
+        page_size=page_size,
+        filter_by="active",
+    )
+    return GraphsListResponse(
+        graphs=[_convert_graph_meta(g) for g in graphs],
+        total_count=pagination_info.total_items,
+        page=pagination_info.current_page,
+        page_size=pagination_info.page_size,
+        total_pages=pagination_info.total_pages,
+    )
+
+
+@graphs_router.post(
+    path="",
+    summary="Create a new graph",
+    response_model=GraphDetails,
+)
+async def create_graph(
+    create_graph_request: CreateGraphRequest,
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_GRAPH)
+    ),
+) -> GraphDetails:
+    """
+    Create a new agent graph.
+
+    The graph will be validated and assigned a new ID. It will automatically
+    be added to the user's library.
+    """
+    # Import here to avoid circular imports
+    from backend.api.features.library import db as library_db
+
+    # Convert v2 API Graph model to internal Graph model
+    internal_graph = graph_db.Graph(
+        id=create_graph_request.graph.id or "",
+        version=create_graph_request.graph.version,
+        is_active=create_graph_request.graph.is_active,
+        name=create_graph_request.graph.name,
+        description=create_graph_request.graph.description,
+        nodes=[
+            graph_db.Node(
+                id=node.id,
+                block_id=node.block_id,
+                input_default=node.input_default,
+                metadata=node.metadata,
+            )
+            for node in create_graph_request.graph.nodes
+        ],
+        links=[
+            graph_db.Link(
+                id=link.id,
+                source_id=link.source_id,
+                sink_id=link.sink_id,
+                source_name=link.source_name,
+                sink_name=link.sink_name,
+                is_static=link.is_static,
+            )
+            for link in create_graph_request.graph.links
+        ],
+    )
+
+    graph = graph_db.make_graph_model(internal_graph, auth.user_id)
+    graph.reassign_ids(user_id=auth.user_id, reassign_graph_id=True)
+    graph.validate_graph(for_run=False)
+
+    await graph_db.create_graph(graph, user_id=auth.user_id)
+    await library_db.create_library_agent(graph, user_id=auth.user_id)
+    activated_graph = await on_graph_activate(graph, user_id=auth.user_id)
+
+    return _convert_graph_details(activated_graph)
+
+
+@graphs_router.get(
+    path="/{graph_id}",
+    summary="Get graph details",
+    response_model=GraphDetails,
+)
+async def get_graph(
+    graph_id: str,
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_GRAPH)
+    ),
+    version: int | None = Query(
+        default=None,
+        description="Specific version to retrieve (default: active version)",
+    ),
+) -> GraphDetails:
+    """
+    Get detailed information about a specific graph.
+
+    By default returns the active version. Use the `version` query parameter
+    to retrieve a specific version.
+    """
+    graph = await graph_db.get_graph(
+        graph_id,
+        version,
+        user_id=auth.user_id,
+        include_subgraphs=True,
+    )
+    if not graph:
+        raise HTTPException(status_code=404, detail=f"Graph #{graph_id} not found.")
+    return _convert_graph_details(graph)
+
+
+@graphs_router.put(
+    path="/{graph_id}",
+    summary="Update graph (creates new version)",
+    response_model=GraphDetails,
+)
+async def update_graph(
+    graph_id: str,
+    graph_request: CreateGraphRequest,
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_GRAPH)
+    ),
+) -> GraphDetails:
+    """
+    Update a graph by creating a new version.
+
+    This does not modify existing versions - it creates a new version with
+    the provided content. The new version becomes the active version.
+    """
+    # Import here to avoid circular imports
+    from backend.api.features.library import db as library_db
+
+    graph_data = graph_request.graph
+    if graph_data.id and graph_data.id != graph_id:
+        raise HTTPException(400, detail="Graph ID does not match ID in URI")
+
+    existing_versions = await graph_db.get_graph_all_versions(
+        graph_id, user_id=auth.user_id
+    )
+    if not existing_versions:
+        raise HTTPException(404, detail=f"Graph #{graph_id} not found")
+
+    latest_version_number = max(g.version for g in existing_versions)
+
+    # Convert v2 API Graph model to internal Graph model
+    internal_graph = graph_db.Graph(
+        id=graph_id,
+        version=latest_version_number + 1,
+        is_active=graph_data.is_active,
+        name=graph_data.name,
+        description=graph_data.description,
+        nodes=[
+            graph_db.Node(
+                id=node.id,
+                block_id=node.block_id,
+                input_default=node.input_default,
+                metadata=node.metadata,
+            )
+            for node in graph_data.nodes
+        ],
+        links=[
+            graph_db.Link(
+                id=link.id,
+                source_id=link.source_id,
+                sink_id=link.sink_id,
+                source_name=link.source_name,
+                sink_name=link.sink_name,
+                is_static=link.is_static,
+            )
+            for link in graph_data.links
+        ],
+    )
+
+    current_active_version = next((v for v in existing_versions if v.is_active), None)
+    graph = graph_db.make_graph_model(internal_graph, auth.user_id)
+    graph.reassign_ids(user_id=auth.user_id, reassign_graph_id=False)
+    graph.validate_graph(for_run=False)
+
+    new_graph_version = await graph_db.create_graph(graph, user_id=auth.user_id)
+
+    if new_graph_version.is_active:
+        await library_db.update_agent_version_in_library(
+            auth.user_id, new_graph_version.id, new_graph_version.version
+        )
+        new_graph_version = await on_graph_activate(
+            new_graph_version, user_id=auth.user_id
+        )
+        await graph_db.set_graph_active_version(
+            graph_id=graph_id, version=new_graph_version.version, user_id=auth.user_id
+        )
+        if current_active_version:
+            await on_graph_deactivate(current_active_version, user_id=auth.user_id)
+
+    new_graph_version_with_subgraphs = await graph_db.get_graph(
+        graph_id,
+        new_graph_version.version,
+        user_id=auth.user_id,
+        include_subgraphs=True,
+    )
+    assert new_graph_version_with_subgraphs
+    return _convert_graph_details(new_graph_version_with_subgraphs)
+
+
+@graphs_router.delete(
+    path="/{graph_id}",
+    summary="Delete graph permanently",
+    response_model=DeleteGraphResponse,
+)
+async def delete_graph(
+    graph_id: str,
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_GRAPH)
+    ),
+) -> DeleteGraphResponse:
+    """
+    Permanently delete a graph and all its versions.
+
+    This action cannot be undone. All associated executions will remain
+    but will reference a deleted graph.
+    """
+    if active_version := await graph_db.get_graph(
+        graph_id=graph_id, version=None, user_id=auth.user_id
+    ):
+        await on_graph_deactivate(active_version, user_id=auth.user_id)
+
+    version_count = await graph_db.delete_graph(graph_id, user_id=auth.user_id)
+    return DeleteGraphResponse(version_count=version_count)
+
+
+@graphs_router.get(
+    path="/{graph_id}/versions",
+    summary="List all graph versions",
+    response_model=list[GraphDetails],
+)
+async def list_graph_versions(
+    graph_id: str,
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_GRAPH)
+    ),
+) -> list[GraphDetails]:
+    """
+    Get all versions of a specific graph.
+
+    Returns a list of all versions, with the active version marked.
+    """
+    graphs = await graph_db.get_graph_all_versions(graph_id, user_id=auth.user_id)
+    if not graphs:
+        raise HTTPException(status_code=404, detail=f"Graph #{graph_id} not found.")
+    return [_convert_graph_details(g) for g in graphs]
+
+
+@graphs_router.put(
+    path="/{graph_id}/versions/active",
+    summary="Set active graph version",
+)
+async def set_active_version(
+    graph_id: str,
+    request_body: SetActiveVersionRequest,
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_GRAPH)
+    ),
+) -> None:
+    """
+    Set which version of a graph is the active version.
+
+    The active version is used when executing the graph without specifying
+    a version number.
+    """
+    # Import here to avoid circular imports
+    from backend.api.features.library import db as library_db
+
+    new_active_version = request_body.active_graph_version
+    new_active_graph = await graph_db.get_graph(
+        graph_id, new_active_version, user_id=auth.user_id
+    )
+    if not new_active_graph:
+        raise HTTPException(404, f"Graph #{graph_id} v{new_active_version} not found")
+
+    current_active_graph = await graph_db.get_graph(
+        graph_id=graph_id,
+        version=None,
+        user_id=auth.user_id,
+    )
+
+    await on_graph_activate(new_active_graph, user_id=auth.user_id)
+    await graph_db.set_graph_active_version(
+        graph_id=graph_id,
+        version=new_active_version,
+        user_id=auth.user_id,
+    )
+
+    await library_db.update_agent_version_in_library(
+        auth.user_id, new_active_graph.id, new_active_graph.version
+    )
+
+    if current_active_graph and current_active_graph.version != new_active_version:
+        await on_graph_deactivate(current_active_graph, user_id=auth.user_id)
+
+
+@graphs_router.patch(
+    path="/{graph_id}/settings",
+    summary="Update graph settings",
+    response_model=GraphSettings,
+)
+async def update_graph_settings(
+    graph_id: str,
+    settings: GraphSettings,
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_GRAPH)
+    ),
+) -> GraphSettings:
+    """
+    Update settings for a graph.
+
+    Currently supports:
+    - human_in_the_loop_safe_mode: Enable/disable safe mode for human-in-the-loop blocks
+    """
+    # Import here to avoid circular imports
+    from backend.api.features.library import db as library_db
+    from backend.data.graph import GraphSettings as InternalGraphSettings
+
+    library_agent = await library_db.get_library_agent_by_graph_id(
+        graph_id=graph_id, user_id=auth.user_id
+    )
+    if not library_agent:
+        raise HTTPException(404, f"Graph #{graph_id} not found in user's library")
+
+    # Convert to internal model
+    internal_settings = InternalGraphSettings(
+        human_in_the_loop_safe_mode=settings.human_in_the_loop_safe_mode
+    )
+
+    updated_agent = await library_db.update_library_agent_settings(
+        user_id=auth.user_id,
+        agent_id=library_agent.id,
+        settings=internal_settings,
+    )
+
+    return GraphSettings(
+        human_in_the_loop_safe_mode=updated_agent.settings.human_in_the_loop_safe_mode
+    )

autogpt_platform/backend/backend/api/external/v2/integrations.py

@@ -0,0 +1,271 @@
+"""
+V2 External API - Integrations Endpoints
+
+Provides access to user's integration credentials.
+"""
+
+import logging
+from typing import Optional
+
+from fastapi import APIRouter, HTTPException, Path, Security
+from prisma.enums import APIKeyPermission
+from pydantic import BaseModel, Field
+
+from backend.api.external.middleware import require_permission
+from backend.api.features.library import db as library_db
+from backend.data import graph as graph_db
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.model import Credentials, OAuth2Credentials
+from backend.integrations.creds_manager import IntegrationCredentialsManager
+
+logger = logging.getLogger(__name__)
+
+integrations_router = APIRouter()
+creds_manager = IntegrationCredentialsManager()
+
+
+# ============================================================================
+# Models
+# ============================================================================
+
+
+class Credential(BaseModel):
+    """A user's credential for an integration."""
+
+    id: str
+    provider: str = Field(description="Integration provider name")
+    title: Optional[str] = Field(
+        default=None, description="User-assigned title for this credential"
+    )
+    scopes: list[str] = Field(default_factory=list, description="Granted scopes")
+
+
+class CredentialsListResponse(BaseModel):
+    """Response for listing credentials."""
+
+    credentials: list[Credential]
+
+
+class CredentialRequirement(BaseModel):
+    """A credential requirement for a graph or agent."""
+
+    provider: str = Field(description="Required provider name")
+    required_scopes: list[str] = Field(
+        default_factory=list, description="Required scopes"
+    )
+    matching_credentials: list[Credential] = Field(
+        default_factory=list,
+        description="User's credentials that match this requirement",
+    )
+
+
+class CredentialRequirementsResponse(BaseModel):
+    """Response for listing credential requirements."""
+
+    requirements: list[CredentialRequirement]
+
+
+# ============================================================================
+# Conversion Functions
+# ============================================================================
+
+
+def _convert_credential(cred: Credentials) -> Credential:
+    """Convert internal credential to v2 API model."""
+    scopes: list[str] = []
+    if isinstance(cred, OAuth2Credentials):
+        scopes = cred.scopes or []
+
+    return Credential(
+        id=cred.id,
+        provider=cred.provider,
+        title=cred.title,
+        scopes=scopes,
+    )
+
+
+# ============================================================================
+# Endpoints
+# ============================================================================
+
+
+@integrations_router.get(
+    path="/credentials",
+    summary="List all credentials",
+    response_model=CredentialsListResponse,
+)
+async def list_credentials(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_INTEGRATIONS)
+    ),
+) -> CredentialsListResponse:
+    """
+    List all integration credentials for the authenticated user.
+
+    This returns all OAuth credentials the user has connected, across
+    all integration providers.
+    """
+    credentials = await creds_manager.store.get_all_creds(auth.user_id)
+
+    return CredentialsListResponse(
+        credentials=[_convert_credential(c) for c in credentials]
+    )
+
+
+@integrations_router.get(
+    path="/credentials/{provider}",
+    summary="List credentials by provider",
+    response_model=CredentialsListResponse,
+)
+async def list_credentials_by_provider(
+    provider: str = Path(description="Provider name (e.g., 'github', 'google')"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_INTEGRATIONS)
+    ),
+) -> CredentialsListResponse:
+    """
+    List integration credentials for a specific provider.
+    """
+    all_credentials = await creds_manager.store.get_all_creds(auth.user_id)
+
+    # Filter by provider
+    filtered = [c for c in all_credentials if c.provider.lower() == provider.lower()]
+
+    return CredentialsListResponse(
+        credentials=[_convert_credential(c) for c in filtered]
+    )
+
+
+@integrations_router.get(
+    path="/graphs/{graph_id}/credentials",
+    summary="List credentials matching graph requirements",
+    response_model=CredentialRequirementsResponse,
+)
+async def list_graph_credential_requirements(
+    graph_id: str = Path(description="Graph ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_INTEGRATIONS)
+    ),
+) -> CredentialRequirementsResponse:
+    """
+    List credential requirements for a graph and matching user credentials.
+
+    This helps identify which credentials the user needs to provide
+    when executing a graph.
+    """
+    # Get the graph
+    graph = await graph_db.get_graph(
+        graph_id=graph_id,
+        version=None,  # Active version
+        user_id=auth.user_id,
+        include_subgraphs=True,
+    )
+    if not graph:
+        raise HTTPException(status_code=404, detail=f"Graph #{graph_id} not found")
+
+    # Get the credentials input schema which contains provider requirements
+    creds_schema = graph.credentials_input_schema
+    all_credentials = await creds_manager.store.get_all_creds(auth.user_id)
+
+    requirements = []
+    for field_name, field_schema in creds_schema.get("properties", {}).items():
+        # Extract provider from schema
+        # The schema structure varies, but typically has provider info
+        providers = []
+        if "anyOf" in field_schema:
+            for option in field_schema["anyOf"]:
+                if "provider" in option:
+                    providers.append(option["provider"])
+        elif "provider" in field_schema:
+            providers.append(field_schema["provider"])
+
+        for provider in providers:
+            # Find matching credentials
+            matching = [
+                _convert_credential(c)
+                for c in all_credentials
+                if c.provider.lower() == provider.lower()
+            ]
+
+            requirements.append(
+                CredentialRequirement(
+                    provider=provider,
+                    required_scopes=[],  # Would need to extract from schema
+                    matching_credentials=matching,
+                )
+            )
+
+    return CredentialRequirementsResponse(requirements=requirements)
+
+
+@integrations_router.get(
+    path="/library/{agent_id}/credentials",
+    summary="List credentials matching library agent requirements",
+    response_model=CredentialRequirementsResponse,
+)
+async def list_library_agent_credential_requirements(
+    agent_id: str = Path(description="Library agent ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_INTEGRATIONS)
+    ),
+) -> CredentialRequirementsResponse:
+    """
+    List credential requirements for a library agent and matching user credentials.
+
+    This helps identify which credentials the user needs to provide
+    when executing an agent from their library.
+    """
+    # Get the library agent
+    try:
+        library_agent = await library_db.get_library_agent(
+            id=agent_id,
+            user_id=auth.user_id,
+        )
+    except Exception:
+        raise HTTPException(status_code=404, detail=f"Agent #{agent_id} not found")
+
+    # Get the underlying graph
+    graph = await graph_db.get_graph(
+        graph_id=library_agent.graph_id,
+        version=library_agent.graph_version,
+        user_id=auth.user_id,
+        include_subgraphs=True,
+    )
+    if not graph:
+        raise HTTPException(
+            status_code=404,
+            detail=f"Graph for agent #{agent_id} not found",
+        )
+
+    # Get the credentials input schema
+    creds_schema = graph.credentials_input_schema
+    all_credentials = await creds_manager.store.get_all_creds(auth.user_id)
+
+    requirements = []
+    for field_name, field_schema in creds_schema.get("properties", {}).items():
+        # Extract provider from schema
+        providers = []
+        if "anyOf" in field_schema:
+            for option in field_schema["anyOf"]:
+                if "provider" in option:
+                    providers.append(option["provider"])
+        elif "provider" in field_schema:
+            providers.append(field_schema["provider"])
+
+        for provider in providers:
+            # Find matching credentials
+            matching = [
+                _convert_credential(c)
+                for c in all_credentials
+                if c.provider.lower() == provider.lower()
+            ]
+
+            requirements.append(
+                CredentialRequirement(
+                    provider=provider,
+                    required_scopes=[],
+                    matching_credentials=matching,
+                )
+            )
+
+    return CredentialRequirementsResponse(requirements=requirements)

autogpt_platform/backend/backend/api/external/v2/library.py

@@ -0,0 +1,247 @@
+"""
+V2 External API - Library Endpoints
+
+Provides access to the user's agent library and agent execution.
+"""
+
+import logging
+
+from fastapi import APIRouter, HTTPException, Path, Query, Security
+from prisma.enums import APIKeyPermission
+
+from backend.api.external.middleware import require_permission
+from backend.api.features.library import db as library_db
+from backend.api.features.library import model as library_model
+from backend.data import execution as execution_db
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.credit import get_user_credit_model
+from backend.executor import utils as execution_utils
+
+from .common import DEFAULT_PAGE_SIZE, MAX_PAGE_SIZE
+from .models import (
+    ExecuteAgentRequest,
+    LibraryAgent,
+    LibraryAgentsResponse,
+    Run,
+    RunsListResponse,
+)
+
+logger = logging.getLogger(__name__)
+
+library_router = APIRouter()
+
+
+# ============================================================================
+# Conversion Functions
+# ============================================================================
+
+
+def _convert_library_agent(agent: library_model.LibraryAgent) -> LibraryAgent:
+    """Convert internal LibraryAgent to v2 API model."""
+    return LibraryAgent(
+        id=agent.id,
+        graph_id=agent.graph_id,
+        graph_version=agent.graph_version,
+        name=agent.name,
+        description=agent.description,
+        is_favorite=agent.is_favorite,
+        can_access_graph=agent.can_access_graph,
+        is_latest_version=agent.is_latest_version,
+        image_url=agent.image_url,
+        creator_name=agent.creator_name,
+        input_schema=agent.input_schema,
+        output_schema=agent.output_schema,
+        created_at=agent.created_at,
+        updated_at=agent.updated_at,
+    )
+
+
+def _convert_execution_to_run(exec: execution_db.GraphExecutionMeta) -> Run:
+    """Convert internal execution to v2 API Run model."""
+    return Run(
+        id=exec.id,
+        graph_id=exec.graph_id,
+        graph_version=exec.graph_version,
+        status=exec.status.value,
+        started_at=exec.started_at,
+        ended_at=exec.ended_at,
+        inputs=exec.inputs,
+        cost=exec.stats.cost if exec.stats else 0,
+        duration=exec.stats.duration if exec.stats else 0,
+        node_count=exec.stats.node_exec_count if exec.stats else 0,
+    )
+
+
+# ============================================================================
+# Endpoints
+# ============================================================================
+
+
+@library_router.get(
+    path="/agents",
+    summary="List library agents",
+    response_model=LibraryAgentsResponse,
+)
+async def list_library_agents(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_LIBRARY)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> LibraryAgentsResponse:
+    """
+    List agents in the user's library.
+
+    The library contains agents the user has created or added from the marketplace.
+    """
+    result = await library_db.list_library_agents(
+        user_id=auth.user_id,
+        page=page,
+        page_size=page_size,
+    )
+
+    return LibraryAgentsResponse(
+        agents=[_convert_library_agent(a) for a in result.agents],
+        total_count=result.pagination.total_items,
+        page=result.pagination.current_page,
+        page_size=result.pagination.page_size,
+        total_pages=result.pagination.total_pages,
+    )
+
+
+@library_router.get(
+    path="/agents/favorites",
+    summary="List favorite agents",
+    response_model=LibraryAgentsResponse,
+)
+async def list_favorite_agents(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_LIBRARY)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> LibraryAgentsResponse:
+    """
+    List favorite agents in the user's library.
+    """
+    result = await library_db.list_favorite_library_agents(
+        user_id=auth.user_id,
+        page=page,
+        page_size=page_size,
+    )
+
+    return LibraryAgentsResponse(
+        agents=[_convert_library_agent(a) for a in result.agents],
+        total_count=result.pagination.total_items,
+        page=result.pagination.current_page,
+        page_size=result.pagination.page_size,
+        total_pages=result.pagination.total_pages,
+    )
+
+
+@library_router.post(
+    path="/agents/{agent_id}/runs",
+    summary="Execute an agent",
+    response_model=Run,
+)
+async def execute_agent(
+    request: ExecuteAgentRequest,
+    agent_id: str = Path(description="Library agent ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.RUN_AGENT)
+    ),
+) -> Run:
+    """
+    Execute an agent from the library.
+
+    This creates a new run with the provided inputs. The run executes
+    asynchronously and you can poll the run status using GET /runs/{run_id}.
+    """
+    # Check credit balance
+    user_credit_model = await get_user_credit_model(auth.user_id)
+    current_balance = await user_credit_model.get_credits(auth.user_id)
+    if current_balance <= 0:
+        raise HTTPException(
+            status_code=402,
+            detail="Insufficient balance to execute the agent. Please top up your account.",
+        )
+
+    # Get the library agent to find the graph ID and version
+    try:
+        library_agent = await library_db.get_library_agent(
+            id=agent_id,
+            user_id=auth.user_id,
+        )
+    except Exception:
+        raise HTTPException(status_code=404, detail=f"Agent #{agent_id} not found")
+
+    try:
+        result = await execution_utils.add_graph_execution(
+            graph_id=library_agent.graph_id,
+            user_id=auth.user_id,
+            inputs=request.inputs,
+            graph_version=library_agent.graph_version,
+            graph_credentials_inputs=request.credentials_inputs,
+        )
+
+        return _convert_execution_to_run(result)
+
+    except Exception as e:
+        logger.error(f"Failed to execute agent: {e}")
+        raise HTTPException(status_code=400, detail=str(e))
+
+
+@library_router.get(
+    path="/agents/{agent_id}/runs",
+    summary="List runs for an agent",
+    response_model=RunsListResponse,
+)
+async def list_agent_runs(
+    agent_id: str = Path(description="Library agent ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_LIBRARY)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> RunsListResponse:
+    """
+    List execution runs for a specific agent.
+    """
+    # Get the library agent to find the graph ID
+    try:
+        library_agent = await library_db.get_library_agent(
+            id=agent_id,
+            user_id=auth.user_id,
+        )
+    except Exception:
+        raise HTTPException(status_code=404, detail=f"Agent #{agent_id} not found")
+
+    result = await execution_db.get_graph_executions_paginated(
+        graph_id=library_agent.graph_id,
+        user_id=auth.user_id,
+        page=page,
+        page_size=page_size,
+    )
+
+    return RunsListResponse(
+        runs=[_convert_execution_to_run(e) for e in result.executions],
+        total_count=result.pagination.total_items,
+        page=result.pagination.current_page,
+        page_size=result.pagination.page_size,
+        total_pages=result.pagination.total_pages,
+    )

autogpt_platform/backend/backend/api/external/v2/marketplace.py

@@ -0,0 +1,510 @@
+"""
+V2 External API - Marketplace Endpoints
+
+Provides access to the agent marketplace (store).
+"""
+
+import logging
+import urllib.parse
+from datetime import datetime
+from typing import Literal, Optional
+
+from fastapi import APIRouter, HTTPException, Path, Query, Security
+from prisma.enums import APIKeyPermission
+from pydantic import BaseModel, Field
+
+from backend.api.external.middleware import require_permission
+from backend.api.features.store import cache as store_cache
+from backend.api.features.store import db as store_db
+from backend.api.features.store import model as store_model
+from backend.data.auth.base import APIAuthorizationInfo
+
+from .common import DEFAULT_PAGE_SIZE, MAX_PAGE_SIZE
+
+logger = logging.getLogger(__name__)
+
+marketplace_router = APIRouter()
+
+
+# ============================================================================
+# Models
+# ============================================================================
+
+
+class MarketplaceAgent(BaseModel):
+    """An agent available in the marketplace."""
+
+    slug: str
+    name: str
+    description: str
+    sub_heading: str
+    creator: str
+    creator_avatar: str
+    runs: int = Field(default=0, description="Number of times this agent has been run")
+    rating: float = Field(default=0.0, description="Average rating")
+    image_url: str = Field(default="")
+
+
+class MarketplaceAgentDetails(BaseModel):
+    """Detailed information about a marketplace agent."""
+
+    store_listing_version_id: str
+    slug: str
+    name: str
+    description: str
+    sub_heading: str
+    instructions: Optional[str] = None
+    creator: str
+    creator_avatar: str
+    categories: list[str] = Field(default_factory=list)
+    runs: int = Field(default=0)
+    rating: float = Field(default=0.0)
+    image_urls: list[str] = Field(default_factory=list)
+    video_url: str = Field(default="")
+    versions: list[str] = Field(default_factory=list, description="Available versions")
+    agent_graph_versions: list[str] = Field(default_factory=list)
+    agent_graph_id: str
+    last_updated: datetime
+
+
+class MarketplaceAgentsResponse(BaseModel):
+    """Response for listing marketplace agents."""
+
+    agents: list[MarketplaceAgent]
+    total_count: int
+    page: int
+    page_size: int
+    total_pages: int
+
+
+class MarketplaceCreator(BaseModel):
+    """A creator on the marketplace."""
+
+    name: str
+    username: str
+    description: str
+    avatar_url: str
+    num_agents: int
+    agent_rating: float
+    agent_runs: int
+    is_featured: bool = False
+
+
+class MarketplaceCreatorDetails(BaseModel):
+    """Detailed information about a marketplace creator."""
+
+    name: str
+    username: str
+    description: str
+    avatar_url: str
+    agent_rating: float
+    agent_runs: int
+    top_categories: list[str] = Field(default_factory=list)
+    links: list[str] = Field(default_factory=list)
+
+
+class MarketplaceCreatorsResponse(BaseModel):
+    """Response for listing marketplace creators."""
+
+    creators: list[MarketplaceCreator]
+    total_count: int
+    page: int
+    page_size: int
+    total_pages: int
+
+
+class MarketplaceSubmission(BaseModel):
+    """A marketplace submission."""
+
+    graph_id: str
+    graph_version: int
+    name: str
+    sub_heading: str
+    slug: str
+    description: str
+    instructions: Optional[str] = None
+    image_urls: list[str] = Field(default_factory=list)
+    date_submitted: datetime
+    status: str = Field(description="One of: DRAFT, PENDING, APPROVED, REJECTED")
+    runs: int = Field(default=0)
+    rating: float = Field(default=0.0)
+    store_listing_version_id: Optional[str] = None
+    version: Optional[int] = None
+    review_comments: Optional[str] = None
+    reviewed_at: Optional[datetime] = None
+    video_url: Optional[str] = None
+    categories: list[str] = Field(default_factory=list)
+
+
+class SubmissionsListResponse(BaseModel):
+    """Response for listing submissions."""
+
+    submissions: list[MarketplaceSubmission]
+    total_count: int
+    page: int
+    page_size: int
+    total_pages: int
+
+
+class CreateSubmissionRequest(BaseModel):
+    """Request to create a marketplace submission."""
+
+    graph_id: str = Field(description="ID of the graph to submit")
+    graph_version: int = Field(description="Version of the graph to submit")
+    name: str = Field(description="Display name for the agent")
+    slug: str = Field(description="URL-friendly identifier")
+    description: str = Field(description="Full description")
+    sub_heading: str = Field(description="Short tagline")
+    image_urls: list[str] = Field(default_factory=list)
+    video_url: Optional[str] = None
+    categories: list[str] = Field(default_factory=list)
+
+
+# ============================================================================
+# Conversion Functions
+# ============================================================================
+
+
+def _convert_store_agent(agent: store_model.StoreAgent) -> MarketplaceAgent:
+    """Convert internal StoreAgent to v2 API model."""
+    return MarketplaceAgent(
+        slug=agent.slug,
+        name=agent.agent_name,
+        description=agent.description,
+        sub_heading=agent.sub_heading,
+        creator=agent.creator,
+        creator_avatar=agent.creator_avatar,
+        runs=agent.runs,
+        rating=agent.rating,
+        image_url=agent.agent_image,
+    )
+
+
+def _convert_store_agent_details(
+    agent: store_model.StoreAgentDetails,
+) -> MarketplaceAgentDetails:
+    """Convert internal StoreAgentDetails to v2 API model."""
+    return MarketplaceAgentDetails(
+        store_listing_version_id=agent.store_listing_version_id,
+        slug=agent.slug,
+        name=agent.agent_name,
+        description=agent.description,
+        sub_heading=agent.sub_heading,
+        instructions=agent.instructions,
+        creator=agent.creator,
+        creator_avatar=agent.creator_avatar,
+        categories=agent.categories,
+        runs=agent.runs,
+        rating=agent.rating,
+        image_urls=agent.agent_image,
+        video_url=agent.agent_video,
+        versions=agent.versions,
+        agent_graph_versions=agent.agentGraphVersions,
+        agent_graph_id=agent.agentGraphId,
+        last_updated=agent.last_updated,
+    )
+
+
+def _convert_creator(creator: store_model.Creator) -> MarketplaceCreator:
+    """Convert internal Creator to v2 API model."""
+    return MarketplaceCreator(
+        name=creator.name,
+        username=creator.username,
+        description=creator.description,
+        avatar_url=creator.avatar_url,
+        num_agents=creator.num_agents,
+        agent_rating=creator.agent_rating,
+        agent_runs=creator.agent_runs,
+        is_featured=creator.is_featured,
+    )
+
+
+def _convert_creator_details(
+    creator: store_model.CreatorDetails,
+) -> MarketplaceCreatorDetails:
+    """Convert internal CreatorDetails to v2 API model."""
+    return MarketplaceCreatorDetails(
+        name=creator.name,
+        username=creator.username,
+        description=creator.description,
+        avatar_url=creator.avatar_url,
+        agent_rating=creator.agent_rating,
+        agent_runs=creator.agent_runs,
+        top_categories=creator.top_categories,
+        links=creator.links,
+    )
+
+
+def _convert_submission(sub: store_model.StoreSubmission) -> MarketplaceSubmission:
+    """Convert internal StoreSubmission to v2 API model."""
+    return MarketplaceSubmission(
+        graph_id=sub.agent_id,
+        graph_version=sub.agent_version,
+        name=sub.name,
+        sub_heading=sub.sub_heading,
+        slug=sub.slug,
+        description=sub.description,
+        instructions=sub.instructions,
+        image_urls=sub.image_urls,
+        date_submitted=sub.date_submitted,
+        status=sub.status.value,
+        runs=sub.runs,
+        rating=sub.rating,
+        store_listing_version_id=sub.store_listing_version_id,
+        version=sub.version,
+        review_comments=sub.review_comments,
+        reviewed_at=sub.reviewed_at,
+        video_url=sub.video_url,
+        categories=sub.categories,
+    )
+
+
+# ============================================================================
+# Endpoints - Read (authenticated)
+# ============================================================================
+
+
+@marketplace_router.get(
+    path="/agents",
+    summary="List marketplace agents",
+    response_model=MarketplaceAgentsResponse,
+)
+async def list_agents(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_STORE)
+    ),
+    featured: bool = Query(default=False, description="Filter to featured agents only"),
+    creator: Optional[str] = Query(
+        default=None, description="Filter by creator username"
+    ),
+    sorted_by: Optional[Literal["rating", "runs", "name", "updated_at"]] = Query(
+        default=None, description="Sort field"
+    ),
+    search_query: Optional[str] = Query(default=None, description="Search query"),
+    category: Optional[str] = Query(default=None, description="Filter by category"),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> MarketplaceAgentsResponse:
+    """
+    List agents available in the marketplace.
+
+    Supports filtering by featured status, creator, category, and search query.
+    Results can be sorted by rating, runs, name, or update time.
+    """
+    result = await store_cache._get_cached_store_agents(
+        featured=featured,
+        creator=creator,
+        sorted_by=sorted_by,
+        search_query=search_query,
+        category=category,
+        page=page,
+        page_size=page_size,
+    )
+
+    return MarketplaceAgentsResponse(
+        agents=[_convert_store_agent(a) for a in result.agents],
+        total_count=result.pagination.total_items,
+        page=result.pagination.current_page,
+        page_size=result.pagination.page_size,
+        total_pages=result.pagination.total_pages,
+    )
+
+
+@marketplace_router.get(
+    path="/agents/{username}/{agent_name}",
+    summary="Get agent details",
+    response_model=MarketplaceAgentDetails,
+)
+async def get_agent_details(
+    username: str = Path(description="Creator username"),
+    agent_name: str = Path(description="Agent slug/name"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_STORE)
+    ),
+) -> MarketplaceAgentDetails:
+    """
+    Get detailed information about a specific marketplace agent.
+    """
+    username = urllib.parse.unquote(username).lower()
+    agent_name = urllib.parse.unquote(agent_name).lower()
+
+    agent = await store_cache._get_cached_agent_details(
+        username=username, agent_name=agent_name
+    )
+
+    return _convert_store_agent_details(agent)
+
+
+@marketplace_router.get(
+    path="/creators",
+    summary="List marketplace creators",
+    response_model=MarketplaceCreatorsResponse,
+)
+async def list_creators(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_STORE)
+    ),
+    featured: bool = Query(
+        default=False, description="Filter to featured creators only"
+    ),
+    search_query: Optional[str] = Query(default=None, description="Search query"),
+    sorted_by: Optional[Literal["agent_rating", "agent_runs", "num_agents"]] = Query(
+        default=None, description="Sort field"
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> MarketplaceCreatorsResponse:
+    """
+    List creators on the marketplace.
+
+    Supports filtering by featured status and search query.
+    Results can be sorted by rating, runs, or number of agents.
+    """
+    result = await store_cache._get_cached_store_creators(
+        featured=featured,
+        search_query=search_query,
+        sorted_by=sorted_by,
+        page=page,
+        page_size=page_size,
+    )
+
+    return MarketplaceCreatorsResponse(
+        creators=[_convert_creator(c) for c in result.creators],
+        total_count=result.pagination.total_items,
+        page=result.pagination.current_page,
+        page_size=result.pagination.page_size,
+        total_pages=result.pagination.total_pages,
+    )
+
+
+@marketplace_router.get(
+    path="/creators/{username}",
+    summary="Get creator details",
+    response_model=MarketplaceCreatorDetails,
+)
+async def get_creator_details(
+    username: str = Path(description="Creator username"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_STORE)
+    ),
+) -> MarketplaceCreatorDetails:
+    """
+    Get detailed information about a specific marketplace creator.
+    """
+    username = urllib.parse.unquote(username).lower()
+
+    creator = await store_cache._get_cached_creator_details(username=username)
+
+    return _convert_creator_details(creator)
+
+
+# ============================================================================
+# Endpoints - Submissions (CRUD)
+# ============================================================================
+
+
+@marketplace_router.get(
+    path="/submissions",
+    summary="List my submissions",
+    response_model=SubmissionsListResponse,
+)
+async def list_submissions(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_STORE)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> SubmissionsListResponse:
+    """
+    List your marketplace submissions.
+
+    Returns all submissions you've created, including drafts, pending,
+    approved, and rejected submissions.
+    """
+    result = await store_db.get_store_submissions(
+        user_id=auth.user_id,
+        page=page,
+        page_size=page_size,
+    )
+
+    return SubmissionsListResponse(
+        submissions=[_convert_submission(s) for s in result.submissions],
+        total_count=result.pagination.total_items,
+        page=result.pagination.current_page,
+        page_size=result.pagination.page_size,
+        total_pages=result.pagination.total_pages,
+    )
+
+
+@marketplace_router.post(
+    path="/submissions",
+    summary="Create a submission",
+    response_model=MarketplaceSubmission,
+)
+async def create_submission(
+    request: CreateSubmissionRequest,
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_STORE)
+    ),
+) -> MarketplaceSubmission:
+    """
+    Create a new marketplace submission.
+
+    This submits an agent for review to be published in the marketplace.
+    The submission will be in PENDING status until reviewed by the team.
+    """
+    submission = await store_db.create_store_submission(
+        user_id=auth.user_id,
+        agent_id=request.graph_id,
+        agent_version=request.graph_version,
+        slug=request.slug,
+        name=request.name,
+        sub_heading=request.sub_heading,
+        description=request.description,
+        image_urls=request.image_urls,
+        video_url=request.video_url,
+        categories=request.categories,
+    )
+
+    return _convert_submission(submission)
+
+
+@marketplace_router.delete(
+    path="/submissions/{submission_id}",
+    summary="Delete a submission",
+)
+async def delete_submission(
+    submission_id: str = Path(description="Submission ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_STORE)
+    ),
+) -> None:
+    """
+    Delete a marketplace submission.
+
+    Only submissions in DRAFT status can be deleted.
+    """
+    success = await store_db.delete_store_submission(
+        user_id=auth.user_id,
+        submission_id=submission_id,
+    )
+
+    if not success:
+        raise HTTPException(
+            status_code=404, detail=f"Submission #{submission_id} not found"
+        )

