updates

Auth API and other server-side routes were using NEXT_PUBLIC_AGPT_SERVER_URL
directly, which resolves to localhost:8006. When running in Docker, the
frontend container needs to reach the backend via the container name
(rest_server:8006) instead of localhost.

Updated all server-side auth routes to use environment.getAGPTServerApiUrl()
or environment.getAGPTServerBaseUrl() which correctly handle the Docker
environment by using AGPT_SERVER_URL when running server-side.

Files updated:
- src/lib/auth/api.ts
- src/app/api/auth/callback/reset-password/route.ts
- src/app/api/auth/user/route.ts
- src/app/(platform)/auth/callback/route.ts
- src/app/(platform)/auth/confirm/route.ts
- src/app/(platform)/profile/(user)/settings/.../actions.ts
- src/app/(platform)/reset-password/actions.ts

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.github/copilot-instructions.md

@@ -142,7 +142,7 @@ pnpm storybook                      # Start component development server
 ### Security & Middleware
 
 **Cache Protection**: Backend includes middleware preventing sensitive data caching in browsers/proxies
-**Authentication**: JWT-based with Supabase integration
+**Authentication**: JWT-based with native authentication
 **User ID Validation**: All data access requires user ID checks - verify this for any `data/*.py` changes
 
 ### Development Workflow
@@ -168,9 +168,9 @@ pnpm storybook                      # Start component development server
 
 - `frontend/src/app/layout.tsx` - Root application layout
 - `frontend/src/app/page.tsx` - Home page
-- `frontend/src/lib/supabase/` - Authentication and database client
+- `frontend/src/lib/auth/` - Authentication client
 
-**Protected Routes**: Update `frontend/lib/supabase/middleware.ts` when adding protected routes
+**Protected Routes**: Update `frontend/middleware.ts` when adding protected routes
 
 ### Agent Block System
 
@@ -194,7 +194,7 @@ Agents are built using a visual block-based system where each block performs a s
 
 1. **Backend**: `/backend/.env.default` → `/backend/.env` (user overrides)
 2. **Frontend**: `/frontend/.env.default` → `/frontend/.env` (user overrides)
-3. **Platform**: `/.env.default` (Supabase/shared) → `/.env` (user overrides)
+3. **Platform**: `/.env.default` (shared) → `/.env` (user overrides)
 4. Docker Compose `environment:` sections override file-based config
 5. Shell environment variables have highest precedence
 

.github/workflows/claude-dependabot.yml

@@ -144,11 +144,7 @@ jobs:
             "rabbitmq:management"
             "clamav/clamav-debian:latest"
             "busybox:latest"
-            "kong:2.8.1"
-            "supabase/gotrue:v2.170.0"
-            "supabase/postgres:15.8.1.049"
-            "supabase/postgres-meta:v0.86.1"
-            "supabase/studio:20250224-d10db0f"
+            "pgvector/pgvector:pg18"
           )
           
           # Check if any cached tar files exist (more reliable than cache-hit)

.github/workflows/claude.yml

@@ -160,11 +160,7 @@ jobs:
             "rabbitmq:management"
             "clamav/clamav-debian:latest"
             "busybox:latest"
-            "kong:2.8.1"
-            "supabase/gotrue:v2.170.0"
-            "supabase/postgres:15.8.1.049"
-            "supabase/postgres-meta:v0.86.1"
-            "supabase/studio:20250224-d10db0f"
+            "pgvector/pgvector:pg18"
           )
           
           # Check if any cached tar files exist (more reliable than cache-hit)

.github/workflows/copilot-setup-steps.yml

@@ -142,11 +142,7 @@ jobs:
             "rabbitmq:management"
             "clamav/clamav-debian:latest"
             "busybox:latest"
-            "kong:2.8.1"
-            "supabase/gotrue:v2.170.0"
-            "supabase/postgres:15.8.1.049"
-            "supabase/postgres-meta:v0.86.1"
-            "supabase/studio:20250224-d10db0f"
+            "pgvector/pgvector:pg18"
           )
           
           # Check if any cached tar files exist (more reliable than cache-hit)

.github/workflows/platform-backend-ci.yml

@@ -2,13 +2,13 @@ name: AutoGPT Platform - Backend CI
 
 on:
   push:
-    branches: [master, dev, ci-test*]
+    branches: [master, dev, ci-test*, native-auth]
     paths:
       - ".github/workflows/platform-backend-ci.yml"
       - "autogpt_platform/backend/**"
       - "autogpt_platform/autogpt_libs/**"
   pull_request:
-    branches: [master, dev, release-*]
+    branches: [master, dev, release-*, native-auth]
     paths:
       - ".github/workflows/platform-backend-ci.yml"
       - "autogpt_platform/backend/**"
@@ -36,6 +36,19 @@ jobs:
     runs-on: ubuntu-latest
 
     services:
+      postgres:
+        image: pgvector/pgvector:pg18
+        ports:
+          - 5432:5432
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: your-super-secret-and-long-postgres-password
+          POSTGRES_DB: postgres
+        options: >-
+          --health-cmd "pg_isready -U postgres"
+          --health-interval 5s
+          --health-timeout 5s
+          --health-retries 10
       redis:
         image: redis:latest
         ports:
@@ -78,11 +91,6 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
 
-      - name: Setup Supabase
-        uses: supabase/setup-cli@v1
-        with:
-          version: 1.178.1
-
       - id: get_date
         name: Get date
         run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
@@ -136,16 +144,6 @@ jobs:
       - name: Generate Prisma Client
         run: poetry run prisma generate
 
-      - id: supabase
-        name: Start Supabase
-        working-directory: .
-        run: |
-          supabase init
-          supabase start --exclude postgres-meta,realtime,storage-api,imgproxy,inbucket,studio,edge-runtime,logflare,vector,supavisor
-          supabase status -o env | sed 's/="/=/; s/"$//' >> $GITHUB_OUTPUT
-        # outputs:
-        # DB_URL, API_URL, GRAPHQL_URL, ANON_KEY, SERVICE_ROLE_KEY, JWT_SECRET
-
       - name: Wait for ClamAV to be ready
         run: |
           echo "Waiting for ClamAV daemon to start..."
@@ -178,8 +176,8 @@ jobs:
       - name: Run Database Migrations
         run: poetry run prisma migrate dev --name updates
         env:
-          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
-          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
+          DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@localhost:5432/postgres
+          DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@localhost:5432/postgres
 
       - id: lint
         name: Run Linter
@@ -195,11 +193,9 @@ jobs:
         if: success() || (failure() && steps.lint.outcome == 'failure')
         env:
           LOG_LEVEL: ${{ runner.debug && 'DEBUG' || 'INFO' }}
-          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
-          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
-          SUPABASE_URL: ${{ steps.supabase.outputs.API_URL }}
-          SUPABASE_SERVICE_ROLE_KEY: ${{ steps.supabase.outputs.SERVICE_ROLE_KEY }}
-          JWT_VERIFY_KEY: ${{ steps.supabase.outputs.JWT_SECRET }}
+          DATABASE_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@localhost:5432/postgres
+          DIRECT_URL: postgresql://postgres:your-super-secret-and-long-postgres-password@localhost:5432/postgres
+          JWT_SECRET: your-super-secret-jwt-token-with-at-least-32-characters-long
           REDIS_HOST: "localhost"
           REDIS_PORT: "6379"
           ENCRYPTION_KEY: "dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw=" # DO NOT USE IN PRODUCTION!!

.github/workflows/platform-frontend-ci.yml

@@ -2,11 +2,12 @@ name: AutoGPT Platform - Frontend CI
 
 on:
   push:
-    branches: [master, dev]
+    branches: [master, dev, native-auth]
     paths:
       - ".github/workflows/platform-frontend-ci.yml"
       - "autogpt_platform/frontend/**"
   pull_request:
+    branches: [master, dev, native-auth]
     paths:
       - ".github/workflows/platform-frontend-ci.yml"
       - "autogpt_platform/frontend/**"
@@ -147,7 +148,7 @@ jobs:
       - name: Enable corepack
         run: corepack enable
 
-      - name: Copy default supabase .env
+      - name: Copy default platform .env
         run: |
           cp ../.env.default ../.env
 

.github/workflows/platform-fullstack-ci.yml

@@ -1,12 +1,13 @@
-name: AutoGPT Platform - Frontend CI
+name: AutoGPT Platform - Fullstack CI
 
 on:
   push:
-    branches: [master, dev]
+    branches: [master, dev, native-auth]
     paths:
       - ".github/workflows/platform-fullstack-ci.yml"
       - "autogpt_platform/**"
   pull_request:
+    branches: [master, dev, native-auth]
     paths:
       - ".github/workflows/platform-fullstack-ci.yml"
       - "autogpt_platform/**"
@@ -58,14 +59,11 @@ jobs:
   types:
     runs-on: ubuntu-latest
     needs: setup
-    strategy:
-      fail-fast: false
+    timeout-minutes: 10
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-        with:
-          submodules: recursive
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
@@ -75,18 +73,6 @@ jobs:
       - name: Enable corepack
         run: corepack enable
 
-      - name: Copy default supabase .env
-        run: |
-          cp ../.env.default ../.env
-
-      - name: Copy backend .env
-        run: |
-          cp ../backend/.env.default ../backend/.env
-
-      - name: Run docker compose
-        run: |
-          docker compose -f ../docker-compose.yml --profile local --profile deps_backend up -d
-
       - name: Restore dependencies cache
         uses: actions/cache@v4
         with:
@@ -101,36 +87,12 @@ jobs:
       - name: Setup .env
         run: cp .env.default .env
 
-      - name: Wait for services to be ready
-        run: |
-          echo "Waiting for rest_server to be ready..."
-          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
-          echo "Waiting for database to be ready..."
-          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
-
       - name: Generate API queries
-        run: pnpm generate:api:force
-
-      - name: Check for API schema changes
-        run: |
-          if ! git diff --exit-code src/app/api/openapi.json; then
-            echo "❌ API schema changes detected in src/app/api/openapi.json"
-            echo ""
-            echo "The openapi.json file has been modified after running 'pnpm generate:api-all'."
-            echo "This usually means changes have been made in the BE endpoints without updating the Frontend."
-            echo "The API schema is now out of sync with the Front-end queries."
-            echo ""
-            echo "To fix this:"
-            echo "1. Pull the backend 'docker compose pull && docker compose up -d --build --force-recreate'"
-            echo "2. Run 'pnpm generate:api' locally"
-            echo "3. Run 'pnpm types' locally"
-            echo "4. Fix any TypeScript errors that may have been introduced"
-            echo "5. Commit and push your changes"
-            echo ""
-            exit 1
-          else
-            echo "✅ No API schema changes detected"
-          fi
+        run: pnpm generate:api
 
       - name: Run Typescript checks
         run: pnpm types
+
+    env:
+      CI: true
+      PLAIN_OUTPUT: True

.github/workflows/repo-close-stale-issues.yml

@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           # operations-per-run: 5000
           stale-issue-message: >

.github/workflows/repo-pr-label.yml

@@ -61,6 +61,6 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@v5
+      - uses: actions/labeler@v6
         with:
           sync-labels: true

AGENTS.md

@@ -49,5 +49,5 @@ Use conventional commit messages for all commits (e.g. `feat(backend): add API`)
 - Keep out-of-scope changes under 20% of the PR.
 - Ensure PR descriptions are complete.
 - For changes touching `data/*.py`, validate user ID checks or explain why not needed.
-- If adding protected frontend routes, update `frontend/lib/supabase/middleware.ts`.
+- If adding protected frontend routes, update `frontend/lib/auth/helpers.ts`.
 - Use the linear ticket branch structure if given codex/open-1668-resume-dropped-runs

autogpt_platform/.env.default

@@ -5,12 +5,6 @@
 
 POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password
 JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
-ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
-SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
-DASHBOARD_USERNAME=supabase
-DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
-SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
-VAULT_ENC_KEY=your-encryption-key-32-chars-min
 
 
 ############
@@ -24,100 +18,31 @@ POSTGRES_PORT=5432
 
 
 ############
-# Supavisor -- Database pooler
-############
-POOLER_PROXY_PORT_TRANSACTION=6543
-POOLER_DEFAULT_POOL_SIZE=20
-POOLER_MAX_CLIENT_CONN=100
-POOLER_TENANT_ID=your-tenant-id
-
-
-############
-# API Proxy - Configuration for the Kong Reverse proxy.
+# Auth - Native authentication configuration
 ############
 
-KONG_HTTP_PORT=8000
-KONG_HTTPS_PORT=8443
-
-
-############
-# API - Configuration for PostgREST.
-############
-
-PGRST_DB_SCHEMAS=public,storage,graphql_public
-
-
-############
-# Auth - Configuration for the GoTrue authentication server.
-############
-
-## General
 SITE_URL=http://localhost:3000
-ADDITIONAL_REDIRECT_URLS=
-JWT_EXPIRY=3600
-DISABLE_SIGNUP=false
-API_EXTERNAL_URL=http://localhost:8000
 
-## Mailer Config
-MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
-MAILER_URLPATHS_INVITE="/auth/v1/verify"
-MAILER_URLPATHS_RECOVERY="/auth/v1/verify"
-MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"
+# JWT token configuration
+ACCESS_TOKEN_EXPIRE_MINUTES=15
+REFRESH_TOKEN_EXPIRE_DAYS=7
+JWT_ISSUER=autogpt-platform
 
-## Email auth
-ENABLE_EMAIL_SIGNUP=true
-ENABLE_EMAIL_AUTOCONFIRM=false
-SMTP_ADMIN_EMAIL=admin@example.com
-SMTP_HOST=supabase-mail
-SMTP_PORT=2500
-SMTP_USER=fake_mail_user
-SMTP_PASS=fake_mail_password
-SMTP_SENDER_NAME=fake_sender
-ENABLE_ANONYMOUS_USERS=false
-
-## Phone auth
-ENABLE_PHONE_SIGNUP=true
-ENABLE_PHONE_AUTOCONFIRM=true
+# Google OAuth (optional)
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
 
 
 ############
-# Studio - Configuration for the Dashboard
+# Email configuration (optional)
 ############
 
-STUDIO_DEFAULT_ORGANIZATION=Default Organization
-STUDIO_DEFAULT_PROJECT=Default Project
+SMTP_HOST=
+SMTP_PORT=587
+SMTP_USER=
+SMTP_PASS=
+SMTP_FROM_EMAIL=noreply@example.com
 
-STUDIO_PORT=3000
-# replace if you intend to use Studio outside of localhost
-SUPABASE_PUBLIC_URL=http://localhost:8000
-
-# Enable webp support
-IMGPROXY_ENABLE_WEBP_DETECTION=true
-
-# Add your OpenAI API key to enable SQL Editor Assistant
-OPENAI_API_KEY=
-
-
-############
-# Functions - Configuration for Functions
-############
-# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
-FUNCTIONS_VERIFY_JWT=false
-
-
-############
-# Logs - Configuration for Logflare
-# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
-############
-
-LOGFLARE_LOGGER_BACKEND_API_KEY=your-super-secret-and-long-logflare-key
-
-# Change vector.toml sinks to reflect this change
-LOGFLARE_API_KEY=your-super-secret-and-long-logflare-key
 
 # Docker socket location - this value will differ depending on your OS
 DOCKER_SOCKET_LOCATION=/var/run/docker.sock
-
-# Google Cloud Project details
-GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
-GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER

autogpt_platform/Makefile

@@ -1,6 +1,6 @@
-.PHONY: start-core stop-core logs-core format lint migrate run-backend run-frontend
+.PHONY: start-core stop-core logs-core format lint migrate run-backend run-frontend load-store-agents
 
-# Run just Supabase + Redis + RabbitMQ
+# Run just PostgreSQL + Redis + RabbitMQ + ClamAV
 start-core:
 	docker compose up -d deps
 
@@ -42,11 +42,14 @@ run-frontend:
 
 test-data:
 	cd backend && poetry run python test/test_data_creator.py
-	
+
+load-store-agents:
+	cd backend && poetry run load-store-agents
+
 help:
 	@echo "Usage: make <target>"
 	@echo "Targets:"
-	@echo "  start-core - Start just the core services (Supabase, Redis, RabbitMQ) in background"
+	@echo "  start-core - Start just the core services (PostgreSQL, Redis, RabbitMQ, ClamAV) in background"
 	@echo "  stop-core - Stop the core services"
 	@echo "  reset-db - Reset the database by deleting the volume"
 	@echo "  logs-core - Tail the logs for core services"
@@ -54,4 +57,5 @@ help:
 	@echo "  migrate - Run backend database migrations"
 	@echo "  run-backend - Run the backend FastAPI server"
 	@echo "  run-frontend - Run the frontend Next.js development server"
-	@echo "  test-data - Run the test data creator"
+	@echo "  test-data - Run the test data creator"
+	@echo "  load-store-agents - Load store agents from agents/ folder into test database"

autogpt_platform/autogpt_libs/autogpt_libs/api_key/keysmith.py

@@ -57,6 +57,9 @@ class APIKeySmith:
 
     def hash_key(self, raw_key: str) -> tuple[str, str]:
         """Migrate a legacy hash to secure hash format."""
+        if not raw_key.startswith(self.PREFIX):
+            raise ValueError("Key without 'agpt_' prefix would fail validation")
+
         salt = self._generate_salt()
         hash = self._hash_key_with_salt(raw_key, salt)
         return hash, salt.hex()

autogpt_platform/autogpt_libs/autogpt_libs/auth/config.py

@@ -16,17 +16,37 @@ ALGO_RECOMMENDATION = (
     "We highly recommend using an asymmetric algorithm such as ES256, "
     "because when leaked, a shared secret would allow anyone to "
     "forge valid tokens and impersonate users. "
-    "More info: https://supabase.com/docs/guides/auth/signing-keys#choosing-the-right-signing-algorithm"  # noqa
+    "More info: https://pyjwt.readthedocs.io/en/stable/algorithms.html"
 )
 
 
 class Settings:
     def __init__(self):
+        # JWT verification key (public key for asymmetric, shared secret for symmetric)
         self.JWT_VERIFY_KEY: str = os.getenv(
             "JWT_VERIFY_KEY", os.getenv("SUPABASE_JWT_SECRET", "")
         ).strip()
+
+        # JWT signing key (private key for asymmetric, shared secret for symmetric)
+        # Falls back to JWT_VERIFY_KEY for symmetric algorithms like HS256
+        self.JWT_SIGN_KEY: str = os.getenv("JWT_SIGN_KEY", self.JWT_VERIFY_KEY).strip()
+
         self.JWT_ALGORITHM: str = os.getenv("JWT_SIGN_ALGORITHM", "HS256").strip()
 
+        # Token expiration settings
+        self.ACCESS_TOKEN_EXPIRE_MINUTES: int = int(
+            os.getenv("ACCESS_TOKEN_EXPIRE_MINUTES", "15")
+        )
+        self.REFRESH_TOKEN_EXPIRE_DAYS: int = int(
+            os.getenv("REFRESH_TOKEN_EXPIRE_DAYS", "7")
+        )
+
+        # JWT issuer claim
+        self.JWT_ISSUER: str = os.getenv("JWT_ISSUER", "autogpt-platform").strip()
+
+        # JWT audience claim
+        self.JWT_AUDIENCE: str = os.getenv("JWT_AUDIENCE", "authenticated").strip()
+
         self.validate()
 
     def validate(self):

autogpt_platform/autogpt_libs/autogpt_libs/auth/jwt_utils.py

@@ -1,4 +1,8 @@
+import hashlib
 import logging
+import secrets
+import uuid
+from datetime import datetime, timedelta, timezone
 from typing import Any
 
 import jwt
@@ -16,6 +20,57 @@ bearer_jwt_auth = HTTPBearer(
 )
 
 
+def create_access_token(
+    user_id: str,
+    email: str,
+    role: str = "authenticated",
+    email_verified: bool = False,
+) -> str:
+    """
+    Generate a new JWT access token.
+
+    :param user_id: The user's unique identifier
+    :param email: The user's email address
+    :param role: The user's role (default: "authenticated")
+    :param email_verified: Whether the user's email is verified
+    :return: Encoded JWT token
+    """
+    settings = get_settings()
+    now = datetime.now(timezone.utc)
+
+    payload = {
+        "sub": user_id,
+        "email": email,
+        "role": role,
+        "email_verified": email_verified,
+        "aud": settings.JWT_AUDIENCE,
+        "iss": settings.JWT_ISSUER,
+        "iat": now,
+        "exp": now + timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES),
+        "jti": str(uuid.uuid4()),  # Unique token ID
+    }
+
+    return jwt.encode(payload, settings.JWT_SIGN_KEY, algorithm=settings.JWT_ALGORITHM)
+
+
+def create_refresh_token() -> tuple[str, str]:
+    """
+    Generate a new refresh token.
+
+    Returns a tuple of (raw_token, hashed_token).
+    The raw token should be sent to the client.
+    The hashed token should be stored in the database.
+    """
+    raw_token = secrets.token_urlsafe(64)
+    hashed_token = hashlib.sha256(raw_token.encode()).hexdigest()
+    return raw_token, hashed_token
+
+
+def hash_token(token: str) -> str:
+    """Hash a token using SHA-256."""
+    return hashlib.sha256(token.encode()).hexdigest()
+
+
 async def get_jwt_payload(
     credentials: HTTPAuthorizationCredentials | None = Security(bearer_jwt_auth),
 ) -> dict[str, Any]:
@@ -52,11 +107,19 @@ def parse_jwt_token(token: str) -> dict[str, Any]:
     """
     settings = get_settings()
     try:
+        # Build decode options
+        options = {
+            "verify_aud": True,
+            "verify_iss": bool(settings.JWT_ISSUER),
+        }
+
         payload = jwt.decode(
             token,
             settings.JWT_VERIFY_KEY,
             algorithms=[settings.JWT_ALGORITHM],
-            audience="authenticated",
+            audience=settings.JWT_AUDIENCE,
+            issuer=settings.JWT_ISSUER if settings.JWT_ISSUER else None,
+            options=options,
         )
         return payload
     except jwt.ExpiredSignatureError:

autogpt_platform/autogpt_libs/autogpt_libs/auth/models.py

@@ -11,6 +11,7 @@ class User:
     email: str
     phone_number: str
     role: str
+    email_verified: bool = False
 