autogpt_platform/backend/backend/api/external/v2/models.py

@@ -0,0 +1,552 @@
+"""
+V2 External API - Request and Response Models
+
+This module defines all request and response models for the v2 external API.
+All models are self-contained and specific to the external API contract.
+"""
+
+from datetime import datetime
+from typing import Any, Optional
+
+from pydantic import BaseModel, Field
+
+# ============================================================================
+# Common/Shared Models
+# ============================================================================
+
+
+class PaginatedResponse(BaseModel):
+    """Base class for paginated responses."""
+
+    total_count: int = Field(description="Total number of items across all pages")
+    page: int = Field(description="Current page number (1-indexed)")
+    page_size: int = Field(description="Number of items per page")
+    total_pages: int = Field(description="Total number of pages")
+
+
+# ============================================================================
+# Graph Models
+# ============================================================================
+
+
+class GraphLink(BaseModel):
+    """A link between two nodes in a graph."""
+
+    id: str
+    source_id: str = Field(description="ID of the source node")
+    sink_id: str = Field(description="ID of the target node")
+    source_name: str = Field(description="Output pin name on source node")
+    sink_name: str = Field(description="Input pin name on target node")
+    is_static: bool = Field(
+        default=False, description="Whether this link provides static data"
+    )
+
+
+class GraphNode(BaseModel):
+    """A node in an agent graph."""
+
+    id: str
+    block_id: str = Field(description="ID of the block type")
+    input_default: dict[str, Any] = Field(
+        default_factory=dict, description="Default input values"
+    )
+    metadata: dict[str, Any] = Field(
+        default_factory=dict, description="Node metadata (e.g., position)"
+    )
+
+
+class Graph(BaseModel):
+    """Graph definition for creating or updating an agent."""
+
+    id: Optional[str] = Field(default=None, description="Graph ID (assigned by server)")
+    version: int = Field(default=1, description="Graph version")
+    is_active: bool = Field(default=True, description="Whether this version is active")
+    name: str = Field(description="Graph name")
+    description: str = Field(default="", description="Graph description")
+    nodes: list[GraphNode] = Field(default_factory=list, description="List of nodes")
+    links: list[GraphLink] = Field(
+        default_factory=list, description="Links between nodes"
+    )
+
+
+class GraphMeta(BaseModel):
+    """Graph metadata (summary information)."""
+
+    id: str
+    version: int
+    is_active: bool
+    name: str
+    description: str
+    created_at: datetime
+    input_schema: dict[str, Any] = Field(description="Input schema for the graph")
+    output_schema: dict[str, Any] = Field(description="Output schema for the graph")
+
+
+class GraphDetails(GraphMeta):
+    """Full graph details including nodes and links."""
+
+    nodes: list[GraphNode]
+    links: list[GraphLink]
+    credentials_input_schema: dict[str, Any] = Field(
+        description="Schema for required credentials"
+    )
+
+
+class GraphSettings(BaseModel):
+    """Settings for a graph."""
+
+    human_in_the_loop_safe_mode: Optional[bool] = Field(
+        default=None, description="Enable safe mode for human-in-the-loop blocks"
+    )
+
+
+class CreateGraphRequest(BaseModel):
+    """Request to create a new graph."""
+
+    graph: Graph = Field(description="The graph definition")
+
+
+class SetActiveVersionRequest(BaseModel):
+    """Request to set the active graph version."""
+
+    active_graph_version: int = Field(description="Version number to set as active")
+
+
+class GraphsListResponse(PaginatedResponse):
+    """Response for listing graphs."""
+
+    graphs: list[GraphMeta]
+
+
+class DeleteGraphResponse(BaseModel):
+    """Response for deleting a graph."""
+
+    version_count: int = Field(description="Number of versions deleted")
+
+
+# ============================================================================
+# Schedule Models
+# ============================================================================
+
+
+class Schedule(BaseModel):
+    """An execution schedule for a graph."""
+
+    id: str
+    name: str
+    graph_id: str
+    graph_version: int
+    cron: str = Field(description="Cron expression for the schedule")
+    input_data: dict[str, Any] = Field(
+        default_factory=dict, description="Input data for scheduled executions"
+    )
+    is_enabled: bool = Field(default=True, description="Whether schedule is enabled")
+    next_run_time: Optional[datetime] = Field(
+        default=None, description="Next scheduled run time"
+    )
+
+
+class CreateScheduleRequest(BaseModel):
+    """Request to create a schedule."""
+
+    name: str = Field(description="Display name for the schedule")
+    cron: str = Field(description="Cron expression (e.g., '0 9 * * *' for 9am daily)")
+    input_data: dict[str, Any] = Field(
+        default_factory=dict, description="Input data for scheduled executions"
+    )
+    credentials_inputs: dict[str, Any] = Field(
+        default_factory=dict, description="Credentials for the schedule"
+    )
+    graph_version: Optional[int] = Field(
+        default=None, description="Graph version (default: active version)"
+    )
+    timezone: Optional[str] = Field(
+        default=None,
+        description="Timezone for schedule (e.g., 'America/New_York')",
+    )
+
+
+class SchedulesListResponse(PaginatedResponse):
+    """Response for listing schedules."""
+
+    schedules: list[Schedule]
+
+
+# ============================================================================
+# Block Models
+# ============================================================================
+
+
+class BlockCost(BaseModel):
+    """Cost information for a block."""
+
+    cost_type: str = Field(description="Type of cost (e.g., 'per_call', 'per_token')")
+    cost_filter: dict[str, Any] = Field(
+        default_factory=dict, description="Conditions for this cost"
+    )
+    cost_amount: int = Field(description="Cost amount in credits")
+
+
+class Block(BaseModel):
+    """A building block that can be used in graphs."""
+
+    id: str
+    name: str
+    description: str
+    categories: list[str] = Field(default_factory=list)
+    input_schema: dict[str, Any]
+    output_schema: dict[str, Any]
+    costs: list[BlockCost] = Field(default_factory=list)
+
+
+class BlocksListResponse(BaseModel):
+    """Response for listing blocks."""
+
+    blocks: list[Block]
+
+
+# ============================================================================
+# Marketplace Models
+# ============================================================================
+
+
+class MarketplaceAgent(BaseModel):
+    """An agent available in the marketplace."""
+
+    slug: str
+    agent_name: str
+    agent_image: str
+    creator: str
+    creator_avatar: str
+    sub_heading: str
+    description: str
+    runs: int = Field(default=0, description="Number of times this agent has been run")
+    rating: float = Field(default=0.0, description="Average rating")
+
+
+class MarketplaceAgentDetails(BaseModel):
+    """Detailed information about a marketplace agent."""
+
+    store_listing_version_id: str
+    slug: str
+    agent_name: str
+    agent_video: str
+    agent_output_demo: str
+    agent_image: list[str]
+    creator: str
+    creator_avatar: str
+    sub_heading: str
+    description: str
+    instructions: Optional[str] = None
+    categories: list[str]
+    runs: int
+    rating: float
+    versions: list[str]
+    agent_graph_versions: list[str]
+    agent_graph_id: str
+    last_updated: datetime
+    recommended_schedule_cron: Optional[str] = None
+
+
+class MarketplaceCreator(BaseModel):
+    """A creator on the marketplace."""
+
+    name: str
+    username: str
+    description: str
+    avatar_url: str
+    num_agents: int
+    agent_rating: float
+    agent_runs: int
+    is_featured: bool = False
+
+
+class MarketplaceAgentsResponse(PaginatedResponse):
+    """Response for listing marketplace agents."""
+
+    agents: list[MarketplaceAgent]
+
+
+class MarketplaceCreatorsResponse(PaginatedResponse):
+    """Response for listing marketplace creators."""
+
+    creators: list[MarketplaceCreator]
+
+
+# Submission models
+class MarketplaceSubmission(BaseModel):
+    """A marketplace submission."""
+
+    agent_id: str
+    agent_version: int
+    name: str
+    sub_heading: str
+    slug: str
+    description: str
+    instructions: Optional[str] = None
+    image_urls: list[str] = Field(default_factory=list)
+    date_submitted: datetime
+    status: str = Field(description="One of: DRAFT, PENDING, APPROVED, REJECTED")
+    runs: int
+    rating: float
+    store_listing_version_id: Optional[str] = None
+    version: Optional[int] = None
+
+    # Review fields
+    review_comments: Optional[str] = None
+    reviewed_at: Optional[datetime] = None
+
+    # Additional optional fields
+    video_url: Optional[str] = None
+    categories: list[str] = Field(default_factory=list)
+
+
+class CreateSubmissionRequest(BaseModel):
+    """Request to create a marketplace submission."""
+
+    agent_id: str = Field(description="ID of the graph to submit")
+    agent_version: int = Field(description="Version of the graph to submit")
+    name: str = Field(description="Display name for the agent")
+    slug: str = Field(description="URL-friendly identifier")
+    description: str = Field(description="Full description")
+    sub_heading: str = Field(description="Short tagline")
+    image_urls: list[str] = Field(default_factory=list)
+    video_url: Optional[str] = None
+    categories: list[str] = Field(default_factory=list)
+
+
+class UpdateSubmissionRequest(BaseModel):
+    """Request to update a marketplace submission."""
+
+    name: Optional[str] = None
+    description: Optional[str] = None
+    sub_heading: Optional[str] = None
+    image_urls: Optional[list[str]] = None
+    video_url: Optional[str] = None
+    categories: Optional[list[str]] = None
+
+
+class SubmissionsListResponse(PaginatedResponse):
+    """Response for listing submissions."""
+
+    submissions: list[MarketplaceSubmission]
+
+
+# ============================================================================
+# Library Models
+# ============================================================================
+
+
+class LibraryAgent(BaseModel):
+    """An agent in the user's library."""
+
+    id: str
+    graph_id: str
+    graph_version: int
+    name: str
+    description: str
+    is_favorite: bool = False
+    can_access_graph: bool = False
+    is_latest_version: bool = False
+    image_url: Optional[str] = None
+    creator_name: str
+    input_schema: dict[str, Any] = Field(description="Input schema for the agent")
+    output_schema: dict[str, Any] = Field(description="Output schema for the agent")
+    created_at: datetime
+    updated_at: datetime
+
+
+class LibraryAgentsResponse(PaginatedResponse):
+    """Response for listing library agents."""
+
+    agents: list[LibraryAgent]
+
+
+class ExecuteAgentRequest(BaseModel):
+    """Request to execute an agent."""
+
+    inputs: dict[str, Any] = Field(
+        default_factory=dict, description="Input values for the agent"
+    )
+    credentials_inputs: dict[str, Any] = Field(
+        default_factory=dict, description="Credentials for the agent"
+    )
+
+
+# ============================================================================
+# Run Models
+# ============================================================================
+
+
+class Run(BaseModel):
+    """An execution run."""
+
+    id: str
+    graph_id: str
+    graph_version: int
+    status: str = Field(
+        description="One of: INCOMPLETE, QUEUED, RUNNING, COMPLETED, TERMINATED, FAILED, REVIEW"
+    )
+    started_at: datetime
+    ended_at: Optional[datetime] = None
+    inputs: Optional[dict[str, Any]] = None
+    cost: int = Field(default=0, description="Cost in credits")
+    duration: float = Field(default=0, description="Duration in seconds")
+    node_count: int = Field(default=0, description="Number of nodes executed")
+
+
+class RunDetails(Run):
+    """Detailed information about a run including node executions."""
+
+    outputs: Optional[dict[str, list[Any]]] = None
+    node_executions: list[dict[str, Any]] = Field(
+        default_factory=list, description="Individual node execution results"
+    )
+
+
+class RunsListResponse(PaginatedResponse):
+    """Response for listing runs."""
+
+    runs: list[Run]
+
+
+# ============================================================================
+# Run Review Models (Human-in-the-loop)
+# ============================================================================
+
+
+class PendingReview(BaseModel):
+    """A pending human-in-the-loop review."""
+
+    id: str  # node_exec_id
+    run_id: str
+    graph_id: str
+    graph_version: int
+    payload: Any = Field(description="Data to be reviewed")
+    instructions: Optional[str] = Field(
+        default=None, description="Instructions for the reviewer"
+    )
+    editable: bool = Field(
+        default=True, description="Whether the reviewer can edit the data"
+    )
+    status: str = Field(description="One of: WAITING, APPROVED, REJECTED")
+    created_at: datetime
+
+
+class PendingReviewsResponse(PaginatedResponse):
+    """Response for listing pending reviews."""
+
+    reviews: list[PendingReview]
+
+
+class ReviewDecision(BaseModel):
+    """Decision for a single review item."""
+
+    node_exec_id: str = Field(description="Node execution ID (review ID)")
+    approved: bool = Field(description="Whether to approve the data")
+    edited_payload: Optional[Any] = Field(
+        default=None, description="Modified payload data (if editing)"
+    )
+    message: Optional[str] = Field(
+        default=None, description="Optional message from reviewer", max_length=2000
+    )
+
+
+class SubmitReviewsRequest(BaseModel):
+    """Request to submit review responses for all pending reviews of an execution."""
+
+    reviews: list[ReviewDecision] = Field(
+        description="All review decisions for the execution"
+    )
+
+
+class SubmitReviewsResponse(BaseModel):
+    """Response after submitting reviews."""
+
+    run_id: str
+    approved_count: int = Field(description="Number of reviews approved")
+    rejected_count: int = Field(description="Number of reviews rejected")
+
+
+# ============================================================================
+# Credit Models
+# ============================================================================
+
+
+class CreditBalance(BaseModel):
+    """User's credit balance."""
+
+    balance: int = Field(description="Current credit balance")
+
+
+class CreditTransaction(BaseModel):
+    """A credit transaction."""
+
+    transaction_key: str
+    amount: int
+    transaction_type: str = Field(description="Transaction type")
+    transaction_time: datetime
+    running_balance: int
+    description: Optional[str] = None
+
+
+class CreditTransactionsResponse(PaginatedResponse):
+    """Response for listing credit transactions."""
+
+    transactions: list[CreditTransaction]
+
+
+# ============================================================================
+# Integration Models
+# ============================================================================
+
+
+class Credential(BaseModel):
+    """A user's credential for an integration."""
+
+    id: str
+    provider: str = Field(description="Integration provider name")
+    title: Optional[str] = Field(
+        default=None, description="User-assigned title for this credential"
+    )
+    scopes: list[str] = Field(default_factory=list, description="Granted scopes")
+
+
+class CredentialsListResponse(BaseModel):
+    """Response for listing credentials."""
+
+    credentials: list[Credential]
+
+
+class CredentialRequirement(BaseModel):
+    """A credential requirement for a graph or agent."""
+
+    provider: str = Field(description="Required provider name")
+    required_scopes: list[str] = Field(
+        default_factory=list, description="Required scopes"
+    )
+    matching_credentials: list[Credential] = Field(
+        default_factory=list,
+        description="User's credentials that match this requirement",
+    )
+
+
+class CredentialRequirementsResponse(BaseModel):
+    """Response for listing credential requirements."""
+
+    requirements: list[CredentialRequirement]
+
+
+# ============================================================================
+# File Models
+# ============================================================================
+
+
+class UploadFileResponse(BaseModel):
+    """Response after uploading a file."""
+
+    file_uri: str = Field(description="URI to reference the uploaded file")
+    file_name: str
+    size: int = Field(description="File size in bytes")
+    content_type: str
+    expires_in_hours: int

autogpt_platform/backend/backend/api/external/v2/routes.py

@@ -0,0 +1,35 @@
+"""
+V2 External API Routes
+
+This module defines the main v2 router that aggregates all v2 API endpoints.
+"""
+
+from fastapi import APIRouter
+
+from .blocks import blocks_router
+from .credits import credits_router
+from .files import files_router
+from .graphs import graphs_router
+from .integrations import integrations_router
+from .library import library_router
+from .marketplace import marketplace_router
+from .runs import runs_router
+from .schedules import graph_schedules_router, schedules_router
+
+v2_router = APIRouter()
+
+# Include all sub-routers
+v2_router.include_router(graphs_router, prefix="/graphs", tags=["graphs"])
+v2_router.include_router(graph_schedules_router, prefix="/graphs", tags=["schedules"])
+v2_router.include_router(schedules_router, prefix="/schedules", tags=["schedules"])
+v2_router.include_router(blocks_router, prefix="/blocks", tags=["blocks"])
+v2_router.include_router(
+    marketplace_router, prefix="/marketplace", tags=["marketplace"]
+)
+v2_router.include_router(library_router, prefix="/library", tags=["library"])
+v2_router.include_router(runs_router, prefix="/runs", tags=["runs"])
+v2_router.include_router(credits_router, prefix="/credits", tags=["credits"])
+v2_router.include_router(
+    integrations_router, prefix="/integrations", tags=["integrations"]
+)
+v2_router.include_router(files_router, prefix="/files", tags=["files"])

autogpt_platform/backend/backend/api/external/v2/runs.py

@@ -0,0 +1,451 @@
+"""
+V2 External API - Runs Endpoints
+
+Provides access to execution runs and human-in-the-loop reviews.
+"""
+
+import logging
+from datetime import datetime
+from typing import Any, Optional
+
+from fastapi import APIRouter, HTTPException, Path, Query, Security
+from prisma.enums import APIKeyPermission, ReviewStatus
+from pydantic import BaseModel, Field
+
+from backend.api.external.middleware import require_permission
+from backend.api.features.executions.review.model import (
+    PendingHumanReviewModel,
+    SafeJsonData,
+)
+from backend.data import execution as execution_db
+from backend.data import human_review as review_db
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.executor import utils as execution_utils
+
+from .common import DEFAULT_PAGE_SIZE, MAX_PAGE_SIZE
+
+logger = logging.getLogger(__name__)
+
+runs_router = APIRouter()
+
+
+# ============================================================================
+# Models
+# ============================================================================
+
+
+class Run(BaseModel):
+    """An execution run."""
+
+    id: str
+    graph_id: str
+    graph_version: int
+    status: str = Field(
+        description="One of: INCOMPLETE, QUEUED, RUNNING, COMPLETED, TERMINATED, FAILED, REVIEW"
+    )
+    started_at: datetime
+    ended_at: Optional[datetime] = None
+    inputs: Optional[dict[str, Any]] = None
+    cost: int = Field(default=0, description="Cost in credits")
+    duration: float = Field(default=0, description="Duration in seconds")
+    node_count: int = Field(default=0, description="Number of nodes executed")
+
+
+class RunDetails(Run):
+    """Detailed information about a run including outputs and node executions."""
+
+    outputs: Optional[dict[str, list[Any]]] = None
+    node_executions: list[dict[str, Any]] = Field(
+        default_factory=list, description="Individual node execution results"
+    )
+
+
+class RunsListResponse(BaseModel):
+    """Response for listing runs."""
+
+    runs: list[Run]
+    total_count: int
+    page: int
+    page_size: int
+    total_pages: int
+
+
+class PendingReview(BaseModel):
+    """A pending human-in-the-loop review."""
+
+    id: str  # node_exec_id
+    run_id: str
+    graph_id: str
+    graph_version: int
+    payload: SafeJsonData = Field(description="Data to be reviewed")
+    instructions: Optional[str] = Field(
+        default=None, description="Instructions for the reviewer"
+    )
+    editable: bool = Field(
+        default=True, description="Whether the reviewer can edit the data"
+    )
+    status: str = Field(description="One of: WAITING, APPROVED, REJECTED")
+    created_at: datetime
+
+
+class PendingReviewsResponse(BaseModel):
+    """Response for listing pending reviews."""
+
+    reviews: list[PendingReview]
+    total_count: int
+    page: int
+    page_size: int
+    total_pages: int
+
+
+class ReviewDecision(BaseModel):
+    """Decision for a single review item."""
+
+    node_exec_id: str = Field(description="Node execution ID (review ID)")
+    approved: bool = Field(description="Whether to approve the data")
+    edited_payload: Optional[SafeJsonData] = Field(
+        default=None, description="Modified payload data (if editing)"
+    )
+    message: Optional[str] = Field(
+        default=None, description="Optional message from reviewer", max_length=2000
+    )
+
+
+class SubmitReviewsRequest(BaseModel):
+    """Request to submit review responses for all pending reviews of an execution."""
+
+    reviews: list[ReviewDecision] = Field(
+        description="All review decisions for the execution"
+    )
+
+
+class SubmitReviewsResponse(BaseModel):
+    """Response after submitting reviews."""
+
+    run_id: str
+    approved_count: int = Field(description="Number of reviews approved")
+    rejected_count: int = Field(description="Number of reviews rejected")
+
+
+# ============================================================================
+# Conversion Functions
+# ============================================================================
+
+
+def _convert_execution_to_run(exec: execution_db.GraphExecutionMeta) -> Run:
+    """Convert internal execution to v2 API Run model."""
+    return Run(
+        id=exec.id,
+        graph_id=exec.graph_id,
+        graph_version=exec.graph_version,
+        status=exec.status.value,
+        started_at=exec.started_at,
+        ended_at=exec.ended_at,
+        inputs=exec.inputs,
+        cost=exec.stats.cost if exec.stats else 0,
+        duration=exec.stats.duration if exec.stats else 0,
+        node_count=exec.stats.node_exec_count if exec.stats else 0,
+    )
+
+
+def _convert_execution_to_run_details(
+    exec: execution_db.GraphExecutionWithNodes,
+) -> RunDetails:
+    """Convert internal execution with nodes to v2 API RunDetails model."""
+    return RunDetails(
+        id=exec.id,
+        graph_id=exec.graph_id,
+        graph_version=exec.graph_version,
+        status=exec.status.value,
+        started_at=exec.started_at,
+        ended_at=exec.ended_at,
+        inputs=exec.inputs,
+        outputs=exec.outputs,
+        cost=exec.stats.cost if exec.stats else 0,
+        duration=exec.stats.duration if exec.stats else 0,
+        node_count=exec.stats.node_exec_count if exec.stats else 0,
+        node_executions=[
+            {
+                "node_id": node.node_id,
+                "status": node.status.value,
+                "input_data": node.input_data,
+                "output_data": node.output_data,
+                "started_at": node.start_time,
+                "ended_at": node.end_time,
+            }
+            for node in exec.node_executions
+        ],
+    )
+
+
+def _convert_pending_review(review: PendingHumanReviewModel) -> PendingReview:
+    """Convert internal PendingHumanReviewModel to v2 API PendingReview model."""
+    return PendingReview(
+        id=review.node_exec_id,
+        run_id=review.graph_exec_id,
+        graph_id=review.graph_id,
+        graph_version=review.graph_version,
+        payload=review.payload,
+        instructions=review.instructions,
+        editable=review.editable,
+        status=review.status.value,
+        created_at=review.created_at,
+    )
+
+
+# ============================================================================
+# Endpoints - Runs
+# ============================================================================
+
+
+@runs_router.get(
+    path="",
+    summary="List all runs",
+    response_model=RunsListResponse,
+)
+async def list_runs(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_RUN)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> RunsListResponse:
+    """
+    List all execution runs for the authenticated user.
+
+    Returns runs across all agents, sorted by most recent first.
+    """
+    result = await execution_db.get_graph_executions_paginated(
+        user_id=auth.user_id,
+        page=page,
+        page_size=page_size,
+    )
+
+    return RunsListResponse(
+        runs=[_convert_execution_to_run(e) for e in result.executions],
+        total_count=result.pagination.total_items,
+        page=result.pagination.current_page,
+        page_size=result.pagination.page_size,
+        total_pages=result.pagination.total_pages,
+    )
+
+
+@runs_router.get(
+    path="/{run_id}",
+    summary="Get run details",
+    response_model=RunDetails,
+)
+async def get_run(
+    run_id: str = Path(description="Run ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_RUN)
+    ),
+) -> RunDetails:
+    """
+    Get detailed information about a specific run.
+
+    Includes outputs and individual node execution results.
+    """
+    result = await execution_db.get_graph_execution(
+        user_id=auth.user_id,
+        execution_id=run_id,
+        include_node_executions=True,
+    )
+
+    if not result:
+        raise HTTPException(status_code=404, detail=f"Run #{run_id} not found")
+
+    return _convert_execution_to_run_details(result)
+
+
+@runs_router.post(
+    path="/{run_id}/stop",
+    summary="Stop a run",
+)
+async def stop_run(
+    run_id: str = Path(description="Run ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_RUN)
+    ),
+) -> Run:
+    """
+    Stop a running execution.
+
+    Only runs in QUEUED or RUNNING status can be stopped.
+    """
+    # Verify the run exists and belongs to the user
+    exec = await execution_db.get_graph_execution(
+        user_id=auth.user_id,
+        execution_id=run_id,
+    )
+    if not exec:
+        raise HTTPException(status_code=404, detail=f"Run #{run_id} not found")
+
+    # Stop the execution
+    await execution_utils.stop_graph_execution(
+        graph_exec_id=run_id,
+        user_id=auth.user_id,
+    )
+
+    # Fetch updated execution
+    updated_exec = await execution_db.get_graph_execution(
+        user_id=auth.user_id,
+        execution_id=run_id,
+    )
+
+    if not updated_exec:
+        raise HTTPException(status_code=404, detail=f"Run #{run_id} not found")
+
+    return _convert_execution_to_run(updated_exec)
+
+
+@runs_router.delete(
+    path="/{run_id}",
+    summary="Delete a run",
+)
+async def delete_run(
+    run_id: str = Path(description="Run ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_RUN)
+    ),
+) -> None:
+    """
+    Delete an execution run.
+
+    This marks the run as deleted. The data may still be retained for
+    some time for recovery purposes.
+    """
+    await execution_db.delete_graph_execution(
+        graph_exec_id=run_id,
+        user_id=auth.user_id,
+    )
+
+
+# ============================================================================
+# Endpoints - Reviews (Human-in-the-loop)
+# ============================================================================
+
+
+@runs_router.get(
+    path="/reviews",
+    summary="List all pending reviews",
+    response_model=PendingReviewsResponse,
+)
+async def list_pending_reviews(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_RUN_REVIEW)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> PendingReviewsResponse:
+    """
+    List all pending human-in-the-loop reviews.
+
+    These are blocks that require human approval or input before the
+    agent can continue execution.
+    """
+    reviews = await review_db.get_pending_reviews_for_user(
+        user_id=auth.user_id,
+        page=page,
+        page_size=page_size,
+    )
+
+    # Note: get_pending_reviews_for_user returns list directly, not a paginated result
+    # We compute pagination info based on results
+    total_count = len(reviews)
+    total_pages = max(1, (total_count + page_size - 1) // page_size)
+
+    return PendingReviewsResponse(
+        reviews=[_convert_pending_review(r) for r in reviews],
+        total_count=total_count,
+        page=page,
+        page_size=page_size,
+        total_pages=total_pages,
+    )
+
+
+@runs_router.get(
+    path="/{run_id}/reviews",
+    summary="List reviews for a run",
+    response_model=list[PendingReview],
+)
+async def list_run_reviews(
+    run_id: str = Path(description="Run ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_RUN_REVIEW)
+    ),
+) -> list[PendingReview]:
+    """
+    List all human-in-the-loop reviews for a specific run.
+    """
+    reviews = await review_db.get_pending_reviews_for_execution(
+        graph_exec_id=run_id,
+        user_id=auth.user_id,
+    )
+
+    return [_convert_pending_review(r) for r in reviews]
+
+
+@runs_router.post(
+    path="/{run_id}/reviews",
+    summary="Submit review responses for a run",
+    response_model=SubmitReviewsResponse,
+)
+async def submit_reviews(
+    request: SubmitReviewsRequest,
+    run_id: str = Path(description="Run ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_RUN_REVIEW)
+    ),
+) -> SubmitReviewsResponse:
+    """
+    Submit responses to all pending human-in-the-loop reviews for a run.
+
+    All pending reviews for the execution must be included. Approving
+    a review will allow the agent to continue; rejecting will terminate
+    execution at that point.
+    """
+    # Build review decisions dict for process_all_reviews_for_execution
+    review_decisions: dict[
+        str, tuple[ReviewStatus, SafeJsonData | None, str | None]
+    ] = {}
+
+    for decision in request.reviews:
+        status = ReviewStatus.APPROVED if decision.approved else ReviewStatus.REJECTED
+        review_decisions[decision.node_exec_id] = (
+            status,
+            decision.edited_payload,
+            decision.message,
+        )
+
+    try:
+        results = await review_db.process_all_reviews_for_execution(
+            user_id=auth.user_id,
+            review_decisions=review_decisions,
+        )
+
+        approved_count = sum(
+            1 for r in results.values() if r.status == ReviewStatus.APPROVED
+        )
+        rejected_count = sum(
+            1 for r in results.values() if r.status == ReviewStatus.REJECTED
+        )
+
+        return SubmitReviewsResponse(
+            run_id=run_id,
+            approved_count=approved_count,
+            rejected_count=rejected_count,
+        )
+
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))

autogpt_platform/backend/backend/api/external/v2/schedules.py

@@ -0,0 +1,250 @@
+"""
+V2 External API - Schedules Endpoints
+
+Provides endpoints for managing execution schedules.
+"""
+
+import logging
+from datetime import datetime
+from typing import Any, Optional
+
+from fastapi import APIRouter, HTTPException, Path, Query, Security
+from prisma.enums import APIKeyPermission
+from pydantic import BaseModel, Field
+
+from backend.api.external.middleware import require_permission
+from backend.data import graph as graph_db
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.user import get_user_by_id
+from backend.executor import scheduler
+from backend.util.clients import get_scheduler_client
+from backend.util.timezone_utils import get_user_timezone_or_utc
+
+from .common import DEFAULT_PAGE_SIZE, MAX_PAGE_SIZE
+
+logger = logging.getLogger(__name__)
+
+schedules_router = APIRouter()
+
+
+# ============================================================================
+# Request/Response Models
+# ============================================================================
+
+
+class Schedule(BaseModel):
+    """An execution schedule for a graph."""
+
+    id: str
+    name: str
+    graph_id: str
+    graph_version: int
+    cron: str = Field(description="Cron expression for the schedule")
+    input_data: dict[str, Any] = Field(
+        default_factory=dict, description="Input data for scheduled executions"
+    )
+    next_run_time: Optional[datetime] = Field(
+        default=None, description="Next scheduled run time"
+    )
+    is_enabled: bool = Field(default=True, description="Whether schedule is enabled")
+
+
+class SchedulesListResponse(BaseModel):
+    """Response for listing schedules."""
+
+    schedules: list[Schedule]
+    total_count: int
+    page: int
+    page_size: int
+    total_pages: int
+
+
+class CreateScheduleRequest(BaseModel):
+    """Request to create a schedule."""
+
+    name: str = Field(description="Display name for the schedule")
+    cron: str = Field(description="Cron expression (e.g., '0 9 * * *' for 9am daily)")
+    input_data: dict[str, Any] = Field(
+        default_factory=dict, description="Input data for scheduled executions"
+    )
+    credentials_inputs: dict[str, Any] = Field(
+        default_factory=dict, description="Credentials for the schedule"
+    )
+    graph_version: Optional[int] = Field(
+        default=None, description="Graph version (default: active version)"
+    )
+    timezone: Optional[str] = Field(
+        default=None,
+        description=(
+            "Timezone for schedule (e.g., 'America/New_York'). "
+            "Defaults to user's timezone."
+        ),
+    )
+
+
+def _convert_schedule(job: scheduler.GraphExecutionJobInfo) -> Schedule:
+    """Convert internal schedule job info to v2 API model."""
+    # Parse the ISO format string to datetime
+    next_run = datetime.fromisoformat(job.next_run_time) if job.next_run_time else None
+
+    return Schedule(
+        id=job.id,
+        name=job.name or "",
+        graph_id=job.graph_id,
+        graph_version=job.graph_version,
+        cron=job.cron,
+        input_data=job.input_data,
+        next_run_time=next_run,
+        is_enabled=True,  # All returned schedules are enabled
+    )
+
+
+# ============================================================================
+# Endpoints
+# ============================================================================
+
+
+@schedules_router.get(
+    path="",
+    summary="List all user schedules",
+    response_model=SchedulesListResponse,
+)
+async def list_all_schedules(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_SCHEDULE)
+    ),
+    page: int = Query(default=1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(
+        default=DEFAULT_PAGE_SIZE,
+        ge=1,
+        le=MAX_PAGE_SIZE,
+        description=f"Items per page (max {MAX_PAGE_SIZE})",
+    ),
+) -> SchedulesListResponse:
+    """
+    List all schedules for the authenticated user across all graphs.
+    """
+    schedules = await get_scheduler_client().get_execution_schedules(
+        user_id=auth.user_id
+    )
+    converted = [_convert_schedule(s) for s in schedules]
+
+    # Manual pagination (scheduler doesn't support pagination natively)
+    total_count = len(converted)
+    total_pages = (total_count + page_size - 1) // page_size if total_count > 0 else 1
+    start = (page - 1) * page_size
+    end = start + page_size
+    paginated = converted[start:end]
+
+    return SchedulesListResponse(
+        schedules=paginated,
+        total_count=total_count,
+        page=page,
+        page_size=page_size,
+        total_pages=total_pages,
+    )
+
+
+@schedules_router.delete(
+    path="/{schedule_id}",
+    summary="Delete a schedule",
+)
+async def delete_schedule(
+    schedule_id: str = Path(description="Schedule ID to delete"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_SCHEDULE)
+    ),
+) -> None:
+    """
+    Delete an execution schedule.
+    """
+    try:
+        await get_scheduler_client().delete_schedule(
+            schedule_id=schedule_id,
+            user_id=auth.user_id,
+        )
+    except Exception as e:
+        if "not found" in str(e).lower():
+            raise HTTPException(
+                status_code=404, detail=f"Schedule #{schedule_id} not found"
+            )
+        raise
+
+
+# ============================================================================
+# Graph-specific Schedule Endpoints (nested under /graphs)
+# These are included in the graphs router via include_router
+# ============================================================================
+
+graph_schedules_router = APIRouter()
+
+
+@graph_schedules_router.get(
+    path="/{graph_id}/schedules",
+    summary="List schedules for a graph",
+    response_model=list[Schedule],
+)
+async def list_graph_schedules(
+    graph_id: str = Path(description="Graph ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_SCHEDULE)
+    ),
+) -> list[Schedule]:
+    """
+    List all schedules for a specific graph.
+    """
+    schedules = await get_scheduler_client().get_execution_schedules(
+        user_id=auth.user_id,
+        graph_id=graph_id,
+    )
+    return [_convert_schedule(s) for s in schedules]
+
+
+@graph_schedules_router.post(
+    path="/{graph_id}/schedules",
+    summary="Create a schedule for a graph",
+    response_model=Schedule,
+)
+async def create_graph_schedule(
+    request: CreateScheduleRequest,
+    graph_id: str = Path(description="Graph ID"),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.WRITE_SCHEDULE)
+    ),
+) -> Schedule:
+    """
+    Create a new execution schedule for a graph.
+
+    The schedule will execute the graph at times matching the cron expression,
+    using the provided input data.
+    """
+    graph = await graph_db.get_graph(
+        graph_id=graph_id,
+        version=request.graph_version,
+        user_id=auth.user_id,
+    )
+    if not graph:
+        raise HTTPException(
+            status_code=404,
+            detail=f"Graph #{graph_id} v{request.graph_version} not found.",
+        )
+
+    # Determine timezone
+    if request.timezone:
+        user_timezone = request.timezone
+    else:
+        user = await get_user_by_id(auth.user_id)
+        user_timezone = get_user_timezone_or_utc(user.timezone if user else None)
+
+    result = await get_scheduler_client().add_execution_schedule(
+        user_id=auth.user_id,
+        graph_id=graph_id,
+        graph_version=graph.version,
+        name=request.name,
+        cron=request.cron,
+        input_data=request.input_data,
+        input_credentials=request.credentials_inputs,
+        user_timezone=user_timezone,
+    )
+
+    return _convert_schedule(result)

autogpt_platform/backend/backend/api/features/admin/credit_admin_routes.py

@@ -6,9 +6,10 @@ from fastapi import APIRouter, Body, Security
 from prisma.enums import CreditTransactionType
 
 from backend.data.credit import admin_get_user_history, get_user_credit_model
-from backend.server.v2.admin.model import AddUserCreditsResponse, UserHistoryResponse
 from backend.util.json import SafeJson
 
+from .model import AddUserCreditsResponse, UserHistoryResponse
+
 logger = logging.getLogger(__name__)
 
 

autogpt_platform/backend/backend/api/features/admin/credit_admin_routes_test.py

@@ -9,14 +9,15 @@ import pytest_mock
 from autogpt_libs.auth.jwt_utils import get_jwt_payload
 from pytest_snapshot.plugin import Snapshot
 
-import backend.server.v2.admin.credit_admin_routes as credit_admin_routes
-import backend.server.v2.admin.model as admin_model
 from backend.data.model import UserTransaction
 from backend.util.json import SafeJson
 from backend.util.models import Pagination
 
+from .credit_admin_routes import router as credit_admin_router
+from .model import UserHistoryResponse
+
 app = fastapi.FastAPI()
-app.include_router(credit_admin_routes.router)
+app.include_router(credit_admin_router)
 
 client = fastapi.testclient.TestClient(app)
 
@@ -30,7 +31,7 @@ def setup_app_admin_auth(mock_jwt_admin):
 
 
 def test_add_user_credits_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     configured_snapshot: Snapshot,
     admin_user_id: str,
     target_user_id: str,
@@ -42,7 +43,7 @@ def test_add_user_credits_success(
         return_value=(1500, "transaction-123-uuid")
     )
     mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.get_user_credit_model",
+        "backend.api.features.admin.credit_admin_routes.get_user_credit_model",
         return_value=mock_credit_model,
     )
 
@@ -84,7 +85,7 @@ def test_add_user_credits_success(
 
 
 def test_add_user_credits_negative_amount(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     snapshot: Snapshot,
 ) -> None:
     """Test credit deduction by admin (negative amount)"""
@@ -94,7 +95,7 @@ def test_add_user_credits_negative_amount(
         return_value=(200, "transaction-456-uuid")
     )
     mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.get_user_credit_model",
+        "backend.api.features.admin.credit_admin_routes.get_user_credit_model",
         return_value=mock_credit_model,
     )
 
@@ -119,12 +120,12 @@ def test_add_user_credits_negative_amount(
 
 
 def test_get_user_history_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     snapshot: Snapshot,
 ) -> None:
     """Test successful retrieval of user credit history"""
     # Mock the admin_get_user_history function
-    mock_history_response = admin_model.UserHistoryResponse(
+    mock_history_response = UserHistoryResponse(
         history=[
             UserTransaction(
                 user_id="user-1",
@@ -150,7 +151,7 @@ def test_get_user_history_success(
     )
 
     mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.admin_get_user_history",
+        "backend.api.features.admin.credit_admin_routes.admin_get_user_history",
         return_value=mock_history_response,
     )
 
@@ -170,12 +171,12 @@ def test_get_user_history_success(
 
 
 def test_get_user_history_with_filters(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     snapshot: Snapshot,
 ) -> None:
     """Test user credit history with search and filter parameters"""
     # Mock the admin_get_user_history function
-    mock_history_response = admin_model.UserHistoryResponse(
+    mock_history_response = UserHistoryResponse(
         history=[
             UserTransaction(
                 user_id="user-3",
@@ -194,7 +195,7 @@ def test_get_user_history_with_filters(
     )
 
     mock_get_history = mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.admin_get_user_history",
+        "backend.api.features.admin.credit_admin_routes.admin_get_user_history",
         return_value=mock_history_response,
     )
 
@@ -230,12 +231,12 @@ def test_get_user_history_with_filters(
 
 
 def test_get_user_history_empty_results(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     snapshot: Snapshot,
 ) -> None:
     """Test user credit history with no results"""
     # Mock empty history response
-    mock_history_response = admin_model.UserHistoryResponse(
+    mock_history_response = UserHistoryResponse(
         history=[],
         pagination=Pagination(
             total_items=0,
@@ -246,7 +247,7 @@ def test_get_user_history_empty_results(
     )
 
     mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.admin_get_user_history",
+        "backend.api.features.admin.credit_admin_routes.admin_get_user_history",
         return_value=mock_history_response,
     )
 

autogpt_platform/backend/backend/api/features/admin/store_admin_routes.py

@@ -7,9 +7,9 @@ import fastapi
 import fastapi.responses
 import prisma.enums
 
-import backend.server.v2.store.cache as store_cache
-import backend.server.v2.store.db
-import backend.server.v2.store.model
+import backend.api.features.store.cache as store_cache
+import backend.api.features.store.db as store_db
+import backend.api.features.store.model as store_model
 import backend.util.json
 
 logger = logging.getLogger(__name__)
@@ -24,7 +24,7 @@ router = fastapi.APIRouter(
 @router.get(
     "/listings",
     summary="Get Admin Listings History",
-    response_model=backend.server.v2.store.model.StoreListingsWithVersionsResponse,
+    response_model=store_model.StoreListingsWithVersionsResponse,
 )
 async def get_admin_listings_with_versions(
     status: typing.Optional[prisma.enums.SubmissionStatus] = None,
@@ -48,7 +48,7 @@ async def get_admin_listings_with_versions(
         StoreListingsWithVersionsResponse with listings and their versions
     """
     try:
-        listings = await backend.server.v2.store.db.get_admin_listings_with_versions(
+        listings = await store_db.get_admin_listings_with_versions(
             status=status,
             search_query=search,
             page=page,
@@ -68,11 +68,11 @@ async def get_admin_listings_with_versions(
 @router.post(
     "/submissions/{store_listing_version_id}/review",
     summary="Review Store Submission",
-    response_model=backend.server.v2.store.model.StoreSubmission,
+    response_model=store_model.StoreSubmission,
 )
 async def review_submission(
     store_listing_version_id: str,
-    request: backend.server.v2.store.model.ReviewSubmissionRequest,
+    request: store_model.ReviewSubmissionRequest,
     user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
 ):
     """
@@ -87,12 +87,10 @@ async def review_submission(
         StoreSubmission with updated review information
     """
     try:
-        already_approved = (
-            await backend.server.v2.store.db.check_submission_already_approved(
-                store_listing_version_id=store_listing_version_id,
-            )
+        already_approved = await store_db.check_submission_already_approved(
+            store_listing_version_id=store_listing_version_id,
         )
-        submission = await backend.server.v2.store.db.review_store_submission(
+        submission = await store_db.review_store_submission(
             store_listing_version_id=store_listing_version_id,
             is_approved=request.is_approved,
             external_comments=request.comments,
@@ -136,7 +134,7 @@ async def admin_download_agent_file(
     Raises:
         HTTPException: If the agent is not found or an unexpected error occurs.
     """
-    graph_data = await backend.server.v2.store.db.get_agent_as_admin(
+    graph_data = await store_db.get_agent_as_admin(
         user_id=user_id,
         store_listing_version_id=store_listing_version_id,
     )

autogpt_platform/backend/backend/api/features/analytics.py

@@ -6,10 +6,11 @@ from typing import Annotated
 import fastapi
 import pydantic
 from autogpt_libs.auth import get_user_id
+from autogpt_libs.auth.dependencies import requires_user
 
 import backend.data.analytics
 
-router = fastapi.APIRouter()
+router = fastapi.APIRouter(dependencies=[fastapi.Security(requires_user)])
 logger = logging.getLogger(__name__)
 
 

autogpt_platform/backend/backend/api/features/analytics_test.py

@@ -0,0 +1,340 @@
+"""Tests for analytics API endpoints."""
+
+import json
+from unittest.mock import AsyncMock, Mock
+
+import fastapi
+import fastapi.testclient
+import pytest
+import pytest_mock
+from pytest_snapshot.plugin import Snapshot
+
+from .analytics import router as analytics_router
+
+app = fastapi.FastAPI()
+app.include_router(analytics_router)
+
+client = fastapi.testclient.TestClient(app)
+
+
+@pytest.fixture(autouse=True)
+def setup_app_auth(mock_jwt_user):
+    """Setup auth overrides for all tests in this module."""
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    app.dependency_overrides[get_jwt_payload] = mock_jwt_user["get_jwt_payload"]
+    yield
+    app.dependency_overrides.clear()
+
+
+# =============================================================================
+# /log_raw_metric endpoint tests
+# =============================================================================
+
+
+def test_log_raw_metric_success(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    test_user_id: str,
+) -> None:
+    """Test successful raw metric logging."""
+    mock_result = Mock(id="metric-123-uuid")
+    mock_log_metric = mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "metric_name": "page_load_time",
+        "metric_value": 2.5,
+        "data_string": "/dashboard",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    assert response.status_code == 200, f"Unexpected response: {response.text}"
+    assert response.json() == "metric-123-uuid"
+
+    mock_log_metric.assert_called_once_with(
+        user_id=test_user_id,
+        metric_name="page_load_time",
+        metric_value=2.5,
+        data_string="/dashboard",
+    )
+
+    configured_snapshot.assert_match(
+        json.dumps({"metric_id": response.json()}, indent=2, sort_keys=True),
+        "analytics_log_metric_success",
+    )
+
+
+@pytest.mark.parametrize(
+    "metric_value,metric_name,data_string,test_id",
+    [
+        (100, "api_calls_count", "external_api", "integer_value"),
+        (0, "error_count", "no_errors", "zero_value"),
+        (-5.2, "temperature_delta", "cooling", "negative_value"),
+        (1.23456789, "precision_test", "float_precision", "float_precision"),
+        (999999999, "large_number", "max_value", "large_number"),
+        (0.0000001, "tiny_number", "min_value", "tiny_number"),
+    ],
+)
+def test_log_raw_metric_various_values(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    metric_value: float,
+    metric_name: str,
+    data_string: str,
+    test_id: str,
+) -> None:
+    """Test raw metric logging with various metric values."""
+    mock_result = Mock(id=f"metric-{test_id}-uuid")
+    mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "metric_name": metric_name,
+        "metric_value": metric_value,
+        "data_string": data_string,
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    assert response.status_code == 200, f"Failed for {test_id}: {response.text}"
+
+    configured_snapshot.assert_match(
+        json.dumps(
+            {"metric_id": response.json(), "test_case": test_id},
+            indent=2,
+            sort_keys=True,
+        ),
+        f"analytics_metric_{test_id}",
+    )
+
+
+@pytest.mark.parametrize(
+    "invalid_data,expected_error",
+    [
+        ({}, "Field required"),
+        ({"metric_name": "test"}, "Field required"),
+        (
+            {"metric_name": "test", "metric_value": "not_a_number", "data_string": "x"},
+            "Input should be a valid number",
+        ),
+        (
+            {"metric_name": "", "metric_value": 1.0, "data_string": "test"},
+            "String should have at least 1 character",
+        ),
+        (
+            {"metric_name": "test", "metric_value": 1.0, "data_string": ""},
+            "String should have at least 1 character",
+        ),
+    ],
+    ids=[
+        "empty_request",
+        "missing_metric_value_and_data_string",
+        "invalid_metric_value_type",
+        "empty_metric_name",
+        "empty_data_string",
+    ],
+)
+def test_log_raw_metric_validation_errors(
+    invalid_data: dict,
+    expected_error: str,
+) -> None:
+    """Test validation errors for invalid metric requests."""
+    response = client.post("/log_raw_metric", json=invalid_data)
+
+    assert response.status_code == 422
+    error_detail = response.json()
+    assert "detail" in error_detail, f"Missing 'detail' in error: {error_detail}"
+
+    error_text = json.dumps(error_detail)
+    assert (
+        expected_error in error_text
+    ), f"Expected '{expected_error}' in error response: {error_text}"
+
+
+def test_log_raw_metric_service_error(
+    mocker: pytest_mock.MockFixture,
+    test_user_id: str,
+) -> None:
+    """Test error handling when analytics service fails."""
+    mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        side_effect=Exception("Database connection failed"),
+    )
+
+    request_data = {
+        "metric_name": "test_metric",
+        "metric_value": 1.0,
+        "data_string": "test",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    assert response.status_code == 500
+    error_detail = response.json()["detail"]
+    assert "Database connection failed" in error_detail["message"]
+    assert "hint" in error_detail
+
+
+# =============================================================================
+# /log_raw_analytics endpoint tests
+# =============================================================================
+
+
+def test_log_raw_analytics_success(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    test_user_id: str,
+) -> None:
+    """Test successful raw analytics logging."""
+    mock_result = Mock(id="analytics-789-uuid")
+    mock_log_analytics = mocker.patch(
+        "backend.data.analytics.log_raw_analytics",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "type": "user_action",
+        "data": {
+            "action": "button_click",
+            "button_id": "submit_form",
+            "timestamp": "2023-01-01T00:00:00Z",
+            "metadata": {"form_type": "registration", "fields_filled": 5},
+        },
+        "data_index": "button_click_submit_form",
+    }
+
+    response = client.post("/log_raw_analytics", json=request_data)
+
+    assert response.status_code == 200, f"Unexpected response: {response.text}"
+    assert response.json() == "analytics-789-uuid"
+
+    mock_log_analytics.assert_called_once_with(
+        test_user_id,
+        "user_action",
+        request_data["data"],
+        "button_click_submit_form",
+    )
+
+    configured_snapshot.assert_match(
+        json.dumps({"analytics_id": response.json()}, indent=2, sort_keys=True),
+        "analytics_log_analytics_success",
+    )
+
+
+def test_log_raw_analytics_complex_data(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+) -> None:
+    """Test raw analytics logging with complex nested data structures."""
+    mock_result = Mock(id="analytics-complex-uuid")
+    mocker.patch(
+        "backend.data.analytics.log_raw_analytics",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "type": "agent_execution",
+        "data": {
+            "agent_id": "agent_123",
+            "execution_id": "exec_456",
+            "status": "completed",
+            "duration_ms": 3500,
+            "nodes_executed": 15,
+            "blocks_used": [
+                {"block_id": "llm_block", "count": 3},
+                {"block_id": "http_block", "count": 5},
+                {"block_id": "code_block", "count": 2},
+            ],
+            "errors": [],
+            "metadata": {
+                "trigger": "manual",
+                "user_tier": "premium",
+                "environment": "production",
+            },
+        },
+        "data_index": "agent_123_exec_456",
+    }
+
+    response = client.post("/log_raw_analytics", json=request_data)
+
+    assert response.status_code == 200
+
+    configured_snapshot.assert_match(
+        json.dumps(
+            {"analytics_id": response.json(), "logged_data": request_data["data"]},
+            indent=2,
+            sort_keys=True,
+        ),
+        "analytics_log_analytics_complex_data",
+    )
+
+
+@pytest.mark.parametrize(
+    "invalid_data,expected_error",
+    [
+        ({}, "Field required"),
+        ({"type": "test"}, "Field required"),
+        (
+            {"type": "test", "data": "not_a_dict", "data_index": "test"},
+            "Input should be a valid dictionary",
+        ),
+        ({"type": "test", "data": {"key": "value"}}, "Field required"),
+    ],
+    ids=[
+        "empty_request",
+        "missing_data_and_data_index",
+        "invalid_data_type",
+        "missing_data_index",
+    ],
+)
+def test_log_raw_analytics_validation_errors(
+    invalid_data: dict,
+    expected_error: str,
+) -> None:
+    """Test validation errors for invalid analytics requests."""
+    response = client.post("/log_raw_analytics", json=invalid_data)
+
+    assert response.status_code == 422
+    error_detail = response.json()
+    assert "detail" in error_detail, f"Missing 'detail' in error: {error_detail}"
+
+    error_text = json.dumps(error_detail)
+    assert (
+        expected_error in error_text
+    ), f"Expected '{expected_error}' in error response: {error_text}"
+
+
+def test_log_raw_analytics_service_error(
+    mocker: pytest_mock.MockFixture,
+    test_user_id: str,
+) -> None:
+    """Test error handling when analytics service fails."""
+    mocker.patch(
+        "backend.data.analytics.log_raw_analytics",
+        new_callable=AsyncMock,
+        side_effect=Exception("Analytics DB unreachable"),
+    )
+
+    request_data = {
+        "type": "test_event",
+        "data": {"key": "value"},
+        "data_index": "test_index",
+    }
+
+    response = client.post("/log_raw_analytics", json=request_data)
+
+    assert response.status_code == 500
+    error_detail = response.json()["detail"]
+    assert "Analytics DB unreachable" in error_detail["message"]
+    assert "hint" in error_detail

autogpt_platform/backend/backend/api/features/builder/db.py

@@ -6,17 +6,20 @@ from typing import Sequence
 
 import prisma
 
+import backend.api.features.library.db as library_db
+import backend.api.features.library.model as library_model
+import backend.api.features.store.db as store_db
+import backend.api.features.store.model as store_model
 import backend.data.block
-import backend.server.v2.library.db as library_db
-import backend.server.v2.library.model as library_model
-import backend.server.v2.store.db as store_db
-import backend.server.v2.store.model as store_model
 from backend.blocks import load_all_blocks
 from backend.blocks.llm import LlmModel
 from backend.data.block import AnyBlockSchema, BlockCategory, BlockInfo, BlockSchema
 from backend.data.db import query_raw_with_schema
 from backend.integrations.providers import ProviderName
-from backend.server.v2.builder.model import (
+from backend.util.cache import cached
+from backend.util.models import Pagination
+
+from .model import (
     BlockCategoryResponse,
     BlockResponse,
     BlockType,
@@ -26,8 +29,6 @@ from backend.server.v2.builder.model import (
     ProviderResponse,
     SearchEntry,
 )
-from backend.util.cache import cached
-from backend.util.models import Pagination
 
 logger = logging.getLogger(__name__)
 llm_models = [name.name.lower().replace("_", " ") for name in LlmModel]

autogpt_platform/backend/backend/api/features/builder/model.py

@@ -2,8 +2,8 @@ from typing import Literal
 
 from pydantic import BaseModel
 
-import backend.server.v2.library.model as library_model
-import backend.server.v2.store.model as store_model
+import backend.api.features.library.model as library_model
+import backend.api.features.store.model as store_model
 from backend.data.block import BlockInfo
 from backend.integrations.providers import ProviderName
 from backend.util.models import Pagination

autogpt_platform/backend/backend/api/features/builder/routes.py

@@ -4,11 +4,12 @@ from typing import Annotated, Sequence
 import fastapi
 from autogpt_libs.auth.dependencies import get_user_id, requires_user
 
-import backend.server.v2.builder.db as builder_db
-import backend.server.v2.builder.model as builder_model
 from backend.integrations.providers import ProviderName
 from backend.util.models import Pagination
 
+from . import db as builder_db
+from . import model as builder_model
+
 logger = logging.getLogger(__name__)
 
 router = fastapi.APIRouter(

autogpt_platform/backend/backend/api/features/chat/config.py

@@ -1,7 +1,6 @@
 """Configuration management for chat system."""
 
 import os
-from pathlib import Path
 
 from pydantic import Field, field_validator
 from pydantic_settings import BaseSettings
@@ -12,7 +11,11 @@ class ChatConfig(BaseSettings):
 
     # OpenAI API Configuration
     model: str = Field(
-        default="qwen/qwen3-235b-a22b-2507", description="Default model to use"
+        default="anthropic/claude-opus-4.5", description="Default model to use"
+    )
+    title_model: str = Field(
+        default="openai/gpt-4o-mini",
+        description="Model to use for generating session titles (should be fast/cheap)",
     )
     api_key: str | None = Field(default=None, description="OpenAI API key")
     base_url: str | None = Field(
@@ -23,12 +26,6 @@ class ChatConfig(BaseSettings):
     # Session TTL Configuration - 12 hours
     session_ttl: int = Field(default=43200, description="Session TTL in seconds")
 
-    # System Prompt Configuration
-    system_prompt_path: str = Field(
-        default="prompts/chat_system.md",
-        description="Path to system prompt file relative to chat module",
-    )
-
     # Streaming Configuration
     max_context_messages: int = Field(
         default=50, ge=1, le=200, description="Maximum context messages"
@@ -41,6 +38,13 @@ class ChatConfig(BaseSettings):
         default=3, description="Maximum number of agent schedules"
     )
 
+    # Langfuse Prompt Management Configuration
+    # Note: Langfuse credentials are in Settings().secrets (settings.py)
+    langfuse_prompt_name: str = Field(
+        default="CoPilot Prompt",
+        description="Name of the prompt in Langfuse to fetch",
+    )
+
     @field_validator("api_key", mode="before")
     @classmethod
     def get_api_key(cls, v):
@@ -72,43 +76,11 @@ class ChatConfig(BaseSettings):
                 v = "https://openrouter.ai/api/v1"
         return v
 
-    def get_system_prompt(self, **template_vars) -> str:
-        """Load and render the system prompt from file.
-
-        Args:
-            **template_vars: Variables to substitute in the template
-
-        Returns:
-            Rendered system prompt string
-
-        """
-        # Get the path relative to this module
-        module_dir = Path(__file__).parent
-        prompt_path = module_dir / self.system_prompt_path
-
-        # Check for .j2 extension first (Jinja2 template)
-        j2_path = Path(str(prompt_path) + ".j2")
-        if j2_path.exists():
-            try:
-                from jinja2 import Template
-
-                template = Template(j2_path.read_text())
-                return template.render(**template_vars)
-            except ImportError:
-                # Jinja2 not installed, fall back to reading as plain text
-                return j2_path.read_text()
-
-        # Check for markdown file
-        if prompt_path.exists():
-            content = prompt_path.read_text()
-
-            # Simple variable substitution if Jinja2 is not available
-            for key, value in template_vars.items():
-                placeholder = f"{{{key}}}"
-                content = content.replace(placeholder, str(value))
-
-            return content
-        raise FileNotFoundError(f"System prompt file not found: {prompt_path}")
+    # Prompt paths for different contexts
+    PROMPT_PATHS: dict[str, str] = {
+        "default": "prompts/chat_system.md",
+        "onboarding": "prompts/onboarding_system.md",
+    }
 
     class Config:
         """Pydantic config."""