     @classmethod
     def from_payload(cls, payload):
@@ -18,5 +19,6 @@ class User:
             user_id=payload["sub"],
             email=payload.get("email", ""),
             phone_number=payload.get("phone", ""),
-            role=payload["role"],
+            role=payload.get("role", "authenticated"),
+            email_verified=payload.get("email_verified", False),
         )

autogpt_platform/autogpt_libs/poetry.lock

@@ -48,6 +48,21 @@ files = [
     {file = "async_timeout-5.0.1.tar.gz", hash = "sha256:d9321a7a3d5a6a5e187e824d2fa0793ce379a202935782d555d6e9d2735677d3"},
 ]
 
+[[package]]
+name = "authlib"
+version = "1.6.6"
+description = "The ultimate Python library in building OAuth and OpenID Connect servers and clients."
+optional = false
+python-versions = ">=3.9"
+groups = ["main"]
+files = [
+    {file = "authlib-1.6.6-py2.py3-none-any.whl", hash = "sha256:7d9e9bc535c13974313a87f53e8430eb6ea3d1cf6ae4f6efcd793f2e949143fd"},
+    {file = "authlib-1.6.6.tar.gz", hash = "sha256:45770e8e056d0f283451d9996fbb59b70d45722b45d854d58f32878d0a40c38e"},
+]
+
+[package.dependencies]
+cryptography = "*"
+
 [[package]]
 name = "backports-asyncio-runner"
 version = "1.2.0"
@@ -61,6 +76,71 @@ files = [
     {file = "backports_asyncio_runner-1.2.0.tar.gz", hash = "sha256:a5aa7b2b7d8f8bfcaa2b57313f70792df84e32a2a746f585213373f900b42162"},
 ]
 
+[[package]]
+name = "bcrypt"
+version = "4.3.0"
+description = "Modern password hashing for your software and your servers"
+optional = false
+python-versions = ">=3.8"
+groups = ["main"]
+files = [
+    {file = "bcrypt-4.3.0-cp313-cp313t-macosx_10_12_universal2.whl", hash = "sha256:f01e060f14b6b57bbb72fc5b4a83ac21c443c9a2ee708e04a10e9192f90a6281"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c5eeac541cefd0bb887a371ef73c62c3cd78535e4887b310626036a7c0a817bb"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:59e1aa0e2cd871b08ca146ed08445038f42ff75968c7ae50d2fdd7860ade2180"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_28_aarch64.whl", hash = "sha256:0042b2e342e9ae3d2ed22727c1262f76cc4f345683b5c1715f0250cf4277294f"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:74a8d21a09f5e025a9a23e7c0fd2c7fe8e7503e4d356c0a2c1486ba010619f09"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_28_x86_64.whl", hash = "sha256:0142b2cb84a009f8452c8c5a33ace5e3dfec4159e7735f5afe9a4d50a8ea722d"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_34_aarch64.whl", hash = "sha256:12fa6ce40cde3f0b899729dbd7d5e8811cb892d31b6f7d0334a1f37748b789fd"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-manylinux_2_34_x86_64.whl", hash = "sha256:5bd3cca1f2aa5dbcf39e2aa13dd094ea181f48959e1071265de49cc2b82525af"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-musllinux_1_1_aarch64.whl", hash = "sha256:335a420cfd63fc5bc27308e929bee231c15c85cc4c496610ffb17923abf7f231"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-musllinux_1_1_x86_64.whl", hash = "sha256:0e30e5e67aed0187a1764911af023043b4542e70a7461ad20e837e94d23e1d6c"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:3b8d62290ebefd49ee0b3ce7500f5dbdcf13b81402c05f6dafab9a1e1b27212f"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:2ef6630e0ec01376f59a006dc72918b1bf436c3b571b80fa1968d775fa02fe7d"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-win32.whl", hash = "sha256:7a4be4cbf241afee43f1c3969b9103a41b40bcb3a3f467ab19f891d9bc4642e4"},
+    {file = "bcrypt-4.3.0-cp313-cp313t-win_amd64.whl", hash = "sha256:5c1949bf259a388863ced887c7861da1df681cb2388645766c89fdfd9004c669"},
+    {file = "bcrypt-4.3.0-cp38-abi3-macosx_10_12_universal2.whl", hash = "sha256:f81b0ed2639568bf14749112298f9e4e2b28853dab50a8b357e31798686a036d"},
+    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:864f8f19adbe13b7de11ba15d85d4a428c7e2f344bac110f667676a0ff84924b"},
+    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3e36506d001e93bffe59754397572f21bb5dc7c83f54454c990c74a468cd589e"},
+    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:842d08d75d9fe9fb94b18b071090220697f9f184d4547179b60734846461ed59"},
+    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:7c03296b85cb87db865d91da79bf63d5609284fc0cab9472fdd8367bbd830753"},
+    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:62f26585e8b219cdc909b6a0069efc5e4267e25d4a3770a364ac58024f62a761"},
+    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:beeefe437218a65322fbd0069eb437e7c98137e08f22c4660ac2dc795c31f8bb"},
+    {file = "bcrypt-4.3.0-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:97eea7408db3a5bcce4a55d13245ab3fa566e23b4c67cd227062bb49e26c585d"},
+    {file = "bcrypt-4.3.0-cp38-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:191354ebfe305e84f344c5964c7cd5f924a3bfc5d405c75ad07f232b6dffb49f"},
+    {file = "bcrypt-4.3.0-cp38-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:41261d64150858eeb5ff43c753c4b216991e0ae16614a308a15d909503617732"},
+    {file = "bcrypt-4.3.0-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:33752b1ba962ee793fa2b6321404bf20011fe45b9afd2a842139de3011898fef"},
+    {file = "bcrypt-4.3.0-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:50e6e80a4bfd23a25f5c05b90167c19030cf9f87930f7cb2eacb99f45d1c3304"},
+    {file = "bcrypt-4.3.0-cp38-abi3-win32.whl", hash = "sha256:67a561c4d9fb9465ec866177e7aebcad08fe23aaf6fbd692a6fab69088abfc51"},
+    {file = "bcrypt-4.3.0-cp38-abi3-win_amd64.whl", hash = "sha256:584027857bc2843772114717a7490a37f68da563b3620f78a849bcb54dc11e62"},
+    {file = "bcrypt-4.3.0-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:0d3efb1157edebfd9128e4e46e2ac1a64e0c1fe46fb023158a407c7892b0f8c3"},
+    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:08bacc884fd302b611226c01014eca277d48f0a05187666bca23aac0dad6fe24"},
+    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f6746e6fec103fcd509b96bacdfdaa2fbde9a553245dbada284435173a6f1aef"},
+    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:afe327968aaf13fc143a56a3360cb27d4ad0345e34da12c7290f1b00b8fe9a8b"},
+    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:d9af79d322e735b1fc33404b5765108ae0ff232d4b54666d46730f8ac1a43676"},
+    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f1e3ffa1365e8702dc48c8b360fef8d7afeca482809c5e45e653af82ccd088c1"},
+    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:3004df1b323d10021fda07a813fd33e0fd57bef0e9a480bb143877f6cba996fe"},
+    {file = "bcrypt-4.3.0-cp39-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:531457e5c839d8caea9b589a1bcfe3756b0547d7814e9ce3d437f17da75c32b0"},
+    {file = "bcrypt-4.3.0-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:17a854d9a7a476a89dcef6c8bd119ad23e0f82557afbd2c442777a16408e614f"},
+    {file = "bcrypt-4.3.0-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:6fb1fd3ab08c0cbc6826a2e0447610c6f09e983a281b919ed721ad32236b8b23"},
+    {file = "bcrypt-4.3.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:e965a9c1e9a393b8005031ff52583cedc15b7884fce7deb8b0346388837d6cfe"},
+    {file = "bcrypt-4.3.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:79e70b8342a33b52b55d93b3a59223a844962bef479f6a0ea318ebbcadf71505"},
+    {file = "bcrypt-4.3.0-cp39-abi3-win32.whl", hash = "sha256:b4d4e57f0a63fd0b358eb765063ff661328f69a04494427265950c71b992a39a"},
+    {file = "bcrypt-4.3.0-cp39-abi3-win_amd64.whl", hash = "sha256:e53e074b120f2877a35cc6c736b8eb161377caae8925c17688bd46ba56daaa5b"},
+    {file = "bcrypt-4.3.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:c950d682f0952bafcceaf709761da0a32a942272fad381081b51096ffa46cea1"},
+    {file = "bcrypt-4.3.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:107d53b5c67e0bbc3f03ebf5b030e0403d24dda980f8e244795335ba7b4a027d"},
+    {file = "bcrypt-4.3.0-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:b693dbb82b3c27a1604a3dff5bfc5418a7e6a781bb795288141e5f80cf3a3492"},
+    {file = "bcrypt-4.3.0-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:b6354d3760fcd31994a14c89659dee887f1351a06e5dac3c1142307172a79f90"},
+    {file = "bcrypt-4.3.0-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a839320bf27d474e52ef8cb16449bb2ce0ba03ca9f44daba6d93fa1d8828e48a"},
+    {file = "bcrypt-4.3.0-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:bdc6a24e754a555d7316fa4774e64c6c3997d27ed2d1964d55920c7c227bc4ce"},
+    {file = "bcrypt-4.3.0-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:55a935b8e9a1d2def0626c4269db3fcd26728cbff1e84f0341465c31c4ee56d8"},
+    {file = "bcrypt-4.3.0-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:57967b7a28d855313a963aaea51bf6df89f833db4320da458e5b3c5ab6d4c938"},
+    {file = "bcrypt-4.3.0.tar.gz", hash = "sha256:3a3fd2204178b6d2adcf09cb4f6426ffef54762577a7c9b54c159008cb288c18"},
+]
+
+[package.extras]
+tests = ["pytest (>=3.2.1,!=3.3.0)"]
+typecheck = ["mypy"]
+
 [[package]]
 name = "cachetools"
 version = "5.5.2"
@@ -459,21 +539,6 @@ ssh = ["bcrypt (>=3.1.5)"]
 test = ["certifi (>=2024)", "cryptography-vectors (==45.0.6)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]
 
-[[package]]
-name = "deprecation"
-version = "2.1.0"
-description = "A library to handle automated deprecations"
-optional = false
-python-versions = "*"
-groups = ["main"]
-files = [
-    {file = "deprecation-2.1.0-py2.py3-none-any.whl", hash = "sha256:a10811591210e1fb0e768a8c25517cabeabcba6f0bf96564f8ff45189f90b14a"},
-    {file = "deprecation-2.1.0.tar.gz", hash = "sha256:72b3bde64e5d778694b0cf68178aed03d15e15477116add3fb773e581f9518ff"},
-]
-
-[package.dependencies]
-packaging = "*"
-
 [[package]]
 name = "exceptiongroup"
 version = "1.3.0"
@@ -695,23 +760,6 @@ protobuf = ">=3.20.2,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4
 [package.extras]
 grpc = ["grpcio (>=1.44.0,<2.0.0)"]
 
-[[package]]
-name = "gotrue"
-version = "2.12.3"
-description = "Python Client Library for Supabase Auth"
-optional = false
-python-versions = "<4.0,>=3.9"
-groups = ["main"]
-files = [
-    {file = "gotrue-2.12.3-py3-none-any.whl", hash = "sha256:b1a3c6a5fe3f92e854a026c4c19de58706a96fd5fbdcc3d620b2802f6a46a26b"},
-    {file = "gotrue-2.12.3.tar.gz", hash = "sha256:f874cf9d0b2f0335bfbd0d6e29e3f7aff79998cd1c14d2ad814db8c06cee3852"},
-]
-
-[package.dependencies]
-httpx = {version = ">=0.26,<0.29", extras = ["http2"]}
-pydantic = ">=1.10,<3"
-pyjwt = ">=2.10.1,<3.0.0"
-
 [[package]]
 name = "grpc-google-iam-v1"
 version = "0.14.2"
@@ -822,94 +870,6 @@ files = [
     {file = "h11-0.16.0.tar.gz", hash = "sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1"},
 ]
 
-[[package]]
-name = "h2"
-version = "4.2.0"
-description = "Pure-Python HTTP/2 protocol implementation"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "h2-4.2.0-py3-none-any.whl", hash = "sha256:479a53ad425bb29af087f3458a61d30780bc818e4ebcf01f0b536ba916462ed0"},
-    {file = "h2-4.2.0.tar.gz", hash = "sha256:c8a52129695e88b1a0578d8d2cc6842bbd79128ac685463b887ee278126ad01f"},
-]
-
-[package.dependencies]
-hpack = ">=4.1,<5"
-hyperframe = ">=6.1,<7"
-
-[[package]]
-name = "hpack"
-version = "4.1.0"
-description = "Pure-Python HPACK header encoding"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "hpack-4.1.0-py3-none-any.whl", hash = "sha256:157ac792668d995c657d93111f46b4535ed114f0c9c8d672271bbec7eae1b496"},
-    {file = "hpack-4.1.0.tar.gz", hash = "sha256:ec5eca154f7056aa06f196a557655c5b009b382873ac8d1e66e79e87535f1dca"},
-]
-
-[[package]]
-name = "httpcore"
-version = "1.0.9"
-description = "A minimal low-level HTTP client."
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "httpcore-1.0.9-py3-none-any.whl", hash = "sha256:2d400746a40668fc9dec9810239072b40b4484b640a8c38fd654a024c7a1bf55"},
-    {file = "httpcore-1.0.9.tar.gz", hash = "sha256:6e34463af53fd2ab5d807f399a9b45ea31c3dfa2276f15a2c3f00afff6e176e8"},
-]
-
-[package.dependencies]
-certifi = "*"
-h11 = ">=0.16"
-
-[package.extras]
-asyncio = ["anyio (>=4.0,<5.0)"]
-http2 = ["h2 (>=3,<5)"]
-socks = ["socksio (==1.*)"]
-trio = ["trio (>=0.22.0,<1.0)"]
-
-[[package]]
-name = "httpx"
-version = "0.28.1"
-description = "The next generation HTTP client."
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "httpx-0.28.1-py3-none-any.whl", hash = "sha256:d909fcccc110f8c7faf814ca82a9a4d816bc5a6dbfea25d6591d6985b8ba59ad"},
-    {file = "httpx-0.28.1.tar.gz", hash = "sha256:75e98c5f16b0f35b567856f597f06ff2270a374470a5c2392242528e3e3e42fc"},
-]
-
-[package.dependencies]
-anyio = "*"
-certifi = "*"
-h2 = {version = ">=3,<5", optional = true, markers = "extra == \"http2\""}
-httpcore = "==1.*"
-idna = "*"
-
-[package.extras]
-brotli = ["brotli ; platform_python_implementation == \"CPython\"", "brotlicffi ; platform_python_implementation != \"CPython\""]
-cli = ["click (==8.*)", "pygments (==2.*)", "rich (>=10,<14)"]
-http2 = ["h2 (>=3,<5)"]
-socks = ["socksio (==1.*)"]
-zstd = ["zstandard (>=0.18.0)"]
-
-[[package]]
-name = "hyperframe"
-version = "6.1.0"
-description = "Pure-Python HTTP/2 framing"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "hyperframe-6.1.0-py3-none-any.whl", hash = "sha256:b03380493a519fce58ea5af42e4a42317bf9bd425596f7a0835ffce80f1a42e5"},
-    {file = "hyperframe-6.1.0.tar.gz", hash = "sha256:f630908a00854a7adeabd6382b43923a4c4cd4b821fcb527e6ab9e15382a3b08"},
-]
-
 [[package]]
 name = "idna"
 version = "3.10"
@@ -1036,7 +996,7 @@ version = "25.0"
 description = "Core utilities for Python packages"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
+groups = ["dev"]
 files = [
     {file = "packaging-25.0-py3-none-any.whl", hash = "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484"},
     {file = "packaging-25.0.tar.gz", hash = "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f"},
@@ -1058,24 +1018,6 @@ files = [
 dev = ["pre-commit", "tox"]
 testing = ["coverage", "pytest", "pytest-benchmark"]
 
-[[package]]
-name = "postgrest"
-version = "1.1.1"
-description = "PostgREST client for Python. This library provides an ORM interface to PostgREST."
-optional = false
-python-versions = "<4.0,>=3.9"
-groups = ["main"]
-files = [
-    {file = "postgrest-1.1.1-py3-none-any.whl", hash = "sha256:98a6035ee1d14288484bfe36235942c5fb2d26af6d8120dfe3efbe007859251a"},
-    {file = "postgrest-1.1.1.tar.gz", hash = "sha256:f3bb3e8c4602775c75c844a31f565f5f3dd584df4d36d683f0b67d01a86be322"},
-]
-
-[package.dependencies]
-deprecation = ">=2.1.0,<3.0.0"
-httpx = {version = ">=0.26,<0.29", extras = ["http2"]}
-pydantic = ">=1.9,<3.0"
-strenum = {version = ">=0.4.9,<0.5.0", markers = "python_version < \"3.11\""}
-
 [[package]]
 name = "proto-plus"
 version = "1.26.1"
@@ -1462,21 +1404,6 @@ pytest = ">=6.2.5"
 [package.extras]
 dev = ["pre-commit", "pytest-asyncio", "tox"]
 
-[[package]]
-name = "python-dateutil"
-version = "2.9.0.post0"
-description = "Extensions to the standard Python datetime module"
-optional = false
-python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
-groups = ["main"]
-files = [
-    {file = "python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3"},
-    {file = "python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427"},
-]
-
-[package.dependencies]
-six = ">=1.5"
-
 [[package]]
 name = "python-dotenv"
 version = "1.1.1"
@@ -1492,22 +1419,6 @@ files = [
 [package.extras]
 cli = ["click (>=5.0)"]
 
-[[package]]
-name = "realtime"
-version = "2.5.3"
-description = ""
-optional = false
-python-versions = "<4.0,>=3.9"
-groups = ["main"]
-files = [
-    {file = "realtime-2.5.3-py3-none-any.whl", hash = "sha256:eb0994636946eff04c4c7f044f980c8c633c7eb632994f549f61053a474ac970"},
-    {file = "realtime-2.5.3.tar.gz", hash = "sha256:0587594f3bc1c84bf007ff625075b86db6528843e03250dc84f4f2808be3d99a"},
-]
-
-[package.dependencies]
-typing-extensions = ">=4.14.0,<5.0.0"
-websockets = ">=11,<16"
-
 [[package]]
 name = "redis"
 version = "6.2.0"
@@ -1606,18 +1517,6 @@ files = [
     {file = "semver-3.0.4.tar.gz", hash = "sha256:afc7d8c584a5ed0a11033af086e8af226a9c0b206f313e0301f8dd7b6b589602"},
 ]
 
-[[package]]
-name = "six"
-version = "1.17.0"
-description = "Python 2 and 3 compatibility utilities"
-optional = false
-python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
-groups = ["main"]
-files = [
-    {file = "six-1.17.0-py2.py3-none-any.whl", hash = "sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"},
-    {file = "six-1.17.0.tar.gz", hash = "sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81"},
-]
-
 [[package]]
 name = "sniffio"
 version = "1.3.1"
@@ -1649,76 +1548,6 @@ typing-extensions = {version = ">=4.10.0", markers = "python_version < \"3.13\""
 [package.extras]
 full = ["httpx (>=0.27.0,<0.29.0)", "itsdangerous", "jinja2", "python-multipart (>=0.0.18)", "pyyaml"]
 