autogpt_platform/backend/backend/api/features/chat/db.py

@@ -0,0 +1,249 @@
+"""Database operations for chat sessions."""
+
+import asyncio
+import logging
+from datetime import UTC, datetime
+from typing import Any, cast
+
+from prisma.models import ChatMessage as PrismaChatMessage
+from prisma.models import ChatSession as PrismaChatSession
+from prisma.types import (
+    ChatMessageCreateInput,
+    ChatSessionCreateInput,
+    ChatSessionUpdateInput,
+    ChatSessionWhereInput,
+)
+
+from backend.data.db import transaction
+from backend.util.json import SafeJson
+
+logger = logging.getLogger(__name__)
+
+
+async def get_chat_session(session_id: str) -> PrismaChatSession | None:
+    """Get a chat session by ID from the database."""
+    session = await PrismaChatSession.prisma().find_unique(
+        where={"id": session_id},
+        include={"Messages": True},
+    )
+    if session and session.Messages:
+        # Sort messages by sequence in Python - Prisma Python client doesn't support
+        # order_by in include clauses (unlike Prisma JS), so we sort after fetching
+        session.Messages.sort(key=lambda m: m.sequence)
+    return session
+
+
+async def create_chat_session(
+    session_id: str,
+    user_id: str,
+) -> PrismaChatSession:
+    """Create a new chat session in the database."""
+    data = ChatSessionCreateInput(
+        id=session_id,
+        userId=user_id,
+        credentials=SafeJson({}),
+        successfulAgentRuns=SafeJson({}),
+        successfulAgentSchedules=SafeJson({}),
+    )
+    return await PrismaChatSession.prisma().create(
+        data=data,
+        include={"Messages": True},
+    )
+
+
+async def update_chat_session(
+    session_id: str,
+    credentials: dict[str, Any] | None = None,
+    successful_agent_runs: dict[str, Any] | None = None,
+    successful_agent_schedules: dict[str, Any] | None = None,
+    total_prompt_tokens: int | None = None,
+    total_completion_tokens: int | None = None,
+    title: str | None = None,
+) -> PrismaChatSession | None:
+    """Update a chat session's metadata."""
+    data: ChatSessionUpdateInput = {"updatedAt": datetime.now(UTC)}
+
+    if credentials is not None:
+        data["credentials"] = SafeJson(credentials)
+    if successful_agent_runs is not None:
+        data["successfulAgentRuns"] = SafeJson(successful_agent_runs)
+    if successful_agent_schedules is not None:
+        data["successfulAgentSchedules"] = SafeJson(successful_agent_schedules)
+    if total_prompt_tokens is not None:
+        data["totalPromptTokens"] = total_prompt_tokens
+    if total_completion_tokens is not None:
+        data["totalCompletionTokens"] = total_completion_tokens
+    if title is not None:
+        data["title"] = title
+
+    session = await PrismaChatSession.prisma().update(
+        where={"id": session_id},
+        data=data,
+        include={"Messages": True},
+    )
+    if session and session.Messages:
+        # Sort in Python - Prisma Python doesn't support order_by in include clauses
+        session.Messages.sort(key=lambda m: m.sequence)
+    return session
+
+
+async def add_chat_message(
+    session_id: str,
+    role: str,
+    sequence: int,
+    content: str | None = None,
+    name: str | None = None,
+    tool_call_id: str | None = None,
+    refusal: str | None = None,
+    tool_calls: list[dict[str, Any]] | None = None,
+    function_call: dict[str, Any] | None = None,
+) -> PrismaChatMessage:
+    """Add a message to a chat session."""
+    # Build input dict dynamically rather than using ChatMessageCreateInput directly
+    # because Prisma's TypedDict validation rejects optional fields set to None.
+    # We only include fields that have values, then cast at the end.
+    data: dict[str, Any] = {
+        "Session": {"connect": {"id": session_id}},
+        "role": role,
+        "sequence": sequence,
+    }
+
+    # Add optional string fields
+    if content is not None:
+        data["content"] = content
+    if name is not None:
+        data["name"] = name
+    if tool_call_id is not None:
+        data["toolCallId"] = tool_call_id
+    if refusal is not None:
+        data["refusal"] = refusal
+
+    # Add optional JSON fields only when they have values
+    if tool_calls is not None:
+        data["toolCalls"] = SafeJson(tool_calls)
+    if function_call is not None:
+        data["functionCall"] = SafeJson(function_call)
+
+    # Run message create and session timestamp update in parallel for lower latency
+    _, message = await asyncio.gather(
+        PrismaChatSession.prisma().update(
+            where={"id": session_id},
+            data={"updatedAt": datetime.now(UTC)},
+        ),
+        PrismaChatMessage.prisma().create(data=cast(ChatMessageCreateInput, data)),
+    )
+    return message
+
+
+async def add_chat_messages_batch(
+    session_id: str,
+    messages: list[dict[str, Any]],
+    start_sequence: int,
+) -> list[PrismaChatMessage]:
+    """Add multiple messages to a chat session in a batch.
+
+    Uses a transaction for atomicity - if any message creation fails,
+    the entire batch is rolled back.
+    """
+    if not messages:
+        return []
+
+    created_messages = []
+
+    async with transaction() as tx:
+        for i, msg in enumerate(messages):
+            # Build input dict dynamically rather than using ChatMessageCreateInput
+            # directly because Prisma's TypedDict validation rejects optional fields
+            # set to None. We only include fields that have values, then cast.
+            data: dict[str, Any] = {
+                "Session": {"connect": {"id": session_id}},
+                "role": msg["role"],
+                "sequence": start_sequence + i,
+            }
+
+            # Add optional string fields
+            if msg.get("content") is not None:
+                data["content"] = msg["content"]
+            if msg.get("name") is not None:
+                data["name"] = msg["name"]
+            if msg.get("tool_call_id") is not None:
+                data["toolCallId"] = msg["tool_call_id"]
+            if msg.get("refusal") is not None:
+                data["refusal"] = msg["refusal"]
+
+            # Add optional JSON fields only when they have values
+            if msg.get("tool_calls") is not None:
+                data["toolCalls"] = SafeJson(msg["tool_calls"])
+            if msg.get("function_call") is not None:
+                data["functionCall"] = SafeJson(msg["function_call"])
+
+            created = await PrismaChatMessage.prisma(tx).create(
+                data=cast(ChatMessageCreateInput, data)
+            )
+            created_messages.append(created)
+
+        # Update session's updatedAt timestamp within the same transaction.
+        # Note: Token usage (total_prompt_tokens, total_completion_tokens) is updated
+        # separately via update_chat_session() after streaming completes.
+        await PrismaChatSession.prisma(tx).update(
+            where={"id": session_id},
+            data={"updatedAt": datetime.now(UTC)},
+        )
+
+    return created_messages
+
+
+async def get_user_chat_sessions(
+    user_id: str,
+    limit: int = 50,
+    offset: int = 0,
+) -> list[PrismaChatSession]:
+    """Get chat sessions for a user, ordered by most recent."""
+    return await PrismaChatSession.prisma().find_many(
+        where={"userId": user_id},
+        order={"updatedAt": "desc"},
+        take=limit,
+        skip=offset,
+    )
+
+
+async def get_user_session_count(user_id: str) -> int:
+    """Get the total number of chat sessions for a user."""
+    return await PrismaChatSession.prisma().count(where={"userId": user_id})
+
+
+async def delete_chat_session(session_id: str, user_id: str | None = None) -> bool:
+    """Delete a chat session and all its messages.
+
+    Args:
+        session_id: The session ID to delete.
+        user_id: If provided, validates that the session belongs to this user
+            before deletion. This prevents unauthorized deletion of other
+            users' sessions.
+
+    Returns:
+        True if deleted successfully, False otherwise.
+    """
+    try:
+        # Build typed where clause with optional user_id validation
+        where_clause: ChatSessionWhereInput = {"id": session_id}
+        if user_id is not None:
+            where_clause["userId"] = user_id
+
+        result = await PrismaChatSession.prisma().delete_many(where=where_clause)
+        if result == 0:
+            logger.warning(
+                f"No session deleted for {session_id} "
+                f"(user_id validation: {user_id is not None})"
+            )
+            return False
+        return True
+    except Exception as e:
+        logger.error(f"Failed to delete chat session {session_id}: {e}")
+        return False
+
+
+async def get_chat_session_message_count(session_id: str) -> int:
+    """Get the number of messages in a chat session."""
+    count = await PrismaChatMessage.prisma().count(where={"sessionId": session_id})
+    return count

autogpt_platform/backend/backend/api/features/chat/model.py

@@ -0,0 +1,597 @@
+import asyncio
+import logging
+import uuid
+from datetime import UTC, datetime
+from typing import Any
+from weakref import WeakValueDictionary
+
+from openai.types.chat import (
+    ChatCompletionAssistantMessageParam,
+    ChatCompletionDeveloperMessageParam,
+    ChatCompletionFunctionMessageParam,
+    ChatCompletionMessageParam,
+    ChatCompletionSystemMessageParam,
+    ChatCompletionToolMessageParam,
+    ChatCompletionUserMessageParam,
+)
+from openai.types.chat.chat_completion_assistant_message_param import FunctionCall
+from openai.types.chat.chat_completion_message_tool_call_param import (
+    ChatCompletionMessageToolCallParam,
+    Function,
+)
+from prisma.models import ChatMessage as PrismaChatMessage
+from prisma.models import ChatSession as PrismaChatSession
+from pydantic import BaseModel
+
+from backend.data.redis_client import get_redis_async
+from backend.util import json
+from backend.util.exceptions import DatabaseError, RedisError
+
+from . import db as chat_db
+from .config import ChatConfig
+
+logger = logging.getLogger(__name__)
+config = ChatConfig()
+
+
+def _parse_json_field(value: str | dict | list | None, default: Any = None) -> Any:
+    """Parse a JSON field that may be stored as string or already parsed."""
+    if value is None:
+        return default
+    if isinstance(value, str):
+        return json.loads(value)
+    return value
+
+
+# Redis cache key prefix for chat sessions
+CHAT_SESSION_CACHE_PREFIX = "chat:session:"
+
+
+def _get_session_cache_key(session_id: str) -> str:
+    """Get the Redis cache key for a chat session."""
+    return f"{CHAT_SESSION_CACHE_PREFIX}{session_id}"
+
+
+# Session-level locks to prevent race conditions during concurrent upserts.
+# Uses WeakValueDictionary to automatically garbage collect locks when no longer referenced,
+# preventing unbounded memory growth while maintaining lock semantics for active sessions.
+# Invalidation: Locks are auto-removed by GC when no coroutine holds a reference (after
+# async with lock: completes). Explicit cleanup also occurs in delete_chat_session().
+_session_locks: WeakValueDictionary[str, asyncio.Lock] = WeakValueDictionary()
+_session_locks_mutex = asyncio.Lock()
+
+
+async def _get_session_lock(session_id: str) -> asyncio.Lock:
+    """Get or create a lock for a specific session to prevent concurrent upserts.
+
+    Uses WeakValueDictionary for automatic cleanup: locks are garbage collected
+    when no coroutine holds a reference to them, preventing memory leaks from
+    unbounded growth of session locks.
+    """
+    async with _session_locks_mutex:
+        lock = _session_locks.get(session_id)
+        if lock is None:
+            lock = asyncio.Lock()
+            _session_locks[session_id] = lock
+        return lock
+
+
+class ChatMessage(BaseModel):
+    role: str
+    content: str | None = None
+    name: str | None = None
+    tool_call_id: str | None = None
+    refusal: str | None = None
+    tool_calls: list[dict] | None = None
+    function_call: dict | None = None
+
+
+class Usage(BaseModel):
+    prompt_tokens: int
+    completion_tokens: int
+    total_tokens: int
+
+
+class ChatSession(BaseModel):
+    session_id: str
+    user_id: str
+    title: str | None = None
+    messages: list[ChatMessage]
+    usage: list[Usage]
+    credentials: dict[str, dict] = {}  # Map of provider -> credential metadata
+    started_at: datetime
+    updated_at: datetime
+    successful_agent_runs: dict[str, int] = {}
+    successful_agent_schedules: dict[str, int] = {}
+
+    @staticmethod
+    def new(user_id: str) -> "ChatSession":
+        return ChatSession(
+            session_id=str(uuid.uuid4()),
+            user_id=user_id,
+            title=None,
+            messages=[],
+            usage=[],
+            credentials={},
+            started_at=datetime.now(UTC),
+            updated_at=datetime.now(UTC),
+        )
+
+    @staticmethod
+    def from_db(
+        prisma_session: PrismaChatSession,
+        prisma_messages: list[PrismaChatMessage] | None = None,
+    ) -> "ChatSession":
+        """Convert Prisma models to Pydantic ChatSession."""
+        messages = []
+        if prisma_messages:
+            for msg in prisma_messages:
+                messages.append(
+                    ChatMessage(
+                        role=msg.role,
+                        content=msg.content,
+                        name=msg.name,
+                        tool_call_id=msg.toolCallId,
+                        refusal=msg.refusal,
+                        tool_calls=_parse_json_field(msg.toolCalls),
+                        function_call=_parse_json_field(msg.functionCall),
+                    )
+                )
+
+        # Parse JSON fields from Prisma
+        credentials = _parse_json_field(prisma_session.credentials, default={})
+        successful_agent_runs = _parse_json_field(
+            prisma_session.successfulAgentRuns, default={}
+        )
+        successful_agent_schedules = _parse_json_field(
+            prisma_session.successfulAgentSchedules, default={}
+        )
+
+        # Calculate usage from token counts
+        usage = []
+        if prisma_session.totalPromptTokens or prisma_session.totalCompletionTokens:
+            usage.append(
+                Usage(
+                    prompt_tokens=prisma_session.totalPromptTokens or 0,
+                    completion_tokens=prisma_session.totalCompletionTokens or 0,
+                    total_tokens=(prisma_session.totalPromptTokens or 0)
+                    + (prisma_session.totalCompletionTokens or 0),
+                )
+            )
+
+        return ChatSession(
+            session_id=prisma_session.id,
+            user_id=prisma_session.userId,
+            title=prisma_session.title,
+            messages=messages,
+            usage=usage,
+            credentials=credentials,
+            started_at=prisma_session.createdAt,
+            updated_at=prisma_session.updatedAt,
+            successful_agent_runs=successful_agent_runs,
+            successful_agent_schedules=successful_agent_schedules,
+        )
+
+    def to_openai_messages(self) -> list[ChatCompletionMessageParam]:
+        messages = []
+        for message in self.messages:
+            if message.role == "developer":
+                m = ChatCompletionDeveloperMessageParam(
+                    role="developer",
+                    content=message.content or "",
+                )
+                if message.name:
+                    m["name"] = message.name
+                messages.append(m)
+            elif message.role == "system":
+                m = ChatCompletionSystemMessageParam(
+                    role="system",
+                    content=message.content or "",
+                )
+                if message.name:
+                    m["name"] = message.name
+                messages.append(m)
+            elif message.role == "user":
+                m = ChatCompletionUserMessageParam(
+                    role="user",
+                    content=message.content or "",
+                )
+                if message.name:
+                    m["name"] = message.name
+                messages.append(m)
+            elif message.role == "assistant":
+                m = ChatCompletionAssistantMessageParam(
+                    role="assistant",
+                    content=message.content or "",
+                )
+                if message.function_call:
+                    m["function_call"] = FunctionCall(
+                        arguments=message.function_call["arguments"],
+                        name=message.function_call["name"],
+                    )
+                if message.refusal:
+                    m["refusal"] = message.refusal
+                if message.tool_calls:
+                    t: list[ChatCompletionMessageToolCallParam] = []
+                    for tool_call in message.tool_calls:
+                        # Tool calls are stored with nested structure: {id, type, function: {name, arguments}}
+                        function_data = tool_call.get("function", {})
+
+                        # Skip tool calls that are missing required fields
+                        if "id" not in tool_call or "name" not in function_data:
+                            logger.warning(
+                                f"Skipping invalid tool call: missing required fields. "
+                                f"Got: {tool_call.keys()}, function keys: {function_data.keys()}"
+                            )
+                            continue
+
+                        # Arguments are stored as a JSON string
+                        arguments_str = function_data.get("arguments", "{}")
+
+                        t.append(
+                            ChatCompletionMessageToolCallParam(
+                                id=tool_call["id"],
+                                type="function",
+                                function=Function(
+                                    arguments=arguments_str,
+                                    name=function_data["name"],
+                                ),
+                            )
+                        )
+                    m["tool_calls"] = t
+                if message.name:
+                    m["name"] = message.name
+                messages.append(m)
+            elif message.role == "tool":
+                messages.append(
+                    ChatCompletionToolMessageParam(
+                        role="tool",
+                        content=message.content or "",
+                        tool_call_id=message.tool_call_id or "",
+                    )
+                )
+            elif message.role == "function":
+                messages.append(
+                    ChatCompletionFunctionMessageParam(
+                        role="function",
+                        content=message.content,
+                        name=message.name or "",
+                    )
+                )
+        return messages
+
+
+async def _get_session_from_cache(session_id: str) -> ChatSession | None:
+    """Get a chat session from Redis cache."""
+    redis_key = _get_session_cache_key(session_id)
+    async_redis = await get_redis_async()
+    raw_session: bytes | None = await async_redis.get(redis_key)
+
+    if raw_session is None:
+        return None
+
+    try:
+        session = ChatSession.model_validate_json(raw_session)
+        logger.info(
+            f"Loading session {session_id} from cache: "
+            f"message_count={len(session.messages)}, "
+            f"roles={[m.role for m in session.messages]}"
+        )
+        return session
+    except Exception as e:
+        logger.error(f"Failed to deserialize session {session_id}: {e}", exc_info=True)
+        raise RedisError(f"Corrupted session data for {session_id}") from e
+
+
+async def _cache_session(session: ChatSession) -> None:
+    """Cache a chat session in Redis."""
+    redis_key = _get_session_cache_key(session.session_id)
+    async_redis = await get_redis_async()
+    await async_redis.setex(redis_key, config.session_ttl, session.model_dump_json())
+
+
+async def _get_session_from_db(session_id: str) -> ChatSession | None:
+    """Get a chat session from the database."""
+    prisma_session = await chat_db.get_chat_session(session_id)
+    if not prisma_session:
+        return None
+
+    messages = prisma_session.Messages
+    logger.info(
+        f"Loading session {session_id} from DB: "
+        f"has_messages={messages is not None}, "
+        f"message_count={len(messages) if messages else 0}, "
+        f"roles={[m.role for m in messages] if messages else []}"
+    )
+
+    return ChatSession.from_db(prisma_session, messages)
+
+
+async def _save_session_to_db(
+    session: ChatSession, existing_message_count: int
+) -> None:
+    """Save or update a chat session in the database."""
+    # Check if session exists in DB
+    existing = await chat_db.get_chat_session(session.session_id)
+
+    if not existing:
+        # Create new session
+        await chat_db.create_chat_session(
+            session_id=session.session_id,
+            user_id=session.user_id,
+        )
+        existing_message_count = 0
+
+    # Calculate total tokens from usage
+    total_prompt = sum(u.prompt_tokens for u in session.usage)
+    total_completion = sum(u.completion_tokens for u in session.usage)
+
+    # Update session metadata
+    await chat_db.update_chat_session(
+        session_id=session.session_id,
+        credentials=session.credentials,
+        successful_agent_runs=session.successful_agent_runs,
+        successful_agent_schedules=session.successful_agent_schedules,
+        total_prompt_tokens=total_prompt,
+        total_completion_tokens=total_completion,
+    )
+
+    # Add new messages (only those after existing count)
+    new_messages = session.messages[existing_message_count:]
+    if new_messages:
+        messages_data = []
+        for msg in new_messages:
+            messages_data.append(
+                {
+                    "role": msg.role,
+                    "content": msg.content,
+                    "name": msg.name,
+                    "tool_call_id": msg.tool_call_id,
+                    "refusal": msg.refusal,
+                    "tool_calls": msg.tool_calls,
+                    "function_call": msg.function_call,
+                }
+            )
+        logger.info(
+            f"Saving {len(new_messages)} new messages to DB for session {session.session_id}: "
+            f"roles={[m['role'] for m in messages_data]}, "
+            f"start_sequence={existing_message_count}"
+        )
+        await chat_db.add_chat_messages_batch(
+            session_id=session.session_id,
+            messages=messages_data,
+            start_sequence=existing_message_count,
+        )
+
+
+async def get_chat_session(
+    session_id: str,
+    user_id: str | None = None,
+) -> ChatSession | None:
+    """Get a chat session by ID.
+
+    Checks Redis cache first, falls back to database if not found.
+    Caches database results back to Redis.
+
+    Args:
+        session_id: The session ID to fetch.
+        user_id: If provided, validates that the session belongs to this user.
+            If None, ownership is not validated (admin/system access).
+    """
+    # Try cache first
+    try:
+        session = await _get_session_from_cache(session_id)
+        if session:
+            # Verify user ownership if user_id was provided for validation
+            if user_id is not None and session.user_id != user_id:
+                logger.warning(
+                    f"Session {session_id} user id mismatch: {session.user_id} != {user_id}"
+                )
+                return None
+            return session
+    except RedisError:
+        logger.warning(f"Cache error for session {session_id}, trying database")
+    except Exception as e:
+        logger.warning(f"Unexpected cache error for session {session_id}: {e}")
+
+    # Fall back to database
+    logger.info(f"Session {session_id} not in cache, checking database")
+    session = await _get_session_from_db(session_id)
+
+    if session is None:
+        logger.warning(f"Session {session_id} not found in cache or database")
+        return None
+
+    # Verify user ownership if user_id was provided for validation
+    if user_id is not None and session.user_id != user_id:
+        logger.warning(
+            f"Session {session_id} user id mismatch: {session.user_id} != {user_id}"
+        )
+        return None
+
+    # Cache the session from DB
+    try:
+        await _cache_session(session)
+        logger.info(f"Cached session {session_id} from database")
+    except Exception as e:
+        logger.warning(f"Failed to cache session {session_id}: {e}")
+
+    return session
+
+
+async def upsert_chat_session(
+    session: ChatSession,
+) -> ChatSession:
+    """Update a chat session in both cache and database.
+
+    Uses session-level locking to prevent race conditions when concurrent
+    operations (e.g., background title update and main stream handler)
+    attempt to upsert the same session simultaneously.
+
+    Raises:
+        DatabaseError: If the database write fails. The cache is still updated
+            as a best-effort optimization, but the error is propagated to ensure
+            callers are aware of the persistence failure.
+        RedisError: If the cache write fails (after successful DB write).
+    """
+    # Acquire session-specific lock to prevent concurrent upserts
+    lock = await _get_session_lock(session.session_id)
+
+    async with lock:
+        # Get existing message count from DB for incremental saves
+        existing_message_count = await chat_db.get_chat_session_message_count(
+            session.session_id
+        )
+
+        db_error: Exception | None = None
+
+        # Save to database (primary storage)
+        try:
+            await _save_session_to_db(session, existing_message_count)
+        except Exception as e:
+            logger.error(
+                f"Failed to save session {session.session_id} to database: {e}"
+            )
+            db_error = e
+
+        # Save to cache (best-effort, even if DB failed)
+        try:
+            await _cache_session(session)
+        except Exception as e:
+            # If DB succeeded but cache failed, raise cache error
+            if db_error is None:
+                raise RedisError(
+                    f"Failed to persist chat session {session.session_id} to Redis: {e}"
+                ) from e
+            # If both failed, log cache error but raise DB error (more critical)
+            logger.warning(
+                f"Cache write also failed for session {session.session_id}: {e}"
+            )
+
+        # Propagate DB error after attempting cache (prevents data loss)
+        if db_error is not None:
+            raise DatabaseError(
+                f"Failed to persist chat session {session.session_id} to database"
+            ) from db_error
+
+        return session
+
+
+async def create_chat_session(user_id: str) -> ChatSession:
+    """Create a new chat session and persist it.
+
+    Raises:
+        DatabaseError: If the database write fails. We fail fast to ensure
+            callers never receive a non-persisted session that only exists
+            in cache (which would be lost when the cache expires).
+    """
+    session = ChatSession.new(user_id)
+
+    # Create in database first - fail fast if this fails
+    try:
+        await chat_db.create_chat_session(
+            session_id=session.session_id,
+            user_id=user_id,
+        )
+    except Exception as e:
+        logger.error(f"Failed to create session {session.session_id} in database: {e}")
+        raise DatabaseError(
+            f"Failed to create chat session {session.session_id} in database"
+        ) from e
+
+    # Cache the session (best-effort optimization, DB is source of truth)
+    try:
+        await _cache_session(session)
+    except Exception as e:
+        logger.warning(f"Failed to cache new session {session.session_id}: {e}")
+
+    return session
+
+
+async def get_user_sessions(
+    user_id: str,
+    limit: int = 50,
+    offset: int = 0,
+) -> tuple[list[ChatSession], int]:
+    """Get chat sessions for a user from the database with total count.
+
+    Returns:
+        A tuple of (sessions, total_count) where total_count is the overall
+        number of sessions for the user (not just the current page).
+    """
+    prisma_sessions = await chat_db.get_user_chat_sessions(user_id, limit, offset)
+    total_count = await chat_db.get_user_session_count(user_id)
+
+    sessions = []
+    for prisma_session in prisma_sessions:
+        # Convert without messages for listing (lighter weight)
+        sessions.append(ChatSession.from_db(prisma_session, None))
+
+    return sessions, total_count
+
+
+async def delete_chat_session(session_id: str, user_id: str | None = None) -> bool:
+    """Delete a chat session from both cache and database.
+
+    Args:
+        session_id: The session ID to delete.
+        user_id: If provided, validates that the session belongs to this user
+            before deletion. This prevents unauthorized deletion.
+
+    Returns:
+        True if deleted successfully, False otherwise.
+    """
+    # Delete from database first (with optional user_id validation)
+    # This confirms ownership before invalidating cache
+    deleted = await chat_db.delete_chat_session(session_id, user_id)
+
+    if not deleted:
+        return False
+
+    # Only invalidate cache and clean up lock after DB confirms deletion
+    try:
+        redis_key = _get_session_cache_key(session_id)
+        async_redis = await get_redis_async()
+        await async_redis.delete(redis_key)
+    except Exception as e:
+        logger.warning(f"Failed to delete session {session_id} from cache: {e}")
+
+    # Clean up session lock (belt-and-suspenders with WeakValueDictionary)
+    async with _session_locks_mutex:
+        _session_locks.pop(session_id, None)
+
+    return True
+
+
+async def update_session_title(session_id: str, title: str) -> bool:
+    """Update only the title of a chat session.
+
+    This is a lightweight operation that doesn't touch messages, avoiding
+    race conditions with concurrent message updates. Use this for background
+    title generation instead of upsert_chat_session.
+
+    Args:
+        session_id: The session ID to update.
+        title: The new title to set.
+
+    Returns:
+        True if updated successfully, False otherwise.
+    """
+    try:
+        result = await chat_db.update_chat_session(session_id=session_id, title=title)
+        if result is None:
+            logger.warning(f"Session {session_id} not found for title update")
+            return False
+
+        # Invalidate cache so next fetch gets updated title
+        try:
+            redis_key = _get_session_cache_key(session_id)
+            async_redis = await get_redis_async()
+            await async_redis.delete(redis_key)
+        except Exception as e:
+            logger.warning(f"Failed to invalidate cache for session {session_id}: {e}")
+
+        return True
+    except Exception as e:
+        logger.error(f"Failed to update title for session {session_id}: {e}")
+        return False

autogpt_platform/backend/backend/api/features/chat/model_test.py

@@ -0,0 +1,119 @@
+import pytest
+
+from .model import (
+    ChatMessage,
+    ChatSession,
+    Usage,
+    get_chat_session,
+    upsert_chat_session,
+)
+
+messages = [
+    ChatMessage(content="Hello, how are you?", role="user"),
+    ChatMessage(
+        content="I'm fine, thank you!",
+        role="assistant",
+        tool_calls=[
+            {
+                "id": "t123",
+                "type": "function",
+                "function": {
+                    "name": "get_weather",
+                    "arguments": '{"city": "New York"}',
+                },
+            }
+        ],
+    ),
+    ChatMessage(
+        content="I'm using the tool to get the weather",
+        role="tool",
+        tool_call_id="t123",
+    ),
+]
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_chatsession_serialization_deserialization():
+    s = ChatSession.new(user_id="abc123")
+    s.messages = messages
+    s.usage = [Usage(prompt_tokens=100, completion_tokens=200, total_tokens=300)]
+    serialized = s.model_dump_json()
+    s2 = ChatSession.model_validate_json(serialized)
+    assert s2.model_dump() == s.model_dump()
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_chatsession_redis_storage(setup_test_user, test_user_id):
+
+    s = ChatSession.new(user_id=test_user_id)
+    s.messages = messages
+
+    s = await upsert_chat_session(s)
+
+    s2 = await get_chat_session(
+        session_id=s.session_id,
+        user_id=s.user_id,
+    )
+
+    assert s2 == s
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_chatsession_redis_storage_user_id_mismatch(
+    setup_test_user, test_user_id
+):
+
+    s = ChatSession.new(user_id=test_user_id)
+    s.messages = messages
+    s = await upsert_chat_session(s)
+
+    s2 = await get_chat_session(s.session_id, "different_user_id")
+
+    assert s2 is None
+
+
+@pytest.mark.asyncio(loop_scope="session")
+async def test_chatsession_db_storage(setup_test_user, test_user_id):
+    """Test that messages are correctly saved to and loaded from DB (not cache)."""
+    from backend.data.redis_client import get_redis_async
+
+    # Create session with messages including assistant message
+    s = ChatSession.new(user_id=test_user_id)
+    s.messages = messages  # Contains user, assistant, and tool messages
+    assert s.session_id is not None, "Session id is not set"
+    # Upsert to save to both cache and DB
+    s = await upsert_chat_session(s)
+
+    # Clear the Redis cache to force DB load
+    redis_key = f"chat:session:{s.session_id}"
+    async_redis = await get_redis_async()
+    await async_redis.delete(redis_key)
+
+    # Load from DB (cache was cleared)
+    s2 = await get_chat_session(
+        session_id=s.session_id,
+        user_id=s.user_id,
+    )
+
+    assert s2 is not None, "Session not found after loading from DB"
+    assert len(s2.messages) == len(
+        s.messages
+    ), f"Message count mismatch: expected {len(s.messages)}, got {len(s2.messages)}"
+
+    # Verify all roles are present
+    roles = [m.role for m in s2.messages]
+    assert "user" in roles, f"User message missing. Roles found: {roles}"
+    assert "assistant" in roles, f"Assistant message missing. Roles found: {roles}"
+    assert "tool" in roles, f"Tool message missing. Roles found: {roles}"
+
+    # Verify message content
+    for orig, loaded in zip(s.messages, s2.messages):
+        assert orig.role == loaded.role, f"Role mismatch: {orig.role} != {loaded.role}"
+        assert (
+            orig.content == loaded.content
+        ), f"Content mismatch for {orig.role}: {orig.content} != {loaded.content}"
+        if orig.tool_calls:
+            assert (
+                loaded.tool_calls is not None
+            ), f"Tool calls missing for {orig.role} message"
+            assert len(orig.tool_calls) == len(loaded.tool_calls)

autogpt_platform/backend/backend/api/features/chat/response_model.py

@@ -0,0 +1,144 @@
+"""
+Response models for Vercel AI SDK UI Stream Protocol.
+
+This module implements the AI SDK UI Stream Protocol (v1) for streaming chat responses.
+See: https://ai-sdk.dev/docs/ai-sdk-ui/stream-protocol
+"""
+
+from enum import Enum
+from typing import Any
+
+from pydantic import BaseModel, Field
+
+
+class ResponseType(str, Enum):
+    """Types of streaming responses following AI SDK protocol."""
+
+    # Message lifecycle
+    START = "start"
+    FINISH = "finish"
+
+    # Text streaming
+    TEXT_START = "text-start"
+    TEXT_DELTA = "text-delta"
+    TEXT_END = "text-end"
+
+    # Tool interaction
+    TOOL_INPUT_START = "tool-input-start"
+    TOOL_INPUT_AVAILABLE = "tool-input-available"
+    TOOL_OUTPUT_AVAILABLE = "tool-output-available"
+
+    # Other
+    ERROR = "error"
+    USAGE = "usage"
+
+
+class StreamBaseResponse(BaseModel):
+    """Base response model for all streaming responses."""
+
+    type: ResponseType
+
+    def to_sse(self) -> str:
+        """Convert to SSE format."""
+        return f"data: {self.model_dump_json()}\n\n"
+
+
+# ========== Message Lifecycle ==========
+
+
+class StreamStart(StreamBaseResponse):
+    """Start of a new message."""
+
+    type: ResponseType = ResponseType.START
+    messageId: str = Field(..., description="Unique message ID")
+
+
+class StreamFinish(StreamBaseResponse):
+    """End of message/stream."""
+
+    type: ResponseType = ResponseType.FINISH
+
+
+# ========== Text Streaming ==========
+
+
+class StreamTextStart(StreamBaseResponse):
+    """Start of a text block."""
+
+    type: ResponseType = ResponseType.TEXT_START
+    id: str = Field(..., description="Text block ID")
+
+
+class StreamTextDelta(StreamBaseResponse):
+    """Streaming text content delta."""
+
+    type: ResponseType = ResponseType.TEXT_DELTA
+    id: str = Field(..., description="Text block ID")
+    delta: str = Field(..., description="Text content delta")
+
+
+class StreamTextEnd(StreamBaseResponse):
+    """End of a text block."""
+
+    type: ResponseType = ResponseType.TEXT_END
+    id: str = Field(..., description="Text block ID")
+
+
+# ========== Tool Interaction ==========
+
+
+class StreamToolInputStart(StreamBaseResponse):
+    """Tool call started notification."""
+
+    type: ResponseType = ResponseType.TOOL_INPUT_START
+    toolCallId: str = Field(..., description="Unique tool call ID")
+    toolName: str = Field(..., description="Name of the tool being called")
+
+
+class StreamToolInputAvailable(StreamBaseResponse):
+    """Tool input is ready for execution."""
+
+    type: ResponseType = ResponseType.TOOL_INPUT_AVAILABLE
+    toolCallId: str = Field(..., description="Unique tool call ID")
+    toolName: str = Field(..., description="Name of the tool being called")
+    input: dict[str, Any] = Field(
+        default_factory=dict, description="Tool input arguments"
+    )
+
+
+class StreamToolOutputAvailable(StreamBaseResponse):
+    """Tool execution result."""
+
+    type: ResponseType = ResponseType.TOOL_OUTPUT_AVAILABLE
+    toolCallId: str = Field(..., description="Tool call ID this responds to")
+    output: str | dict[str, Any] = Field(..., description="Tool execution output")
+    # Additional fields for internal use (not part of AI SDK spec but useful)
+    toolName: str | None = Field(
+        default=None, description="Name of the tool that was executed"
+    )
+    success: bool = Field(
+        default=True, description="Whether the tool execution succeeded"
+    )
+
+
+# ========== Other ==========
+
+
+class StreamUsage(StreamBaseResponse):
+    """Token usage statistics."""
+
+    type: ResponseType = ResponseType.USAGE
+    promptTokens: int = Field(..., description="Number of prompt tokens")
+    completionTokens: int = Field(..., description="Number of completion tokens")
+    totalTokens: int = Field(..., description="Total number of tokens")
+
+
+class StreamError(StreamBaseResponse):
+    """Error response."""
+
+    type: ResponseType = ResponseType.ERROR
+    errorText: str = Field(..., description="Error message text")
+    code: str | None = Field(default=None, description="Error code")
+    details: dict[str, Any] | None = Field(
+        default=None, description="Additional error details"
+    )