-[[package]]
-name = "storage3"
-version = "0.12.0"
-description = "Supabase Storage client for Python."
-optional = false
-python-versions = "<4.0,>=3.9"
-groups = ["main"]
-files = [
-    {file = "storage3-0.12.0-py3-none-any.whl", hash = "sha256:1c4585693ca42243ded1512b58e54c697111e91a20916cd14783eebc37e7c87d"},
-    {file = "storage3-0.12.0.tar.gz", hash = "sha256:94243f20922d57738bf42e96b9f5582b4d166e8bf209eccf20b146909f3f71b0"},
-]
-
-[package.dependencies]
-deprecation = ">=2.1.0,<3.0.0"
-httpx = {version = ">=0.26,<0.29", extras = ["http2"]}
-python-dateutil = ">=2.8.2,<3.0.0"
-
-[[package]]
-name = "strenum"
-version = "0.4.15"
-description = "An Enum that inherits from str."
-optional = false
-python-versions = "*"
-groups = ["main"]
-files = [
-    {file = "StrEnum-0.4.15-py3-none-any.whl", hash = "sha256:a30cda4af7cc6b5bf52c8055bc4bf4b2b6b14a93b574626da33df53cf7740659"},
-    {file = "StrEnum-0.4.15.tar.gz", hash = "sha256:878fb5ab705442070e4dd1929bb5e2249511c0bcf2b0eeacf3bcd80875c82eff"},
-]
-
-[package.extras]
-docs = ["myst-parser[linkify]", "sphinx", "sphinx-rtd-theme"]
-release = ["twine"]
-test = ["pylint", "pytest", "pytest-black", "pytest-cov", "pytest-pylint"]
-
-[[package]]
-name = "supabase"
-version = "2.16.0"
-description = "Supabase client for Python."
-optional = false
-python-versions = "<4.0,>=3.9"
-groups = ["main"]
-files = [
-    {file = "supabase-2.16.0-py3-none-any.whl", hash = "sha256:99065caab3d90a56650bf39fbd0e49740995da3738ab28706c61bd7f2401db55"},
-    {file = "supabase-2.16.0.tar.gz", hash = "sha256:98f3810158012d4ec0e3083f2e5515f5e10b32bd71e7d458662140e963c1d164"},
-]
-
-[package.dependencies]
-gotrue = ">=2.11.0,<3.0.0"
-httpx = ">=0.26,<0.29"
-postgrest = ">0.19,<1.2"
-realtime = ">=2.4.0,<2.6.0"
-storage3 = ">=0.10,<0.13"
-supafunc = ">=0.9,<0.11"
-
-[[package]]
-name = "supafunc"
-version = "0.10.1"
-description = "Library for Supabase Functions"
-optional = false
-python-versions = "<4.0,>=3.9"
-groups = ["main"]
-files = [
-    {file = "supafunc-0.10.1-py3-none-any.whl", hash = "sha256:26df9bd25ff2ef56cb5bfb8962de98f43331f7f8ff69572bac3ed9c3a9672040"},
-    {file = "supafunc-0.10.1.tar.gz", hash = "sha256:a5b33c8baecb6b5297d25da29a2503e2ec67ee6986f3d44c137e651b8a59a17d"},
-]
-
-[package.dependencies]
-httpx = {version = ">=0.26,<0.29", extras = ["http2"]}
-strenum = ">=0.4.15,<0.5.0"
-
 [[package]]
 name = "tomli"
 version = "2.2.1"
@@ -1827,85 +1656,6 @@ typing-extensions = {version = ">=4.0", markers = "python_version < \"3.11\""}
 [package.extras]
 standard = ["colorama (>=0.4) ; sys_platform == \"win32\"", "httptools (>=0.6.3)", "python-dotenv (>=0.13)", "pyyaml (>=5.1)", "uvloop (>=0.15.1) ; sys_platform != \"win32\" and sys_platform != \"cygwin\" and platform_python_implementation != \"PyPy\"", "watchfiles (>=0.13)", "websockets (>=10.4)"]
 
-[[package]]
-name = "websockets"
-version = "15.0.1"
-description = "An implementation of the WebSocket Protocol (RFC 6455 & 7692)"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "websockets-15.0.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:d63efaa0cd96cf0c5fe4d581521d9fa87744540d4bc999ae6e08595a1014b45b"},
-    {file = "websockets-15.0.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:ac60e3b188ec7574cb761b08d50fcedf9d77f1530352db4eef1707fe9dee7205"},
-    {file = "websockets-15.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:5756779642579d902eed757b21b0164cd6fe338506a8083eb58af5c372e39d9a"},
-    {file = "websockets-15.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0fdfe3e2a29e4db3659dbd5bbf04560cea53dd9610273917799f1cde46aa725e"},
-    {file = "websockets-15.0.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4c2529b320eb9e35af0fa3016c187dffb84a3ecc572bcee7c3ce302bfeba52bf"},
-    {file = "websockets-15.0.1-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ac1e5c9054fe23226fb11e05a6e630837f074174c4c2f0fe442996112a6de4fb"},
-    {file = "websockets-15.0.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:5df592cd503496351d6dc14f7cdad49f268d8e618f80dce0cd5a36b93c3fc08d"},
-    {file = "websockets-15.0.1-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:0a34631031a8f05657e8e90903e656959234f3a04552259458aac0b0f9ae6fd9"},
-    {file = "websockets-15.0.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:3d00075aa65772e7ce9e990cab3ff1de702aa09be3940d1dc88d5abf1ab8a09c"},
-    {file = "websockets-15.0.1-cp310-cp310-win32.whl", hash = "sha256:1234d4ef35db82f5446dca8e35a7da7964d02c127b095e172e54397fb6a6c256"},
-    {file = "websockets-15.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:39c1fec2c11dc8d89bba6b2bf1556af381611a173ac2b511cf7231622058af41"},
-    {file = "websockets-15.0.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:823c248b690b2fd9303ba00c4f66cd5e2d8c3ba4aa968b2779be9532a4dad431"},
-    {file = "websockets-15.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:678999709e68425ae2593acf2e3ebcbcf2e69885a5ee78f9eb80e6e371f1bf57"},
-    {file = "websockets-15.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:d50fd1ee42388dcfb2b3676132c78116490976f1300da28eb629272d5d93e905"},
-    {file = "websockets-15.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d99e5546bf73dbad5bf3547174cd6cb8ba7273062a23808ffea025ecb1cf8562"},
-    {file = "websockets-15.0.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:66dd88c918e3287efc22409d426c8f729688d89a0c587c88971a0faa2c2f3792"},
-    {file = "websockets-15.0.1-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8dd8327c795b3e3f219760fa603dcae1dcc148172290a8ab15158cf85a953413"},
-    {file = "websockets-15.0.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:8fdc51055e6ff4adeb88d58a11042ec9a5eae317a0a53d12c062c8a8865909e8"},
-    {file = "websockets-15.0.1-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:693f0192126df6c2327cce3baa7c06f2a117575e32ab2308f7f8216c29d9e2e3"},
-    {file = "websockets-15.0.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:54479983bd5fb469c38f2f5c7e3a24f9a4e70594cd68cd1fa6b9340dadaff7cf"},
-    {file = "websockets-15.0.1-cp311-cp311-win32.whl", hash = "sha256:16b6c1b3e57799b9d38427dda63edcbe4926352c47cf88588c0be4ace18dac85"},
-    {file = "websockets-15.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:27ccee0071a0e75d22cb35849b1db43f2ecd3e161041ac1ee9d2352ddf72f065"},
-    {file = "websockets-15.0.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:3e90baa811a5d73f3ca0bcbf32064d663ed81318ab225ee4f427ad4e26e5aff3"},
-    {file = "websockets-15.0.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:592f1a9fe869c778694f0aa806ba0374e97648ab57936f092fd9d87f8bc03665"},
-    {file = "websockets-15.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:0701bc3cfcb9164d04a14b149fd74be7347a530ad3bbf15ab2c678a2cd3dd9a2"},
-    {file = "websockets-15.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e8b56bdcdb4505c8078cb6c7157d9811a85790f2f2b3632c7d1462ab5783d215"},
-    {file = "websockets-15.0.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0af68c55afbd5f07986df82831c7bff04846928ea8d1fd7f30052638788bc9b5"},
-    {file = "websockets-15.0.1-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:64dee438fed052b52e4f98f76c5790513235efaa1ef7f3f2192c392cd7c91b65"},
-    {file = "websockets-15.0.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:d5f6b181bb38171a8ad1d6aa58a67a6aa9d4b38d0f8c5f496b9e42561dfc62fe"},
-    {file = "websockets-15.0.1-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:5d54b09eba2bada6011aea5375542a157637b91029687eb4fdb2dab11059c1b4"},
-    {file = "websockets-15.0.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:3be571a8b5afed347da347bfcf27ba12b069d9d7f42cb8c7028b5e98bbb12597"},
-    {file = "websockets-15.0.1-cp312-cp312-win32.whl", hash = "sha256:c338ffa0520bdb12fbc527265235639fb76e7bc7faafbb93f6ba80d9c06578a9"},
-    {file = "websockets-15.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:fcd5cf9e305d7b8338754470cf69cf81f420459dbae8a3b40cee57417f4614a7"},
-    {file = "websockets-15.0.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ee443ef070bb3b6ed74514f5efaa37a252af57c90eb33b956d35c8e9c10a1931"},
-    {file = "websockets-15.0.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:5a939de6b7b4e18ca683218320fc67ea886038265fd1ed30173f5ce3f8e85675"},
-    {file = "websockets-15.0.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:746ee8dba912cd6fc889a8147168991d50ed70447bf18bcda7039f7d2e3d9151"},
-    {file = "websockets-15.0.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:595b6c3969023ecf9041b2936ac3827e4623bfa3ccf007575f04c5a6aa318c22"},
-    {file = "websockets-15.0.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3c714d2fc58b5ca3e285461a4cc0c9a66bd0e24c5da9911e30158286c9b5be7f"},
-    {file = "websockets-15.0.1-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f3c1e2ab208db911594ae5b4f79addeb3501604a165019dd221c0bdcabe4db8"},
-    {file = "websockets-15.0.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:229cf1d3ca6c1804400b0a9790dc66528e08a6a1feec0d5040e8b9eb14422375"},
-    {file = "websockets-15.0.1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:756c56e867a90fb00177d530dca4b097dd753cde348448a1012ed6c5131f8b7d"},
-    {file = "websockets-15.0.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:558d023b3df0bffe50a04e710bc87742de35060580a293c2a984299ed83bc4e4"},
-    {file = "websockets-15.0.1-cp313-cp313-win32.whl", hash = "sha256:ba9e56e8ceeeedb2e080147ba85ffcd5cd0711b89576b83784d8605a7df455fa"},
-    {file = "websockets-15.0.1-cp313-cp313-win_amd64.whl", hash = "sha256:e09473f095a819042ecb2ab9465aee615bd9c2028e4ef7d933600a8401c79561"},
-    {file = "websockets-15.0.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:5f4c04ead5aed67c8a1a20491d54cdfba5884507a48dd798ecaf13c74c4489f5"},
-    {file = "websockets-15.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:abdc0c6c8c648b4805c5eacd131910d2a7f6455dfd3becab248ef108e89ab16a"},
-    {file = "websockets-15.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:a625e06551975f4b7ea7102bc43895b90742746797e2e14b70ed61c43a90f09b"},
-    {file = "websockets-15.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d591f8de75824cbb7acad4e05d2d710484f15f29d4a915092675ad3456f11770"},
-    {file = "websockets-15.0.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:47819cea040f31d670cc8d324bb6435c6f133b8c7a19ec3d61634e62f8d8f9eb"},
-    {file = "websockets-15.0.1-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ac017dd64572e5c3bd01939121e4d16cf30e5d7e110a119399cf3133b63ad054"},
-    {file = "websockets-15.0.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:4a9fac8e469d04ce6c25bb2610dc535235bd4aa14996b4e6dbebf5e007eba5ee"},
-    {file = "websockets-15.0.1-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:363c6f671b761efcb30608d24925a382497c12c506b51661883c3e22337265ed"},
-    {file = "websockets-15.0.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:2034693ad3097d5355bfdacfffcbd3ef5694f9718ab7f29c29689a9eae841880"},
-    {file = "websockets-15.0.1-cp39-cp39-win32.whl", hash = "sha256:3b1ac0d3e594bf121308112697cf4b32be538fb1444468fb0a6ae4feebc83411"},
-    {file = "websockets-15.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:b7643a03db5c95c799b89b31c036d5f27eeb4d259c798e878d6937d71832b1e4"},
-    {file = "websockets-15.0.1-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:0c9e74d766f2818bb95f84c25be4dea09841ac0f734d1966f415e4edfc4ef1c3"},
-    {file = "websockets-15.0.1-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:1009ee0c7739c08a0cd59de430d6de452a55e42d6b522de7aa15e6f67db0b8e1"},
-    {file = "websockets-15.0.1-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:76d1f20b1c7a2fa82367e04982e708723ba0e7b8d43aa643d3dcd404d74f1475"},
-    {file = "websockets-15.0.1-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f29d80eb9a9263b8d109135351caf568cc3f80b9928bccde535c235de55c22d9"},
-    {file = "websockets-15.0.1-pp310-pypy310_pp73-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b359ed09954d7c18bbc1680f380c7301f92c60bf924171629c5db97febb12f04"},
-    {file = "websockets-15.0.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:cad21560da69f4ce7658ca2cb83138fb4cf695a2ba3e475e0559e05991aa8122"},
-    {file = "websockets-15.0.1-pp39-pypy39_pp73-macosx_10_15_x86_64.whl", hash = "sha256:7f493881579c90fc262d9cdbaa05a6b54b3811c2f300766748db79f098db9940"},
-    {file = "websockets-15.0.1-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:47b099e1f4fbc95b701b6e85768e1fcdaf1630f3cbe4765fa216596f12310e2e"},
-    {file = "websockets-15.0.1-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:67f2b6de947f8c757db2db9c71527933ad0019737ec374a8a6be9a956786aaf9"},
-    {file = "websockets-15.0.1-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d08eb4c2b7d6c41da6ca0600c077e93f5adcfd979cd777d747e9ee624556da4b"},
-    {file = "websockets-15.0.1-pp39-pypy39_pp73-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4b826973a4a2ae47ba357e4e82fa44a463b8f168e1ca775ac64521442b19e87f"},
-    {file = "websockets-15.0.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:21c1fa28a6a7e3cbdc171c694398b6df4744613ce9b36b1a498e816787e28123"},
-    {file = "websockets-15.0.1-py3-none-any.whl", hash = "sha256:f7a866fbc1e97b5c617ee4116daaa09b722101d4a3c170c787450ba409f9736f"},
-    {file = "websockets-15.0.1.tar.gz", hash = "sha256:82544de02076bafba038ce055ee6412d68da13ab47f0c60cab827346de828dee"},
-]
-
 [[package]]
 name = "zipp"
 version = "3.23.0"
@@ -1929,4 +1679,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<4.0"
-content-hash = "0c40b63c3c921846cf05ccfb4e685d4959854b29c2c302245f9832e20aac6954"
+content-hash = "de209c97aa0feb29d669a20e4422d51bdf3a0872ec37e85ce9b88ce726fcee7a"

autogpt_platform/autogpt_libs/pyproject.toml

@@ -18,7 +18,8 @@ pydantic = "^2.11.7"
 pydantic-settings = "^2.10.1"
 pyjwt = { version = "^2.10.1", extras = ["crypto"] }
 redis = "^6.2.0"
-supabase = "^2.16.0"
+bcrypt = "^4.1.0"
+authlib = "^1.3.0"
 uvicorn = "^0.35.0"
 
 [tool.poetry.group.dev.dependencies]

autogpt_platform/backend/.env.default

@@ -27,10 +27,15 @@ REDIS_PORT=6379
 RABBITMQ_DEFAULT_USER=rabbitmq_user_default
 RABBITMQ_DEFAULT_PASS=k0VMxyIJF9S35f3x2uaw5IWAl6Y536O7
 
-# Supabase Authentication
-SUPABASE_URL=http://localhost:8000
-SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
+# JWT Authentication
+# Generate a secure random key: python -c "import secrets; print(secrets.token_urlsafe(32))"
+JWT_SIGN_KEY=your-super-secret-jwt-token-with-at-least-32-characters-long
 JWT_VERIFY_KEY=your-super-secret-jwt-token-with-at-least-32-characters-long
+JWT_SIGN_ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=15
+REFRESH_TOKEN_EXPIRE_DAYS=7
+JWT_ISSUER=autogpt-platform
+JWT_AUDIENCE=authenticated
 
 ## ===== REQUIRED SECURITY KEYS ===== ##
 # Generate using: from cryptography.fernet import Fernet;Fernet.generate_key().decode()

autogpt_platform/backend/.gitignore

@@ -18,3 +18,6 @@ load-tests/results/
 load-tests/*.json
 load-tests/*.log
 load-tests/node_modules/*
+
+# Migration backups (contain user data)
+migration_backups/

autogpt_platform/backend/agents/StoreAgent_rows.csv

@@ -0,0 +1,242 @@
+listing_id,storeListingVersionId,slug,agent_name,agent_video,agent_image,featured,sub_heading,description,categories,useForOnboarding,is_available
+6e60a900-9d7d-490e-9af2-a194827ed632,d85882b8-633f-44ce-a315-c20a8c123d19,flux-ai-image-generator,Flux AI Image Generator,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/ca154dd1-140e-454c-91bd-2d8a00de3f08.jpg"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/577d995d-bc38-40a9-a23f-1f30f5774bdb.jpg"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/415db1b7-115c-43ab-bd6c-4e9f7ef95be1.jpg""]",false,Transform ideas into breathtaking images,"Transform ideas into breathtaking images with this AI-powered Image Generator. Using cutting-edge Flux AI technology, the tool crafts highly detailed, photorealistic visuals from simple text prompts. Perfect for artists, marketers, and content creators, this generator produces unique images tailored to user specifications. From fantastical scenes to lifelike portraits, users can unleash creativity with professional-quality results in seconds. Easy to use and endlessly versatile, bring imagination to life with the AI Image Generator today!","[""creative""]",false,true
+f11fc6e9-6166-4676-ac5d-f07127b270c1,c775f60d-b99f-418b-8fe0-53172258c3ce,youtube-transcription-scraper,YouTube Transcription Scraper,https://youtu.be/H8S3pU68lGE,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/65bce54b-0124-4b0d-9e3e-f9b89d0dc99e.jpg""]",false,Fetch the transcriptions from the most popular YouTube videos in your chosen topic,"Effortlessly gather transcriptions from multiple YouTube videos with this agent. It scrapes and compiles video transcripts into a clean, organized list, making it easy to extract insights, quotes, or content from various sources in one go. Ideal for researchers, content creators, and marketers looking to quickly analyze or repurpose video content.","[""writing""]",false,true
+17908889-b599-4010-8e4f-bed19b8f3446,6e16e65a-ad34-4108-b4fd-4a23fced5ea2,business-ownerceo-finder,Decision Maker Lead Finder,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/1020d94e-b6a2-4fa7-bbdf-2c218b0de563.jpg""]",false,Contact CEOs today,"Find the key decision-makers you need, fast.
+
+This agent identifies business owners or CEOs of local companies in any area you choose. Simply enter what kind of businesses you’re looking for and where, and it will:
+
+* Search the area and gather public information
+* Return names, roles, and contact details when available
+* Provide smart Google search suggestions if details aren’t found
+
+Perfect for:
+
+* B2B sales teams seeking verified leads
+* Recruiters sourcing local talent
+* Researchers looking to connect with business leaders
+
+Save hours of manual searching and get straight to the people who matter most.","[""business""]",true,true
+72beca1d-45ea-4403-a7ce-e2af168ee428,415b7352-0dc6-4214-9d87-0ad3751b711d,smart-meeting-brief,Smart Meeting Prep,https://youtu.be/9ydZR2hkxaY,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/2f116ce1-63ae-4d39-a5cd-f514defc2b97.png"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/0a71a60a-2263-4f12-9836-9c76ab49f155.png"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/95327695-9184-403c-907a-a9d3bdafa6a5.png"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/2bc77788-790b-47d4-8a61-ce97b695e9f5.png""]",true,Business meeting briefings delivered daily,"Never walk into a meeting unprepared again. Every day at 4 pm, the Smart Meeting Prep Agent scans your calendar for tomorrow's external meetings. It reviews your past email exchanges, researches each participant's background and role, and compiles the insights into a concise briefing, so you can close your workday ready for tomorrow's calls.
+
+How It Works
+1. At 4 pm, the agent scans your calendar and identifies external meetings scheduled for the next day.
+2. It reviews recent email threads with each participant to surface key relationship history and communication context.
+3. It conducts online research to gather publicly available information on roles, company backgrounds, and relevant professional data.
+4. It produces a unified briefing for each participant, including past exchange highlights, profile notes, and strategic conversation points.","[""personal""]",true,true
+9fa5697a-617b-4fae-aea0-7dbbed279976,b8ceb480-a7a2-4c90-8513-181a49f7071f,automated-support-ai,Automated Support Agent,https://youtu.be/nBMfu_5sgDA,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/ed56febc-2205-4179-9e7e-505d8500b66c.png""]",true,Automate up to 80 percent of inbound support emails,"Overview:
+Support teams spend countless hours on basic tickets. This agent automates repetitive customer support tasks. It reads incoming requests, researches your knowledge base, and responds automatically when confident. When unsure, it escalates to a human for final resolution.
+
+How it Works:
+New support emails are routed to the agent.
+The agent checks internal documentation for answers.
+It measures confidence in the answer found and either replies directly or escalates to a human.
+
+Business Value:
+Automating the easy 80 percent of support tickets allows your team to focus on high-value, complex customer issues, improving efficiency and response times.","[""business""]",false,true
+2bdac92b-a12c-4131-bb46-0e3b89f61413,31daf49d-31d3-476b-aa4c-099abc59b458,unspirational-poster-maker,Unspirational Poster Maker,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/6a490dac-27e5-405f-a4c4-8d1c55b85060.jpg"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/d343fbb5-478c-4e38-94df-4337293b61f1.jpg""]",false,Because adulting is hard,"This witty AI agent generates hilariously relatable ""motivational"" posters that tackle the everyday struggles of procrastination, overthinking, and workplace chaos with a blend of absurdity and sarcasm. From goldfish facing impossible tasks to cats in existential crises, The Unspirational Poster Maker designs tongue-in-cheek graphics and captions that mock productivity clichés and embrace our collective struggles to ""get it together."" Perfect for adding a touch of humour to the workday, these posters remind us that sometimes, all we can do is laugh at the chaos.","[""creative""]",false,true
+9adf005e-2854-4cc7-98cf-f7103b92a7b7,a03b0d8c-4751-43d6-a54e-c3b7856ba4e3,ai-shortform-video-generator-create-viral-ready-content,AI Video Generator,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/8d2670b9-fea5-4966-a597-0a4511bffdc3.png"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/aabe8aec-0110-4ce7-a259-4f86fe8fe07d.png""]",false,Create Viral-Ready Shorts Content in Seconds,"OVERVIEW
+Transform any trending headline or broad topic into a polished, vertical short-form video in a single run.  
+The agent automates research, scriptwriting, metadata creation, and Revid.ai rendering, returning one ready-to-publish MP4 plus its title, script and hashtags.
+
+HOW IT WORKS
+1. Input a topic or an exact news headline.  
+2. The agent fetches live search results and selects the most engaging related story.  
+3. Key facts are summarised into concise research notes.  
+4. Claude writes a 30–35 second script with visual cues, a three-second hook, tension loops, and a call-to-action.  
+5. GPT-4o generates an eye-catching title and one or two discoverability hashtags.  
+6. The script is sent to a state-of-the-art AI video generator to render a single 9:16 MP4 (default: 720 p, 30 fps, voice “Brian”, style “movingImage”, music “Bladerunner 2049”).  
+   – All voice, style and resolution settings can be adjusted in the Builder before you press ""Run"".  
+7. Output delivered: Title, Script, Hashtags, Video URL.
+
+KEY USE CASES
+- Broad-topic explainers (e.g. “Artificial Intelligence” or “Climate Tech”).  
+- Real-time newsjacking with a specific breaking headline.  
+- Product-launch spotlights and quick event recaps while interest is high.  
+
+BUSINESS VALUE
+- One-click speed: from idea to finished video in minutes.  
+- Consistent brand look: Revid presets keep voice, style and aspect ratio on spec.  
+- No-code workflow: marketers create social video without design or development queues.  
+- Cloud convenience: Auto-GPT Cloud users are pre-configured with all required keys.  
+  Self-hosted users simply add OpenAI, Anthropic, Perplexity (OpenRouter/Jina) and Revid keys once.
+
+IMPORTANT NOTES
+- The agent outputs exactly one video per execution. Run it again for additional shorts.  
+- Video rendering time varies; AI-generated footage may take several minutes.","[""writing""]",false,true
+864e48ef-fee5-42c1-b6a4-2ae139db9fc1,55d40473-0f31-4ada-9e40-d3a7139fcbd4,automated-blog-writer,Automated SEO Blog Writer,https://youtu.be/nKcDCbDVobs,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/2dd5f95b-5b30-4bf8-a11b-bac776c5141a.jpg""]",true,"Automate research, writing, and publishing for high-ranking blog posts","Scale your blog with a fully automated content engine. The Automated SEO Blog Writer learns your brand voice, finds high-demand keywords, and creates SEO-optimized articles that attract organic traffic and boost visibility.
+
+How it works:
+
+1. Share your pitch, website, and values.
+2. The agent studies your site and uncovers proven SEO opportunities.
+3. It spends two hours researching and drafting each post.
+4. You set the cadence—publishing runs on autopilot.
+
+Business value: Consistently publish research-backed, optimized posts that build domain authority, rankings, and thought leadership while you focus on what matters most.
+
+Use cases:
+• Founders: Keep your blog active with no time drain.
+• Agencies: Deliver scalable SEO content for clients.
+• Strategists: Automate execution, focus on strategy.
+• Marketers: Drive steady organic growth.
+• Local businesses: Capture nearby search traffic.","[""writing""]",false,true
+6046f42e-eb84-406f-bae0-8e052064a4fa,a548e507-09a7-4b30-909c-f63fcda10fff,lead-finder-local-businesses,Lead Finder,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/abd6605f-d5f8-426b-af36-052e8ba5044f.webp""]",false,Auto-Prospect Like a Pro,"Turbo-charge your local lead generation with the AutoGPT Marketplace’s top Google Maps prospecting agent. “Lead Finder: Local Businesses” delivers verified, ready-to-contact prospects in any niche and city—so you can focus on closing, not searching.
+
+**WHAT IT DOES**
+• Searches Google Maps via the official API (no scraping)
+• Prompts like “dentists in Chicago” or “coffee shops near me”
+• Returns: Name, Website, Rating, Reviews, **Phone & Address**
+• Exports instantly to your CRM, sheet, or outreach workflow
+
+**WHY YOU’LL LOVE IT**
+✓ Hyper-targeted leads in minutes
+✓ Unlimited searches & locations
+✓ Zero CAPTCHAs or IP blocks
+✓ Works on AutoGPT Cloud or self-hosted (with your API key)
+✓ Cut prospecting time by 90%
+
+**PERFECT FOR**
+— Marketers & PPC agencies
+— SEO consultants & designers
+— SaaS founders & sales teams
+
+Stop scrolling directories—start filling your pipeline. Start now and let AI prospect while you profit.
+
+→ Click *Add to Library* and own your market today.","[""business""]",true,true
+f623c862-24e9-44fc-8ce8-d8282bb51ad2,eafa21d3-bf14-4f63-a97f-a5ee41df83b3,linkedin-post-generator,LinkedIn Post Generator,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/297f6a8e-81a8-43e2-b106-c7ad4a5662df.png"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/fceebdc1-aef6-4000-97fc-4ef587f56bda.png""]",false,Auto‑craft LinkedIn gold,"Create research‑driven, high‑impact LinkedIn posts in minutes. This agent searches YouTube for the best videos on your chosen topic, pulls their transcripts, and distils the most valuable insights into a polished post ready for your company page or personal feed.  
+
+FEATURES  
+• Automated YouTube research – discovers and analyses top‑ranked videos so you don’t have to  
+• AI‑curated synthesis – combines multiple transcripts into one authoritative narrative  
+• Full creative control – adjust style, tone, objective, opinion, clarity, target word count and number of videos  
+• LinkedIn‑optimised output – hook, 2‑3 key points, CTA, strategic line breaks, 3‑5 hashtags, no markdown  
+• One‑click publish – returns a ready‑to‑post text block (≤1 300 characters)  
+
+HOW IT WORKS  
+1. Enter a topic and your preferred writing parameters.  
+2. The agent builds a YouTube search, fetches the page, and extracts the top N video URLs.  
+3. It pulls each transcript, then feeds them—plus your settings—into Claude 3.5 Sonnet.  
+4. The model writes a concise, engaging post designed for maximum LinkedIn engagement.  
+
+USE CASES  
+• Thought‑leadership updates backed by fresh video research  
+• Rapid industry summaries after major events, webinars, or conferences  
+• Consistent LinkedIn content for busy founders, marketers, and creators  
+
+WHY YOU’LL LOVE IT  
+Save hours of manual research, avoid surface‑level hot‑takes, and publish posts that showcase real expertise—without the heavy lift.","[""writing""]",true,true
+7d4120ad-b6b3-4419-8bdb-7dd7d350ef32,e7bb29a1-23c7-4fee-aa3b-5426174b8c52,youtube-to-linkedin-post-converter,YouTube to LinkedIn Post Converter,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/f084b326-a708-4396-be51-7ba59ad2ef32.png""]",false,Transform Your YouTube Videos into Engaging LinkedIn Posts with AI,"WHAT IT DOES: 
+This agent converts YouTube video content into a LinkedIn post by analyzing the video's transcript. It provides you with a tailored post that reflects the core ideas, key takeaways, and tone of the original video, optimizing it for engagement on LinkedIn.
+
+HOW IT WORKS:
+- You provide the URL to the YouTube video (required)
+- You can choose the structure for the LinkedIn post (e.g., Personal Achievement Story, Lesson Learned, Thought Leadership, etc.)
+- You can also select the tone (e.g., Inspirational, Analytical, Conversational, etc.)
+- The transcript of the video is analyzed by the GPT-4 model and the Claude 3.5 Sonnet model
+- The models extract key insights, memorable quotes, and the main points from the video
+- You’ll receive a LinkedIn post, formatted according to your chosen structure and tone, optimized for professional engagement
+
+INPUTS:
+- Source YouTube Video – Provide the URL to the YouTube video
+- Structure – Choose the post format (e.g., Personal Achievement Story, Thought Leadership, etc.)
+- Content – Specify the main message or idea of the post (e.g., Hot Take, Key Takeaways, etc.)
+- Tone – Select the tone for the post (e.g., Conversational, Inspirational, etc.)
+
+OUTPUT:
+- LinkedIn Post – A well-crafted, AI-generated LinkedIn post with a professional tone, based on the video content and your specified preferences
+
+Perfect for content creators, marketers, and professionals who want to repurpose YouTube videos for LinkedIn and boost their professional branding.","[""writing""]",false,true
+c61d6a83-ea48-4df8-b447-3da2d9fe5814,00fdd42c-a14c-4d19-a567-65374ea0e87f,personalized-morning-coffee-newsletter,Personal Newsletter,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/f4b38e4c-8166-4caf-9411-96c9c4c82d4c.png""]",false,Start your day with personalized AI newsletters that deliver credibility and context for every interest or mood.,"This Personal Newsletter Agent provides a bespoke daily digest on your favorite topics and tone. Whether you prefer industry insights, lighthearted reads, or breaking news, this agent crafts your own unique newsletter to keep you informed and entertained.
+
+
+How It Works
+1. Enter your favorite topics, industries, or areas of interest.
+2. Choose your tone—professional, casual, or humorous.
+3. Set your preferred delivery cadence: daily or weekly.
+4. The agent scans top sources and compiles 3–5 engaging stories, insights, and fun facts into a conversational newsletter.
+
+Skip the morning scroll and enjoy a thoughtfully curated newsletter designed just for you. Stay ahead of trends, spark creative ideas, and enjoy an effortless, informed start to your day.
+
+
+Use Cases
+• Executives: Get a daily digest of market updates and leadership insights.
+• Marketers: Receive curated creative trends and campaign inspiration.
+• Entrepreneurs: Stay updated on your industry without information overload.","[""research""]",true,true
+e2e49cfc-4a39-4d62-a6b3-c095f6d025ff,fc2c9976-0962-4625-a27b-d316573a9e7f,email-address-finder,Email Scout - Contact Finder Assistant,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/da8a690a-7a8b-4c1d-b6f8-e2f840c0205d.jpg"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/6a2ac25c-1609-4881-8140-e6da2421afb3.jpg"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/26179263-fe06-45bd-b6a0-0754660a0a46.jpg""]",false,Find contact details from name and location using AI search,"Finding someone's professional email address can be time-consuming and frustrating. Manual searching across multiple websites, social profiles, and business directories often leads to dead ends or outdated information.
+
+Email Scout automates this process by intelligently searching across publicly available sources when you provide a person's name and location. Simply input basic information like ""Tim Cook, USA"" or ""Sarah Smith, London"" and let the AI assistant do the work of finding potential contact details.
+
+Key Features:
+- Quick search from just name and location
+- Scans multiple public sources
+- Automated AI-powered search process
+- Easy to use with simple inputs
+
+Perfect for recruiters, business development professionals, researchers, and anyone needing to establish professional contact.
+
+Note: This tool searches only publicly available information. Search results depend on what contact information people have made public. Some searches may not yield results if the information isn't publicly accessible.","[""""]",false,true
+81bcc372-0922-4a36-bc35-f7b1e51d6939,e437cc95-e671-489d-b915-76561fba8c7f,ai-youtube-to-blog-converter,YouTube Video to SEO Blog Writer,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/239e5a41-2515-4e1c-96ef-31d0d37ecbeb.webp"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/c7d96966-786f-4be6-ad7d-3a51c84efc0e.png"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/0275a74c-e2c2-4e29-a6e4-3a616c3c35dd.png""]",false,One link. One click. One powerful blog post.,"Effortlessly transform your YouTube videos into high-quality, SEO-optimized blog posts.
+
+Your videos deserve a second life—in writing.  
+Make your content work twice as hard by repurposing it into engaging, searchable articles.
+
+Perfect for content creators, marketers, and bloggers, this tool analyzes video content and generates well-structured blog posts tailored to your tone, audience, and word count. Just paste a YouTube URL and let the AI handle the rest.
+
+FEATURES
+
+• CONTENT ANALYSIS  
+  Extracts key points from the video while preserving your message and intent.
+
+• CUSTOMIZABLE OUTPUT  
+  Select a tone that fits your audience: casual, professional, educational, or formal.
+
+• SEO OPTIMIZATION  
+  Automatically creates engaging titles and structured subheadings for better search visibility.
+
+• USER-FRIENDLY  
+  Repurpose your videos into written content to expand your reach and improve accessibility.
+
+Whether you're looking to grow your blog, boost SEO, or simply get more out of your content, the AI YouTube-to-Blog Converter makes it effortless.
+","[""writing""]",true,true
+5c3510d2-fc8b-4053-8e19-67f53c86eb1a,f2cc74bb-f43f-4395-9c35-ecb30b5b4fc9,ai-webpage-copy-improver,AI Webpage Copy Improver,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/d562d26f-5891-4b09-8859-fbb205972313.jpg""]",false,Boost Your Website's Search Engine Performance,"Elevate your web content with this powerful AI Webpage Copy Improver. Designed for marketers, SEO specialists, and web developers, this tool analyses and enhances website copy for maximum impact. Using advanced language models, it optimizes text for better clarity, SEO performance, and increased conversion rates. The AI examines your existing content, identifies areas for improvement, and generates refined copy that maintains your brand voice while boosting engagement. From homepage headlines to product descriptions, transform your web presence with AI-driven insights. Improve readability, incorporate targeted keywords, and craft compelling calls-to-action - all with the click of a button. Take your digital marketing to the next level with the AI Webpage Copy Improver.","[""marketing""]",true,true
+94d03bd3-7d44-4d47-b60c-edb2f89508d6,b6f6f0d3-49f4-4e3b-8155-ffe9141b32c0,domain-name-finder,Domain Name Finder,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/28545e09-b2b8-4916-b4c6-67f982510a78.jpeg""]",false,Instantly generate brand-ready domain names that are actually available,"Overview:
+Finding a domain name that fits your brand shouldn’t take hours of searching and failed checks. The Domain Name Finder Agent turns your pitch into hundreds of creative, brand-ready domain ideas—filtered by live availability so every result is actionable.
+
+How It Works
+1. Input your product pitch, company name, or core keywords.
+2. The agent analyzes brand tone, audience, and industry context.
+3. It generates a list of unique, memorable domains that match your criteria.
+4. All names are pre-filtered for real-time availability, so you can register immediately.
+
+
+Business Value
+Save hours of guesswork and eliminate dead ends. Accelerate brand launches, startup naming, and campaign creation with ready-to-claim domains.
+
+
+Key Use Cases
+• Startup Founders: Quickly find brand-ready domains for MVP launches or rebrands.
+• Marketers: Test name options across campaigns with instant availability data.
+• Entrepreneurs: Validate ideas faster with instant domain options.","[""business""]",false,true
+7a831906-daab-426f-9d66-bcf98d869426,516d813b-d1bc-470f-add7-c63a4b2c2bad,ai-function,AI Function,,"[""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/620e8117-2ee1-4384-89e6-c2ef4ec3d9c9.webp"",""https://storage.googleapis.com/agpt-prod-website-artifacts/users/b3e41ea4-2f4c-4964-927c-fe682d857bad/images/476259e2-5a79-4a7b-8e70-deeebfca70d7.png""]",false,Never Code Again,"AI FUNCTION MAGIC  
+Your AI‑powered assistant for turning plain‑English descriptions into working Python functions.  
+
+HOW IT WORKS  
+1. Describe what the function should do.  
+2. Specify the inputs it needs.  
+3. Receive the generated Python code.  
+
+FEATURES  
+- Effortless Function Generation: convert natural‑language specs into complete functions.  
+- Customizable Inputs: define the parameters that matter to you.  
+- Versatile Use Cases: simulate data, automate tasks, prototype ideas.  
+- Seamless Integration: add the generated function directly to your codebase.  
+
+EXAMPLE  
+Request: “Create a function that generates 20 examples of fake people, each with a name, date of birth, job title, and age.”  
+Input parameter: number_of_people (default 20)  
+Result: a list of dictionaries such as  
+[  
+  { ""name"": ""Emma Martinez"",  ""date_of_birth"": ""1992‑11‑03"", ""job_title"": ""Data Analyst"",        ""age"": 32 },  
+  { ""name"": ""Liam O’Connor"",  ""date_of_birth"": ""1985‑07‑19"", ""job_title"": ""Marketing Manager"",  ""age"": 39 },  
+  …18 more entries…  
+]","[""development""]",false,true