autogpt_platform/backend/backend/api/features/chat/routes.py

@@ -0,0 +1,362 @@
+"""Chat API routes for chat session management and streaming via SSE."""
+
+import logging
+from collections.abc import AsyncGenerator
+from typing import Annotated
+
+from autogpt_libs import auth
+from fastapi import APIRouter, Depends, Query, Security
+from fastapi.responses import StreamingResponse
+from pydantic import BaseModel
+
+from backend.util.exceptions import NotFoundError
+
+from . import service as chat_service
+from .config import ChatConfig
+from .model import ChatSession, create_chat_session, get_chat_session, get_user_sessions
+
+config = ChatConfig()
+
+
+logger = logging.getLogger(__name__)
+
+
+async def _validate_and_get_session(
+    session_id: str,
+    user_id: str | None,
+) -> ChatSession:
+    """Validate session exists and belongs to user."""
+    session = await get_chat_session(session_id, user_id)
+    if not session:
+        raise NotFoundError(f"Session {session_id} not found.")
+    return session
+
+
+router = APIRouter(
+    tags=["chat"],
+)
+
+# ========== Request/Response Models ==========
+
+
+class StreamChatRequest(BaseModel):
+    """Request model for streaming chat with optional context."""
+
+    message: str
+    is_user_message: bool = True
+    context: dict[str, str] | None = None  # {url: str, content: str}
+
+
+class CreateSessionResponse(BaseModel):
+    """Response model containing information on a newly created chat session."""
+
+    id: str
+    created_at: str
+    user_id: str | None
+
+
+class SessionDetailResponse(BaseModel):
+    """Response model providing complete details for a chat session, including messages."""
+
+    id: str
+    created_at: str
+    updated_at: str
+    user_id: str | None
+    messages: list[dict]
+
+
+class SessionSummaryResponse(BaseModel):
+    """Response model for a session summary (without messages)."""
+
+    id: str
+    created_at: str
+    updated_at: str
+    title: str | None = None
+
+
+class ListSessionsResponse(BaseModel):
+    """Response model for listing chat sessions."""
+
+    sessions: list[SessionSummaryResponse]
+    total: int
+
+
+# ========== Routes ==========
+
+
+@router.get(
+    "/sessions",
+    dependencies=[Security(auth.requires_user)],
+)
+async def list_sessions(
+    user_id: Annotated[str, Security(auth.get_user_id)],
+    limit: int = Query(default=50, ge=1, le=100),
+    offset: int = Query(default=0, ge=0),
+) -> ListSessionsResponse:
+    """
+    List chat sessions for the authenticated user.
+
+    Returns a paginated list of chat sessions belonging to the current user,
+    ordered by most recently updated.
+
+    Args:
+        user_id: The authenticated user's ID.
+        limit: Maximum number of sessions to return (1-100).
+        offset: Number of sessions to skip for pagination.
+
+    Returns:
+        ListSessionsResponse: List of session summaries and total count.
+    """
+    sessions, total_count = await get_user_sessions(user_id, limit, offset)
+
+    return ListSessionsResponse(
+        sessions=[
+            SessionSummaryResponse(
+                id=session.session_id,
+                created_at=session.started_at.isoformat(),
+                updated_at=session.updated_at.isoformat(),
+                title=session.title,
+            )
+            for session in sessions
+        ],
+        total=total_count,
+    )
+
+
+@router.post(
+    "/sessions",
+)
+async def create_session(
+    user_id: Annotated[str, Depends(auth.get_user_id)],
+) -> CreateSessionResponse:
+    """
+    Create a new chat session.
+
+    Initiates a new chat session for the authenticated user.
+
+    Args:
+        user_id: The authenticated user ID parsed from the JWT (required).
+
+    Returns:
+        CreateSessionResponse: Details of the created session.
+
+    """
+    logger.info(
+        f"Creating session with user_id: "
+        f"...{user_id[-8:] if len(user_id) > 8 else '<redacted>'}"
+    )
+
+    session = await create_chat_session(user_id)
+
+    return CreateSessionResponse(
+        id=session.session_id,
+        created_at=session.started_at.isoformat(),
+        user_id=session.user_id,
+    )
+
+
+@router.get(
+    "/sessions/{session_id}",
+)
+async def get_session(
+    session_id: str,
+    user_id: Annotated[str | None, Depends(auth.get_user_id)],
+) -> SessionDetailResponse:
+    """
+    Retrieve the details of a specific chat session.
+
+    Looks up a chat session by ID for the given user (if authenticated) and returns all session data including messages.
+
+    Args:
+        session_id: The unique identifier for the desired chat session.
+        user_id: The optional authenticated user ID, or None for anonymous access.
+
+    Returns:
+        SessionDetailResponse: Details for the requested session; raises NotFoundError if not found.
+
+    """
+    session = await get_chat_session(session_id, user_id)
+    if not session:
+        raise NotFoundError(f"Session {session_id} not found")
+
+    messages = [message.model_dump() for message in session.messages]
+    logger.info(
+        f"Returning session {session_id}: "
+        f"message_count={len(messages)}, "
+        f"roles={[m.get('role') for m in messages]}"
+    )
+
+    return SessionDetailResponse(
+        id=session.session_id,
+        created_at=session.started_at.isoformat(),
+        updated_at=session.updated_at.isoformat(),
+        user_id=session.user_id or None,
+        messages=messages,
+    )
+
+
+@router.post(
+    "/sessions/{session_id}/stream",
+)
+async def stream_chat_post(
+    session_id: str,
+    request: StreamChatRequest,
+    user_id: str | None = Depends(auth.get_user_id),
+):
+    """
+    Stream chat responses for a session (POST with context support).
+
+    Streams the AI/completion responses in real time over Server-Sent Events (SSE), including:
+      - Text fragments as they are generated
+      - Tool call UI elements (if invoked)
+      - Tool execution results
+
+    Args:
+        session_id: The chat session identifier to associate with the streamed messages.
+        request: Request body containing message, is_user_message, and optional context.
+        user_id: Optional authenticated user ID.
+    Returns:
+        StreamingResponse: SSE-formatted response chunks.
+
+    """
+    session = await _validate_and_get_session(session_id, user_id)
+
+    async def event_generator() -> AsyncGenerator[str, None]:
+        async for chunk in chat_service.stream_chat_completion(
+            session_id,
+            request.message,
+            is_user_message=request.is_user_message,
+            user_id=user_id,
+            session=session,  # Pass pre-fetched session to avoid double-fetch
+            context=request.context,
+        ):
+            yield chunk.to_sse()
+        # AI SDK protocol termination
+        yield "data: [DONE]\n\n"
+
+    return StreamingResponse(
+        event_generator(),
+        media_type="text/event-stream",
+        headers={
+            "Cache-Control": "no-cache",
+            "Connection": "keep-alive",
+            "X-Accel-Buffering": "no",  # Disable nginx buffering
+            "x-vercel-ai-ui-message-stream": "v1",  # AI SDK protocol header
+        },
+    )
+
+
+@router.get(
+    "/sessions/{session_id}/stream",
+)
+async def stream_chat_get(
+    session_id: str,
+    message: Annotated[str, Query(min_length=1, max_length=10000)],
+    user_id: str | None = Depends(auth.get_user_id),
+    is_user_message: bool = Query(default=True),
+):
+    """
+    Stream chat responses for a session (GET - legacy endpoint).
+
+    Streams the AI/completion responses in real time over Server-Sent Events (SSE), including:
+      - Text fragments as they are generated
+      - Tool call UI elements (if invoked)
+      - Tool execution results
+
+    Args:
+        session_id: The chat session identifier to associate with the streamed messages.
+        message: The user's new message to process.
+        user_id: Optional authenticated user ID.
+        is_user_message: Whether the message is a user message.
+    Returns:
+        StreamingResponse: SSE-formatted response chunks.
+
+    """
+    session = await _validate_and_get_session(session_id, user_id)
+
+    async def event_generator() -> AsyncGenerator[str, None]:
+        async for chunk in chat_service.stream_chat_completion(
+            session_id,
+            message,
+            is_user_message=is_user_message,
+            user_id=user_id,
+            session=session,  # Pass pre-fetched session to avoid double-fetch
+        ):
+            yield chunk.to_sse()
+        # AI SDK protocol termination
+        yield "data: [DONE]\n\n"
+
+    return StreamingResponse(
+        event_generator(),
+        media_type="text/event-stream",
+        headers={
+            "Cache-Control": "no-cache",
+            "Connection": "keep-alive",
+            "X-Accel-Buffering": "no",  # Disable nginx buffering
+            "x-vercel-ai-ui-message-stream": "v1",  # AI SDK protocol header
+        },
+    )
+
+
+@router.patch(
+    "/sessions/{session_id}/assign-user",
+    dependencies=[Security(auth.requires_user)],
+    status_code=200,
+)
+async def session_assign_user(
+    session_id: str,
+    user_id: Annotated[str, Security(auth.get_user_id)],
+) -> dict:
+    """
+    Assign an authenticated user to a chat session.
+
+    Used (typically post-login) to claim an existing anonymous session as the current authenticated user.
+
+    Args:
+        session_id: The identifier for the (previously anonymous) session.
+        user_id: The authenticated user's ID to associate with the session.
+
+    Returns:
+        dict: Status of the assignment.
+
+    """
+    await chat_service.assign_user_to_session(session_id, user_id)
+    return {"status": "ok"}
+
+
+# ========== Health Check ==========
+
+
+@router.get("/health", status_code=200)
+async def health_check() -> dict:
+    """
+    Health check endpoint for the chat service.
+
+    Performs a full cycle test of session creation and retrieval. Should always return healthy
+    if the service and data layer are operational.
+
+    Returns:
+        dict: A status dictionary indicating health, service name, and API version.
+
+    """
+    from backend.data.user import get_or_create_user
+
+    # Ensure health check user exists (required for FK constraint)
+    health_check_user_id = "health-check-user"
+    await get_or_create_user(
+        {
+            "sub": health_check_user_id,
+            "email": "health-check@system.local",
+            "user_metadata": {"name": "Health Check User"},
+        }
+    )
+
+    # Create and retrieve session to verify full data layer
+    session = await create_chat_session(health_check_user_id)
+    await get_chat_session(session.session_id, health_check_user_id)
+
+    return {
+        "status": "healthy",
+        "service": "chat",
+        "version": "0.1.0",
+    }

autogpt_platform/backend/backend/api/features/chat/service.py

@@ -0,0 +1,907 @@
+import asyncio
+import logging
+from collections.abc import AsyncGenerator
+from typing import Any
+
+import orjson
+from langfuse import Langfuse
+from openai import (
+    APIConnectionError,
+    APIError,
+    APIStatusError,
+    AsyncOpenAI,
+    RateLimitError,
+)
+from openai.types.chat import ChatCompletionChunk, ChatCompletionToolParam
+
+from backend.data.understanding import (
+    format_understanding_for_prompt,
+    get_business_understanding,
+)
+from backend.util.exceptions import NotFoundError
+from backend.util.settings import Settings
+
+from . import db as chat_db
+from .config import ChatConfig
+from .model import (
+    ChatMessage,
+    ChatSession,
+    Usage,
+    get_chat_session,
+    update_session_title,
+    upsert_chat_session,
+)
+from .response_model import (
+    StreamBaseResponse,
+    StreamError,
+    StreamFinish,
+    StreamStart,
+    StreamTextDelta,
+    StreamTextEnd,
+    StreamTextStart,
+    StreamToolInputAvailable,
+    StreamToolInputStart,
+    StreamToolOutputAvailable,
+    StreamUsage,
+)
+from .tools import execute_tool, tools
+
+logger = logging.getLogger(__name__)
+
+config = ChatConfig()
+settings = Settings()
+client = AsyncOpenAI(api_key=config.api_key, base_url=config.base_url)
+
+# Langfuse client (lazy initialization)
+_langfuse_client: Langfuse | None = None
+
+
+class LangfuseNotConfiguredError(Exception):
+    """Raised when Langfuse is required but not configured."""
+
+    pass
+
+
+def _is_langfuse_configured() -> bool:
+    """Check if Langfuse credentials are configured."""
+    return bool(
+        settings.secrets.langfuse_public_key and settings.secrets.langfuse_secret_key
+    )
+
+
+def _get_langfuse_client() -> Langfuse:
+    """Get or create the Langfuse client for prompt management and tracing."""
+    global _langfuse_client
+    if _langfuse_client is None:
+        if not _is_langfuse_configured():
+            raise LangfuseNotConfiguredError(
+                "Langfuse is not configured. The chat feature requires Langfuse for prompt management. "
+                "Please set the LANGFUSE_PUBLIC_KEY and LANGFUSE_SECRET_KEY environment variables."
+            )
+        _langfuse_client = Langfuse(
+            public_key=settings.secrets.langfuse_public_key,
+            secret_key=settings.secrets.langfuse_secret_key,
+            host=settings.secrets.langfuse_host or "https://cloud.langfuse.com",
+        )
+    return _langfuse_client
+
+
+def _get_environment() -> str:
+    """Get the current environment name for Langfuse tagging."""
+    return settings.config.app_env.value
+
+
+def _get_langfuse_prompt() -> str:
+    """Fetch the latest production prompt from Langfuse.
+
+    Returns:
+        The compiled prompt text from Langfuse.
+
+    Raises:
+        Exception: If Langfuse is unavailable or prompt fetch fails.
+    """
+    try:
+        langfuse = _get_langfuse_client()
+        # cache_ttl_seconds=0 disables SDK caching to always get the latest prompt
+        prompt = langfuse.get_prompt(config.langfuse_prompt_name, cache_ttl_seconds=0)
+        compiled = prompt.compile()
+        logger.info(
+            f"Fetched prompt '{config.langfuse_prompt_name}' from Langfuse "
+            f"(version: {prompt.version})"
+        )
+        return compiled
+    except Exception as e:
+        logger.error(f"Failed to fetch prompt from Langfuse: {e}")
+        raise
+
+
+async def _is_first_session(user_id: str) -> bool:
+    """Check if this is the user's first chat session.
+
+    Returns True if the user has 1 or fewer sessions (meaning this is their first).
+    """
+    try:
+        session_count = await chat_db.get_user_session_count(user_id)
+        return session_count <= 1
+    except Exception as e:
+        logger.warning(f"Failed to check session count for user {user_id}: {e}")
+        return False  # Default to non-onboarding if we can't check
+
+
+async def _build_system_prompt(user_id: str | None) -> tuple[str, Any]:
+    """Build the full system prompt including business understanding if available.
+
+    Args:
+        user_id: The user ID for fetching business understanding
+                     If "default" and this is the user's first session, will use "onboarding" instead.
+
+    Returns:
+        Tuple of (compiled prompt string, Langfuse prompt object for tracing)
+    """
+
+    langfuse = _get_langfuse_client()
+
+    # cache_ttl_seconds=0 disables SDK caching to always get the latest prompt
+    prompt = langfuse.get_prompt(config.langfuse_prompt_name, cache_ttl_seconds=0)
+
+    # If user is authenticated, try to fetch their business understanding
+    understanding = None
+    if user_id:
+        try:
+            understanding = await get_business_understanding(user_id)
+        except Exception as e:
+            logger.warning(f"Failed to fetch business understanding: {e}")
+            understanding = None
+    if understanding:
+        context = format_understanding_for_prompt(understanding)
+    else:
+        context = "This is the first time you are meeting the user. Greet them and introduce them to the platform"
+
+    compiled = prompt.compile(users_information=context)
+    return compiled, prompt
+
+
+async def _generate_session_title(message: str) -> str | None:
+    """Generate a concise title for a chat session based on the first message.
+
+    Args:
+        message: The first user message in the session
+
+    Returns:
+        A short title (3-6 words) or None if generation fails
+    """
+    try:
+        response = await client.chat.completions.create(
+            model=config.title_model,
+            messages=[
+                {
+                    "role": "system",
+                    "content": (
+                        "Generate a very short title (3-6 words) for a chat conversation "
+                        "based on the user's first message. The title should capture the "
+                        "main topic or intent. Return ONLY the title, no quotes or punctuation."
+                    ),
+                },
+                {"role": "user", "content": message[:500]},  # Limit input length
+            ],
+            max_tokens=20,
+        )
+        title = response.choices[0].message.content
+        if title:
+            # Clean up the title
+            title = title.strip().strip("\"'")
+            # Limit length
+            if len(title) > 50:
+                title = title[:47] + "..."
+            return title
+        return None
+    except Exception as e:
+        logger.warning(f"Failed to generate session title: {e}")
+        return None
+
+
+async def assign_user_to_session(
+    session_id: str,
+    user_id: str,
+) -> ChatSession:
+    """
+    Assign a user to a chat session.
+    """
+    session = await get_chat_session(session_id, None)
+    if not session:
+        raise NotFoundError(f"Session {session_id} not found")
+    session.user_id = user_id
+    return await upsert_chat_session(session)
+
+
+async def stream_chat_completion(
+    session_id: str,
+    message: str | None = None,
+    is_user_message: bool = True,
+    user_id: str | None = None,
+    retry_count: int = 0,
+    session: ChatSession | None = None,
+    context: dict[str, str] | None = None,  # {url: str, content: str}
+) -> AsyncGenerator[StreamBaseResponse, None]:
+    """Main entry point for streaming chat completions with database handling.
+
+    This function handles all database operations and delegates streaming
+    to the internal _stream_chat_chunks function.
+
+    Args:
+        session_id: Chat session ID
+        user_message: User's input message
+        user_id: User ID for authentication (None for anonymous)
+        session: Optional pre-loaded session object (for recursive calls to avoid Redis refetch)
+
+    Yields:
+        StreamBaseResponse objects formatted as SSE
+
+    Raises:
+        NotFoundError: If session_id is invalid
+        ValueError: If max_context_messages is exceeded
+
+    """
+    logger.info(
+        f"Streaming chat completion for session {session_id} for message {message} and user id {user_id}. Message is user message: {is_user_message}"
+    )
+
+    # Check if Langfuse is configured - required for chat functionality
+    if not _is_langfuse_configured():
+        logger.error("Chat request failed: Langfuse is not configured")
+        yield StreamError(
+            errorText="Chat service is not available. Langfuse must be configured "
+            "with LANGFUSE_PUBLIC_KEY and LANGFUSE_SECRET_KEY environment variables."
+        )
+        yield StreamFinish()
+        return
+
+    # Langfuse observations will be created after session is loaded (need messages for input)
+    # Initialize to None so finally block can safely check and end them
+    trace = None
+    generation = None
+
+    # Only fetch from Redis if session not provided (initial call)
+    if session is None:
+        session = await get_chat_session(session_id, user_id)
+        logger.info(
+            f"Fetched session from Redis: {session.session_id if session else 'None'}, "
+            f"message_count={len(session.messages) if session else 0}"
+        )
+    else:
+        logger.info(
+            f"Using provided session object: {session.session_id}, "
+            f"message_count={len(session.messages)}"
+        )
+
+    if not session:
+        raise NotFoundError(
+            f"Session {session_id} not found. Please create a new session first."
+        )
+
+    if message:
+        # Build message content with context if provided
+        message_content = message
+        if context and context.get("url") and context.get("content"):
+            context_text = f"Page URL: {context['url']}\n\nPage Content:\n{context['content']}\n\n---\n\nUser Message: {message}"
+            message_content = context_text
+            logger.info(
+                f"Including page context: URL={context['url']}, content_length={len(context['content'])}"
+            )
+
+        session.messages.append(
+            ChatMessage(
+                role="user" if is_user_message else "assistant", content=message_content
+            )
+        )
+        logger.info(
+            f"Appended message (role={'user' if is_user_message else 'assistant'}), "
+            f"new message_count={len(session.messages)}"
+        )
+
+    if len(session.messages) > config.max_context_messages:
+        raise ValueError(f"Max messages exceeded: {config.max_context_messages}")
+
+    logger.info(
+        f"Upserting session: {session.session_id} with user id {session.user_id}, "
+        f"message_count={len(session.messages)}"
+    )
+    session = await upsert_chat_session(session)
+    assert session, "Session not found"
+
+    # Generate title for new sessions on first user message (non-blocking)
+    # Check: is_user_message, no title yet, and this is the first user message
+    if is_user_message and message and not session.title:
+        user_messages = [m for m in session.messages if m.role == "user"]
+        if len(user_messages) == 1:
+            # First user message - generate title in background
+            import asyncio
+
+            # Capture only the values we need (not the session object) to avoid
+            # stale data issues when the main flow modifies the session
+            captured_session_id = session_id
+            captured_message = message
+
+            async def _update_title():
+                try:
+                    title = await _generate_session_title(captured_message)
+                    if title:
+                        # Use dedicated title update function that doesn't
+                        # touch messages, avoiding race conditions
+                        await update_session_title(captured_session_id, title)
+                        logger.info(
+                            f"Generated title for session {captured_session_id}: {title}"
+                        )
+                except Exception as e:
+                    logger.warning(f"Failed to update session title: {e}")
+
+            # Fire and forget - don't block the chat response
+            asyncio.create_task(_update_title())
+
+    # Build system prompt with business understanding
+    system_prompt, langfuse_prompt = await _build_system_prompt(user_id)
+
+    # Build input messages including system prompt for complete Langfuse logging
+    trace_input_messages = [{"role": "system", "content": system_prompt}] + [
+        m.model_dump() for m in session.messages
+    ]
+
+    # Create Langfuse trace for this LLM call (each call gets its own trace, grouped by session_id)
+    # Using v3 SDK: start_observation creates a root span, update_trace sets trace-level attributes
+    try:
+        langfuse = _get_langfuse_client()
+        env = _get_environment()
+        trace = langfuse.start_observation(
+            name="chat_completion",
+            input={"messages": trace_input_messages},
+            metadata={
+                "environment": env,
+                "model": config.model,
+                "message_count": len(session.messages),
+                "prompt_name": langfuse_prompt.name if langfuse_prompt else None,
+                "prompt_version": langfuse_prompt.version if langfuse_prompt else None,
+            },
+        )
+        # Set trace-level attributes (session_id, user_id, tags)
+        trace.update_trace(
+            session_id=session_id,
+            user_id=user_id,
+            tags=[env, "copilot"],
+        )
+    except Exception as e:
+        logger.warning(f"Failed to create Langfuse trace: {e}")
+
+    # Initialize variables that will be used in finally block (must be defined before try)
+    assistant_response = ChatMessage(
+        role="assistant",
+        content="",
+    )
+    accumulated_tool_calls: list[dict[str, Any]] = []
+
+    # Wrap main logic in try/finally to ensure Langfuse observations are always ended
+    try:
+        has_yielded_end = False
+        has_yielded_error = False
+        has_done_tool_call = False
+        has_received_text = False
+        text_streaming_ended = False
+        tool_response_messages: list[ChatMessage] = []
+        should_retry = False
+
+        # Generate unique IDs for AI SDK protocol
+        import uuid as uuid_module
+
+        message_id = str(uuid_module.uuid4())
+        text_block_id = str(uuid_module.uuid4())
+
+        # Yield message start
+        yield StreamStart(messageId=message_id)
+
+        # Create Langfuse generation for each LLM call, linked to the prompt
+        # Using v3 SDK: start_observation with as_type="generation"
+        generation = (
+            trace.start_observation(
+                as_type="generation",
+                name="llm_call",
+                model=config.model,
+                input={"messages": trace_input_messages},
+                prompt=langfuse_prompt,
+            )
+            if trace
+            else None
+        )
+
+        try:
+            async for chunk in _stream_chat_chunks(
+                session=session,
+                tools=tools,
+                system_prompt=system_prompt,
+                text_block_id=text_block_id,
+            ):
+
+                if isinstance(chunk, StreamTextStart):
+                    # Emit text-start before first text delta
+                    if not has_received_text:
+                        yield chunk
+                elif isinstance(chunk, StreamTextDelta):
+                    delta = chunk.delta or ""
+                    assert assistant_response.content is not None
+                    assistant_response.content += delta
+                    has_received_text = True
+                    yield chunk
+                elif isinstance(chunk, StreamTextEnd):
+                    # Emit text-end after text completes
+                    if has_received_text and not text_streaming_ended:
+                        text_streaming_ended = True
+                        yield chunk
+                elif isinstance(chunk, StreamToolInputStart):
+                    # Emit text-end before first tool call, but only if we've received text
+                    if has_received_text and not text_streaming_ended:
+                        yield StreamTextEnd(id=text_block_id)
+                        text_streaming_ended = True
+                    yield chunk
+                elif isinstance(chunk, StreamToolInputAvailable):
+                    # Accumulate tool calls in OpenAI format
+                    accumulated_tool_calls.append(
+                        {
+                            "id": chunk.toolCallId,
+                            "type": "function",
+                            "function": {
+                                "name": chunk.toolName,
+                                "arguments": orjson.dumps(chunk.input).decode("utf-8"),
+                            },
+                        }
+                    )
+                elif isinstance(chunk, StreamToolOutputAvailable):
+                    result_content = (
+                        chunk.output
+                        if isinstance(chunk.output, str)
+                        else orjson.dumps(chunk.output).decode("utf-8")
+                    )
+                    tool_response_messages.append(
+                        ChatMessage(
+                            role="tool",
+                            content=result_content,
+                            tool_call_id=chunk.toolCallId,
+                        )
+                    )
+                    has_done_tool_call = True
+                    # Track if any tool execution failed
+                    if not chunk.success:
+                        logger.warning(
+                            f"Tool {chunk.toolName} (ID: {chunk.toolCallId}) execution failed"
+                        )
+                    yield chunk
+                elif isinstance(chunk, StreamFinish):
+                    if not has_done_tool_call:
+                        # Emit text-end before finish if we received text but haven't closed it
+                        if has_received_text and not text_streaming_ended:
+                            yield StreamTextEnd(id=text_block_id)
+                            text_streaming_ended = True
+                        has_yielded_end = True
+                        yield chunk
+                elif isinstance(chunk, StreamError):
+                    has_yielded_error = True
+                elif isinstance(chunk, StreamUsage):
+                    session.usage.append(
+                        Usage(
+                            prompt_tokens=chunk.promptTokens,
+                            completion_tokens=chunk.completionTokens,
+                            total_tokens=chunk.totalTokens,
+                        )
+                    )
+                else:
+                    logger.error(f"Unknown chunk type: {type(chunk)}", exc_info=True)
+        except Exception as e:
+            logger.error(f"Error during stream: {e!s}", exc_info=True)
+
+            # Check if this is a retryable error (JSON parsing, incomplete tool calls, etc.)
+            is_retryable = isinstance(e, (orjson.JSONDecodeError, KeyError, TypeError))
+
+            if is_retryable and retry_count < config.max_retries:
+                logger.info(
+                    f"Retryable error encountered. Attempt {retry_count + 1}/{config.max_retries}"
+                )
+                should_retry = True
+            else:
+                # Non-retryable error or max retries exceeded
+                # Save any partial progress before reporting error
+                messages_to_save: list[ChatMessage] = []
+
+                # Add assistant message if it has content or tool calls
+                if accumulated_tool_calls:
+                    assistant_response.tool_calls = accumulated_tool_calls
+                if assistant_response.content or assistant_response.tool_calls:
+                    messages_to_save.append(assistant_response)
+
+                # Add tool response messages after assistant message
+                messages_to_save.extend(tool_response_messages)
+
+                session.messages.extend(messages_to_save)
+                await upsert_chat_session(session)
+
+                if not has_yielded_error:
+                    error_message = str(e)
+                    if not is_retryable:
+                        error_message = f"Non-retryable error: {error_message}"
+                    elif retry_count >= config.max_retries:
+                        error_message = f"Max retries ({config.max_retries}) exceeded: {error_message}"
+
+                    error_response = StreamError(errorText=error_message)
+                    yield error_response
+                if not has_yielded_end:
+                    yield StreamFinish()
+                return
+
+        # Handle retry outside of exception handler to avoid nesting
+        if should_retry and retry_count < config.max_retries:
+            logger.info(
+                f"Retrying stream_chat_completion for session {session_id}, attempt {retry_count + 1}"
+            )
+            async for chunk in stream_chat_completion(
+                session_id=session.session_id,
+                user_id=user_id,
+                retry_count=retry_count + 1,
+                session=session,
+                context=context,
+            ):
+                yield chunk
+            return  # Exit after retry to avoid double-saving in finally block
+
+        # Normal completion path - save session and handle tool call continuation
+        logger.info(
+            f"Normal completion path: session={session.session_id}, "
+            f"current message_count={len(session.messages)}"
+        )
+
+        # Build the messages list in the correct order
+        messages_to_save: list[ChatMessage] = []
+
+        # Add assistant message with tool_calls if any
+        if accumulated_tool_calls:
+            assistant_response.tool_calls = accumulated_tool_calls
+            logger.info(
+                f"Added {len(accumulated_tool_calls)} tool calls to assistant message"
+            )
+        if assistant_response.content or assistant_response.tool_calls:
+            messages_to_save.append(assistant_response)
+            logger.info(
+                f"Saving assistant message with content_len={len(assistant_response.content or '')}, tool_calls={len(assistant_response.tool_calls or [])}"
+            )
+
+        # Add tool response messages after assistant message
+        messages_to_save.extend(tool_response_messages)
+        logger.info(
+            f"Saving {len(tool_response_messages)} tool response messages, "
+            f"total_to_save={len(messages_to_save)}"
+        )
+
+        session.messages.extend(messages_to_save)
+        logger.info(
+            f"Extended session messages, new message_count={len(session.messages)}"
+        )
+        await upsert_chat_session(session)
+
+        # If we did a tool call, stream the chat completion again to get the next response
+        if has_done_tool_call:
+            logger.info(
+                "Tool call executed, streaming chat completion again to get assistant response"
+            )
+            async for chunk in stream_chat_completion(
+                session_id=session.session_id,
+                user_id=user_id,
+                session=session,  # Pass session object to avoid Redis refetch
+                context=context,
+            ):
+                yield chunk
+
+    finally:
+        # Always end Langfuse observations to prevent resource leaks
+        # Guard against None and catch errors to avoid masking original exceptions
+        if generation is not None:
+            try:
+                latest_usage = session.usage[-1] if session.usage else None
+                generation.update(
+                    model=config.model,
+                    output={
+                        "content": assistant_response.content,
+                        "tool_calls": accumulated_tool_calls or None,
+                    },
+                    usage_details=(
+                        {
+                            "input": latest_usage.prompt_tokens,
+                            "output": latest_usage.completion_tokens,
+                            "total": latest_usage.total_tokens,
+                        }
+                        if latest_usage
+                        else None
+                    ),
+                )
+                generation.end()
+            except Exception as e:
+                logger.warning(f"Failed to end Langfuse generation: {e}")
+
+        if trace is not None:
+            try:
+                if accumulated_tool_calls:
+                    trace.update_trace(output={"tool_calls": accumulated_tool_calls})
+                else:
+                    trace.update_trace(output={"response": assistant_response.content})
+                trace.end()
+            except Exception as e:
+                logger.warning(f"Failed to end Langfuse trace: {e}")
+
+
+# Retry configuration for OpenAI API calls
+MAX_RETRIES = 3
+BASE_DELAY_SECONDS = 1.0
+MAX_DELAY_SECONDS = 30.0
+
+
+def _is_retryable_error(error: Exception) -> bool:
+    """Determine if an error is retryable."""
+    if isinstance(error, RateLimitError):
+        return True
+    if isinstance(error, APIConnectionError):
+        return True
+    if isinstance(error, APIStatusError):
+        # APIStatusError has a response with status_code
+        # Retry on 5xx status codes (server errors)
+        if error.response.status_code >= 500:
+            return True
+    if isinstance(error, APIError):
+        # Retry on overloaded errors or 500 errors (may not have status code)
+        error_message = str(error).lower()
+        if "overloaded" in error_message or "internal server error" in error_message:
+            return True
+    return False
+
+
+async def _stream_chat_chunks(
+    session: ChatSession,
+    tools: list[ChatCompletionToolParam],
+    system_prompt: str | None = None,
+    text_block_id: str | None = None,
+) -> AsyncGenerator[StreamBaseResponse, None]:
+    """
+    Pure streaming function for OpenAI chat completions with tool calling.
+
+    This function is database-agnostic and focuses only on streaming logic.
+    Implements exponential backoff retry for transient API errors.
+
+    Args:
+        session: Chat session with conversation history
+        tools: Available tools for the model
+        system_prompt: System prompt to prepend to messages
+
+    Yields:
+        SSE formatted JSON response objects
+
+    """
+    model = config.model
+
+    logger.info("Starting pure chat stream")
+
+    # Build messages with system prompt prepended
+    messages = session.to_openai_messages()
+    if system_prompt:
+        from openai.types.chat import ChatCompletionSystemMessageParam
+
+        system_message = ChatCompletionSystemMessageParam(
+            role="system",
+            content=system_prompt,
+        )
+        messages = [system_message] + messages
+
+    # Loop to handle tool calls and continue conversation
+    while True:
+        retry_count = 0
+        last_error: Exception | None = None
+
+        while retry_count <= MAX_RETRIES:
+            try:
+                logger.info(
+                    f"Creating OpenAI chat completion stream..."
+                    f"{f' (retry {retry_count}/{MAX_RETRIES})' if retry_count > 0 else ''}"
+                )
+
+                # Create the stream with proper types
+                stream = await client.chat.completions.create(
+                    model=model,
+                    messages=messages,
+                    tools=tools,
+                    tool_choice="auto",
+                    stream=True,
+                    stream_options={"include_usage": True},
+                )
+
+                # Variables to accumulate tool calls
+                tool_calls: list[dict[str, Any]] = []
+                active_tool_call_idx: int | None = None
+                finish_reason: str | None = None
+                # Track which tool call indices have had their start event emitted
+                emitted_start_for_idx: set[int] = set()
+
+                # Track if we've started the text block
+                text_started = False
+
+                # Process the stream
+                chunk: ChatCompletionChunk
+                async for chunk in stream:
+                    if chunk.usage:
+                        yield StreamUsage(
+                            promptTokens=chunk.usage.prompt_tokens,
+                            completionTokens=chunk.usage.completion_tokens,
+                            totalTokens=chunk.usage.total_tokens,
+                        )
+
+                    if chunk.choices:
+                        choice = chunk.choices[0]
+                        delta = choice.delta
+
+                        # Capture finish reason
+                        if choice.finish_reason:
+                            finish_reason = choice.finish_reason
+                            logger.info(f"Finish reason: {finish_reason}")
+
+                        # Handle content streaming
+                        if delta.content:
+                            # Emit text-start on first text content
+                            if not text_started and text_block_id:
+                                yield StreamTextStart(id=text_block_id)
+                                text_started = True
+                            # Stream the text delta
+                            text_response = StreamTextDelta(
+                                id=text_block_id or "",
+                                delta=delta.content,
+                            )
+                            yield text_response
+
+                        # Handle tool calls
+                        if delta.tool_calls:
+                            for tc_chunk in delta.tool_calls:
+                                idx = tc_chunk.index
+
+                                # Update active tool call index if needed
+                                if (
+                                    active_tool_call_idx is None
+                                    or active_tool_call_idx != idx
+                                ):
+                                    active_tool_call_idx = idx
+
+                                # Ensure we have a tool call object at this index
+                                while len(tool_calls) <= idx:
+                                    tool_calls.append(
+                                        {
+                                            "id": "",
+                                            "type": "function",
+                                            "function": {
+                                                "name": "",
+                                                "arguments": "",
+                                            },
+                                        },
+                                    )
+
+                                # Accumulate the tool call data
+                                if tc_chunk.id:
+                                    tool_calls[idx]["id"] = tc_chunk.id
+                                if tc_chunk.function:
+                                    if tc_chunk.function.name:
+                                        tool_calls[idx]["function"][
+                                            "name"
+                                        ] = tc_chunk.function.name
+                                    if tc_chunk.function.arguments:
+                                        tool_calls[idx]["function"][
+                                            "arguments"
+                                        ] += tc_chunk.function.arguments
+
+                                # Emit StreamToolInputStart only after we have the tool call ID
+                                if (
+                                    idx not in emitted_start_for_idx
+                                    and tool_calls[idx]["id"]
+                                    and tool_calls[idx]["function"]["name"]
+                                ):
+                                    yield StreamToolInputStart(
+                                        toolCallId=tool_calls[idx]["id"],
+                                        toolName=tool_calls[idx]["function"]["name"],
+                                    )
+                                    emitted_start_for_idx.add(idx)
+                logger.info(f"Stream complete. Finish reason: {finish_reason}")
+
+                # Yield all accumulated tool calls after the stream is complete
+                # This ensures all tool call arguments have been fully received
+                for idx, tool_call in enumerate(tool_calls):
+                    try:
+                        async for tc in _yield_tool_call(tool_calls, idx, session):
+                            yield tc
+                    except (orjson.JSONDecodeError, KeyError, TypeError) as e:
+                        logger.error(
+                            f"Failed to parse tool call {idx}: {e}",
+                            exc_info=True,
+                            extra={"tool_call": tool_call},
+                        )
+                        yield StreamError(
+                            errorText=f"Invalid tool call arguments for tool {tool_call.get('function', {}).get('name', 'unknown')}: {e}",
+                        )
+                        # Re-raise to trigger retry logic in the parent function
+                        raise
+
+                yield StreamFinish()
+                return
+            except Exception as e:
+                last_error = e
+                if _is_retryable_error(e) and retry_count < MAX_RETRIES:
+                    retry_count += 1
+                    # Calculate delay with exponential backoff
+                    delay = min(
+                        BASE_DELAY_SECONDS * (2 ** (retry_count - 1)),
+                        MAX_DELAY_SECONDS,
+                    )
+                    logger.warning(
+                        f"Retryable error in stream: {e!s}. "
+                        f"Retrying in {delay:.1f}s (attempt {retry_count}/{MAX_RETRIES})"
+                    )
+                    await asyncio.sleep(delay)
+                    continue  # Retry the stream
+                else:
+                    # Non-retryable error or max retries exceeded
+                    logger.error(
+                        f"Error in stream (not retrying): {e!s}",
+                        exc_info=True,
+                    )
+                    error_response = StreamError(errorText=str(e))
+                    yield error_response
+                    yield StreamFinish()
+                    return
+
+        # If we exit the retry loop without returning, it means we exhausted retries
+        if last_error:
+            logger.error(
+                f"Max retries ({MAX_RETRIES}) exceeded. Last error: {last_error!s}",
+                exc_info=True,
+            )
+            yield StreamError(errorText=f"Max retries exceeded: {last_error!s}")
+            yield StreamFinish()
+            return
+
+
+async def _yield_tool_call(
+    tool_calls: list[dict[str, Any]],
+    yield_idx: int,
+    session: ChatSession,
+) -> AsyncGenerator[StreamBaseResponse, None]:
+    """
+    Yield a tool call and its execution result.
+
+    Raises:
+        orjson.JSONDecodeError: If tool call arguments cannot be parsed as JSON
+        KeyError: If expected tool call fields are missing
+        TypeError: If tool call structure is invalid
+    """
+    tool_name = tool_calls[yield_idx]["function"]["name"]
+    tool_call_id = tool_calls[yield_idx]["id"]
+    logger.info(f"Yielding tool call: {tool_calls[yield_idx]}")
+
+    # Parse tool call arguments - handle empty arguments gracefully
+    raw_arguments = tool_calls[yield_idx]["function"]["arguments"]
+    if raw_arguments:
+        arguments = orjson.loads(raw_arguments)
+    else:
+        arguments = {}
+
+    yield StreamToolInputAvailable(
+        toolCallId=tool_call_id,
+        toolName=tool_name,
+        input=arguments,
+    )
+
+    tool_execution_response: StreamToolOutputAvailable = await execute_tool(
+        tool_name=tool_name,
+        parameters=arguments,
+        tool_call_id=tool_call_id,
+        user_id=session.user_id,
+        session=session,
+    )
+
+    logger.info(f"Yielding Tool execution response: {tool_execution_response}")
+    yield tool_execution_response

autogpt_platform/backend/backend/api/features/chat/service_test.py

@@ -3,19 +3,20 @@ from os import getenv
 
 import pytest
 
-import backend.server.v2.chat.service as chat_service
-from backend.server.v2.chat.response_model import (
-    StreamEnd,
+from . import service as chat_service
+from .model import create_chat_session, get_chat_session, upsert_chat_session
+from .response_model import (
     StreamError,
-    StreamTextChunk,
-    StreamToolExecutionResult,
+    StreamFinish,
+    StreamTextDelta,
+    StreamToolOutputAvailable,
 )
 
 logger = logging.getLogger(__name__)
 
 
 @pytest.mark.asyncio(loop_scope="session")
-async def test_stream_chat_completion():
+async def test_stream_chat_completion(setup_test_user, test_user_id):
     """
     Test the stream_chat_completion function.
     """
@@ -23,7 +24,7 @@ async def test_stream_chat_completion():
     if not api_key:
         return pytest.skip("OPEN_ROUTER_API_KEY is not set, skipping test")
 
-    session = await chat_service.create_chat_session()
+    session = await create_chat_session(test_user_id)
 
     has_errors = False
     has_ended = False
@@ -34,9 +35,9 @@ async def test_stream_chat_completion():
         logger.info(chunk)
         if isinstance(chunk, StreamError):
             has_errors = True
-        if isinstance(chunk, StreamTextChunk):
-            assistant_message += chunk.content
-        if isinstance(chunk, StreamEnd):
+        if isinstance(chunk, StreamTextDelta):
+            assistant_message += chunk.delta
+        if isinstance(chunk, StreamFinish):
             has_ended = True
 
     assert has_ended, "Chat completion did not end"
@@ -45,7 +46,7 @@ async def test_stream_chat_completion():
 
 
 @pytest.mark.asyncio(loop_scope="session")
-async def test_stream_chat_completion_with_tool_calls():
+async def test_stream_chat_completion_with_tool_calls(setup_test_user, test_user_id):
     """
     Test the stream_chat_completion function.
     """
@@ -53,8 +54,8 @@ async def test_stream_chat_completion_with_tool_calls():
     if not api_key:
         return pytest.skip("OPEN_ROUTER_API_KEY is not set, skipping test")
 
-    session = await chat_service.create_chat_session()
-    session = await chat_service.upsert_chat_session(session)
+    session = await create_chat_session(test_user_id)
+    session = await upsert_chat_session(session)
 
     has_errors = False
     has_ended = False
@@ -68,14 +69,14 @@ async def test_stream_chat_completion_with_tool_calls():
         if isinstance(chunk, StreamError):
             has_errors = True
 
-        if isinstance(chunk, StreamEnd):
+        if isinstance(chunk, StreamFinish):
             has_ended = True
-        if isinstance(chunk, StreamToolExecutionResult):
+        if isinstance(chunk, StreamToolOutputAvailable):
             had_tool_calls = True
 
     assert has_ended, "Chat completion did not end"
     assert not has_errors, "Error occurred while streaming chat completion"
     assert had_tool_calls, "Tool calls did not occur"
-    session = await chat_service.get_session(session.session_id)
+    session = await get_chat_session(session.session_id)
     assert session, "Session not found"
     assert session.usage, "Usage is empty"

autogpt_platform/backend/backend/api/features/chat/tools/__init__.py

@@ -0,0 +1,47 @@
+from typing import TYPE_CHECKING, Any
+
+from openai.types.chat import ChatCompletionToolParam
+
+from backend.api.features.chat.model import ChatSession
+
+from .add_understanding import AddUnderstandingTool
+from .agent_output import AgentOutputTool
+from .base import BaseTool
+from .find_agent import FindAgentTool
+from .find_library_agent import FindLibraryAgentTool
+from .run_agent import RunAgentTool
+
+if TYPE_CHECKING:
+    from backend.api.features.chat.response_model import StreamToolOutputAvailable
+
+# Single source of truth for all tools
+TOOL_REGISTRY: dict[str, BaseTool] = {
+    "add_understanding": AddUnderstandingTool(),
+    "find_agent": FindAgentTool(),
+    "find_library_agent": FindLibraryAgentTool(),
+    "run_agent": RunAgentTool(),
+    "agent_output": AgentOutputTool(),
+}
+
+# Export individual tool instances for backwards compatibility
+find_agent_tool = TOOL_REGISTRY["find_agent"]
+run_agent_tool = TOOL_REGISTRY["run_agent"]
+
+# Generated from registry for OpenAI API
+tools: list[ChatCompletionToolParam] = [
+    tool.as_openai_tool() for tool in TOOL_REGISTRY.values()
+]
+
+
+async def execute_tool(
+    tool_name: str,
+    parameters: dict[str, Any],
+    user_id: str | None,
+    session: ChatSession,
+    tool_call_id: str,
+) -> "StreamToolOutputAvailable":
+    """Execute a tool by name."""
+    tool = TOOL_REGISTRY.get(tool_name)
+    if not tool:
+        raise ValueError(f"Tool {tool_name} not found")
+    return await tool.execute(user_id, session, tool_call_id, **parameters)

autogpt_platform/backend/backend/api/features/chat/tools/_test_data.py

@@ -1,12 +1,13 @@
 import uuid
 from datetime import UTC, datetime
 from os import getenv
-from typing import cast
 
 import pytest
 from prisma.types import ProfileCreateInput
 from pydantic import SecretStr
 
+from backend.api.features.chat.model import ChatSession
+from backend.api.features.store import db as store_db
 from backend.blocks.firecrawl.scrape import FirecrawlScrapeBlock
 from backend.blocks.io import AgentInputBlock, AgentOutputBlock
 from backend.blocks.llm import AITextGeneratorBlock
@@ -15,11 +16,9 @@ from backend.data.graph import Graph, Link, Node, create_graph
 from backend.data.model import APIKeyCredentials
 from backend.data.user import get_or_create_user
 from backend.integrations.credentials_store import IntegrationCredentialsStore
-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.store import db as store_db
 
 
-def make_session(user_id: str | None = None):
+def make_session(user_id: str):
     return ChatSession(
         session_id=str(uuid.uuid4()),
         user_id=user_id,
@@ -51,15 +50,12 @@ async def setup_test_data():
     # 1b. Create a profile with username for the user (required for store agent lookup)
     username = user.email.split("@")[0]
     await prisma.profile.create(
-        data=cast(
-            ProfileCreateInput,
-            {
-                "userId": user.id,
-                "username": username,
-                "name": f"Test User {username}",
-                "description": "Test user profile",
-                "links": [],  # Required field - empty array for test profiles
-            },
+        data=ProfileCreateInput(
+            userId=user.id,
+            username=username,
+            name=f"Test User {username}",
+            description="Test user profile",
+            links=[],  # Required field - empty array for test profiles
         )
     )
 
@@ -177,15 +173,12 @@ async def setup_llm_test_data():
     # 1b. Create a profile with username for the user (required for store agent lookup)
     username = user.email.split("@")[0]
     await prisma.profile.create(
-        data=cast(
-            ProfileCreateInput,
-            {
-                "userId": user.id,
-                "username": username,
-                "name": f"Test User {username}",
-                "description": "Test user profile for LLM tests",
-                "links": [],  # Required field - empty array for test profiles
-            },
+        data=ProfileCreateInput(
+            userId=user.id,
+            username=username,
+            name=f"Test User {username}",
+            description="Test user profile for LLM tests",
+            links=[],  # Required field - empty array for test profiles
         )
     )
 
@@ -340,15 +333,12 @@ async def setup_firecrawl_test_data():
     # 1b. Create a profile with username for the user (required for store agent lookup)
     username = user.email.split("@")[0]
     await prisma.profile.create(
-        data=cast(
-            ProfileCreateInput,
-            {
-                "userId": user.id,
-                "username": username,
-                "name": f"Test User {username}",
-                "description": "Test user profile for Firecrawl tests",
-                "links": [],  # Required field - empty array for test profiles
-            },
+        data=ProfileCreateInput(
+            userId=user.id,
+            username=username,
+            name=f"Test User {username}",
+            description="Test user profile for Firecrawl tests",
+            links=[],  # Required field - empty array for test profiles
         )
     )
 

autogpt_platform/backend/backend/api/features/chat/tools/add_understanding.py

@@ -0,0 +1,119 @@
+"""Tool for capturing user business understanding incrementally."""
+
+import logging
+from typing import Any
+
+from backend.api.features.chat.model import ChatSession
+from backend.data.understanding import (
+    BusinessUnderstandingInput,
+    upsert_business_understanding,
+)
+
+from .base import BaseTool
+from .models import ErrorResponse, ToolResponseBase, UnderstandingUpdatedResponse
+
+logger = logging.getLogger(__name__)
+
+
+class AddUnderstandingTool(BaseTool):
+    """Tool for capturing user's business understanding incrementally."""
+
+    @property
+    def name(self) -> str:
+        return "add_understanding"
+
+    @property
+    def description(self) -> str:
+        return """Capture and store information about the user's business context,
+workflows, pain points, and automation goals. Call this tool whenever the user
+shares information about their business. Each call incrementally adds to the
+existing understanding - you don't need to provide all fields at once.
+
+Use this to build a comprehensive profile that helps recommend better agents
+and automations for the user's specific needs."""
+
+    @property
+    def parameters(self) -> dict[str, Any]:
+        # Auto-generate from Pydantic model schema
+        schema = BusinessUnderstandingInput.model_json_schema()
+        properties = {}
+        for field_name, field_schema in schema.get("properties", {}).items():
+            prop: dict[str, Any] = {"description": field_schema.get("description", "")}
+            # Handle anyOf for Optional types
+            if "anyOf" in field_schema:
+                for option in field_schema["anyOf"]:
+                    if option.get("type") != "null":
+                        prop["type"] = option.get("type", "string")
+                        if "items" in option:
+                            prop["items"] = option["items"]
+                        break
+            else:
+                prop["type"] = field_schema.get("type", "string")
+                if "items" in field_schema:
+                    prop["items"] = field_schema["items"]
+            properties[field_name] = prop
+        return {"type": "object", "properties": properties, "required": []}
+
+    @property
+    def requires_auth(self) -> bool:
+        """Requires authentication to store user-specific data."""
+        return True
+
+    async def _execute(
+        self,
+        user_id: str | None,
+        session: ChatSession,
+        **kwargs,
+    ) -> ToolResponseBase:
+        """
+        Capture and store business understanding incrementally.
+
+        Each call merges new data with existing understanding:
+        - String fields are overwritten if provided
+        - List fields are appended (with deduplication)
+        """
+        session_id = session.session_id
+
+        if not user_id:
+            return ErrorResponse(
+                message="Authentication required to save business understanding.",
+                session_id=session_id,
+            )
+
+        # Check if any data was provided
+        if not any(v is not None for v in kwargs.values()):
+            return ErrorResponse(
+                message="Please provide at least one field to update.",
+                session_id=session_id,
+            )
+
+        # Build input model from kwargs (only include fields defined in the model)
+        valid_fields = set(BusinessUnderstandingInput.model_fields.keys())
+        input_data = BusinessUnderstandingInput(
+            **{k: v for k, v in kwargs.items() if k in valid_fields}
+        )
+
+        # Track which fields were updated
+        updated_fields = [
+            k for k, v in kwargs.items() if k in valid_fields and v is not None
+        ]
+
+        # Upsert with merge
+        understanding = await upsert_business_understanding(user_id, input_data)
+
+        # Build current understanding summary (filter out empty values)
+        current_understanding = {
+            k: v
+            for k, v in understanding.model_dump(
+                exclude={"id", "user_id", "created_at", "updated_at"}
+            ).items()
+            if v is not None and v != [] and v != ""
+        }
+
+        return UnderstandingUpdatedResponse(
+            message=f"Updated understanding with: {', '.join(updated_fields)}. "
+            "I now have a better picture of your business context.",
+            session_id=session_id,
+            updated_fields=updated_fields,
+            current_understanding=current_understanding,
+        )

autogpt_platform/backend/backend/api/features/chat/tools/agent_output.py

@@ -0,0 +1,446 @@
+"""Tool for retrieving agent execution outputs from user's library."""
+
+import logging
+import re
+from datetime import datetime, timedelta, timezone
+from typing import Any
+
+from pydantic import BaseModel, field_validator
+
+from backend.api.features.chat.model import ChatSession
+from backend.api.features.library import db as library_db
+from backend.api.features.library.model import LibraryAgent
+from backend.data import execution as execution_db
+from backend.data.execution import ExecutionStatus, GraphExecution, GraphExecutionMeta
+
+from .base import BaseTool
+from .models import (
+    AgentOutputResponse,
+    ErrorResponse,
+    ExecutionOutputInfo,
+    NoResultsResponse,
+    ToolResponseBase,
+)
+from .utils import fetch_graph_from_store_slug
+
+logger = logging.getLogger(__name__)
+
+
+class AgentOutputInput(BaseModel):
+    """Input parameters for the agent_output tool."""
+
+    agent_name: str = ""
+    library_agent_id: str = ""
+    store_slug: str = ""
+    execution_id: str = ""
+    run_time: str = "latest"
+
+    @field_validator(
+        "agent_name",
+        "library_agent_id",
+        "store_slug",
+        "execution_id",
+        "run_time",
+        mode="before",
+    )
+    @classmethod
+    def strip_strings(cls, v: Any) -> Any:
+        """Strip whitespace from string fields."""
+        return v.strip() if isinstance(v, str) else v
+
+
+def parse_time_expression(
+    time_expr: str | None,
+) -> tuple[datetime | None, datetime | None]:
+    """
+    Parse time expression into datetime range (start, end).
+
+    Supports: "latest", "yesterday", "today", "last week", "last 7 days",
+    "last month", "last 30 days", ISO date "YYYY-MM-DD", ISO datetime.
+    """
+    if not time_expr or time_expr.lower() == "latest":
+        return None, None
+
+    now = datetime.now(timezone.utc)
+    today_start = now.replace(hour=0, minute=0, second=0, microsecond=0)
+    expr = time_expr.lower().strip()
+
+    # Relative time expressions lookup
+    relative_times: dict[str, tuple[datetime, datetime]] = {
+        "yesterday": (today_start - timedelta(days=1), today_start),
+        "today": (today_start, now),
+        "last week": (now - timedelta(days=7), now),
+        "last 7 days": (now - timedelta(days=7), now),
+        "last month": (now - timedelta(days=30), now),
+        "last 30 days": (now - timedelta(days=30), now),
+    }
+    if expr in relative_times:
+        return relative_times[expr]
+
+    # Try ISO date format (YYYY-MM-DD)
+    date_match = re.match(r"^(\d{4})-(\d{2})-(\d{2})$", expr)
+    if date_match:
+        try:
+            year, month, day = map(int, date_match.groups())
+            start = datetime(year, month, day, 0, 0, 0, tzinfo=timezone.utc)
+            return start, start + timedelta(days=1)
+        except ValueError:
+            # Invalid date components (e.g., month=13, day=32)
+            pass
+
+    # Try ISO datetime
+    try:
+        parsed = datetime.fromisoformat(expr.replace("Z", "+00:00"))
+        if parsed.tzinfo is None:
+            parsed = parsed.replace(tzinfo=timezone.utc)
+        return parsed - timedelta(hours=1), parsed + timedelta(hours=1)
+    except ValueError:
+        return None, None
+
+
+class AgentOutputTool(BaseTool):
+    """Tool for retrieving execution outputs from user's library agents."""
+
+    @property
+    def name(self) -> str:
+        return "agent_output"
+
+    @property
+    def description(self) -> str:
+        return """Retrieve execution outputs from agents in the user's library.
+
+        Identify the agent using one of:
+        - agent_name: Fuzzy search in user's library
+        - library_agent_id: Exact library agent ID
+        - store_slug: Marketplace format 'username/agent-name'
+
+        Select which run to retrieve using:
+        - execution_id: Specific execution ID
+        - run_time: 'latest' (default), 'yesterday', 'last week', or ISO date 'YYYY-MM-DD'
+        """
+
+    @property
+    def parameters(self) -> dict[str, Any]:
+        return {
+            "type": "object",
+            "properties": {
+                "agent_name": {
+                    "type": "string",
+                    "description": "Agent name to search for in user's library (fuzzy match)",
+                },
+                "library_agent_id": {
+                    "type": "string",
+                    "description": "Exact library agent ID",
+                },
+                "store_slug": {
+                    "type": "string",
+                    "description": "Marketplace identifier: 'username/agent-slug'",
+                },
+                "execution_id": {
+                    "type": "string",
+                    "description": "Specific execution ID to retrieve",
+                },
+                "run_time": {
+                    "type": "string",
+                    "description": (
+                        "Time filter: 'latest', 'yesterday', 'last week', or 'YYYY-MM-DD'"
+                    ),
+                },
+            },
+            "required": [],
+        }
+
+    @property
+    def requires_auth(self) -> bool:
+        return True
+
+    async def _resolve_agent(
+        self,
+        user_id: str,
+        agent_name: str | None,
+        library_agent_id: str | None,
+        store_slug: str | None,
+    ) -> tuple[LibraryAgent | None, str | None]:
+        """
+        Resolve agent from provided identifiers.
+        Returns (library_agent, error_message).
+        """
+        # Priority 1: Exact library agent ID
+        if library_agent_id:
+            try:
+                agent = await library_db.get_library_agent(library_agent_id, user_id)
+                return agent, None
+            except Exception as e:
+                logger.warning(f"Failed to get library agent by ID: {e}")
+                return None, f"Library agent '{library_agent_id}' not found"
+
+        # Priority 2: Store slug (username/agent-name)
+        if store_slug and "/" in store_slug:
+            username, agent_slug = store_slug.split("/", 1)
+            graph, _ = await fetch_graph_from_store_slug(username, agent_slug)
+            if not graph:
+                return None, f"Agent '{store_slug}' not found in marketplace"
+
+            # Find in user's library by graph_id
+            agent = await library_db.get_library_agent_by_graph_id(user_id, graph.id)
+            if not agent:
+                return (
+                    None,
+                    f"Agent '{store_slug}' is not in your library. "
+                    "Add it first to see outputs.",
+                )
+            return agent, None
+
+        # Priority 3: Fuzzy name search in library
+        if agent_name:
+            try:
+                response = await library_db.list_library_agents(
+                    user_id=user_id,
+                    search_term=agent_name,
+                    page_size=5,
+                )
+                if not response.agents:
+                    return (
+                        None,
+                        f"No agents matching '{agent_name}' found in your library",
+                    )
+
+                # Return best match (first result from search)
+                return response.agents[0], None
+            except Exception as e:
+                logger.error(f"Error searching library agents: {e}")
+                return None, f"Error searching for agent: {e}"
+
+        return (
+            None,
+            "Please specify an agent name, library_agent_id, or store_slug",
+        )
+
+    async def _get_execution(
+        self,
+        user_id: str,
+        graph_id: str,
+        execution_id: str | None,
+        time_start: datetime | None,
+        time_end: datetime | None,
+    ) -> tuple[GraphExecution | None, list[GraphExecutionMeta], str | None]:
+        """
+        Fetch execution(s) based on filters.
+        Returns (single_execution, available_executions_meta, error_message).
+        """
+        # If specific execution_id provided, fetch it directly
+        if execution_id:
+            execution = await execution_db.get_graph_execution(
+                user_id=user_id,
+                execution_id=execution_id,
+                include_node_executions=False,
+            )
+            if not execution:
+                return None, [], f"Execution '{execution_id}' not found"
+            return execution, [], None
+
+        # Get completed executions with time filters
+        executions = await execution_db.get_graph_executions(
+            graph_id=graph_id,
+            user_id=user_id,
+            statuses=[ExecutionStatus.COMPLETED],
+            created_time_gte=time_start,
+            created_time_lte=time_end,
+            limit=10,
+        )
+
+        if not executions:
+            return None, [], None  # No error, just no executions
+
+        # If only one execution, fetch full details
+        if len(executions) == 1:
+            full_execution = await execution_db.get_graph_execution(
+                user_id=user_id,
+                execution_id=executions[0].id,
+                include_node_executions=False,
+            )
+            return full_execution, [], None
+
+        # Multiple executions - return latest with full details, plus list of available
+        full_execution = await execution_db.get_graph_execution(
+            user_id=user_id,
+            execution_id=executions[0].id,
+            include_node_executions=False,
+        )
+        return full_execution, executions, None
+
+    def _build_response(
+        self,
+        agent: LibraryAgent,
+        execution: GraphExecution | None,
+        available_executions: list[GraphExecutionMeta],
+        session_id: str | None,
+    ) -> AgentOutputResponse:
+        """Build the response based on execution data."""
+        library_agent_link = f"/library/agents/{agent.id}"
+
+        if not execution:
+            return AgentOutputResponse(
+                message=f"No completed executions found for agent '{agent.name}'",
+                session_id=session_id,
+                agent_name=agent.name,
+                agent_id=agent.graph_id,
+                library_agent_id=agent.id,
+                library_agent_link=library_agent_link,
+                total_executions=0,
+            )
+
+        execution_info = ExecutionOutputInfo(
+            execution_id=execution.id,
+            status=execution.status.value,
+            started_at=execution.started_at,
+            ended_at=execution.ended_at,
+            outputs=dict(execution.outputs),
+            inputs_summary=execution.inputs if execution.inputs else None,
+        )
+
+        available_list = None
+        if len(available_executions) > 1:
+            available_list = [
+                {
+                    "id": e.id,
+                    "status": e.status.value,
+                    "started_at": e.started_at.isoformat() if e.started_at else None,
+                }
+                for e in available_executions[:5]
+            ]
+
+        message = f"Found execution outputs for agent '{agent.name}'"
+        if len(available_executions) > 1:
+            message += (
+                f". Showing latest of {len(available_executions)} matching executions."
+            )
+
+        return AgentOutputResponse(
+            message=message,
+            session_id=session_id,
+            agent_name=agent.name,
+            agent_id=agent.graph_id,
+            library_agent_id=agent.id,
+            library_agent_link=library_agent_link,
+            execution=execution_info,
+            available_executions=available_list,
+            total_executions=len(available_executions) if available_executions else 1,
+        )
+
+    async def _execute(
+        self,
+        user_id: str | None,
+        session: ChatSession,
+        **kwargs,
+    ) -> ToolResponseBase:
+        """Execute the agent_output tool."""
+        session_id = session.session_id
+
+        # Parse and validate input
+        try:
+            input_data = AgentOutputInput(**kwargs)
+        except Exception as e:
+            logger.error(f"Invalid input: {e}")
+            return ErrorResponse(
+                message="Invalid input parameters",
+                error=str(e),
+                session_id=session_id,
+            )
+
+        # Ensure user_id is present (should be guaranteed by requires_auth)
+        if not user_id:
+            return ErrorResponse(
+                message="User authentication required",
+                session_id=session_id,
+            )
+
+        # Check if at least one identifier is provided
+        if not any(
+            [
+                input_data.agent_name,
+                input_data.library_agent_id,
+                input_data.store_slug,
+                input_data.execution_id,
+            ]
+        ):
+            return ErrorResponse(
+                message=(
+                    "Please specify at least one of: agent_name, "
+                    "library_agent_id, store_slug, or execution_id"
+                ),
+                session_id=session_id,
+            )
+
+        # If only execution_id provided, we need to find the agent differently
+        if (
+            input_data.execution_id
+            and not input_data.agent_name
+            and not input_data.library_agent_id
+            and not input_data.store_slug
+        ):
+            # Fetch execution directly to get graph_id
+            execution = await execution_db.get_graph_execution(
+                user_id=user_id,
+                execution_id=input_data.execution_id,
+                include_node_executions=False,
+            )
+            if not execution:
+                return ErrorResponse(
+                    message=f"Execution '{input_data.execution_id}' not found",
+                    session_id=session_id,
+                )
+
+            # Find library agent by graph_id
+            agent = await library_db.get_library_agent_by_graph_id(
+                user_id, execution.graph_id
+            )
+            if not agent:
+                return NoResultsResponse(
+                    message=(
+                        f"Execution found but agent not in your library. "
+                        f"Graph ID: {execution.graph_id}"
+                    ),
+                    session_id=session_id,
+                    suggestions=["Add the agent to your library to see more details"],
+                )
+
+            return self._build_response(agent, execution, [], session_id)
+
+        # Resolve agent from identifiers
+        agent, error = await self._resolve_agent(
+            user_id=user_id,
+            agent_name=input_data.agent_name or None,
+            library_agent_id=input_data.library_agent_id or None,
+            store_slug=input_data.store_slug or None,
+        )
+
+        if error or not agent:
+            return NoResultsResponse(
+                message=error or "Agent not found",
+                session_id=session_id,
+                suggestions=[
+                    "Check the agent name or ID",
+                    "Make sure the agent is in your library",
+                ],
+            )
+
+        # Parse time expression
+        time_start, time_end = parse_time_expression(input_data.run_time)
+
+        # Fetch execution(s)
+        execution, available_executions, exec_error = await self._get_execution(
+            user_id=user_id,
+            graph_id=agent.graph_id,
+            execution_id=input_data.execution_id or None,
+            time_start=time_start,
+            time_end=time_end,
+        )
+
+        if exec_error:
+            return ErrorResponse(
+                message=exec_error,
+                session_id=session_id,
+            )
+
+        return self._build_response(agent, execution, available_executions, session_id)

autogpt_platform/backend/backend/api/features/chat/tools/agent_search.py

@@ -0,0 +1,151 @@
+"""Shared agent search functionality for find_agent and find_library_agent tools."""
+
+import logging
+from typing import Literal
+
+from backend.api.features.library import db as library_db
+from backend.api.features.store import db as store_db
+from backend.util.exceptions import DatabaseError, NotFoundError
+
+from .models import (
+    AgentInfo,
+    AgentsFoundResponse,
+    ErrorResponse,
+    NoResultsResponse,
+    ToolResponseBase,
+)
+
+logger = logging.getLogger(__name__)
+
+SearchSource = Literal["marketplace", "library"]
+
+
+async def search_agents(
+    query: str,
+    source: SearchSource,
+    session_id: str | None,
+    user_id: str | None = None,
+) -> ToolResponseBase:
+    """
+    Search for agents in marketplace or user library.
+
+    Args:
+        query: Search query string
+        source: "marketplace" or "library"
+        session_id: Chat session ID
+        user_id: User ID (required for library search)
+
+    Returns:
+        AgentsFoundResponse, NoResultsResponse, or ErrorResponse
+    """
+    if not query:
+        return ErrorResponse(
+            message="Please provide a search query", session_id=session_id
+        )
+
+    if source == "library" and not user_id:
+        return ErrorResponse(
+            message="User authentication required to search library",
+            session_id=session_id,
+        )
+
+    agents: list[AgentInfo] = []
+    try:
+        if source == "marketplace":
+            logger.info(f"Searching marketplace for: {query}")
+            results = await store_db.get_store_agents(search_query=query, page_size=5)
+            for agent in results.agents:
+                agents.append(
+                    AgentInfo(
+                        id=f"{agent.creator}/{agent.slug}",
+                        name=agent.agent_name,
+                        description=agent.description or "",
+                        source="marketplace",
+                        in_library=False,
+                        creator=agent.creator,
+                        category="general",
+                        rating=agent.rating,
+                        runs=agent.runs,
+                        is_featured=False,
+                    )
+                )
+        else:  # library
+            logger.info(f"Searching user library for: {query}")
+            results = await library_db.list_library_agents(
+                user_id=user_id,  # type: ignore[arg-type]
+                search_term=query,
+                page_size=10,
+            )
+            for agent in results.agents:
+                agents.append(
+                    AgentInfo(
+                        id=agent.id,
+                        name=agent.name,
+                        description=agent.description or "",
+                        source="library",
+                        in_library=True,
+                        creator=agent.creator_name,
+                        status=agent.status.value,
+                        can_access_graph=agent.can_access_graph,
+                        has_external_trigger=agent.has_external_trigger,
+                        new_output=agent.new_output,
+                        graph_id=agent.graph_id,
+                    )
+                )
+        logger.info(f"Found {len(agents)} agents in {source}")
+    except NotFoundError:
+        pass
+    except DatabaseError as e:
+        logger.error(f"Error searching {source}: {e}", exc_info=True)
+        return ErrorResponse(
+            message=f"Failed to search {source}. Please try again.",
+            error=str(e),
+            session_id=session_id,
+        )
+
+    if not agents:
+        suggestions = (
+            [
+                "Try more general terms",
+                "Browse categories in the marketplace",
+                "Check spelling",
+            ]
+            if source == "marketplace"
+            else [
+                "Try different keywords",
+                "Use find_agent to search the marketplace",
+                "Check your library at /library",
+            ]
+        )
+        no_results_msg = (
+            f"No agents found matching '{query}'. Try different keywords or browse the marketplace."
+            if source == "marketplace"
+            else f"No agents matching '{query}' found in your library."
+        )
+        return NoResultsResponse(
+            message=no_results_msg, session_id=session_id, suggestions=suggestions
+        )
+
+    title = f"Found {len(agents)} agent{'s' if len(agents) != 1 else ''} "
+    title += (
+        f"for '{query}'"
+        if source == "marketplace"
+        else f"in your library for '{query}'"
+    )
+
+    message = (
+        "Now you have found some options for the user to choose from. "
+        "You can add a link to a recommended agent at: /marketplace/agent/agent_id "
+        "Please ask the user if they would like to use any of these agents."
+        if source == "marketplace"
+        else "Found agents in the user's library. You can provide a link to view an agent at: "
+        "/library/agents/{agent_id}. Use agent_output to get execution results, or run_agent to execute."
+    )
+
+    return AgentsFoundResponse(
+        message=message,
+        title=title,
+        agents=agents,
+        count=len(agents),
+        session_id=session_id,
+    )

autogpt_platform/backend/backend/api/features/chat/tools/base.py

@@ -5,8 +5,8 @@ from typing import Any
 
 from openai.types.chat import ChatCompletionToolParam
 
-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.chat.response_model import StreamToolExecutionResult
+from backend.api.features.chat.model import ChatSession
+from backend.api.features.chat.response_model import StreamToolOutputAvailable
 
 from .models import ErrorResponse, NeedLoginResponse, ToolResponseBase
 
@@ -53,7 +53,7 @@ class BaseTool:
         session: ChatSession,
         tool_call_id: str,
         **kwargs,
-    ) -> StreamToolExecutionResult:
+    ) -> StreamToolOutputAvailable:
         """Execute the tool with authentication check.
 