autogpt_platform/backend/agents/agent_31daf49d-31d3-476b-aa4c-099abc59b458.json

@@ -0,0 +1,590 @@
+{
+  "id": "7b2e2095-782a-4f8d-adda-e62b661bccf5",
+  "version": 29,
+  "is_active": false,
+  "name": "Unspirational Poster Maker",
+  "description": "This witty AI agent generates hilariously relatable \"motivational\" posters that tackle the everyday struggles of procrastination, overthinking, and workplace chaos with a blend of absurdity and sarcasm. From goldfish facing impossible tasks to cats in existential crises, The Unspirational Poster Maker designs tongue-in-cheek graphics and captions that mock productivity clich\u00e9s and embrace our collective struggles to \"get it together.\" Perfect for adding a touch of humour to the workday, these posters remind us that sometimes, all we can do is laugh at the chaos.",
+  "instructions": null,
+  "recommended_schedule_cron": null,
+  "nodes": [
+    {
+      "id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+      "block_id": "363ae599-353e-4804-937e-b2ee3cef3da4",
+      "input_default": {
+        "name": "Generated Image",
+        "description": "The resulting generated image ready for you to review and post."
+      },
+      "metadata": {
+        "position": {
+          "x": 2329.937006807125,
+          "y": 80.49068076698347
+        }
+      },
+      "input_links": [
+        {
+          "id": "c6c511e8-e6a4-4969-9bc8-f67d60c1e229",
+          "source_id": "86665e90-ffbf-48fb-ad3f-e5d31fd50c51",
+          "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        },
+        {
+          "id": "20845dda-91de-4508-8077-0504b1a5ae03",
+          "source_id": "28bda769-b88b-44c9-be5c-52c2667f137e",
+          "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        },
+        {
+          "id": "6524c611-774b-45e9-899d-9a6aa80c549c",
+          "source_id": "e7cdc1a2-4427-4a8a-a31b-63c8e74842f8",
+          "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        },
+        {
+          "id": "714a0821-e5ba-4af7-9432-50491adda7b1",
+          "source_id": "576c5677-9050-4d1c-aad4-36b820c04fef",
+          "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "output_links": [],
+      "graph_id": "7b2e2095-782a-4f8d-adda-e62b661bccf5",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "7e026d19-f9a6-412f-8082-610f9ba0c410",
+      "block_id": "c0a8e994-ebf1-4a9c-a4d8-89d09c86741b",
+      "input_default": {
+        "name": "Theme",
+        "value": "Cooking"
+      },
+      "metadata": {
+        "position": {
+          "x": -1219.5966324967521,
+          "y": 80.50339731789956
+        }
+      },
+      "input_links": [],
+      "output_links": [
+        {
+          "id": "8c2bd1f7-b17b-4835-81b6-bb336097aa7a",
+          "source_id": "7e026d19-f9a6-412f-8082-610f9ba0c410",
+          "sink_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_THEME",
+          "is_static": true
+        }
+      ],
+      "graph_id": "7b2e2095-782a-4f8d-adda-e62b661bccf5",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "28bda769-b88b-44c9-be5c-52c2667f137e",
+      "block_id": "6ab085e2-20b3-4055-bc3e-08036e01eca6",
+      "input_default": {
+        "upscale": "No Upscale"
+      },
+      "metadata": {
+        "position": {
+          "x": 1132.373897280427,
+          "y": 88.44610377514573
+        }
+      },
+      "input_links": [
+        {
+          "id": "54588c74-e090-4e49-89e4-844b9952a585",
+          "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "sink_id": "28bda769-b88b-44c9-be5c-52c2667f137e",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "20845dda-91de-4508-8077-0504b1a5ae03",
+          "source_id": "28bda769-b88b-44c9-be5c-52c2667f137e",
+          "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "7b2e2095-782a-4f8d-adda-e62b661bccf5",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "e7cdc1a2-4427-4a8a-a31b-63c8e74842f8",
+      "block_id": "6ab085e2-20b3-4055-bc3e-08036e01eca6",
+      "input_default": {
+        "upscale": "No Upscale"
+      },
+      "metadata": {
+        "position": {
+          "x": 590.7543882245375,
+          "y": 85.69546832466654
+        }
+      },
+      "input_links": [
+        {
+          "id": "66646786-3006-4417-a6b7-0158f2603d1d",
+          "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "sink_id": "e7cdc1a2-4427-4a8a-a31b-63c8e74842f8",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "6524c611-774b-45e9-899d-9a6aa80c549c",
+          "source_id": "e7cdc1a2-4427-4a8a-a31b-63c8e74842f8",
+          "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "7b2e2095-782a-4f8d-adda-e62b661bccf5",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "576c5677-9050-4d1c-aad4-36b820c04fef",
+      "block_id": "6ab085e2-20b3-4055-bc3e-08036e01eca6",
+      "input_default": {
+        "upscale": "No Upscale"
+      },
+      "metadata": {
+        "position": {
+          "x": 60.48904654237981,
+          "y": 86.06183359510214
+        }
+      },
+      "input_links": [
+        {
+          "id": "201d3e03-bc06-4cee-846d-4c3c804d8857",
+          "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "sink_id": "576c5677-9050-4d1c-aad4-36b820c04fef",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "714a0821-e5ba-4af7-9432-50491adda7b1",
+          "source_id": "576c5677-9050-4d1c-aad4-36b820c04fef",
+          "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "7b2e2095-782a-4f8d-adda-e62b661bccf5",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "86665e90-ffbf-48fb-ad3f-e5d31fd50c51",
+      "block_id": "6ab085e2-20b3-4055-bc3e-08036e01eca6",
+      "input_default": {
+        "prompt": "A cat sprawled dramatically across an important-looking document during a work-from-home meeting, making direct eye contact with the camera while knocking over a coffee mug in slow motion. Text Overlay: \"Chaos is a career path. Be the obstacle everyone has to work around.\"",
+        "upscale": "No Upscale"
+      },
+      "metadata": {
+        "position": {
+          "x": 1668.3572666956795,
+          "y": 89.69665262457966
+        }
+      },
+      "input_links": [
+        {
+          "id": "509b7587-1940-4a06-808d-edde9a74f400",
+          "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "sink_id": "86665e90-ffbf-48fb-ad3f-e5d31fd50c51",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "c6c511e8-e6a4-4969-9bc8-f67d60c1e229",
+          "source_id": "86665e90-ffbf-48fb-ad3f-e5d31fd50c51",
+          "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "7b2e2095-782a-4f8d-adda-e62b661bccf5",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+      "block_id": "1f292d4a-41a4-4977-9684-7c8d560b9f91",
+      "input_default": {
+        "model": "gpt-4o",
+        "prompt": "<example_output>\nA photo of a sloth lounging on a desk, with its head resting on a keyboard. The keyboard is on top of a laptop with a blank spreadsheet open. A to-do list is placed beside the laptop, with the top item written as \"Do literally anything\". There is a text overlay that says \"If you can't outwork them, outnap them.\".\n</example_output>\n\nCreate a relatable satirical, snarky, user-deprecating motivational style image based on the theme: \"{{THEME}}\".\n\nOutput only the image description and caption, without any additional commentary or formatting.",
+        "prompt_values": {}
+      },
+      "metadata": {
+        "position": {
+          "x": -561.1139207164056,
+          "y": 78.60434452403524
+        }
+      },
+      "input_links": [
+        {
+          "id": "8c2bd1f7-b17b-4835-81b6-bb336097aa7a",
+          "source_id": "7e026d19-f9a6-412f-8082-610f9ba0c410",
+          "sink_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_THEME",
+          "is_static": true
+        }
+      ],
+      "output_links": [
+        {
+          "id": "54588c74-e090-4e49-89e4-844b9952a585",
+          "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "sink_id": "28bda769-b88b-44c9-be5c-52c2667f137e",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        },
+        {
+          "id": "201d3e03-bc06-4cee-846d-4c3c804d8857",
+          "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "sink_id": "576c5677-9050-4d1c-aad4-36b820c04fef",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        },
+        {
+          "id": "509b7587-1940-4a06-808d-edde9a74f400",
+          "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "sink_id": "86665e90-ffbf-48fb-ad3f-e5d31fd50c51",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        },
+        {
+          "id": "66646786-3006-4417-a6b7-0158f2603d1d",
+          "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+          "sink_id": "e7cdc1a2-4427-4a8a-a31b-63c8e74842f8",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        }
+      ],
+      "graph_id": "7b2e2095-782a-4f8d-adda-e62b661bccf5",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    }
+  ],
+  "links": [
+    {
+      "id": "66646786-3006-4417-a6b7-0158f2603d1d",
+      "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+      "sink_id": "e7cdc1a2-4427-4a8a-a31b-63c8e74842f8",
+      "source_name": "response",
+      "sink_name": "prompt",
+      "is_static": false
+    },
+    {
+      "id": "c6c511e8-e6a4-4969-9bc8-f67d60c1e229",
+      "source_id": "86665e90-ffbf-48fb-ad3f-e5d31fd50c51",
+      "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+      "source_name": "result",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "6524c611-774b-45e9-899d-9a6aa80c549c",
+      "source_id": "e7cdc1a2-4427-4a8a-a31b-63c8e74842f8",
+      "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+      "source_name": "result",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "20845dda-91de-4508-8077-0504b1a5ae03",
+      "source_id": "28bda769-b88b-44c9-be5c-52c2667f137e",
+      "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+      "source_name": "result",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "8c2bd1f7-b17b-4835-81b6-bb336097aa7a",
+      "source_id": "7e026d19-f9a6-412f-8082-610f9ba0c410",
+      "sink_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+      "source_name": "result",
+      "sink_name": "prompt_values_#_THEME",
+      "is_static": true
+    },
+    {
+      "id": "201d3e03-bc06-4cee-846d-4c3c804d8857",
+      "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+      "sink_id": "576c5677-9050-4d1c-aad4-36b820c04fef",
+      "source_name": "response",
+      "sink_name": "prompt",
+      "is_static": false
+    },
+    {
+      "id": "714a0821-e5ba-4af7-9432-50491adda7b1",
+      "source_id": "576c5677-9050-4d1c-aad4-36b820c04fef",
+      "sink_id": "5ac3727a-1ea7-436b-a902-ef1bfd883a30",
+      "source_name": "result",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "54588c74-e090-4e49-89e4-844b9952a585",
+      "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+      "sink_id": "28bda769-b88b-44c9-be5c-52c2667f137e",
+      "source_name": "response",
+      "sink_name": "prompt",
+      "is_static": false
+    },
+    {
+      "id": "509b7587-1940-4a06-808d-edde9a74f400",
+      "source_id": "7543b9b0-0409-4cf8-bc4e-e0336273e2c4",
+      "sink_id": "86665e90-ffbf-48fb-ad3f-e5d31fd50c51",
+      "source_name": "response",
+      "sink_name": "prompt",
+      "is_static": false
+    }
+  ],
+  "forked_from_id": null,
+  "forked_from_version": null,
+  "sub_graphs": [],
+  "user_id": "",
+  "created_at": "2024-12-20T19:58:34.390Z",
+  "input_schema": {
+    "type": "object",
+    "properties": {
+      "Theme": {
+        "advanced": false,
+        "secret": false,
+        "title": "Theme",
+        "default": "Cooking"
+      }
+    },
+    "required": []
+  },
+  "output_schema": {
+    "type": "object",
+    "properties": {
+      "Generated Image": {
+        "advanced": false,
+        "secret": false,
+        "title": "Generated Image",
+        "description": "The resulting generated image ready for you to review and post."
+      }
+    },
+    "required": [
+      "Generated Image"
+    ]
+  },
+  "has_external_trigger": false,
+  "has_human_in_the_loop": false,
+  "trigger_setup_info": null,
+  "credentials_input_schema": {
+    "properties": {
+      "ideogram_api_key_credentials": {
+        "credentials_provider": [
+          "ideogram"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "ideogram",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.IDEOGRAM: 'ideogram'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator_values": []
+      },
+      "openai_api_key_credentials": {
+        "credentials_provider": [
+          "openai"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "openai",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.OPENAI: 'openai'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator": "model",
+        "discriminator_mapping": {
+          "Llama-3.3-70B-Instruct": "llama_api",
+          "Llama-3.3-8B-Instruct": "llama_api",
+          "Llama-4-Maverick-17B-128E-Instruct-FP8": "llama_api",
+          "Llama-4-Scout-17B-16E-Instruct-FP8": "llama_api",
+          "Qwen/Qwen2.5-72B-Instruct-Turbo": "aiml_api",
+          "amazon/nova-lite-v1": "open_router",
+          "amazon/nova-micro-v1": "open_router",
+          "amazon/nova-pro-v1": "open_router",
+          "claude-3-7-sonnet-20250219": "anthropic",
+          "claude-3-haiku-20240307": "anthropic",
+          "claude-haiku-4-5-20251001": "anthropic",
+          "claude-opus-4-1-20250805": "anthropic",
+          "claude-opus-4-20250514": "anthropic",
+          "claude-opus-4-5-20251101": "anthropic",
+          "claude-sonnet-4-20250514": "anthropic",
+          "claude-sonnet-4-5-20250929": "anthropic",
+          "cohere/command-r-08-2024": "open_router",
+          "cohere/command-r-plus-08-2024": "open_router",
+          "deepseek/deepseek-chat": "open_router",
+          "deepseek/deepseek-r1-0528": "open_router",
+          "dolphin-mistral:latest": "ollama",
+          "google/gemini-2.0-flash-001": "open_router",
+          "google/gemini-2.0-flash-lite-001": "open_router",
+          "google/gemini-2.5-flash": "open_router",
+          "google/gemini-2.5-flash-lite-preview-06-17": "open_router",
+          "google/gemini-2.5-pro-preview-03-25": "open_router",
+          "google/gemini-3-pro-preview": "open_router",
+          "gpt-3.5-turbo": "openai",
+          "gpt-4-turbo": "openai",
+          "gpt-4.1-2025-04-14": "openai",
+          "gpt-4.1-mini-2025-04-14": "openai",
+          "gpt-4o": "openai",
+          "gpt-4o-mini": "openai",
+          "gpt-5-2025-08-07": "openai",
+          "gpt-5-chat-latest": "openai",
+          "gpt-5-mini-2025-08-07": "openai",
+          "gpt-5-nano-2025-08-07": "openai",
+          "gpt-5.1-2025-11-13": "openai",
+          "gryphe/mythomax-l2-13b": "open_router",
+          "llama-3.1-8b-instant": "groq",
+          "llama-3.3-70b-versatile": "groq",
+          "llama3": "ollama",
+          "llama3.1:405b": "ollama",
+          "llama3.2": "ollama",
+          "llama3.3": "ollama",
+          "meta-llama/Llama-3.2-3B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Llama-3.3-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Meta-Llama-3.1-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/llama-4-maverick": "open_router",
+          "meta-llama/llama-4-scout": "open_router",
+          "microsoft/wizardlm-2-8x22b": "open_router",
+          "mistralai/mistral-nemo": "open_router",
+          "moonshotai/kimi-k2": "open_router",
+          "nousresearch/hermes-3-llama-3.1-405b": "open_router",
+          "nousresearch/hermes-3-llama-3.1-70b": "open_router",
+          "nvidia/llama-3.1-nemotron-70b-instruct": "aiml_api",
+          "o1": "openai",
+          "o1-mini": "openai",
+          "o3-2025-04-16": "openai",
+          "o3-mini": "openai",
+          "openai/gpt-oss-120b": "open_router",
+          "openai/gpt-oss-20b": "open_router",
+          "perplexity/sonar": "open_router",
+          "perplexity/sonar-deep-research": "open_router",
+          "perplexity/sonar-pro": "open_router",
+          "qwen/qwen3-235b-a22b-thinking-2507": "open_router",
+          "qwen/qwen3-coder": "open_router",
+          "v0-1.0-md": "v0",
+          "v0-1.5-lg": "v0",
+          "v0-1.5-md": "v0",
+          "x-ai/grok-4": "open_router",
+          "x-ai/grok-4-fast": "open_router",
+          "x-ai/grok-4.1-fast": "open_router",
+          "x-ai/grok-code-fast-1": "open_router"
+        },
+        "discriminator_values": [
+          "gpt-4o"
+        ]
+      }
+    },
+    "required": [
+      "ideogram_api_key_credentials",
+      "openai_api_key_credentials"
+    ],
+    "title": "UnspirationalPosterMakerCredentialsInputSchema",
+    "type": "object"
+  }
+}

autogpt_platform/backend/agents/agent_516d813b-d1bc-470f-add7-c63a4b2c2bad.json

@@ -0,0 +1,447 @@
+{
+  "id": "622849a7-5848-4838-894d-01f8f07e3fad",
+  "version": 18,
+  "is_active": true,
+  "name": "AI Function",
+  "description": "## AI-Powered Function Magic: Never code again!\nProvide a description of a python function and your inputs and AI will provide the results.",
+  "instructions": null,
+  "recommended_schedule_cron": null,
+  "nodes": [
+    {
+      "id": "26ff2973-3f9a-451d-b902-d45e5da0a7fe",
+      "block_id": "363ae599-353e-4804-937e-b2ee3cef3da4",
+      "input_default": {
+        "name": "return",
+        "title": null,
+        "value": null,
+        "format": "",
+        "secret": false,
+        "advanced": false,
+        "description": "The value returned by the function"
+      },
+      "metadata": {
+        "position": {
+          "x": 1598.8622921127233,
+          "y": 291.59140862204725
+        }
+      },
+      "input_links": [
+        {
+          "id": "caecc1de-fdbc-4fd9-9570-074057bb15f9",
+          "source_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+          "sink_id": "26ff2973-3f9a-451d-b902-d45e5da0a7fe",
+          "source_name": "response",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "output_links": [],
+      "graph_id": "622849a7-5848-4838-894d-01f8f07e3fad",
+      "graph_version": 18,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+      "block_id": "1f292d4a-41a4-4977-9684-7c8d560b9f91",
+      "input_default": {
+        "model": "o3-mini",
+        "retry": 3,
+        "prompt": "{{ARGS}}",
+        "sys_prompt": "You are now the following python function:\n\n```\n# {{DESCRIPTION}}\n{{FUNCTION}}\n```\n\nThe user will provide your input arguments.\nOnly respond with your `return` value.\nDo not include any commentary or additional text in your response. \nDo not include ``` backticks or any other decorators.",
+        "ollama_host": "localhost:11434",
+        "prompt_values": {}
+      },
+      "metadata": {
+        "position": {
+          "x": 995,
+          "y": 290.50000000000006
+        }
+      },
+      "input_links": [
+        {
+          "id": "dc7cb15f-76cc-4533-b96c-dd9e3f7f75ed",
+          "source_id": "4eab3a55-20f2-4c1d-804c-7377ba8202d2",
+          "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_FUNCTION",
+          "is_static": true
+        },
+        {
+          "id": "093bdca5-9f44-42f9-8e1c-276dd2971675",
+          "source_id": "844530de-2354-46d8-b748-67306b7bbca1",
+          "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_ARGS",
+          "is_static": true
+        },
+        {
+          "id": "6c63d8ee-b63d-4ff6-bae0-7db8f99bb7af",
+          "source_id": "0fd6ef54-c1cd-478d-b764-17e40f882b99",
+          "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_DESCRIPTION",
+          "is_static": true
+        }
+      ],
+      "output_links": [
+        {
+          "id": "caecc1de-fdbc-4fd9-9570-074057bb15f9",
+          "source_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+          "sink_id": "26ff2973-3f9a-451d-b902-d45e5da0a7fe",
+          "source_name": "response",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "622849a7-5848-4838-894d-01f8f07e3fad",
+      "graph_version": 18,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "4eab3a55-20f2-4c1d-804c-7377ba8202d2",
+      "block_id": "7fcd3bcb-8e1b-4e69-903d-32d3d4a92158",
+      "input_default": {
+        "name": "Function Definition",
+        "title": null,
+        "value": "def fake_people(n: int) -> list[dict]:",
+        "secret": false,
+        "advanced": false,
+        "description": "The function definition (text). This is what you would type on the first line of the function when programming.\n\ne.g \"def fake_people(n: int) -> list[dict]:\"",
+        "placeholder_values": []
+      },
+      "metadata": {
+        "position": {
+          "x": -672.6908629664215,
+          "y": 302.42044359789116
+        }
+      },
+      "input_links": [],
+      "output_links": [
+        {
+          "id": "dc7cb15f-76cc-4533-b96c-dd9e3f7f75ed",
+          "source_id": "4eab3a55-20f2-4c1d-804c-7377ba8202d2",
+          "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_FUNCTION",
+          "is_static": true
+        }
+      ],
+      "graph_id": "622849a7-5848-4838-894d-01f8f07e3fad",
+      "graph_version": 18,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "844530de-2354-46d8-b748-67306b7bbca1",
+      "block_id": "7fcd3bcb-8e1b-4e69-903d-32d3d4a92158",
+      "input_default": {
+        "name": "Arguments",
+        "title": null,
+        "value": "20",
+        "secret": false,
+        "advanced": false,
+        "description": "The function's inputs\n\ne.g \"20\"",
+        "placeholder_values": []
+      },
+      "metadata": {
+        "position": {
+          "x": -158.1623599617334,
+          "y": 295.410856928333
+        }
+      },
+      "input_links": [],
+      "output_links": [
+        {
+          "id": "093bdca5-9f44-42f9-8e1c-276dd2971675",
+          "source_id": "844530de-2354-46d8-b748-67306b7bbca1",
+          "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_ARGS",
+          "is_static": true
+        }
+      ],
+      "graph_id": "622849a7-5848-4838-894d-01f8f07e3fad",
+      "graph_version": 18,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "0fd6ef54-c1cd-478d-b764-17e40f882b99",
+      "block_id": "90a56ffb-7024-4b2b-ab50-e26c5e5ab8ba",
+      "input_default": {
+        "name": "Description",
+        "title": null,
+        "value": "Generates n examples of fake data representing people, each with a name, DoB, Job title, and an age.",
+        "secret": false,
+        "advanced": false,
+        "description": "Describe what the function does.\n\ne.g \"Generates n examples of fake data representing people, each with a name, DoB, Job title, and an age.\"",
+        "placeholder_values": []
+      },
+      "metadata": {
+        "position": {
+          "x": 374.4548658057796,
+          "y": 290.3779121974126
+        }
+      },
+      "input_links": [],
+      "output_links": [
+        {
+          "id": "6c63d8ee-b63d-4ff6-bae0-7db8f99bb7af",
+          "source_id": "0fd6ef54-c1cd-478d-b764-17e40f882b99",
+          "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_DESCRIPTION",
+          "is_static": true
+        }
+      ],
+      "graph_id": "622849a7-5848-4838-894d-01f8f07e3fad",
+      "graph_version": 18,
+      "webhook_id": null,
+      "webhook": null
+    }
+  ],
+  "links": [
+    {
+      "id": "caecc1de-fdbc-4fd9-9570-074057bb15f9",
+      "source_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+      "sink_id": "26ff2973-3f9a-451d-b902-d45e5da0a7fe",
+      "source_name": "response",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "6c63d8ee-b63d-4ff6-bae0-7db8f99bb7af",
+      "source_id": "0fd6ef54-c1cd-478d-b764-17e40f882b99",
+      "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+      "source_name": "result",
+      "sink_name": "prompt_values_#_DESCRIPTION",
+      "is_static": true
+    },
+    {
+      "id": "093bdca5-9f44-42f9-8e1c-276dd2971675",
+      "source_id": "844530de-2354-46d8-b748-67306b7bbca1",
+      "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+      "source_name": "result",
+      "sink_name": "prompt_values_#_ARGS",
+      "is_static": true
+    },
+    {
+      "id": "dc7cb15f-76cc-4533-b96c-dd9e3f7f75ed",
+      "source_id": "4eab3a55-20f2-4c1d-804c-7377ba8202d2",
+      "sink_id": "c5d16ee4-de9e-4d93-bf32-ac2d15760d5b",
+      "source_name": "result",
+      "sink_name": "prompt_values_#_FUNCTION",
+      "is_static": true
+    }
+  ],
+  "forked_from_id": null,
+  "forked_from_version": null,
+  "sub_graphs": [],
+  "user_id": "",
+  "created_at": "2025-04-19T17:10:48.857Z",
+  "input_schema": {
+    "type": "object",
+    "properties": {
+      "Function Definition": {
+        "advanced": false,
+        "anyOf": [
+          {
+            "format": "short-text",
+            "type": "string"
+          },
+          {
+            "type": "null"
+          }
+        ],
+        "secret": false,
+        "title": "Function Definition",
+        "description": "The function definition (text). This is what you would type on the first line of the function when programming.\n\ne.g \"def fake_people(n: int) -> list[dict]:\"",
+        "default": "def fake_people(n: int) -> list[dict]:"
+      },
+      "Arguments": {
+        "advanced": false,
+        "anyOf": [
+          {
+            "format": "short-text",
+            "type": "string"
+          },
+          {
+            "type": "null"
+          }
+        ],
+        "secret": false,
+        "title": "Arguments",
+        "description": "The function's inputs\n\ne.g \"20\"",
+        "default": "20"
+      },
+      "Description": {
+        "advanced": false,
+        "anyOf": [
+          {
+            "format": "long-text",
+            "type": "string"
+          },
+          {
+            "type": "null"
+          }
+        ],
+        "secret": false,
+        "title": "Description",
+        "description": "Describe what the function does.\n\ne.g \"Generates n examples of fake data representing people, each with a name, DoB, Job title, and an age.\"",
+        "default": "Generates n examples of fake data representing people, each with a name, DoB, Job title, and an age."
+      }
+    },
+    "required": []
+  },
+  "output_schema": {
+    "type": "object",
+    "properties": {
+      "return": {
+        "advanced": false,
+        "secret": false,
+        "title": "return",
+        "description": "The value returned by the function"
+      }
+    },
+    "required": [
+      "return"
+    ]
+  },
+  "has_external_trigger": false,
+  "has_human_in_the_loop": false,
+  "trigger_setup_info": null,
+  "credentials_input_schema": {
+    "properties": {
+      "openai_api_key_credentials": {
+        "credentials_provider": [
+          "openai"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "openai",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.OPENAI: 'openai'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator": "model",
+        "discriminator_mapping": {
+          "Llama-3.3-70B-Instruct": "llama_api",
+          "Llama-3.3-8B-Instruct": "llama_api",
+          "Llama-4-Maverick-17B-128E-Instruct-FP8": "llama_api",
+          "Llama-4-Scout-17B-16E-Instruct-FP8": "llama_api",
+          "Qwen/Qwen2.5-72B-Instruct-Turbo": "aiml_api",
+          "amazon/nova-lite-v1": "open_router",
+          "amazon/nova-micro-v1": "open_router",
+          "amazon/nova-pro-v1": "open_router",
+          "claude-3-7-sonnet-20250219": "anthropic",
+          "claude-3-haiku-20240307": "anthropic",
+          "claude-haiku-4-5-20251001": "anthropic",
+          "claude-opus-4-1-20250805": "anthropic",
+          "claude-opus-4-20250514": "anthropic",
+          "claude-opus-4-5-20251101": "anthropic",
+          "claude-sonnet-4-20250514": "anthropic",
+          "claude-sonnet-4-5-20250929": "anthropic",
+          "cohere/command-r-08-2024": "open_router",
+          "cohere/command-r-plus-08-2024": "open_router",
+          "deepseek/deepseek-chat": "open_router",
+          "deepseek/deepseek-r1-0528": "open_router",
+          "dolphin-mistral:latest": "ollama",
+          "google/gemini-2.0-flash-001": "open_router",
+          "google/gemini-2.0-flash-lite-001": "open_router",
+          "google/gemini-2.5-flash": "open_router",
+          "google/gemini-2.5-flash-lite-preview-06-17": "open_router",
+          "google/gemini-2.5-pro-preview-03-25": "open_router",
+          "google/gemini-3-pro-preview": "open_router",
+          "gpt-3.5-turbo": "openai",
+          "gpt-4-turbo": "openai",
+          "gpt-4.1-2025-04-14": "openai",
+          "gpt-4.1-mini-2025-04-14": "openai",
+          "gpt-4o": "openai",
+          "gpt-4o-mini": "openai",
+          "gpt-5-2025-08-07": "openai",
+          "gpt-5-chat-latest": "openai",
+          "gpt-5-mini-2025-08-07": "openai",
+          "gpt-5-nano-2025-08-07": "openai",
+          "gpt-5.1-2025-11-13": "openai",
+          "gryphe/mythomax-l2-13b": "open_router",
+          "llama-3.1-8b-instant": "groq",
+          "llama-3.3-70b-versatile": "groq",
+          "llama3": "ollama",
+          "llama3.1:405b": "ollama",
+          "llama3.2": "ollama",
+          "llama3.3": "ollama",
+          "meta-llama/Llama-3.2-3B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Llama-3.3-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Meta-Llama-3.1-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/llama-4-maverick": "open_router",
+          "meta-llama/llama-4-scout": "open_router",
+          "microsoft/wizardlm-2-8x22b": "open_router",
+          "mistralai/mistral-nemo": "open_router",
+          "moonshotai/kimi-k2": "open_router",
+          "nousresearch/hermes-3-llama-3.1-405b": "open_router",
+          "nousresearch/hermes-3-llama-3.1-70b": "open_router",
+          "nvidia/llama-3.1-nemotron-70b-instruct": "aiml_api",
+          "o1": "openai",
+          "o1-mini": "openai",
+          "o3-2025-04-16": "openai",
+          "o3-mini": "openai",
+          "openai/gpt-oss-120b": "open_router",
+          "openai/gpt-oss-20b": "open_router",
+          "perplexity/sonar": "open_router",
+          "perplexity/sonar-deep-research": "open_router",
+          "perplexity/sonar-pro": "open_router",
+          "qwen/qwen3-235b-a22b-thinking-2507": "open_router",
+          "qwen/qwen3-coder": "open_router",
+          "v0-1.0-md": "v0",
+          "v0-1.5-lg": "v0",
+          "v0-1.5-md": "v0",
+          "x-ai/grok-4": "open_router",
+          "x-ai/grok-4-fast": "open_router",
+          "x-ai/grok-4.1-fast": "open_router",
+          "x-ai/grok-code-fast-1": "open_router"
+        },
+        "discriminator_values": [
+          "o3-mini"
+        ]
+      }
+    },
+    "required": [
+      "openai_api_key_credentials"
+    ],
+    "title": "AIFunctionCredentialsInputSchema",
+    "type": "object"
+  }
+}