         Args:
@@ -69,10 +69,10 @@ class BaseTool:
             logger.error(
                 f"Attempted tool call for {self.name} but user not authenticated"
             )
-            return StreamToolExecutionResult(
-                tool_id=tool_call_id,
-                tool_name=self.name,
-                result=NeedLoginResponse(
+            return StreamToolOutputAvailable(
+                toolCallId=tool_call_id,
+                toolName=self.name,
+                output=NeedLoginResponse(
                     message=f"Please sign in to use {self.name}",
                     session_id=session.session_id,
                 ).model_dump_json(),
@@ -81,17 +81,17 @@ class BaseTool:
 
         try:
             result = await self._execute(user_id, session, **kwargs)
-            return StreamToolExecutionResult(
-                tool_id=tool_call_id,
-                tool_name=self.name,
-                result=result.model_dump_json(),
+            return StreamToolOutputAvailable(
+                toolCallId=tool_call_id,
+                toolName=self.name,
+                output=result.model_dump_json(),
             )
         except Exception as e:
             logger.error(f"Error in {self.name}: {e}", exc_info=True)
-            return StreamToolExecutionResult(
-                tool_id=tool_call_id,
-                tool_name=self.name,
-                result=ErrorResponse(
+            return StreamToolOutputAvailable(
+                toolCallId=tool_call_id,
+                toolName=self.name,
+                output=ErrorResponse(
                     message=f"An error occurred while executing {self.name}",
                     error=str(e),
                     session_id=session.session_id,

autogpt_platform/backend/backend/api/features/chat/tools/find_agent.py

@@ -0,0 +1,46 @@
+"""Tool for discovering agents from marketplace."""
+
+from typing import Any
+
+from backend.api.features.chat.model import ChatSession
+
+from .agent_search import search_agents
+from .base import BaseTool
+from .models import ToolResponseBase
+
+
+class FindAgentTool(BaseTool):
+    """Tool for discovering agents from the marketplace."""
+
+    @property
+    def name(self) -> str:
+        return "find_agent"
+
+    @property
+    def description(self) -> str:
+        return (
+            "Discover agents from the marketplace based on capabilities and user needs."
+        )
+
+    @property
+    def parameters(self) -> dict[str, Any]:
+        return {
+            "type": "object",
+            "properties": {
+                "query": {
+                    "type": "string",
+                    "description": "Search query describing what the user wants to accomplish. Use single keywords for best results.",
+                },
+            },
+            "required": ["query"],
+        }
+
+    async def _execute(
+        self, user_id: str | None, session: ChatSession, **kwargs
+    ) -> ToolResponseBase:
+        return await search_agents(
+            query=kwargs.get("query", "").strip(),
+            source="marketplace",
+            session_id=session.session_id,
+            user_id=user_id,
+        )

autogpt_platform/backend/backend/api/features/chat/tools/find_library_agent.py

@@ -0,0 +1,52 @@
+"""Tool for searching agents in the user's library."""
+
+from typing import Any
+
+from backend.api.features.chat.model import ChatSession
+
+from .agent_search import search_agents
+from .base import BaseTool
+from .models import ToolResponseBase
+
+
+class FindLibraryAgentTool(BaseTool):
+    """Tool for searching agents in the user's library."""
+
+    @property
+    def name(self) -> str:
+        return "find_library_agent"
+
+    @property
+    def description(self) -> str:
+        return (
+            "Search for agents in the user's library. Use this to find agents "
+            "the user has already added to their library, including agents they "
+            "created or added from the marketplace."
+        )
+
+    @property
+    def parameters(self) -> dict[str, Any]:
+        return {
+            "type": "object",
+            "properties": {
+                "query": {
+                    "type": "string",
+                    "description": "Search query to find agents by name or description.",
+                },
+            },
+            "required": ["query"],
+        }
+
+    @property
+    def requires_auth(self) -> bool:
+        return True
+
+    async def _execute(
+        self, user_id: str | None, session: ChatSession, **kwargs
+    ) -> ToolResponseBase:
+        return await search_agents(
+            query=kwargs.get("query", "").strip(),
+            source="library",
+            session_id=session.session_id,
+            user_id=user_id,
+        )

autogpt_platform/backend/backend/api/features/chat/tools/models.py

@@ -1,5 +1,6 @@
 """Pydantic models for tool responses."""
 
+from datetime import datetime
 from enum import Enum
 from typing import Any
 
@@ -11,14 +12,15 @@ from backend.data.model import CredentialsMetaInput
 class ResponseType(str, Enum):
     """Types of tool responses."""
 
-    AGENT_CAROUSEL = "agent_carousel"
+    AGENTS_FOUND = "agents_found"
     AGENT_DETAILS = "agent_details"
     SETUP_REQUIREMENTS = "setup_requirements"
     EXECUTION_STARTED = "execution_started"
     NEED_LOGIN = "need_login"
     ERROR = "error"
     NO_RESULTS = "no_results"
-    SUCCESS = "success"
+    AGENT_OUTPUT = "agent_output"
+    UNDERSTANDING_UPDATED = "understanding_updated"
 
 
 # Base response model
@@ -51,14 +53,14 @@ class AgentInfo(BaseModel):
     graph_id: str | None = None
 
 
-class AgentCarouselResponse(ToolResponseBase):
+class AgentsFoundResponse(ToolResponseBase):
     """Response for find_agent tool."""
 
-    type: ResponseType = ResponseType.AGENT_CAROUSEL
+    type: ResponseType = ResponseType.AGENTS_FOUND
     title: str = "Available Agents"
     agents: list[AgentInfo]
     count: int
-    name: str = "agent_carousel"
+    name: str = "agents_found"
 
 
 class NoResultsResponse(ToolResponseBase):
@@ -173,3 +175,37 @@ class ErrorResponse(ToolResponseBase):
     type: ResponseType = ResponseType.ERROR
     error: str | None = None
     details: dict[str, Any] | None = None
+
+
+# Agent output models
+class ExecutionOutputInfo(BaseModel):
+    """Summary of a single execution's outputs."""
+
+    execution_id: str
+    status: str
+    started_at: datetime | None = None
+    ended_at: datetime | None = None
+    outputs: dict[str, list[Any]]
+    inputs_summary: dict[str, Any] | None = None
+
+
+class AgentOutputResponse(ToolResponseBase):
+    """Response for agent_output tool."""
+
+    type: ResponseType = ResponseType.AGENT_OUTPUT
+    agent_name: str
+    agent_id: str
+    library_agent_id: str | None = None
+    library_agent_link: str | None = None
+    execution: ExecutionOutputInfo | None = None
+    available_executions: list[dict[str, Any]] | None = None
+    total_executions: int = 0
+
+
+# Business understanding models
+class UnderstandingUpdatedResponse(ToolResponseBase):
+    """Response for add_understanding tool."""
+
+    type: ResponseType = ResponseType.UNDERSTANDING_UPDATED
+    updated_fields: list[str] = Field(default_factory=list)
+    current_understanding: dict[str, Any] = Field(default_factory=dict)

autogpt_platform/backend/backend/api/features/chat/tools/run_agent.py

@@ -5,14 +5,22 @@ from typing import Any
 
 from pydantic import BaseModel, Field, field_validator
 
+from backend.api.features.chat.config import ChatConfig
+from backend.api.features.chat.model import ChatSession
+from backend.api.features.library import db as library_db
 from backend.data.graph import GraphModel
 from backend.data.model import CredentialsMetaInput
 from backend.data.user import get_user_by_id
 from backend.executor import utils as execution_utils
-from backend.server.v2.chat.config import ChatConfig
-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.chat.tools.base import BaseTool
-from backend.server.v2.chat.tools.models import (
+from backend.util.clients import get_scheduler_client
+from backend.util.exceptions import DatabaseError, NotFoundError
+from backend.util.timezone_utils import (
+    convert_utc_time_to_user_timezone,
+    get_user_timezone_or_utc,
+)
+
+from .base import BaseTool
+from .models import (
     AgentDetails,
     AgentDetailsResponse,
     ErrorResponse,
@@ -23,19 +31,13 @@ from backend.server.v2.chat.tools.models import (
     ToolResponseBase,
     UserReadiness,
 )
-from backend.server.v2.chat.tools.utils import (
+from .utils import (
     check_user_has_required_credentials,
     extract_credentials_from_schema,
     fetch_graph_from_store_slug,
     get_or_create_library_agent,
     match_user_credentials_to_graph,
 )
-from backend.util.clients import get_scheduler_client
-from backend.util.exceptions import DatabaseError, NotFoundError
-from backend.util.timezone_utils import (
-    convert_utc_time_to_user_timezone,
-    get_user_timezone_or_utc,
-)
 
 logger = logging.getLogger(__name__)
 config = ChatConfig()
@@ -56,6 +58,7 @@ class RunAgentInput(BaseModel):
     """Input parameters for the run_agent tool."""
 
     username_agent_slug: str = ""
+    library_agent_id: str = ""
     inputs: dict[str, Any] = Field(default_factory=dict)
     use_defaults: bool = False
     schedule_name: str = ""
@@ -63,7 +66,12 @@ class RunAgentInput(BaseModel):
     timezone: str = "UTC"
 
     @field_validator(
-        "username_agent_slug", "schedule_name", "cron", "timezone", mode="before"
+        "username_agent_slug",
+        "library_agent_id",
+        "schedule_name",
+        "cron",
+        "timezone",
+        mode="before",
     )
     @classmethod
     def strip_strings(cls, v: Any) -> Any:
@@ -89,7 +97,7 @@ class RunAgentTool(BaseTool):
 
     @property
     def description(self) -> str:
-        return """Run or schedule an agent from the marketplace.
+        return """Run or schedule an agent from the marketplace or user's library.
 
         The tool automatically handles the setup flow:
         - Returns missing inputs if required fields are not provided
@@ -97,6 +105,10 @@ class RunAgentTool(BaseTool):
         - Executes immediately if all requirements are met
         - Schedules execution if cron expression is provided
 
+        Identify the agent using either:
+        - username_agent_slug: Marketplace format 'username/agent-name'
+        - library_agent_id: ID of an agent in the user's library
+
         For scheduled execution, provide: schedule_name, cron, and optionally timezone."""
 
     @property
@@ -108,6 +120,10 @@ class RunAgentTool(BaseTool):
                     "type": "string",
                     "description": "Agent identifier in format 'username/agent-name'",
                 },
+                "library_agent_id": {
+                    "type": "string",
+                    "description": "Library agent ID from user's library",
+                },
                 "inputs": {
                     "type": "object",
                     "description": "Input values for the agent",
@@ -130,7 +146,7 @@ class RunAgentTool(BaseTool):
                     "description": "IANA timezone for schedule (default: UTC)",
                 },
             },
-            "required": ["username_agent_slug"],
+            "required": [],
         }
 
     @property
@@ -148,10 +164,16 @@ class RunAgentTool(BaseTool):
         params = RunAgentInput(**kwargs)
         session_id = session.session_id
 
-        # Validate agent slug format
-        if not params.username_agent_slug or "/" not in params.username_agent_slug:
+        # Validate at least one identifier is provided
+        has_slug = params.username_agent_slug and "/" in params.username_agent_slug
+        has_library_id = bool(params.library_agent_id)
+
+        if not has_slug and not has_library_id:
             return ErrorResponse(
-                message="Please provide an agent slug in format 'username/agent-name'",
+                message=(
+                    "Please provide either a username_agent_slug "
+                    "(format 'username/agent-name') or a library_agent_id"
+                ),
                 session_id=session_id,
             )
 
@@ -166,13 +188,41 @@ class RunAgentTool(BaseTool):
         is_schedule = bool(params.schedule_name or params.cron)
 
         try:
-            # Step 1: Fetch agent details (always happens first)
-            username, agent_name = params.username_agent_slug.split("/", 1)
-            graph, store_agent = await fetch_graph_from_store_slug(username, agent_name)
+            # Step 1: Fetch agent details
+            graph: GraphModel | None = None
+            library_agent = None
+
+            # Priority: library_agent_id if provided
+            if has_library_id:
+                library_agent = await library_db.get_library_agent(
+                    params.library_agent_id, user_id
+                )
+                if not library_agent:
+                    return ErrorResponse(
+                        message=f"Library agent '{params.library_agent_id}' not found",
+                        session_id=session_id,
+                    )
+                # Get the graph from the library agent
+                from backend.data.graph import get_graph
+
+                graph = await get_graph(
+                    library_agent.graph_id,
+                    library_agent.graph_version,
+                    user_id=user_id,
+                )
+            else:
+                # Fetch from marketplace slug
+                username, agent_name = params.username_agent_slug.split("/", 1)
+                graph, _ = await fetch_graph_from_store_slug(username, agent_name)
 
             if not graph:
+                identifier = (
+                    params.library_agent_id
+                    if has_library_id
+                    else params.username_agent_slug
+                )
                 return ErrorResponse(
-                    message=f"Agent '{params.username_agent_slug}' not found in marketplace",
+                    message=f"Agent '{identifier}' not found",
                     session_id=session_id,
                 )
 

autogpt_platform/backend/backend/api/features/chat/tools/run_agent_test.py

@@ -1,15 +1,16 @@
 import uuid
+from unittest.mock import AsyncMock, patch
 
 import orjson
 import pytest
 
-from backend.server.v2.chat.tools._test_data import (
+from ._test_data import (
     make_session,
     setup_firecrawl_test_data,
     setup_llm_test_data,
     setup_test_data,
 )
-from backend.server.v2.chat.tools.run_agent import RunAgentTool
+from .run_agent import RunAgentTool
 
 # This is so the formatter doesn't remove the fixture imports
 setup_llm_test_data = setup_llm_test_data
@@ -17,6 +18,17 @@ setup_test_data = setup_test_data
 setup_firecrawl_test_data = setup_firecrawl_test_data
 
 
+@pytest.fixture(scope="session", autouse=True)
+def mock_embedding_functions():
+    """Mock embedding functions for all tests to avoid database/API dependencies."""
+    with patch(
+        "backend.api.features.store.db.ensure_embedding",
+        new_callable=AsyncMock,
+        return_value=True,
+    ):
+        yield
+
+
 @pytest.mark.asyncio(scope="session")
 async def test_run_agent(setup_test_data):
     """Test that the run_agent tool successfully executes an approved agent"""
@@ -46,11 +58,11 @@ async def test_run_agent(setup_test_data):
 
     # Verify the response
     assert response is not None
-    assert hasattr(response, "result")
+    assert hasattr(response, "output")
     # Parse the result JSON to verify the execution started
 
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
     assert "execution_id" in result_data
     assert "graph_id" in result_data
     assert result_data["graph_id"] == graph.id
@@ -86,11 +98,11 @@ async def test_run_agent_missing_inputs(setup_test_data):
 
     # Verify that we get an error response
     assert response is not None
-    assert hasattr(response, "result")
+    assert hasattr(response, "output")
     # The tool should return an ErrorResponse when setup info indicates not ready
 
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
     assert "message" in result_data
 
 
@@ -118,10 +130,10 @@ async def test_run_agent_invalid_agent_id(setup_test_data):
 
     # Verify that we get an error response
     assert response is not None
-    assert hasattr(response, "result")
+    assert hasattr(response, "output")
 
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
     assert "message" in result_data
     # Should get an error about failed setup or not found
     assert any(
@@ -158,12 +170,12 @@ async def test_run_agent_with_llm_credentials(setup_llm_test_data):
 
     # Verify the response
     assert response is not None
-    assert hasattr(response, "result")
+    assert hasattr(response, "output")
 
     # Parse the result JSON to verify the execution started
 
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
 
     # Should successfully start execution since credentials are available
     assert "execution_id" in result_data
@@ -195,9 +207,9 @@ async def test_run_agent_shows_available_inputs_when_none_provided(setup_test_da
     )
 
     assert response is not None
-    assert hasattr(response, "result")
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert hasattr(response, "output")
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
 
     # Should return agent_details type showing available inputs
     assert result_data.get("type") == "agent_details"
@@ -230,9 +242,9 @@ async def test_run_agent_with_use_defaults(setup_test_data):
     )
 
     assert response is not None
-    assert hasattr(response, "result")
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert hasattr(response, "output")
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
 
     # Should execute successfully
     assert "execution_id" in result_data
@@ -260,9 +272,9 @@ async def test_run_agent_missing_credentials(setup_firecrawl_test_data):
     )
 
     assert response is not None
-    assert hasattr(response, "result")
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert hasattr(response, "output")
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
 
     # Should return setup_requirements type with missing credentials
     assert result_data.get("type") == "setup_requirements"
@@ -292,9 +304,9 @@ async def test_run_agent_invalid_slug_format(setup_test_data):
     )
 
     assert response is not None
-    assert hasattr(response, "result")
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert hasattr(response, "output")
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
 
     # Should return error
     assert result_data.get("type") == "error"
@@ -305,9 +317,10 @@ async def test_run_agent_invalid_slug_format(setup_test_data):
 async def test_run_agent_unauthenticated():
     """Test that run_agent returns need_login for unauthenticated users."""
     tool = RunAgentTool()
-    session = make_session(user_id=None)
+    # Session has a user_id (session owner), but we test tool execution without user_id
+    session = make_session(user_id="test-session-owner")
 
-    # Execute without user_id
+    # Execute without user_id to test unauthenticated behavior
     response = await tool.execute(
         user_id=None,
         session_id=str(uuid.uuid4()),
@@ -318,9 +331,9 @@ async def test_run_agent_unauthenticated():
     )
 
     assert response is not None
-    assert hasattr(response, "result")
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert hasattr(response, "output")
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
 
     # Base tool returns need_login type for unauthenticated users
     assert result_data.get("type") == "need_login"
@@ -350,9 +363,9 @@ async def test_run_agent_schedule_without_cron(setup_test_data):
     )
 
     assert response is not None
-    assert hasattr(response, "result")
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert hasattr(response, "output")
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
 
     # Should return error about missing cron
     assert result_data.get("type") == "error"
@@ -382,9 +395,9 @@ async def test_run_agent_schedule_without_name(setup_test_data):
     )
 
     assert response is not None
-    assert hasattr(response, "result")
-    assert isinstance(response.result, str)
-    result_data = orjson.loads(response.result)
+    assert hasattr(response, "output")
+    assert isinstance(response.output, str)
+    result_data = orjson.loads(response.output)
 
     # Should return error about missing schedule_name
     assert result_data.get("type") == "error"

autogpt_platform/backend/backend/api/features/chat/tools/utils.py

@@ -3,13 +3,13 @@
 import logging
 from typing import Any
 
+from backend.api.features.library import db as library_db
+from backend.api.features.library import model as library_model
+from backend.api.features.store import db as store_db
 from backend.data import graph as graph_db
 from backend.data.graph import GraphModel
 from backend.data.model import CredentialsMetaInput
 from backend.integrations.creds_manager import IntegrationCredentialsManager
-from backend.server.v2.library import db as library_db
-from backend.server.v2.library import model as library_model
-from backend.server.v2.store import db as store_db
 from backend.util.exceptions import NotFoundError
 
 logger = logging.getLogger(__name__)

autogpt_platform/backend/backend/api/features/executions/review/review_routes_test.py

@@ -7,9 +7,10 @@ import pytest_mock
 from prisma.enums import ReviewStatus
 from pytest_snapshot.plugin import Snapshot
 
-from backend.server.rest_api import handle_internal_http_error
-from backend.server.v2.executions.review.model import PendingHumanReviewModel
-from backend.server.v2.executions.review.routes import router
+from backend.api.rest_api import handle_internal_http_error
+
+from .model import PendingHumanReviewModel
+from .routes import router
 
 # Using a fixed timestamp for reproducible tests
 FIXED_NOW = datetime.datetime(2023, 1, 1, 0, 0, 0, tzinfo=datetime.timezone.utc)
@@ -54,13 +55,13 @@ def sample_pending_review(test_user_id: str) -> PendingHumanReviewModel:
 
 
 def test_get_pending_reviews_empty(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     snapshot: Snapshot,
     test_user_id: str,
 ) -> None:
     """Test getting pending reviews when none exist"""
     mock_get_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_user"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_user"
     )
     mock_get_reviews.return_value = []
 
@@ -72,14 +73,14 @@ def test_get_pending_reviews_empty(
 
 
 def test_get_pending_reviews_with_data(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     sample_pending_review: PendingHumanReviewModel,
     snapshot: Snapshot,
     test_user_id: str,
 ) -> None:
     """Test getting pending reviews with data"""
     mock_get_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_user"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_user"
     )
     mock_get_reviews.return_value = [sample_pending_review]
 
@@ -94,14 +95,14 @@ def test_get_pending_reviews_with_data(
 
 
 def test_get_pending_reviews_for_execution_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     sample_pending_review: PendingHumanReviewModel,
     snapshot: Snapshot,
     test_user_id: str,
 ) -> None:
     """Test getting pending reviews for specific execution"""
     mock_get_graph_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_graph_execution_meta"
+        "backend.api.features.executions.review.routes.get_graph_execution_meta"
     )
     mock_get_graph_execution.return_value = {
         "id": "test_graph_exec_456",
@@ -109,7 +110,7 @@ def test_get_pending_reviews_for_execution_success(
     }
 
     mock_get_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
     )
     mock_get_reviews.return_value = [sample_pending_review]
 
@@ -121,24 +122,23 @@ def test_get_pending_reviews_for_execution_success(
     assert data[0]["graph_exec_id"] == "test_graph_exec_456"
 
 
-def test_get_pending_reviews_for_execution_access_denied(
-    mocker: pytest_mock.MockFixture,
-    test_user_id: str,
+def test_get_pending_reviews_for_execution_not_available(
+    mocker: pytest_mock.MockerFixture,
 ) -> None:
     """Test access denied when user doesn't own the execution"""
     mock_get_graph_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_graph_execution_meta"
+        "backend.api.features.executions.review.routes.get_graph_execution_meta"
     )
     mock_get_graph_execution.return_value = None
 
     response = client.get("/api/review/execution/test_graph_exec_456")
 
-    assert response.status_code == 403
-    assert "Access denied" in response.json()["detail"]
+    assert response.status_code == 404
+    assert "not found" in response.json()["detail"]
 
 
 def test_process_review_action_approve_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     sample_pending_review: PendingHumanReviewModel,
     test_user_id: str,
 ) -> None:
@@ -146,12 +146,12 @@ def test_process_review_action_approve_success(
     # Mock the route functions
 
     mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
     )
     mock_get_reviews_for_execution.return_value = [sample_pending_review]
 
     mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
     )
     # Create approved review for return
     approved_review = PendingHumanReviewModel(
@@ -174,11 +174,11 @@ def test_process_review_action_approve_success(
     mock_process_all_reviews.return_value = {"test_node_123": approved_review}
 
     mock_has_pending = mocker.patch(
-        "backend.server.v2.executions.review.routes.has_pending_reviews_for_graph_exec"
+        "backend.api.features.executions.review.routes.has_pending_reviews_for_graph_exec"
     )
     mock_has_pending.return_value = False
 
-    mocker.patch("backend.server.v2.executions.review.routes.add_graph_execution")
+    mocker.patch("backend.api.features.executions.review.routes.add_graph_execution")
 
     request_data = {
         "reviews": [
@@ -202,7 +202,7 @@ def test_process_review_action_approve_success(
 
 
 def test_process_review_action_reject_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     sample_pending_review: PendingHumanReviewModel,
     test_user_id: str,
 ) -> None:
@@ -210,12 +210,12 @@ def test_process_review_action_reject_success(
     # Mock the route functions
 
     mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
     )
     mock_get_reviews_for_execution.return_value = [sample_pending_review]
 
     mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
     )
     rejected_review = PendingHumanReviewModel(
         node_exec_id="test_node_123",
@@ -237,7 +237,7 @@ def test_process_review_action_reject_success(
     mock_process_all_reviews.return_value = {"test_node_123": rejected_review}
 
     mock_has_pending = mocker.patch(
-        "backend.server.v2.executions.review.routes.has_pending_reviews_for_graph_exec"
+        "backend.api.features.executions.review.routes.has_pending_reviews_for_graph_exec"
     )
     mock_has_pending.return_value = False
 
@@ -262,7 +262,7 @@ def test_process_review_action_reject_success(
 
 
 def test_process_review_action_mixed_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     sample_pending_review: PendingHumanReviewModel,
     test_user_id: str,
 ) -> None:
@@ -289,12 +289,12 @@ def test_process_review_action_mixed_success(
     # Mock the route functions
 
     mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
     )
     mock_get_reviews_for_execution.return_value = [sample_pending_review, second_review]
 
     mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
     )
     # Create approved version of first review
     approved_review = PendingHumanReviewModel(
@@ -338,7 +338,7 @@ def test_process_review_action_mixed_success(
     }
 
     mock_has_pending = mocker.patch(
-        "backend.server.v2.executions.review.routes.has_pending_reviews_for_graph_exec"
+        "backend.api.features.executions.review.routes.has_pending_reviews_for_graph_exec"
     )
     mock_has_pending.return_value = False
 
@@ -369,7 +369,7 @@ def test_process_review_action_mixed_success(
 
 
 def test_process_review_action_empty_request(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     test_user_id: str,
 ) -> None:
     """Test error when no reviews provided"""
@@ -386,19 +386,19 @@ def test_process_review_action_empty_request(
 
 
 def test_process_review_action_review_not_found(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     test_user_id: str,
 ) -> None:
     """Test error when review is not found"""
     # Mock the functions that extract graph execution ID from the request
     mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
     )
     mock_get_reviews_for_execution.return_value = []  # No reviews found
 
     # Mock process_all_reviews to simulate not finding reviews
     mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
     )
     # This should raise a ValueError with "Reviews not found" message based on the data/human_review.py logic
     mock_process_all_reviews.side_effect = ValueError(
@@ -422,20 +422,20 @@ def test_process_review_action_review_not_found(
 
 
 def test_process_review_action_partial_failure(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     sample_pending_review: PendingHumanReviewModel,
     test_user_id: str,
 ) -> None:
     """Test handling of partial failures in review processing"""
     # Mock the route functions
     mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
     )
     mock_get_reviews_for_execution.return_value = [sample_pending_review]
 
     # Mock partial failure in processing
     mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
     )
     mock_process_all_reviews.side_effect = ValueError("Some reviews failed validation")
 
@@ -456,20 +456,20 @@ def test_process_review_action_partial_failure(
 
 
 def test_process_review_action_invalid_node_exec_id(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
     sample_pending_review: PendingHumanReviewModel,
     test_user_id: str,
 ) -> None:
     """Test failure when trying to process review with invalid node execution ID"""
     # Mock the route functions
     mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
     )
     mock_get_reviews_for_execution.return_value = [sample_pending_review]
 
     # Mock validation failure - this should return 400, not 500
     mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
     )
     mock_process_all_reviews.side_effect = ValueError(
         "Invalid node execution ID format"

autogpt_platform/backend/backend/api/features/executions/review/routes.py

@@ -13,11 +13,8 @@ from backend.data.human_review import (
     process_all_reviews_for_execution,
 )
 from backend.executor.utils import add_graph_execution
-from backend.server.v2.executions.review.model import (
-    PendingHumanReviewModel,
-    ReviewRequest,
-    ReviewResponse,
-)
+
+from .model import PendingHumanReviewModel, ReviewRequest, ReviewResponse
 
 logger = logging.getLogger(__name__)
 
@@ -70,8 +67,7 @@ async def list_pending_reviews(
     response_model=List[PendingHumanReviewModel],
     responses={
         200: {"description": "List of pending reviews for the execution"},
-        400: {"description": "Invalid graph execution ID"},
-        403: {"description": "Access denied to graph execution"},
+        404: {"description": "Graph execution not found"},
         500: {"description": "Server error", "content": {"application/json": {}}},
     },
 )
@@ -94,7 +90,7 @@ async def list_pending_reviews_for_execution(
 
     Raises:
         HTTPException:
-            - 403: If user doesn't own the graph execution
+            - 404: If the graph execution doesn't exist or isn't owned by this user
             - 500: If authentication fails or database error occurs
 
     Note:
@@ -108,8 +104,8 @@ async def list_pending_reviews_for_execution(
     )
     if not graph_exec:
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Access denied to graph execution",
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Graph execution #{graph_exec_id} not found",
         )
 
     return await get_pending_reviews_for_execution(graph_exec_id, user_id)

autogpt_platform/backend/backend/api/features/integrations/router.py

@@ -17,6 +17,8 @@ from fastapi import (
 from pydantic import BaseModel, Field, SecretStr
 from starlette.status import HTTP_500_INTERNAL_SERVER_ERROR, HTTP_502_BAD_GATEWAY
 