autogpt_platform/backend/agents/agent_d85882b8-633f-44ce-a315-c20a8c123d19.json

@@ -0,0 +1,403 @@
+{
+  "id": "ed2091cf-5b27-45a9-b3ea-42396f95b256",
+  "version": 12,
+  "is_active": true,
+  "name": "Flux AI Image Generator",
+  "description": "Transform ideas into breathtaking images with this AI-powered Image Generator. Using cutting-edge Flux AI technology, the tool crafts highly detailed, photorealistic visuals from simple text prompts. Perfect for artists, marketers, and content creators, this generator produces unique images tailored to user specifications. From fantastical scenes to lifelike portraits, users can unleash creativity with professional-quality results in seconds. Easy to use and endlessly versatile, bring imagination to life with the AI Image Generator today!",
+  "instructions": null,
+  "recommended_schedule_cron": null,
+  "nodes": [
+    {
+      "id": "7482c59d-725f-4686-82b9-0dfdc4e92316",
+      "block_id": "cc10ff7b-7753-4ff2-9af6-9399b1a7eddc",
+      "input_default": {
+        "text": "Press the \"Advanced\" toggle and input your replicate API key.\n\nYou can get one here:\nhttps://replicate.com/account/api-tokens\n"
+      },
+      "metadata": {
+        "position": {
+          "x": 872.8268131538296,
+          "y": 614.9436919065381
+        }
+      },
+      "input_links": [],
+      "output_links": [],
+      "graph_id": "ed2091cf-5b27-45a9-b3ea-42396f95b256",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "0d1dec1a-e4ee-4349-9673-449a01bbf14e",
+      "block_id": "363ae599-353e-4804-937e-b2ee3cef3da4",
+      "input_default": {
+        "name": "Generated Image"
+      },
+      "metadata": {
+        "position": {
+          "x": 1453.6844137728922,
+          "y": 963.2466395125115
+        }
+      },
+      "input_links": [
+        {
+          "id": "06665d23-2f3d-4445-8f22-573446fcff5b",
+          "source_id": "50bc23e9-f2b7-4959-8710-99679ed9eeea",
+          "sink_id": "0d1dec1a-e4ee-4349-9673-449a01bbf14e",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "output_links": [],
+      "graph_id": "ed2091cf-5b27-45a9-b3ea-42396f95b256",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "6f24c45f-1548-4eda-9784-da06ce0abef8",
+      "block_id": "c0a8e994-ebf1-4a9c-a4d8-89d09c86741b",
+      "input_default": {
+        "name": "Image Subject",
+        "value": "Otto the friendly, purple \"Chief Automation Octopus\" helping people automate their tedious tasks.",
+        "description": "The subject of the image"
+      },
+      "metadata": {
+        "position": {
+          "x": -314.43009631839783,
+          "y": 962.935949165938
+        }
+      },
+      "input_links": [],
+      "output_links": [
+        {
+          "id": "1077c61a-a32a-4ed7-becf-11bcf835b914",
+          "source_id": "6f24c45f-1548-4eda-9784-da06ce0abef8",
+          "sink_id": "0d1bca9a-d9b8-4bfd-a19c-fe50b54f4b12",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_TOPIC",
+          "is_static": true
+        }
+      ],
+      "graph_id": "ed2091cf-5b27-45a9-b3ea-42396f95b256",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "50bc23e9-f2b7-4959-8710-99679ed9eeea",
+      "block_id": "90f8c45e-e983-4644-aa0b-b4ebe2f531bc",
+      "input_default": {
+        "prompt": "dog",
+        "output_format": "png",
+        "replicate_model_name": "Flux Pro 1.1"
+      },
+      "metadata": {
+        "position": {
+          "x": 873.0119949791526,
+          "y": 966.1604399052493
+        }
+      },
+      "input_links": [
+        {
+          "id": "a17ec505-9377-4700-8fe0-124ca81d43a9",
+          "source_id": "0d1bca9a-d9b8-4bfd-a19c-fe50b54f4b12",
+          "sink_id": "50bc23e9-f2b7-4959-8710-99679ed9eeea",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "06665d23-2f3d-4445-8f22-573446fcff5b",
+          "source_id": "50bc23e9-f2b7-4959-8710-99679ed9eeea",
+          "sink_id": "0d1dec1a-e4ee-4349-9673-449a01bbf14e",
+          "source_name": "result",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "ed2091cf-5b27-45a9-b3ea-42396f95b256",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "0d1bca9a-d9b8-4bfd-a19c-fe50b54f4b12",
+      "block_id": "1f292d4a-41a4-4977-9684-7c8d560b9f91",
+      "input_default": {
+        "model": "gpt-4o-mini",
+        "prompt": "Generate an incredibly detailed, photorealistic image prompt about {{TOPIC}}, describing the camera it's taken with and prompting the diffusion model to use all the best quality techniques.\n\nOutput only the prompt with no additional commentary.",
+        "prompt_values": {}
+      },
+      "metadata": {
+        "position": {
+          "x": 277.3057034159709,
+          "y": 962.8382498113764
+        }
+      },
+      "input_links": [
+        {
+          "id": "1077c61a-a32a-4ed7-becf-11bcf835b914",
+          "source_id": "6f24c45f-1548-4eda-9784-da06ce0abef8",
+          "sink_id": "0d1bca9a-d9b8-4bfd-a19c-fe50b54f4b12",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_TOPIC",
+          "is_static": true
+        }
+      ],
+      "output_links": [
+        {
+          "id": "a17ec505-9377-4700-8fe0-124ca81d43a9",
+          "source_id": "0d1bca9a-d9b8-4bfd-a19c-fe50b54f4b12",
+          "sink_id": "50bc23e9-f2b7-4959-8710-99679ed9eeea",
+          "source_name": "response",
+          "sink_name": "prompt",
+          "is_static": false
+        }
+      ],
+      "graph_id": "ed2091cf-5b27-45a9-b3ea-42396f95b256",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    }
+  ],
+  "links": [
+    {
+      "id": "1077c61a-a32a-4ed7-becf-11bcf835b914",
+      "source_id": "6f24c45f-1548-4eda-9784-da06ce0abef8",
+      "sink_id": "0d1bca9a-d9b8-4bfd-a19c-fe50b54f4b12",
+      "source_name": "result",
+      "sink_name": "prompt_values_#_TOPIC",
+      "is_static": true
+    },
+    {
+      "id": "06665d23-2f3d-4445-8f22-573446fcff5b",
+      "source_id": "50bc23e9-f2b7-4959-8710-99679ed9eeea",
+      "sink_id": "0d1dec1a-e4ee-4349-9673-449a01bbf14e",
+      "source_name": "result",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "a17ec505-9377-4700-8fe0-124ca81d43a9",
+      "source_id": "0d1bca9a-d9b8-4bfd-a19c-fe50b54f4b12",
+      "sink_id": "50bc23e9-f2b7-4959-8710-99679ed9eeea",
+      "source_name": "response",
+      "sink_name": "prompt",
+      "is_static": false
+    }
+  ],
+  "forked_from_id": null,
+  "forked_from_version": null,
+  "sub_graphs": [],
+  "user_id": "",
+  "created_at": "2024-12-20T18:46:11.492Z",
+  "input_schema": {
+    "type": "object",
+    "properties": {
+      "Image Subject": {
+        "advanced": false,
+        "secret": false,
+        "title": "Image Subject",
+        "description": "The subject of the image",
+        "default": "Otto the friendly, purple \"Chief Automation Octopus\" helping people automate their tedious tasks."
+      }
+    },
+    "required": []
+  },
+  "output_schema": {
+    "type": "object",
+    "properties": {
+      "Generated Image": {
+        "advanced": false,
+        "secret": false,
+        "title": "Generated Image"
+      }
+    },
+    "required": [
+      "Generated Image"
+    ]
+  },
+  "has_external_trigger": false,
+  "has_human_in_the_loop": false,
+  "trigger_setup_info": null,
+  "credentials_input_schema": {
+    "properties": {
+      "replicate_api_key_credentials": {
+        "credentials_provider": [
+          "replicate"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "replicate",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.REPLICATE: 'replicate'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator_values": []
+      },
+      "openai_api_key_credentials": {
+        "credentials_provider": [
+          "openai"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "openai",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.OPENAI: 'openai'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator": "model",
+        "discriminator_mapping": {
+          "Llama-3.3-70B-Instruct": "llama_api",
+          "Llama-3.3-8B-Instruct": "llama_api",
+          "Llama-4-Maverick-17B-128E-Instruct-FP8": "llama_api",
+          "Llama-4-Scout-17B-16E-Instruct-FP8": "llama_api",
+          "Qwen/Qwen2.5-72B-Instruct-Turbo": "aiml_api",
+          "amazon/nova-lite-v1": "open_router",
+          "amazon/nova-micro-v1": "open_router",
+          "amazon/nova-pro-v1": "open_router",
+          "claude-3-7-sonnet-20250219": "anthropic",
+          "claude-3-haiku-20240307": "anthropic",
+          "claude-haiku-4-5-20251001": "anthropic",
+          "claude-opus-4-1-20250805": "anthropic",
+          "claude-opus-4-20250514": "anthropic",
+          "claude-opus-4-5-20251101": "anthropic",
+          "claude-sonnet-4-20250514": "anthropic",
+          "claude-sonnet-4-5-20250929": "anthropic",
+          "cohere/command-r-08-2024": "open_router",
+          "cohere/command-r-plus-08-2024": "open_router",
+          "deepseek/deepseek-chat": "open_router",
+          "deepseek/deepseek-r1-0528": "open_router",
+          "dolphin-mistral:latest": "ollama",
+          "google/gemini-2.0-flash-001": "open_router",
+          "google/gemini-2.0-flash-lite-001": "open_router",
+          "google/gemini-2.5-flash": "open_router",
+          "google/gemini-2.5-flash-lite-preview-06-17": "open_router",
+          "google/gemini-2.5-pro-preview-03-25": "open_router",
+          "google/gemini-3-pro-preview": "open_router",
+          "gpt-3.5-turbo": "openai",
+          "gpt-4-turbo": "openai",
+          "gpt-4.1-2025-04-14": "openai",
+          "gpt-4.1-mini-2025-04-14": "openai",
+          "gpt-4o": "openai",
+          "gpt-4o-mini": "openai",
+          "gpt-5-2025-08-07": "openai",
+          "gpt-5-chat-latest": "openai",
+          "gpt-5-mini-2025-08-07": "openai",
+          "gpt-5-nano-2025-08-07": "openai",
+          "gpt-5.1-2025-11-13": "openai",
+          "gryphe/mythomax-l2-13b": "open_router",
+          "llama-3.1-8b-instant": "groq",
+          "llama-3.3-70b-versatile": "groq",
+          "llama3": "ollama",
+          "llama3.1:405b": "ollama",
+          "llama3.2": "ollama",
+          "llama3.3": "ollama",
+          "meta-llama/Llama-3.2-3B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Llama-3.3-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Meta-Llama-3.1-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/llama-4-maverick": "open_router",
+          "meta-llama/llama-4-scout": "open_router",
+          "microsoft/wizardlm-2-8x22b": "open_router",
+          "mistralai/mistral-nemo": "open_router",
+          "moonshotai/kimi-k2": "open_router",
+          "nousresearch/hermes-3-llama-3.1-405b": "open_router",
+          "nousresearch/hermes-3-llama-3.1-70b": "open_router",
+          "nvidia/llama-3.1-nemotron-70b-instruct": "aiml_api",
+          "o1": "openai",
+          "o1-mini": "openai",
+          "o3-2025-04-16": "openai",
+          "o3-mini": "openai",
+          "openai/gpt-oss-120b": "open_router",
+          "openai/gpt-oss-20b": "open_router",
+          "perplexity/sonar": "open_router",
+          "perplexity/sonar-deep-research": "open_router",
+          "perplexity/sonar-pro": "open_router",
+          "qwen/qwen3-235b-a22b-thinking-2507": "open_router",
+          "qwen/qwen3-coder": "open_router",
+          "v0-1.0-md": "v0",
+          "v0-1.5-lg": "v0",
+          "v0-1.5-md": "v0",
+          "x-ai/grok-4": "open_router",
+          "x-ai/grok-4-fast": "open_router",
+          "x-ai/grok-4.1-fast": "open_router",
+          "x-ai/grok-code-fast-1": "open_router"
+        },
+        "discriminator_values": [
+          "gpt-4o-mini"
+        ]
+      }
+    },
+    "required": [
+      "replicate_api_key_credentials",
+      "openai_api_key_credentials"
+    ],
+    "title": "FluxAIImageGeneratorCredentialsInputSchema",
+    "type": "object"
+  }
+}

autogpt_platform/backend/agents/agent_f2cc74bb-f43f-4395-9c35-ecb30b5b4fc9.json

@@ -0,0 +1,505 @@
+{
+  "id": "0d440799-44ba-4d6c-85b3-b3739f1e1287",
+  "version": 12,
+  "is_active": true,
+  "name": "AI Webpage Copy Improver",
+  "description": "Elevate your web content with this powerful AI Webpage Copy Improver. Designed for marketers, SEO specialists, and web developers, this tool analyses and enhances website copy for maximum impact. Using advanced language models, it optimizes text for better clarity, SEO performance, and increased conversion rates. The AI examines your existing content, identifies areas for improvement, and generates refined copy that maintains your brand voice while boosting engagement. From homepage headlines to product descriptions, transform your web presence with AI-driven insights. Improve readability, incorporate targeted keywords, and craft compelling calls-to-action - all with the click of a button. Take your digital marketing to the next level with the AI Webpage Copy Improver.",
+  "instructions": null,
+  "recommended_schedule_cron": null,
+  "nodes": [
+    {
+      "id": "130ec496-f75d-4fe2-9cd6-8c00d08ea4a7",
+      "block_id": "363ae599-353e-4804-937e-b2ee3cef3da4",
+      "input_default": {
+        "name": "Improved Webpage Copy"
+      },
+      "metadata": {
+        "position": {
+          "x": 1039.5884372540172,
+          "y": -0.8359099621230968
+        }
+      },
+      "input_links": [
+        {
+          "id": "d4334477-3616-454f-a430-614ca27f5b36",
+          "source_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+          "sink_id": "130ec496-f75d-4fe2-9cd6-8c00d08ea4a7",
+          "source_name": "response",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "output_links": [],
+      "graph_id": "0d440799-44ba-4d6c-85b3-b3739f1e1287",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "cefccd07-fe70-4feb-bf76-46b20aaa5d35",
+      "block_id": "363ae599-353e-4804-937e-b2ee3cef3da4",
+      "input_default": {
+        "name": "Original Page Analysis",
+        "description": "Analysis of the webpage as it currently stands."
+      },
+      "metadata": {
+        "position": {
+          "x": 1037.7724103954706,
+          "y": -606.5934325506903
+        }
+      },
+      "input_links": [
+        {
+          "id": "f979ab78-0903-4f19-a7c2-a419d5d81aef",
+          "source_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+          "sink_id": "cefccd07-fe70-4feb-bf76-46b20aaa5d35",
+          "source_name": "response",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "output_links": [],
+      "graph_id": "0d440799-44ba-4d6c-85b3-b3739f1e1287",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "375f8bc3-afd9-4025-ad8e-9aeb329af7ce",
+      "block_id": "c0a8e994-ebf1-4a9c-a4d8-89d09c86741b",
+      "input_default": {
+        "name": "Homepage URL",
+        "value": "https://agpt.co",
+        "description": "Enter the URL of the homepage you want to improve"
+      },
+      "metadata": {
+        "position": {
+          "x": -1195.1455674454749,
+          "y": 0
+        }
+      },
+      "input_links": [],
+      "output_links": [
+        {
+          "id": "cbb12335-fefd-4560-9fff-98675130fbad",
+          "source_id": "375f8bc3-afd9-4025-ad8e-9aeb329af7ce",
+          "sink_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+          "source_name": "result",
+          "sink_name": "url",
+          "is_static": true
+        }
+      ],
+      "graph_id": "0d440799-44ba-4d6c-85b3-b3739f1e1287",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+      "block_id": "436c3984-57fd-4b85-8e9a-459b356883bd",
+      "input_default": {
+        "raw_content": false
+      },
+      "metadata": {
+        "position": {
+          "x": -631.7330786555249,
+          "y": 1.9638396496230826
+        }
+      },
+      "input_links": [
+        {
+          "id": "cbb12335-fefd-4560-9fff-98675130fbad",
+          "source_id": "375f8bc3-afd9-4025-ad8e-9aeb329af7ce",
+          "sink_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+          "source_name": "result",
+          "sink_name": "url",
+          "is_static": true
+        }
+      ],
+      "output_links": [
+        {
+          "id": "adfa6113-77b3-4e32-b136-3e694b87553e",
+          "source_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+          "sink_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+          "source_name": "content",
+          "sink_name": "prompt_values_#_CONTENT",
+          "is_static": false
+        },
+        {
+          "id": "5d5656fd-4208-4296-bc70-e39cc31caada",
+          "source_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+          "sink_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+          "source_name": "content",
+          "sink_name": "prompt_values_#_CONTENT",
+          "is_static": false
+        }
+      ],
+      "graph_id": "0d440799-44ba-4d6c-85b3-b3739f1e1287",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+      "block_id": "1f292d4a-41a4-4977-9684-7c8d560b9f91",
+      "input_default": {
+        "model": "gpt-4o",
+        "prompt": "Current Webpage Content:\n```\n{{CONTENT}}\n```\n\nBased on the following analysis of the webpage content:\n\n```\n{{ANALYSIS}}\n```\n\nRewrite and improve the content to address the identified issues. Focus on:\n1. Enhancing clarity and readability\n2. Optimizing for SEO (suggest and incorporate relevant keywords)\n3. Improving calls-to-action for better conversion rates\n4. Refining the structure and organization\n5. Maintaining brand consistency while improving the overall tone\n\nProvide the improved content in HTML format inside a code-block with \"```\" backticks, preserving the original structure where appropriate. Also, include a brief summary of the changes made and their potential impact.",
+        "prompt_values": {}
+      },
+      "metadata": {
+        "position": {
+          "x": 488.37278423303917,
+          "y": 0
+        }
+      },
+      "input_links": [
+        {
+          "id": "adfa6113-77b3-4e32-b136-3e694b87553e",
+          "source_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+          "sink_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+          "source_name": "content",
+          "sink_name": "prompt_values_#_CONTENT",
+          "is_static": false
+        },
+        {
+          "id": "6bcca45d-c9d5-439e-ac43-e4a1264d8f57",
+          "source_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+          "sink_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+          "source_name": "response",
+          "sink_name": "prompt_values_#_ANALYSIS",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "d4334477-3616-454f-a430-614ca27f5b36",
+          "source_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+          "sink_id": "130ec496-f75d-4fe2-9cd6-8c00d08ea4a7",
+          "source_name": "response",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "0d440799-44ba-4d6c-85b3-b3739f1e1287",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "08612ce2-625b-4c17-accd-3acace7b6477",
+      "block_id": "1f292d4a-41a4-4977-9684-7c8d560b9f91",
+      "input_default": {
+        "model": "gpt-4o",
+        "prompt": "Analyze the following webpage content and provide a detailed report on its current state, including strengths and weaknesses in terms of clarity, SEO optimization, and potential for conversion:\n\n{{CONTENT}}\n\nInclude observations on:\n1. Overall readability and clarity\n2. Use of keywords and SEO-friendly language\n3. Effectiveness of calls-to-action\n4. Structure and organization of content\n5. Tone and brand consistency",
+        "prompt_values": {}
+      },
+      "metadata": {
+        "position": {
+          "x": -72.66206703605442,
+          "y": -0.58403945075381
+        }
+      },
+      "input_links": [
+        {
+          "id": "5d5656fd-4208-4296-bc70-e39cc31caada",
+          "source_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+          "sink_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+          "source_name": "content",
+          "sink_name": "prompt_values_#_CONTENT",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "f979ab78-0903-4f19-a7c2-a419d5d81aef",
+          "source_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+          "sink_id": "cefccd07-fe70-4feb-bf76-46b20aaa5d35",
+          "source_name": "response",
+          "sink_name": "value",
+          "is_static": false
+        },
+        {
+          "id": "6bcca45d-c9d5-439e-ac43-e4a1264d8f57",
+          "source_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+          "sink_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+          "source_name": "response",
+          "sink_name": "prompt_values_#_ANALYSIS",
+          "is_static": false
+        }
+      ],
+      "graph_id": "0d440799-44ba-4d6c-85b3-b3739f1e1287",
+      "graph_version": 12,
+      "webhook_id": null,
+      "webhook": null
+    }
+  ],
+  "links": [
+    {
+      "id": "adfa6113-77b3-4e32-b136-3e694b87553e",
+      "source_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+      "sink_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+      "source_name": "content",
+      "sink_name": "prompt_values_#_CONTENT",
+      "is_static": false
+    },
+    {
+      "id": "d4334477-3616-454f-a430-614ca27f5b36",
+      "source_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+      "sink_id": "130ec496-f75d-4fe2-9cd6-8c00d08ea4a7",
+      "source_name": "response",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "5d5656fd-4208-4296-bc70-e39cc31caada",
+      "source_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+      "sink_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+      "source_name": "content",
+      "sink_name": "prompt_values_#_CONTENT",
+      "is_static": false
+    },
+    {
+      "id": "f979ab78-0903-4f19-a7c2-a419d5d81aef",
+      "source_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+      "sink_id": "cefccd07-fe70-4feb-bf76-46b20aaa5d35",
+      "source_name": "response",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "6bcca45d-c9d5-439e-ac43-e4a1264d8f57",
+      "source_id": "08612ce2-625b-4c17-accd-3acace7b6477",
+      "sink_id": "c9924577-70d8-4ccb-9106-6f796df09ef9",
+      "source_name": "response",
+      "sink_name": "prompt_values_#_ANALYSIS",
+      "is_static": false
+    },
+    {
+      "id": "cbb12335-fefd-4560-9fff-98675130fbad",
+      "source_id": "375f8bc3-afd9-4025-ad8e-9aeb329af7ce",
+      "sink_id": "b40595c6-dba3-4779-a129-cd4f01fff103",
+      "source_name": "result",
+      "sink_name": "url",
+      "is_static": true
+    }
+  ],
+  "forked_from_id": null,
+  "forked_from_version": null,
+  "sub_graphs": [],
+  "user_id": "",
+  "created_at": "2024-12-20T19:47:22.036Z",
+  "input_schema": {
+    "type": "object",
+    "properties": {
+      "Homepage URL": {
+        "advanced": false,
+        "secret": false,
+        "title": "Homepage URL",
+        "description": "Enter the URL of the homepage you want to improve",
+        "default": "https://agpt.co"
+      }
+    },
+    "required": []
+  },
+  "output_schema": {
+    "type": "object",
+    "properties": {
+      "Improved Webpage Copy": {
+        "advanced": false,
+        "secret": false,
+        "title": "Improved Webpage Copy"
+      },
+      "Original Page Analysis": {
+        "advanced": false,
+        "secret": false,
+        "title": "Original Page Analysis",
+        "description": "Analysis of the webpage as it currently stands."
+      }
+    },
+    "required": [
+      "Improved Webpage Copy",
+      "Original Page Analysis"
+    ]
+  },
+  "has_external_trigger": false,
+  "has_human_in_the_loop": false,
+  "trigger_setup_info": null,
+  "credentials_input_schema": {
+    "properties": {
+      "jina_api_key_credentials": {
+        "credentials_provider": [
+          "jina"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "jina",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.JINA: 'jina'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator_values": []
+      },
+      "openai_api_key_credentials": {
+        "credentials_provider": [
+          "openai"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "openai",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.OPENAI: 'openai'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator": "model",
+        "discriminator_mapping": {
+          "Llama-3.3-70B-Instruct": "llama_api",
+          "Llama-3.3-8B-Instruct": "llama_api",
+          "Llama-4-Maverick-17B-128E-Instruct-FP8": "llama_api",
+          "Llama-4-Scout-17B-16E-Instruct-FP8": "llama_api",
+          "Qwen/Qwen2.5-72B-Instruct-Turbo": "aiml_api",
+          "amazon/nova-lite-v1": "open_router",
+          "amazon/nova-micro-v1": "open_router",
+          "amazon/nova-pro-v1": "open_router",
+          "claude-3-7-sonnet-20250219": "anthropic",
+          "claude-3-haiku-20240307": "anthropic",
+          "claude-haiku-4-5-20251001": "anthropic",
+          "claude-opus-4-1-20250805": "anthropic",
+          "claude-opus-4-20250514": "anthropic",
+          "claude-opus-4-5-20251101": "anthropic",
+          "claude-sonnet-4-20250514": "anthropic",
+          "claude-sonnet-4-5-20250929": "anthropic",
+          "cohere/command-r-08-2024": "open_router",
+          "cohere/command-r-plus-08-2024": "open_router",
+          "deepseek/deepseek-chat": "open_router",
+          "deepseek/deepseek-r1-0528": "open_router",
+          "dolphin-mistral:latest": "ollama",
+          "google/gemini-2.0-flash-001": "open_router",
+          "google/gemini-2.0-flash-lite-001": "open_router",
+          "google/gemini-2.5-flash": "open_router",
+          "google/gemini-2.5-flash-lite-preview-06-17": "open_router",
+          "google/gemini-2.5-pro-preview-03-25": "open_router",
+          "google/gemini-3-pro-preview": "open_router",
+          "gpt-3.5-turbo": "openai",
+          "gpt-4-turbo": "openai",
+          "gpt-4.1-2025-04-14": "openai",
+          "gpt-4.1-mini-2025-04-14": "openai",
+          "gpt-4o": "openai",
+          "gpt-4o-mini": "openai",
+          "gpt-5-2025-08-07": "openai",
+          "gpt-5-chat-latest": "openai",
+          "gpt-5-mini-2025-08-07": "openai",
+          "gpt-5-nano-2025-08-07": "openai",
+          "gpt-5.1-2025-11-13": "openai",
+          "gryphe/mythomax-l2-13b": "open_router",
+          "llama-3.1-8b-instant": "groq",
+          "llama-3.3-70b-versatile": "groq",
+          "llama3": "ollama",
+          "llama3.1:405b": "ollama",
+          "llama3.2": "ollama",
+          "llama3.3": "ollama",
+          "meta-llama/Llama-3.2-3B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Llama-3.3-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Meta-Llama-3.1-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/llama-4-maverick": "open_router",
+          "meta-llama/llama-4-scout": "open_router",
+          "microsoft/wizardlm-2-8x22b": "open_router",
+          "mistralai/mistral-nemo": "open_router",
+          "moonshotai/kimi-k2": "open_router",
+          "nousresearch/hermes-3-llama-3.1-405b": "open_router",
+          "nousresearch/hermes-3-llama-3.1-70b": "open_router",
+          "nvidia/llama-3.1-nemotron-70b-instruct": "aiml_api",
+          "o1": "openai",
+          "o1-mini": "openai",
+          "o3-2025-04-16": "openai",
+          "o3-mini": "openai",
+          "openai/gpt-oss-120b": "open_router",
+          "openai/gpt-oss-20b": "open_router",
+          "perplexity/sonar": "open_router",
+          "perplexity/sonar-deep-research": "open_router",
+          "perplexity/sonar-pro": "open_router",
+          "qwen/qwen3-235b-a22b-thinking-2507": "open_router",
+          "qwen/qwen3-coder": "open_router",
+          "v0-1.0-md": "v0",
+          "v0-1.5-lg": "v0",
+          "v0-1.5-md": "v0",
+          "x-ai/grok-4": "open_router",
+          "x-ai/grok-4-fast": "open_router",
+          "x-ai/grok-4.1-fast": "open_router",
+          "x-ai/grok-code-fast-1": "open_router"
+        },
+        "discriminator_values": [
+          "gpt-4o"
+        ]
+      }
+    },
+    "required": [
+      "jina_api_key_credentials",
+      "openai_api_key_credentials"
+    ],
+    "title": "AIWebpageCopyImproverCredentialsInputSchema",
+    "type": "object"
+  }
+}

autogpt_platform/backend/agents/agent_fc2c9976-0962-4625-a27b-d316573a9e7f.json

@@ -0,0 +1,615 @@
+{
+  "id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+  "version": 29,
+  "is_active": true,
+  "name": "Email Address Finder",
+  "description": "Input information of a business and find their email address",
+  "instructions": null,
+  "recommended_schedule_cron": null,
+  "nodes": [
+    {
+      "id": "04cad535-9f1a-4876-8b07-af5897d8c282",
+      "block_id": "c0a8e994-ebf1-4a9c-a4d8-89d09c86741b",
+      "input_default": {
+        "name": "Address",
+        "value": "USA"
+      },
+      "metadata": {
+        "position": {
+          "x": 1047.9357219838776,
+          "y": 1067.9123910370954
+        }
+      },
+      "input_links": [],
+      "output_links": [
+        {
+          "id": "aac29f7b-3cd1-4c91-9a2a-72a8301c0957",
+          "source_id": "04cad535-9f1a-4876-8b07-af5897d8c282",
+          "sink_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+          "source_name": "result",
+          "sink_name": "values_#_ADDRESS",
+          "is_static": true
+        }
+      ],
+      "graph_id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+      "block_id": "3146e4fe-2cdd-4f29-bd12-0c9d5bb4deb0",
+      "input_default": {
+        "group": 1,
+        "pattern": "<email>(.*?)<\\/email>"
+      },
+      "metadata": {
+        "position": {
+          "x": 3381.2821481740634,
+          "y": 246.091098184158
+        }
+      },
+      "input_links": [
+        {
+          "id": "9f8188ce-1f3d-46fb-acda-b2a57c0e5da6",
+          "source_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+          "sink_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+          "source_name": "response",
+          "sink_name": "text",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "b15b5143-27b7-486e-a166-4095e72e5235",
+          "source_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+          "sink_id": "266b7255-11c4-4b88-99e2-85db31a2e865",
+          "source_name": "negative",
+          "sink_name": "values_#_Result",
+          "is_static": false
+        },
+        {
+          "id": "23591872-3c6b-4562-87d3-5b6ade698e48",
+          "source_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+          "sink_id": "310c8fab-2ae6-4158-bd48-01dbdc434130",
+          "source_name": "positive",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "310c8fab-2ae6-4158-bd48-01dbdc434130",
+      "block_id": "363ae599-353e-4804-937e-b2ee3cef3da4",
+      "input_default": {
+        "name": "Email"
+      },
+      "metadata": {
+        "position": {
+          "x": 4525.4246310882,
+          "y": 246.36913665010354
+        }
+      },
+      "input_links": [
+        {
+          "id": "d87b07ea-dcec-4d38-a644-2c1d741ea3cb",
+          "source_id": "266b7255-11c4-4b88-99e2-85db31a2e865",
+          "sink_id": "310c8fab-2ae6-4158-bd48-01dbdc434130",
+          "source_name": "output",
+          "sink_name": "value",
+          "is_static": false
+        },
+        {
+          "id": "23591872-3c6b-4562-87d3-5b6ade698e48",
+          "source_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+          "sink_id": "310c8fab-2ae6-4158-bd48-01dbdc434130",
+          "source_name": "positive",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "output_links": [],
+      "graph_id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "4a41df99-ffe2-4c12-b528-632979c9c030",
+      "block_id": "87840993-2053-44b7-8da4-187ad4ee518c",
+      "input_default": {},
+      "metadata": {
+        "position": {
+          "x": 2182.7499999999995,
+          "y": 242.00001144409185
+        }
+      },
+      "input_links": [
+        {
+          "id": "2e411d3d-79ba-4958-9c1c-b76a45a2e649",
+          "source_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+          "sink_id": "4a41df99-ffe2-4c12-b528-632979c9c030",
+          "source_name": "output",
+          "sink_name": "query",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "899cc7d8-a96b-4107-b3c6-4c78edcf0c6b",
+          "source_id": "4a41df99-ffe2-4c12-b528-632979c9c030",
+          "sink_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+          "source_name": "results",
+          "sink_name": "prompt_values_#_WEBSITE_CONTENT",
+          "is_static": false
+        }
+      ],
+      "graph_id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "9708a10a-8be0-4c44-abb3-bd0f7c594794",
+      "block_id": "c0a8e994-ebf1-4a9c-a4d8-89d09c86741b",
+      "input_default": {
+        "name": "Business Name",
+        "value": "Tim Cook"
+      },
+      "metadata": {
+        "position": {
+          "x": 1049.9704155272595,
+          "y": 244.49931152418344
+        }
+      },
+      "input_links": [],
+      "output_links": [
+        {
+          "id": "946b522c-365f-4ee0-96f9-28863d9882ea",
+          "source_id": "9708a10a-8be0-4c44-abb3-bd0f7c594794",
+          "sink_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+          "source_name": "result",
+          "sink_name": "values_#_NAME",
+          "is_static": true
+        },
+        {
+          "id": "43e920a7-0bb4-4fae-9a22-91df95c7342a",
+          "source_id": "9708a10a-8be0-4c44-abb3-bd0f7c594794",
+          "sink_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_BUSINESS_NAME",
+          "is_static": true
+        }
+      ],
+      "graph_id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+      "block_id": "db7d8f02-2f44-4c55-ab7a-eae0941f0c30",
+      "input_default": {
+        "format": "Email Address of {{NAME}}, {{ADDRESS}}",
+        "values": {}
+      },
+      "metadata": {
+        "position": {
+          "x": 1625.25,
+          "y": 243.25001144409185
+        }
+      },
+      "input_links": [
+        {
+          "id": "946b522c-365f-4ee0-96f9-28863d9882ea",
+          "source_id": "9708a10a-8be0-4c44-abb3-bd0f7c594794",
+          "sink_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+          "source_name": "result",
+          "sink_name": "values_#_NAME",
+          "is_static": true
+        },
+        {
+          "id": "aac29f7b-3cd1-4c91-9a2a-72a8301c0957",
+          "source_id": "04cad535-9f1a-4876-8b07-af5897d8c282",
+          "sink_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+          "source_name": "result",
+          "sink_name": "values_#_ADDRESS",
+          "is_static": true
+        }
+      ],
+      "output_links": [
+        {
+          "id": "2e411d3d-79ba-4958-9c1c-b76a45a2e649",
+          "source_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+          "sink_id": "4a41df99-ffe2-4c12-b528-632979c9c030",
+          "source_name": "output",
+          "sink_name": "query",
+          "is_static": false
+        }
+      ],
+      "graph_id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "266b7255-11c4-4b88-99e2-85db31a2e865",
+      "block_id": "db7d8f02-2f44-4c55-ab7a-eae0941f0c30",
+      "input_default": {
+        "format": "Failed to find email. \nResult:\n{{RESULT}}",
+        "values": {}
+      },
+      "metadata": {
+        "position": {
+          "x": 3949.7493830805934,
+          "y": 705.209819698647
+        }
+      },
+      "input_links": [
+        {
+          "id": "b15b5143-27b7-486e-a166-4095e72e5235",
+          "source_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+          "sink_id": "266b7255-11c4-4b88-99e2-85db31a2e865",
+          "source_name": "negative",
+          "sink_name": "values_#_Result",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "d87b07ea-dcec-4d38-a644-2c1d741ea3cb",
+          "source_id": "266b7255-11c4-4b88-99e2-85db31a2e865",
+          "sink_id": "310c8fab-2ae6-4158-bd48-01dbdc434130",
+          "source_name": "output",
+          "sink_name": "value",
+          "is_static": false
+        }
+      ],
+      "graph_id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    },
+    {
+      "id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+      "block_id": "1f292d4a-41a4-4977-9684-7c8d560b9f91",
+      "input_default": {
+        "model": "claude-sonnet-4-5-20250929",
+        "prompt": "<business_website>\n{{WEBSITE_CONTENT}}\n</business_website>\n\nExtract the Contact Email of {{BUSINESS_NAME}}.\n\nIf no email that can be used to contact {{BUSINESS_NAME}} is present, output `N/A`.\nDo not share any emails other than the email for this specific entity.\n\nIf multiple present pick the likely best one.\n\nRespond with the email (or N/A) inside <email></email> tags.\n\nExample Response:\n\n<thoughts_or_comments>\nThere were many emails present, but luckily one was for {{BUSINESS_NAME}} which I have included below.\n</thoughts_or_comments>\n<email>\nexample@email.com\n</email>",
+        "prompt_values": {}
+      },
+      "metadata": {
+        "position": {
+          "x": 2774.879259081777,
+          "y": 243.3102035752969
+        }
+      },
+      "input_links": [
+        {
+          "id": "43e920a7-0bb4-4fae-9a22-91df95c7342a",
+          "source_id": "9708a10a-8be0-4c44-abb3-bd0f7c594794",
+          "sink_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+          "source_name": "result",
+          "sink_name": "prompt_values_#_BUSINESS_NAME",
+          "is_static": true
+        },
+        {
+          "id": "899cc7d8-a96b-4107-b3c6-4c78edcf0c6b",
+          "source_id": "4a41df99-ffe2-4c12-b528-632979c9c030",
+          "sink_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+          "source_name": "results",
+          "sink_name": "prompt_values_#_WEBSITE_CONTENT",
+          "is_static": false
+        }
+      ],
+      "output_links": [
+        {
+          "id": "9f8188ce-1f3d-46fb-acda-b2a57c0e5da6",
+          "source_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+          "sink_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+          "source_name": "response",
+          "sink_name": "text",
+          "is_static": false
+        }
+      ],
+      "graph_id": "4c6b68cb-bb75-4044-b1cb-2cee3fd39b26",
+      "graph_version": 29,
+      "webhook_id": null,
+      "webhook": null
+    }
+  ],
+  "links": [
+    {
+      "id": "9f8188ce-1f3d-46fb-acda-b2a57c0e5da6",
+      "source_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+      "sink_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+      "source_name": "response",
+      "sink_name": "text",
+      "is_static": false
+    },
+    {
+      "id": "b15b5143-27b7-486e-a166-4095e72e5235",
+      "source_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+      "sink_id": "266b7255-11c4-4b88-99e2-85db31a2e865",
+      "source_name": "negative",
+      "sink_name": "values_#_Result",
+      "is_static": false
+    },
+    {
+      "id": "d87b07ea-dcec-4d38-a644-2c1d741ea3cb",
+      "source_id": "266b7255-11c4-4b88-99e2-85db31a2e865",
+      "sink_id": "310c8fab-2ae6-4158-bd48-01dbdc434130",
+      "source_name": "output",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "946b522c-365f-4ee0-96f9-28863d9882ea",
+      "source_id": "9708a10a-8be0-4c44-abb3-bd0f7c594794",
+      "sink_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+      "source_name": "result",
+      "sink_name": "values_#_NAME",
+      "is_static": true
+    },
+    {
+      "id": "23591872-3c6b-4562-87d3-5b6ade698e48",
+      "source_id": "a6e7355e-5bf8-4b09-b11c-a5e140389981",
+      "sink_id": "310c8fab-2ae6-4158-bd48-01dbdc434130",
+      "source_name": "positive",
+      "sink_name": "value",
+      "is_static": false
+    },
+    {
+      "id": "43e920a7-0bb4-4fae-9a22-91df95c7342a",
+      "source_id": "9708a10a-8be0-4c44-abb3-bd0f7c594794",
+      "sink_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+      "source_name": "result",
+      "sink_name": "prompt_values_#_BUSINESS_NAME",
+      "is_static": true
+    },
+    {
+      "id": "2e411d3d-79ba-4958-9c1c-b76a45a2e649",
+      "source_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+      "sink_id": "4a41df99-ffe2-4c12-b528-632979c9c030",
+      "source_name": "output",
+      "sink_name": "query",
+      "is_static": false
+    },
+    {
+      "id": "aac29f7b-3cd1-4c91-9a2a-72a8301c0957",
+      "source_id": "04cad535-9f1a-4876-8b07-af5897d8c282",
+      "sink_id": "28b5ddcc-dc20-41cc-ad21-c54ff459f694",
+      "source_name": "result",
+      "sink_name": "values_#_ADDRESS",
+      "is_static": true
+    },
+    {
+      "id": "899cc7d8-a96b-4107-b3c6-4c78edcf0c6b",
+      "source_id": "4a41df99-ffe2-4c12-b528-632979c9c030",
+      "sink_id": "510937b3-0134-4e45-b2ba-05a447bbaf50",
+      "source_name": "results",
+      "sink_name": "prompt_values_#_WEBSITE_CONTENT",
+      "is_static": false
+    }
+  ],
+  "forked_from_id": null,
+  "forked_from_version": null,
+  "sub_graphs": [],
+  "user_id": "",
+  "created_at": "2025-01-03T00:46:30.244Z",
+  "input_schema": {
+    "type": "object",
+    "properties": {
+      "Address": {
+        "advanced": false,
+        "secret": false,
+        "title": "Address",
+        "default": "USA"
+      },
+      "Business Name": {
+        "advanced": false,
+        "secret": false,
+        "title": "Business Name",
+        "default": "Tim Cook"
+      }
+    },
+    "required": []
+  },
+  "output_schema": {
+    "type": "object",
+    "properties": {
+      "Email": {
+        "advanced": false,
+        "secret": false,
+        "title": "Email"
+      }
+    },
+    "required": [
+      "Email"
+    ]
+  },
+  "has_external_trigger": false,
+  "has_human_in_the_loop": false,
+  "trigger_setup_info": null,
+  "credentials_input_schema": {
+    "properties": {
+      "jina_api_key_credentials": {
+        "credentials_provider": [
+          "jina"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "jina",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.JINA: 'jina'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator_values": []
+      },
+      "anthropic_api_key_credentials": {
+        "credentials_provider": [
+          "anthropic"
+        ],
+        "credentials_types": [
+          "api_key"
+        ],
+        "properties": {
+          "id": {
+            "title": "Id",
+            "type": "string"
+          },
+          "title": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "default": null,
+            "title": "Title"
+          },
+          "provider": {
+            "const": "anthropic",
+            "title": "Provider",
+            "type": "string"
+          },
+          "type": {
+            "const": "api_key",
+            "title": "Type",
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "provider",
+          "type"
+        ],
+        "title": "CredentialsMetaInput[Literal[<ProviderName.ANTHROPIC: 'anthropic'>], Literal['api_key']]",
+        "type": "object",
+        "discriminator": "model",
+        "discriminator_mapping": {
+          "Llama-3.3-70B-Instruct": "llama_api",
+          "Llama-3.3-8B-Instruct": "llama_api",
+          "Llama-4-Maverick-17B-128E-Instruct-FP8": "llama_api",
+          "Llama-4-Scout-17B-16E-Instruct-FP8": "llama_api",
+          "Qwen/Qwen2.5-72B-Instruct-Turbo": "aiml_api",
+          "amazon/nova-lite-v1": "open_router",
+          "amazon/nova-micro-v1": "open_router",
+          "amazon/nova-pro-v1": "open_router",
+          "claude-3-7-sonnet-20250219": "anthropic",
+          "claude-3-haiku-20240307": "anthropic",
+          "claude-haiku-4-5-20251001": "anthropic",
+          "claude-opus-4-1-20250805": "anthropic",
+          "claude-opus-4-20250514": "anthropic",
+          "claude-opus-4-5-20251101": "anthropic",
+          "claude-sonnet-4-20250514": "anthropic",
+          "claude-sonnet-4-5-20250929": "anthropic",
+          "cohere/command-r-08-2024": "open_router",
+          "cohere/command-r-plus-08-2024": "open_router",
+          "deepseek/deepseek-chat": "open_router",
+          "deepseek/deepseek-r1-0528": "open_router",
+          "dolphin-mistral:latest": "ollama",
+          "google/gemini-2.0-flash-001": "open_router",
+          "google/gemini-2.0-flash-lite-001": "open_router",
+          "google/gemini-2.5-flash": "open_router",
+          "google/gemini-2.5-flash-lite-preview-06-17": "open_router",
+          "google/gemini-2.5-pro-preview-03-25": "open_router",
+          "google/gemini-3-pro-preview": "open_router",
+          "gpt-3.5-turbo": "openai",
+          "gpt-4-turbo": "openai",
+          "gpt-4.1-2025-04-14": "openai",
+          "gpt-4.1-mini-2025-04-14": "openai",
+          "gpt-4o": "openai",
+          "gpt-4o-mini": "openai",
+          "gpt-5-2025-08-07": "openai",
+          "gpt-5-chat-latest": "openai",
+          "gpt-5-mini-2025-08-07": "openai",
+          "gpt-5-nano-2025-08-07": "openai",
+          "gpt-5.1-2025-11-13": "openai",
+          "gryphe/mythomax-l2-13b": "open_router",
+          "llama-3.1-8b-instant": "groq",
+          "llama-3.3-70b-versatile": "groq",
+          "llama3": "ollama",
+          "llama3.1:405b": "ollama",
+          "llama3.2": "ollama",
+          "llama3.3": "ollama",
+          "meta-llama/Llama-3.2-3B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Llama-3.3-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/Meta-Llama-3.1-70B-Instruct-Turbo": "aiml_api",
+          "meta-llama/llama-4-maverick": "open_router",
+          "meta-llama/llama-4-scout": "open_router",
+          "microsoft/wizardlm-2-8x22b": "open_router",
+          "mistralai/mistral-nemo": "open_router",
+          "moonshotai/kimi-k2": "open_router",
+          "nousresearch/hermes-3-llama-3.1-405b": "open_router",
+          "nousresearch/hermes-3-llama-3.1-70b": "open_router",
+          "nvidia/llama-3.1-nemotron-70b-instruct": "aiml_api",
+          "o1": "openai",
+          "o1-mini": "openai",
+          "o3-2025-04-16": "openai",
+          "o3-mini": "openai",
+          "openai/gpt-oss-120b": "open_router",
+          "openai/gpt-oss-20b": "open_router",
+          "perplexity/sonar": "open_router",
+          "perplexity/sonar-deep-research": "open_router",
+          "perplexity/sonar-pro": "open_router",
+          "qwen/qwen3-235b-a22b-thinking-2507": "open_router",
+          "qwen/qwen3-coder": "open_router",
+          "v0-1.0-md": "v0",
+          "v0-1.5-lg": "v0",
+          "v0-1.5-md": "v0",
+          "x-ai/grok-4": "open_router",
+          "x-ai/grok-4-fast": "open_router",
+          "x-ai/grok-4.1-fast": "open_router",
+          "x-ai/grok-code-fast-1": "open_router"
+        },
+        "discriminator_values": [
+          "claude-sonnet-4-5-20250929"
+        ]
+      }
+    },
+    "required": [
+      "jina_api_key_credentials",
+      "anthropic_api_key_credentials"
+    ],
+    "title": "EmailAddressFinderCredentialsInputSchema",
+    "type": "object"
+  }
+}