+from backend.api.features.library.db import set_preset_webhook, update_preset
+from backend.api.features.library.model import LibraryAgentPreset
 from backend.data.graph import NodeModel, get_graph, set_node_webhook
 from backend.data.integrations import (
     WebhookEvent,
@@ -33,11 +35,7 @@ from backend.data.model import (
     OAuth2Credentials,
     UserIntegrations,
 )
-from backend.data.onboarding import (
-    OnboardingStep,
-    complete_onboarding_step,
-    increment_runs,
-)
+from backend.data.onboarding import OnboardingStep, complete_onboarding_step
 from backend.data.user import get_user_integrations
 from backend.executor.utils import add_graph_execution
 from backend.integrations.ayrshare import AyrshareClient, SocialPlatform
@@ -45,13 +43,6 @@ from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.oauth import CREDENTIALS_BY_PROVIDER, HANDLERS_BY_NAME
 from backend.integrations.providers import ProviderName
 from backend.integrations.webhooks import get_webhook_manager
-from backend.server.integrations.models import (
-    ProviderConstants,
-    ProviderNamesResponse,
-    get_all_provider_names,
-)
-from backend.server.v2.library.db import set_preset_webhook, update_preset
-from backend.server.v2.library.model import LibraryAgentPreset
 from backend.util.exceptions import (
     GraphNotInLibraryError,
     MissingConfigError,
@@ -60,6 +51,8 @@ from backend.util.exceptions import (
 )
 from backend.util.settings import Settings
 
+from .models import ProviderConstants, ProviderNamesResponse, get_all_provider_names
+
 if TYPE_CHECKING:
     from backend.integrations.oauth import BaseOAuthHandler
 
@@ -178,6 +171,7 @@ async def callback(
         f"Successfully processed OAuth callback for user {user_id} "
         f"and provider {provider.value}"
     )
+
     return CredentialsMetaResponse(
         id=credentials.id,
         provider=credentials.provider,
@@ -196,6 +190,7 @@ async def list_credentials(
     user_id: Annotated[str, Security(get_user_id)],
 ) -> list[CredentialsMetaResponse]:
     credentials = await creds_manager.store.get_all_creds(user_id)
+
     return [
         CredentialsMetaResponse(
             id=cred.id,
@@ -218,6 +213,7 @@ async def list_credentials_by_provider(
     user_id: Annotated[str, Security(get_user_id)],
 ) -> list[CredentialsMetaResponse]:
     credentials = await creds_manager.store.get_creds_by_provider(user_id, provider)
+
     return [
         CredentialsMetaResponse(
             id=cred.id,
@@ -381,7 +377,6 @@ async def webhook_ingress_generic(
         return
 
     await complete_onboarding_step(user_id, OnboardingStep.TRIGGER_WEBHOOK)
-    await increment_runs(user_id)
 
     # Execute all triggers concurrently for better performance
     tasks = []
@@ -834,6 +829,18 @@ async def list_providers() -> List[str]:
     return all_providers
 
 
+@router.get("/providers/system", response_model=List[str])
+async def list_system_providers() -> List[str]:
+    """
+    Get a list of providers that have platform credits (system credentials) available.
+
+    These providers can be used without the user providing their own API keys.
+    """
+    from backend.integrations.credentials_store import SYSTEM_PROVIDERS
+
+    return list(SYSTEM_PROVIDERS)
+
+
 @router.get("/providers/names", response_model=ProviderNamesResponse)
 async def get_provider_names() -> ProviderNamesResponse:
     """

autogpt_platform/backend/backend/api/features/library/db.py

@@ -1,20 +1,17 @@
 import asyncio
 import logging
-from typing import Literal, Optional, cast
+from typing import Literal, Optional
 
 import fastapi
 import prisma.errors
-import prisma.fields
 import prisma.models
 import prisma.types
-from prisma.types import LibraryAgentCreateInput
 
+import backend.api.features.store.exceptions as store_exceptions
+import backend.api.features.store.image_gen as store_image_gen
+import backend.api.features.store.media as store_media
 import backend.data.graph as graph_db
 import backend.data.integrations as integrations_db
-import backend.server.v2.library.model as library_model
-import backend.server.v2.store.exceptions as store_exceptions
-import backend.server.v2.store.image_gen as store_image_gen
-import backend.server.v2.store.media as store_media
 from backend.data.block import BlockInput
 from backend.data.db import transaction
 from backend.data.execution import get_graph_execution
@@ -29,6 +26,8 @@ from backend.util.json import SafeJson
 from backend.util.models import Pagination
 from backend.util.settings import Config
 
+from . import model as library_model
+
 logger = logging.getLogger(__name__)
 config = Config()
 integration_creds_manager = IntegrationCredentialsManager()
@@ -490,7 +489,7 @@ async def update_agent_version_in_library(
     agent_graph_version: int,
 ) -> library_model.LibraryAgent:
     """
-    Updates the agent version in the library if useGraphIsActiveVersion is True.
+    Updates the agent version in the library for any agent owned by the user.
 
     Args:
         user_id: Owner of the LibraryAgent.
@@ -499,20 +498,31 @@ async def update_agent_version_in_library(
 
     Raises:
         DatabaseError: If there's an error with the update.
+        NotFoundError: If no library agent is found for this user and agent.
     """
     logger.debug(
         f"Updating agent version in library for user #{user_id}, "
         f"agent #{agent_graph_id} v{agent_graph_version}"
     )
-    try:
-        library_agent = await prisma.models.LibraryAgent.prisma().find_first_or_raise(
+    async with transaction() as tx:
+        library_agent = await prisma.models.LibraryAgent.prisma(tx).find_first_or_raise(
             where={
                 "userId": user_id,
                 "agentGraphId": agent_graph_id,
-                "useGraphIsActiveVersion": True,
             },
         )
-        lib = await prisma.models.LibraryAgent.prisma().update(
+
+        # Delete any conflicting LibraryAgent for the target version
+        await prisma.models.LibraryAgent.prisma(tx).delete_many(
+            where={
+                "userId": user_id,
+                "agentGraphId": agent_graph_id,
+                "agentGraphVersion": agent_graph_version,
+                "id": {"not": library_agent.id},
+            }
+        )
+
+        lib = await prisma.models.LibraryAgent.prisma(tx).update(
             where={"id": library_agent.id},
             data={
                 "AgentGraph": {
@@ -526,19 +536,20 @@ async def update_agent_version_in_library(
             },
             include={"AgentGraph": True},
         )
-        if lib is None:
-            raise NotFoundError(f"Library agent {library_agent.id} not found")
 
-        return library_model.LibraryAgent.from_db(lib)
-    except prisma.errors.PrismaError as e:
-        logger.error(f"Database error updating agent version in library: {e}")
-        raise DatabaseError("Failed to update agent version in library") from e
+    if lib is None:
+        raise NotFoundError(
+            f"Failed to update library agent for {agent_graph_id} v{agent_graph_version}"
+        )
+
+    return library_model.LibraryAgent.from_db(lib)
 
 
 async def update_library_agent(
     library_agent_id: str,
     user_id: str,
     auto_update_version: Optional[bool] = None,
+    graph_version: Optional[int] = None,
     is_favorite: Optional[bool] = None,
     is_archived: Optional[bool] = None,
     is_deleted: Optional[Literal[False]] = None,
@@ -551,6 +562,7 @@ async def update_library_agent(
         library_agent_id: The ID of the LibraryAgent to update.
         user_id: The owner of this LibraryAgent.
         auto_update_version: Whether the agent should auto-update to active version.
+        graph_version: Specific graph version to update to.
         is_favorite: Whether this agent is marked as a favorite.
         is_archived: Whether this agent is archived.
         settings: User-specific settings for this library agent.
@@ -564,8 +576,8 @@ async def update_library_agent(
     """
     logger.debug(
         f"Updating library agent {library_agent_id} for user {user_id} with "
-        f"auto_update_version={auto_update_version}, is_favorite={is_favorite}, "
-        f"is_archived={is_archived}, settings={settings}"
+        f"auto_update_version={auto_update_version}, graph_version={graph_version}, "
+        f"is_favorite={is_favorite}, is_archived={is_archived}, settings={settings}"
     )
     update_fields: prisma.types.LibraryAgentUpdateManyMutationInput = {}
     if auto_update_version is not None:
@@ -582,10 +594,23 @@ async def update_library_agent(
         update_fields["isDeleted"] = is_deleted
     if settings is not None:
         update_fields["settings"] = SafeJson(settings.model_dump())
-    if not update_fields:
-        raise ValueError("No values were passed to update")
 
     try:
+        # If graph_version is provided, update to that specific version
+        if graph_version is not None:
+            # Get the current agent to find its graph_id
+            agent = await get_library_agent(id=library_agent_id, user_id=user_id)
+            # Update to the specified version using existing function
+            return await update_agent_version_in_library(
+                user_id=user_id,
+                agent_graph_id=agent.graph_id,
+                agent_graph_version=graph_version,
+            )
+
+        # Otherwise, just update the simple fields
+        if not update_fields:
+            raise ValueError("No values were passed to update")
+
         n_updated = await prisma.models.LibraryAgent.prisma().update_many(
             where={"id": library_agent_id, "userId": user_id},
             data=update_fields,
@@ -803,21 +828,19 @@ async def add_store_agent_to_library(
 
         # Create LibraryAgent entry
         added_agent = await prisma.models.LibraryAgent.prisma().create(
-            data=cast(
-                LibraryAgentCreateInput,
-                {
-                    "User": {"connect": {"id": user_id}},
-                    "AgentGraph": {
-                        "connect": {
-                            "graphVersionId": {"id": graph.id, "version": graph.version}
-                        }
-                    },
-                    "isCreatedByUser": False,
-                    "settings": SafeJson(
-                        _initialize_graph_settings(graph_model).model_dump()
-                    ),
+            data={
+                "User": {"connect": {"id": user_id}},
+                "AgentGraph": {
+                    "connect": {
+                        "graphVersionId": {"id": graph.id, "version": graph.version}
+                    }
                 },
-            ),
+                "isCreatedByUser": False,
+                "useGraphIsActiveVersion": False,
+                "settings": SafeJson(
+                    _initialize_graph_settings(graph_model).model_dump()
+                ),
+            },
             include=library_agent_include(
                 user_id, include_nodes=False, include_executions=False
             ),

autogpt_platform/backend/backend/api/features/library/db_test.py

@@ -1,16 +1,15 @@
 from datetime import datetime
 
 import prisma.enums
-import prisma.errors
 import prisma.models
-import prisma.types
 import pytest
 
-import backend.server.v2.library.db as db
-import backend.server.v2.store.exceptions
+import backend.api.features.store.exceptions
 from backend.data.db import connect
 from backend.data.includes import library_agent_include
 
+from . import db
+
 
 @pytest.mark.asyncio
 async def test_get_library_agents(mocker):
@@ -88,7 +87,7 @@ async def test_add_agent_to_library(mocker):
     await connect()
 
     # Mock the transaction context
-    mock_transaction = mocker.patch("backend.server.v2.library.db.transaction")
+    mock_transaction = mocker.patch("backend.api.features.library.db.transaction")
     mock_transaction.return_value.__aenter__ = mocker.AsyncMock(return_value=None)
     mock_transaction.return_value.__aexit__ = mocker.AsyncMock(return_value=None)
     # Mock data
@@ -151,7 +150,7 @@ async def test_add_agent_to_library(mocker):
     )
 
     # Mock graph_db.get_graph function that's called to check for HITL blocks
-    mock_graph_db = mocker.patch("backend.server.v2.library.db.graph_db")
+    mock_graph_db = mocker.patch("backend.api.features.library.db.graph_db")
     mock_graph_model = mocker.Mock()
     mock_graph_model.nodes = (
         []
@@ -159,7 +158,9 @@ async def test_add_agent_to_library(mocker):
     mock_graph_db.get_graph = mocker.AsyncMock(return_value=mock_graph_model)
 
     # Mock the model conversion
-    mock_from_db = mocker.patch("backend.server.v2.library.model.LibraryAgent.from_db")
+    mock_from_db = mocker.patch(
+        "backend.api.features.library.model.LibraryAgent.from_db"
+    )
     mock_from_db.return_value = mocker.Mock()
 
     # Call function
@@ -217,7 +218,7 @@ async def test_add_agent_to_library_not_found(mocker):
     )
 
     # Call function and verify exception
-    with pytest.raises(backend.server.v2.store.exceptions.AgentNotFoundError):
+    with pytest.raises(backend.api.features.store.exceptions.AgentNotFoundError):
         await db.add_store_agent_to_library("version123", "test-user")
 
     # Verify mock called correctly

autogpt_platform/backend/backend/api/features/library/model.py

@@ -48,6 +48,7 @@ class LibraryAgent(pydantic.BaseModel):
     id: str
     graph_id: str
     graph_version: int
+    owner_user_id: str  # ID of user who owns/created this agent graph
 
     image_url: str | None
 
@@ -163,6 +164,7 @@ class LibraryAgent(pydantic.BaseModel):
             id=agent.id,
             graph_id=agent.agentGraphId,
             graph_version=agent.agentGraphVersion,
+            owner_user_id=agent.userId,
             image_url=agent.imageUrl,
             creator_name=creator_name,
             creator_image_url=creator_image_url,
@@ -385,6 +387,9 @@ class LibraryAgentUpdateRequest(pydantic.BaseModel):
     auto_update_version: Optional[bool] = pydantic.Field(
         default=None, description="Auto-update the agent version"
     )
+    graph_version: Optional[int] = pydantic.Field(
+        default=None, description="Specific graph version to update to"
+    )
     is_favorite: Optional[bool] = pydantic.Field(
         default=None, description="Mark the agent as a favorite"
     )

autogpt_platform/backend/backend/api/features/library/model_test.py

@@ -3,7 +3,7 @@ import datetime
 import prisma.models
 import pytest
 
-import backend.server.v2.library.model as library_model
+from . import model as library_model
 
 
 @pytest.mark.asyncio

autogpt_platform/backend/backend/api/features/library/routes/agents.py

@@ -6,12 +6,13 @@ from fastapi import APIRouter, Body, HTTPException, Query, Security, status
 from fastapi.responses import Response
 from prisma.enums import OnboardingStep
 
-import backend.server.v2.library.db as library_db
-import backend.server.v2.library.model as library_model
-import backend.server.v2.store.exceptions as store_exceptions
+import backend.api.features.store.exceptions as store_exceptions
 from backend.data.onboarding import complete_onboarding_step
 from backend.util.exceptions import DatabaseError, NotFoundError
 
+from .. import db as library_db
+from .. import model as library_model
+
 logger = logging.getLogger(__name__)
 
 router = APIRouter(
@@ -284,6 +285,7 @@ async def update_library_agent(
             library_agent_id=library_agent_id,
             user_id=user_id,
             auto_update_version=payload.auto_update_version,
+            graph_version=payload.graph_version,
             is_favorite=payload.is_favorite,
             is_archived=payload.is_archived,
             settings=payload.settings,

autogpt_platform/backend/backend/api/features/library/routes/presets.py

@@ -4,19 +4,19 @@ from typing import Any, Optional
 import autogpt_libs.auth as autogpt_auth_lib
 from fastapi import APIRouter, Body, HTTPException, Query, Security, status
 
-import backend.server.v2.library.db as db
-import backend.server.v2.library.model as models
 from backend.data.execution import GraphExecutionMeta
 from backend.data.graph import get_graph
 from backend.data.integrations import get_webhook
 from backend.data.model import CredentialsMetaInput
-from backend.data.onboarding import increment_runs
 from backend.executor.utils import add_graph_execution, make_node_credentials_input_map
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.webhooks import get_webhook_manager
 from backend.integrations.webhooks.utils import setup_webhook_for_block
 from backend.util.exceptions import NotFoundError
 
+from .. import db
+from .. import model as models
+
 logger = logging.getLogger(__name__)
 
 credentials_manager = IntegrationCredentialsManager()
@@ -402,8 +402,6 @@ async def execute_preset(
     merged_node_input = preset.inputs | inputs
     merged_credential_inputs = preset.credentials | credential_inputs
 
-    await increment_runs(user_id)
-
     return await add_graph_execution(
         user_id=user_id,
         graph_id=preset.graph_id,

autogpt_platform/backend/backend/api/features/library/routes_test.py

@@ -7,10 +7,11 @@ import pytest
 import pytest_mock
 from pytest_snapshot.plugin import Snapshot
 
-import backend.server.v2.library.model as library_model
-from backend.server.v2.library.routes import router as library_router
 from backend.util.models import Pagination
 
+from . import model as library_model
+from .routes import router as library_router
+
 app = fastapi.FastAPI()
 app.include_router(library_router)
 
@@ -41,6 +42,7 @@ async def test_get_library_agents_success(
                 id="test-agent-1",
                 graph_id="test-agent-1",
                 graph_version=1,
+                owner_user_id=test_user_id,
                 name="Test Agent 1",
                 description="Test Description 1",
                 image_url=None,
@@ -63,6 +65,7 @@ async def test_get_library_agents_success(
                 id="test-agent-2",
                 graph_id="test-agent-2",
                 graph_version=1,
+                owner_user_id=test_user_id,
                 name="Test Agent 2",
                 description="Test Description 2",
                 image_url=None,
@@ -86,7 +89,7 @@ async def test_get_library_agents_success(
             total_items=2, total_pages=1, current_page=1, page_size=50
         ),
     )
-    mock_db_call = mocker.patch("backend.server.v2.library.db.list_library_agents")
+    mock_db_call = mocker.patch("backend.api.features.library.db.list_library_agents")
     mock_db_call.return_value = mocked_value
 
     response = client.get("/agents?search_term=test")
@@ -112,7 +115,7 @@ async def test_get_library_agents_success(
 
 
 def test_get_library_agents_error(mocker: pytest_mock.MockFixture, test_user_id: str):
-    mock_db_call = mocker.patch("backend.server.v2.library.db.list_library_agents")
+    mock_db_call = mocker.patch("backend.api.features.library.db.list_library_agents")
     mock_db_call.side_effect = Exception("Test error")
 
     response = client.get("/agents?search_term=test")
@@ -137,6 +140,7 @@ async def test_get_favorite_library_agents_success(
                 id="test-agent-1",
                 graph_id="test-agent-1",
                 graph_version=1,
+                owner_user_id=test_user_id,
                 name="Favorite Agent 1",
                 description="Test Favorite Description 1",
                 image_url=None,
@@ -161,7 +165,7 @@ async def test_get_favorite_library_agents_success(
         ),
     )
     mock_db_call = mocker.patch(
-        "backend.server.v2.library.db.list_favorite_library_agents"
+        "backend.api.features.library.db.list_favorite_library_agents"
     )
     mock_db_call.return_value = mocked_value
 
@@ -184,7 +188,7 @@ def test_get_favorite_library_agents_error(
     mocker: pytest_mock.MockFixture, test_user_id: str
 ):
     mock_db_call = mocker.patch(
-        "backend.server.v2.library.db.list_favorite_library_agents"
+        "backend.api.features.library.db.list_favorite_library_agents"
     )
     mock_db_call.side_effect = Exception("Test error")
 
@@ -204,6 +208,7 @@ def test_add_agent_to_library_success(
         id="test-library-agent-id",
         graph_id="test-agent-1",
         graph_version=1,
+        owner_user_id=test_user_id,
         name="Test Agent 1",
         description="Test Description 1",
         image_url=None,
@@ -223,11 +228,11 @@ def test_add_agent_to_library_success(
     )
 
     mock_db_call = mocker.patch(
-        "backend.server.v2.library.db.add_store_agent_to_library"
+        "backend.api.features.library.db.add_store_agent_to_library"
     )
     mock_db_call.return_value = mock_library_agent
     mock_complete_onboarding = mocker.patch(
-        "backend.server.v2.library.routes.agents.complete_onboarding_step",
+        "backend.api.features.library.routes.agents.complete_onboarding_step",
         new_callable=AsyncMock,
     )
 
@@ -249,7 +254,7 @@ def test_add_agent_to_library_success(
 
 def test_add_agent_to_library_error(mocker: pytest_mock.MockFixture, test_user_id: str):
     mock_db_call = mocker.patch(
-        "backend.server.v2.library.db.add_store_agent_to_library"
+        "backend.api.features.library.db.add_store_agent_to_library"
     )
     mock_db_call.side_effect = Exception("Test error")
 

autogpt_platform/backend/backend/api/features/oauth.py

@@ -5,11 +5,11 @@ Implements OAuth 2.0 Authorization Code flow with PKCE support.
 
 Flow:
 1. User clicks "Login with AutoGPT" in 3rd party app
-2. App redirects user to /oauth/authorize with client_id, redirect_uri, scope, state
+2. App redirects user to /auth/authorize with client_id, redirect_uri, scope, state
 3. User sees consent screen (if not already logged in, redirects to login first)
 4. User approves → backend creates authorization code
 5. User redirected back to app with code
-6. App exchanges code for access/refresh tokens at /oauth/token
+6. App exchanges code for access/refresh tokens at /api/oauth/token
 7. App uses access token to call external API endpoints
 """
 

autogpt_platform/backend/backend/api/features/oauth_test.py

@@ -16,7 +16,7 @@ import base64
 import hashlib
 import secrets
 import uuid
-from typing import AsyncGenerator, cast
+from typing import AsyncGenerator
 
 import httpx
 import pytest
@@ -27,15 +27,8 @@ from prisma.models import OAuthApplication as PrismaOAuthApplication
 from prisma.models import OAuthAuthorizationCode as PrismaOAuthAuthorizationCode
 from prisma.models import OAuthRefreshToken as PrismaOAuthRefreshToken
 from prisma.models import User as PrismaUser
-from prisma.types import (
-    OAuthAccessTokenCreateInput,
-    OAuthApplicationCreateInput,
-    OAuthAuthorizationCodeCreateInput,
-    OAuthRefreshTokenCreateInput,
-    UserCreateInput,
-)
 
-from backend.server.rest_api import app
+from backend.api.rest_api import app
 
 keysmith = APIKeySmith()
 
@@ -55,14 +48,11 @@ def test_user_id() -> str:
 async def test_user(server, test_user_id: str):
     """Create a test user in the database."""
     await PrismaUser.prisma().create(
-        data=cast(
-            UserCreateInput,
-            {
-                "id": test_user_id,
-                "email": f"oauth-test-{test_user_id}@example.com",
-                "name": "OAuth Test User",
-            },
-        )
+        data={
+            "id": test_user_id,
+            "email": f"oauth-test-{test_user_id}@example.com",
+            "name": "OAuth Test User",
+        }
     )
 
     yield test_user_id
@@ -87,25 +77,22 @@ async def test_oauth_app(test_user: str):
     client_secret_hash, client_secret_salt = keysmith.hash_key(client_secret_plaintext)
 
     await PrismaOAuthApplication.prisma().create(
-        data=cast(
-            OAuthApplicationCreateInput,
-            {
-                "id": app_id,
-                "name": "Test OAuth App",
-                "description": "Test application for integration tests",
-                "clientId": client_id,
-                "clientSecret": client_secret_hash,
-                "clientSecretSalt": client_secret_salt,
-                "redirectUris": [
-                    "https://example.com/callback",
-                    "http://localhost:3000/callback",
-                ],
-                "grantTypes": ["authorization_code", "refresh_token"],
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH, APIKeyPermission.READ_GRAPH],
-                "ownerId": test_user,
-                "isActive": True,
-            },
-        )
+        data={
+            "id": app_id,
+            "name": "Test OAuth App",
+            "description": "Test application for integration tests",
+            "clientId": client_id,
+            "clientSecret": client_secret_hash,
+            "clientSecretSalt": client_secret_salt,
+            "redirectUris": [
+                "https://example.com/callback",
+                "http://localhost:3000/callback",
+            ],
+            "grantTypes": ["authorization_code", "refresh_token"],
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH, APIKeyPermission.READ_GRAPH],
+            "ownerId": test_user,
+            "isActive": True,
+        }
     )
 
     yield {
@@ -309,22 +296,19 @@ async def inactive_oauth_app(test_user: str):
     client_secret_hash, client_secret_salt = keysmith.hash_key(client_secret_plaintext)
 
     await PrismaOAuthApplication.prisma().create(
-        data=cast(
-            OAuthApplicationCreateInput,
-            {
-                "id": app_id,
-                "name": "Inactive OAuth App",
-                "description": "Inactive test application",
-                "clientId": client_id,
-                "clientSecret": client_secret_hash,
-                "clientSecretSalt": client_secret_salt,
-                "redirectUris": ["https://example.com/callback"],
-                "grantTypes": ["authorization_code", "refresh_token"],
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH],
-                "ownerId": test_user,
-                "isActive": False,  # Inactive!
-            },
-        )
+        data={
+            "id": app_id,
+            "name": "Inactive OAuth App",
+            "description": "Inactive test application",
+            "clientId": client_id,
+            "clientSecret": client_secret_hash,
+            "clientSecretSalt": client_secret_salt,
+            "redirectUris": ["https://example.com/callback"],
+            "grantTypes": ["authorization_code", "refresh_token"],
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH],
+            "ownerId": test_user,
+            "isActive": False,  # Inactive!
+        }
     )
 
     yield {
@@ -715,17 +699,14 @@ async def test_token_authorization_code_expired(
     now = datetime.now(timezone.utc)
 
     await PrismaOAuthAuthorizationCode.prisma().create(
-        data=cast(
-            OAuthAuthorizationCodeCreateInput,
-            {
-                "code": expired_code,
-                "applicationId": test_oauth_app["id"],
-                "userId": test_user,
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH],
-                "redirectUri": test_oauth_app["redirect_uri"],
-                "expiresAt": now - timedelta(hours=1),  # Already expired
-            },
-        )
+        data={
+            "code": expired_code,
+            "applicationId": test_oauth_app["id"],
+            "userId": test_user,
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH],
+            "redirectUri": test_oauth_app["redirect_uri"],
+            "expiresAt": now - timedelta(hours=1),  # Already expired
+        }
     )
 
     response = await client.post(
@@ -961,16 +942,13 @@ async def test_token_refresh_expired(
     now = datetime.now(timezone.utc)
 
     await PrismaOAuthRefreshToken.prisma().create(
-        data=cast(
-            OAuthRefreshTokenCreateInput,
-            {
-                "token": expired_token_hash,
-                "applicationId": test_oauth_app["id"],
-                "userId": test_user,
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH],
-                "expiresAt": now - timedelta(days=1),  # Already expired
-            },
-        )
+        data={
+            "token": expired_token_hash,
+            "applicationId": test_oauth_app["id"],
+            "userId": test_user,
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH],
+            "expiresAt": now - timedelta(days=1),  # Already expired
+        }
     )
 
     response = await client.post(
@@ -1002,17 +980,14 @@ async def test_token_refresh_revoked(
     now = datetime.now(timezone.utc)
 
     await PrismaOAuthRefreshToken.prisma().create(
-        data=cast(
-            OAuthRefreshTokenCreateInput,
-            {
-                "token": revoked_token_hash,
-                "applicationId": test_oauth_app["id"],
-                "userId": test_user,
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH],
-                "expiresAt": now + timedelta(days=30),  # Not expired
-                "revokedAt": now - timedelta(hours=1),  # But revoked
-            },
-        )
+        data={
+            "token": revoked_token_hash,
+            "applicationId": test_oauth_app["id"],
+            "userId": test_user,
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH],
+            "expiresAt": now + timedelta(days=30),  # Not expired
+            "revokedAt": now - timedelta(hours=1),  # But revoked
+        }
     )
 
     response = await client.post(
@@ -1038,22 +1013,19 @@ async def other_oauth_app(test_user: str):
     client_secret_hash, client_secret_salt = keysmith.hash_key(client_secret_plaintext)
 
     await PrismaOAuthApplication.prisma().create(
-        data=cast(
-            OAuthApplicationCreateInput,
-            {
-                "id": app_id,
-                "name": "Other OAuth App",
-                "description": "Second test application",
-                "clientId": client_id,
-                "clientSecret": client_secret_hash,
-                "clientSecretSalt": client_secret_salt,
-                "redirectUris": ["https://other.example.com/callback"],
-                "grantTypes": ["authorization_code", "refresh_token"],
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH],
-                "ownerId": test_user,
-                "isActive": True,
-            },
-        )
+        data={
+            "id": app_id,
+            "name": "Other OAuth App",
+            "description": "Second test application",
+            "clientId": client_id,
+            "clientSecret": client_secret_hash,
+            "clientSecretSalt": client_secret_salt,
+            "redirectUris": ["https://other.example.com/callback"],
+            "grantTypes": ["authorization_code", "refresh_token"],
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH],
+            "ownerId": test_user,
+            "isActive": True,
+        }
     )
 
     yield {
@@ -1080,16 +1052,13 @@ async def test_token_refresh_wrong_application(
     now = datetime.now(timezone.utc)
 
     await PrismaOAuthRefreshToken.prisma().create(
-        data=cast(
-            OAuthRefreshTokenCreateInput,
-            {
-                "token": token_hash,
-                "applicationId": test_oauth_app["id"],  # Belongs to test_oauth_app
-                "userId": test_user,
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH],
-                "expiresAt": now + timedelta(days=30),
-            },
-        )
+        data={
+            "token": token_hash,
+            "applicationId": test_oauth_app["id"],  # Belongs to test_oauth_app
+            "userId": test_user,
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH],
+            "expiresAt": now + timedelta(days=30),
+        }
     )
 
     # Try to use it with `other_oauth_app`
@@ -1298,22 +1267,19 @@ async def test_validate_access_token_fails_when_app_disabled(
     client_secret_hash, client_secret_salt = keysmith.hash_key(client_secret_plaintext)
 
     await PrismaOAuthApplication.prisma().create(
-        data=cast(
-            OAuthApplicationCreateInput,
-            {
-                "id": app_id,
-                "name": "App To Be Disabled",
-                "description": "Test app for disabled validation",
-                "clientId": client_id,
-                "clientSecret": client_secret_hash,
-                "clientSecretSalt": client_secret_salt,
-                "redirectUris": ["https://example.com/callback"],
-                "grantTypes": ["authorization_code"],
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH],
-                "ownerId": test_user,
-                "isActive": True,
-            },
-        )
+        data={
+            "id": app_id,
+            "name": "App To Be Disabled",
+            "description": "Test app for disabled validation",
+            "clientId": client_id,
+            "clientSecret": client_secret_hash,
+            "clientSecretSalt": client_secret_salt,
+            "redirectUris": ["https://example.com/callback"],
+            "grantTypes": ["authorization_code"],
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH],
+            "ownerId": test_user,
+            "isActive": True,
+        }
     )
 
     # Create an access token directly in the database
@@ -1322,16 +1288,13 @@ async def test_validate_access_token_fails_when_app_disabled(
     now = datetime.now(timezone.utc)
 
     await PrismaOAuthAccessToken.prisma().create(
-        data=cast(
-            OAuthAccessTokenCreateInput,
-            {
-                "token": token_hash,
-                "applicationId": app_id,
-                "userId": test_user,
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH],
-                "expiresAt": now + timedelta(hours=1),
-            },
-        )
+        data={
+            "token": token_hash,
+            "applicationId": app_id,
+            "userId": test_user,
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH],
+            "expiresAt": now + timedelta(hours=1),
+        }
     )
 
     # Token should be valid while app is active
@@ -1598,22 +1561,19 @@ async def test_revoke_token_from_different_app_fails_silently(
     )
 
     await PrismaOAuthApplication.prisma().create(
-        data=cast(
-            OAuthApplicationCreateInput,
-            {
-                "id": app2_id,
-                "name": "Second Test OAuth App",
-                "description": "Second test application for cross-app revocation test",
-                "clientId": app2_client_id,
-                "clientSecret": app2_client_secret_hash,
-                "clientSecretSalt": app2_client_secret_salt,
-                "redirectUris": ["https://other-app.com/callback"],
-                "grantTypes": ["authorization_code", "refresh_token"],
-                "scopes": [APIKeyPermission.EXECUTE_GRAPH, APIKeyPermission.READ_GRAPH],
-                "ownerId": test_user,
-                "isActive": True,
-            },
-        )
+        data={
+            "id": app2_id,
+            "name": "Second Test OAuth App",
+            "description": "Second test application for cross-app revocation test",
+            "clientId": app2_client_id,
+            "clientSecret": app2_client_secret_hash,
+            "clientSecretSalt": app2_client_secret_salt,
+            "redirectUris": ["https://other-app.com/callback"],
+            "grantTypes": ["authorization_code", "refresh_token"],
+            "scopes": [APIKeyPermission.EXECUTE_GRAPH, APIKeyPermission.READ_GRAPH],
+            "ownerId": test_user,
+            "isActive": True,
+        }
     )
 
     # App 2 tries to revoke App 1's access token