autogpt_platform/backend/backend/blocks/ai_shortform_video_block.py

@@ -20,6 +20,7 @@ from backend.data.model import (
     SchemaField,
 )
 from backend.integrations.providers import ProviderName
+from backend.util.exceptions import BlockExecutionError
 from backend.util.request import Requests
 
 TEST_CREDENTIALS = APIKeyCredentials(
@@ -246,7 +247,11 @@ class AIShortformVideoCreatorBlock(Block):
             await asyncio.sleep(10)
 
         logger.error("Video creation timed out")
-        raise TimeoutError("Video creation timed out")
+        raise BlockExecutionError(
+            message="Video creation timed out",
+            block_name=self.name,
+            block_id=self.id,
+        )
 
     def __init__(self):
         super().__init__(
@@ -422,7 +427,11 @@ class AIAdMakerVideoCreatorBlock(Block):
             await asyncio.sleep(10)
 
         logger.error("Video creation timed out")
-        raise TimeoutError("Video creation timed out")
+        raise BlockExecutionError(
+            message="Video creation timed out",
+            block_name=self.name,
+            block_id=self.id,
+        )
 
     def __init__(self):
         super().__init__(
@@ -599,7 +608,11 @@ class AIScreenshotToVideoAdBlock(Block):
             await asyncio.sleep(10)
 
         logger.error("Video creation timed out")
-        raise TimeoutError("Video creation timed out")
+        raise BlockExecutionError(
+            message="Video creation timed out",
+            block_name=self.name,
+            block_id=self.id,
+        )
 
     def __init__(self):
         super().__init__(

autogpt_platform/backend/backend/blocks/airtable/_api.py

@@ -1371,7 +1371,7 @@ async def create_base(
     if tables:
         params["tables"] = tables
 
-    print(params)
+    logger.debug(f"Creating Airtable base with params: {params}")
 
     response = await Requests().post(
         "https://api.airtable.com/v0/meta/bases",

autogpt_platform/backend/backend/blocks/branching.py

@@ -106,7 +106,10 @@ class ConditionBlock(Block):
             ComparisonOperator.LESS_THAN_OR_EQUAL: lambda a, b: a <= b,
         }
 
-        result = comparison_funcs[operator](value1, value2)
+        try:
+            result = comparison_funcs[operator](value1, value2)
+        except Exception as e:
+            raise ValueError(f"Comparison failed: {e}") from e
 
         yield "result", result
 

autogpt_platform/backend/backend/blocks/exa/helpers.py

@@ -319,7 +319,7 @@ class CostDollars(BaseModel):
 
 # Helper functions for payload processing
 def process_text_field(
-    text: Union[bool, TextEnabled, TextDisabled, TextAdvanced, None]
+    text: Union[bool, TextEnabled, TextDisabled, TextAdvanced, None],
 ) -> Optional[Union[bool, Dict[str, Any]]]:
     """Process text field for API payload."""
     if text is None:
@@ -400,7 +400,7 @@ def process_contents_settings(contents: Optional[ContentSettings]) -> Dict[str,
 
 
 def process_context_field(
-    context: Union[bool, dict, ContextEnabled, ContextDisabled, ContextAdvanced, None]
+    context: Union[bool, dict, ContextEnabled, ContextDisabled, ContextAdvanced, None],
 ) -> Optional[Union[bool, Dict[str, int]]]:
     """Process context field for API payload."""
     if context is None:

autogpt_platform/backend/backend/blocks/firecrawl/extract.py

@@ -15,6 +15,7 @@ from backend.sdk import (
     SchemaField,
     cost,
 )
+from backend.util.exceptions import BlockExecutionError
 
 from ._config import firecrawl
 
@@ -59,11 +60,18 @@ class FirecrawlExtractBlock(Block):
     ) -> BlockOutput:
         app = FirecrawlApp(api_key=credentials.api_key.get_secret_value())
 
-        extract_result = app.extract(
-            urls=input_data.urls,
-            prompt=input_data.prompt,
-            schema=input_data.output_schema,
-            enable_web_search=input_data.enable_web_search,
-        )
+        try:
+            extract_result = app.extract(
+                urls=input_data.urls,
+                prompt=input_data.prompt,
+                schema=input_data.output_schema,
+                enable_web_search=input_data.enable_web_search,
+            )
+        except Exception as e:
+            raise BlockExecutionError(
+                message=f"Extract failed: {e}",
+                block_name=self.name,
+                block_id=self.id,
+            ) from e
 
         yield "data", extract_result.data

autogpt_platform/backend/backend/blocks/flux_kontext.py

@@ -19,6 +19,7 @@ from backend.data.model import (
     SchemaField,
 )
 from backend.integrations.providers import ProviderName
+from backend.util.exceptions import ModerationError
 from backend.util.file import MediaFileType, store_media_file
 
 TEST_CREDENTIALS = APIKeyCredentials(
@@ -153,6 +154,8 @@ class AIImageEditorBlock(Block):
             ),
             aspect_ratio=input_data.aspect_ratio.value,
             seed=input_data.seed,
+            user_id=user_id,
+            graph_exec_id=graph_exec_id,
         )
         yield "output_image", result
 
@@ -164,6 +167,8 @@ class AIImageEditorBlock(Block):
         input_image_b64: Optional[str],
         aspect_ratio: str,
         seed: Optional[int],
+        user_id: str,
+        graph_exec_id: str,
     ) -> MediaFileType:
         client = ReplicateClient(api_token=api_key.get_secret_value())
         input_params = {
@@ -173,11 +178,21 @@ class AIImageEditorBlock(Block):
             **({"seed": seed} if seed is not None else {}),
         }
 
-        output: FileOutput | list[FileOutput] = await client.async_run(  # type: ignore
-            model_name,
-            input=input_params,
-            wait=False,
-        )
+        try:
+            output: FileOutput | list[FileOutput] = await client.async_run(  # type: ignore
+                model_name,
+                input=input_params,
+                wait=False,
+            )
+        except Exception as e:
+            if "flagged as sensitive" in str(e).lower():
+                raise ModerationError(
+                    message="Content was flagged as sensitive by the model provider",
+                    user_id=user_id,
+                    graph_exec_id=graph_exec_id,
+                    moderation_type="model_provider",
+                )
+            raise ValueError(f"Model execution failed: {e}") from e
 
         if isinstance(output, list) and output:
             output = output[0]

autogpt_platform/backend/backend/blocks/github/example_payloads/discussion.created.json

@@ -0,0 +1,108 @@
+{
+  "action": "created",
+  "discussion": {
+    "repository_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT",
+    "category": {
+      "id": 12345678,
+      "node_id": "DIC_kwDOJKSTjM4CXXXX",
+      "repository_id": 614765452,
+      "emoji": ":pray:",
+      "name": "Q&A",
+      "description": "Ask the community for help",
+      "created_at": "2023-03-16T09:21:07Z",
+      "updated_at": "2023-03-16T09:21:07Z",
+      "slug": "q-a",
+      "is_answerable": true
+    },
+    "answer_html_url": null,
+    "answer_chosen_at": null,
+    "answer_chosen_by": null,
+    "html_url": "https://github.com/Significant-Gravitas/AutoGPT/discussions/9999",
+    "id": 5000000001,
+    "node_id": "D_kwDOJKSTjM4AYYYY",
+    "number": 9999,
+    "title": "How do I configure custom blocks?",
+    "user": {
+      "login": "curious-user",
+      "id": 22222222,
+      "node_id": "MDQ6VXNlcjIyMjIyMjIy",
+      "avatar_url": "https://avatars.githubusercontent.com/u/22222222?v=4",
+      "url": "https://api.github.com/users/curious-user",
+      "html_url": "https://github.com/curious-user",
+      "type": "User",
+      "site_admin": false
+    },
+    "state": "open",
+    "state_reason": null,
+    "locked": false,
+    "comments": 0,
+    "created_at": "2024-12-01T17:00:00Z",
+    "updated_at": "2024-12-01T17:00:00Z",
+    "author_association": "NONE",
+    "active_lock_reason": null,
+    "body": "## Question\n\nI'm trying to create a custom block for my specific use case. I've read the documentation but I'm not sure how to:\n\n1. Define the input/output schema\n2. Handle authentication\n3. Test my block locally\n\nCan someone point me to examples or provide guidance?\n\n## Environment\n\n- AutoGPT Platform version: latest\n- Python: 3.11",
+    "reactions": {
+      "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/discussions/9999/reactions",
+      "total_count": 0,
+      "+1": 0,
+      "-1": 0,
+      "laugh": 0,
+      "hooray": 0,
+      "confused": 0,
+      "heart": 0,
+      "rocket": 0,
+      "eyes": 0
+    },
+    "timeline_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/discussions/9999/timeline"
+  },
+  "repository": {
+    "id": 614765452,
+    "node_id": "R_kgDOJKSTjA",
+    "name": "AutoGPT",
+    "full_name": "Significant-Gravitas/AutoGPT",
+    "private": false,
+    "owner": {
+      "login": "Significant-Gravitas",
+      "id": 130738209,
+      "node_id": "O_kgDOB8roIQ",
+      "avatar_url": "https://avatars.githubusercontent.com/u/130738209?v=4",
+      "url": "https://api.github.com/users/Significant-Gravitas",
+      "html_url": "https://github.com/Significant-Gravitas",
+      "type": "Organization",
+      "site_admin": false
+    },
+    "html_url": "https://github.com/Significant-Gravitas/AutoGPT",
+    "description": "AutoGPT is the vision of accessible AI for everyone, to use and to build on.",
+    "fork": false,
+    "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT",
+    "created_at": "2023-03-16T09:21:07Z",
+    "updated_at": "2024-12-01T17:00:00Z",
+    "pushed_at": "2024-12-01T12:00:00Z",
+    "stargazers_count": 170000,
+    "watchers_count": 170000,
+    "language": "Python",
+    "has_discussions": true,
+    "forks_count": 45000,
+    "visibility": "public",
+    "default_branch": "master"
+  },
+  "organization": {
+    "login": "Significant-Gravitas",
+    "id": 130738209,
+    "node_id": "O_kgDOB8roIQ",
+    "url": "https://api.github.com/orgs/Significant-Gravitas",
+    "avatar_url": "https://avatars.githubusercontent.com/u/130738209?v=4",
+    "description": ""
+  },
+  "sender": {
+    "login": "curious-user",
+    "id": 22222222,
+    "node_id": "MDQ6VXNlcjIyMjIyMjIy",
+    "avatar_url": "https://avatars.githubusercontent.com/u/22222222?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/curious-user",
+    "html_url": "https://github.com/curious-user",
+    "type": "User",
+    "site_admin": false
+  }
+}

autogpt_platform/backend/backend/blocks/github/example_payloads/issues.opened.json

@@ -0,0 +1,112 @@
+{
+  "action": "opened",
+  "issue": {
+    "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/issues/12345",
+    "repository_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT",
+    "labels_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/issues/12345/labels{/name}",
+    "comments_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/issues/12345/comments",
+    "events_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/issues/12345/events",
+    "html_url": "https://github.com/Significant-Gravitas/AutoGPT/issues/12345",
+    "id": 2000000001,
+    "node_id": "I_kwDOJKSTjM5wXXXX",
+    "number": 12345,
+    "title": "Bug: Application crashes when processing large files",
+    "user": {
+      "login": "bug-reporter",
+      "id": 11111111,
+      "node_id": "MDQ6VXNlcjExMTExMTEx",
+      "avatar_url": "https://avatars.githubusercontent.com/u/11111111?v=4",
+      "url": "https://api.github.com/users/bug-reporter",
+      "html_url": "https://github.com/bug-reporter",
+      "type": "User",
+      "site_admin": false
+    },
+    "labels": [
+      {
+        "id": 5272676214,
+        "node_id": "LA_kwDOJKSTjM8AAAABOkandg",
+        "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/labels/bug",
+        "name": "bug",
+        "color": "d73a4a",
+        "default": true,
+        "description": "Something isn't working"
+      }
+    ],
+    "state": "open",
+    "locked": false,
+    "assignee": null,
+    "assignees": [],
+    "milestone": null,
+    "comments": 0,
+    "created_at": "2024-12-01T16:00:00Z",
+    "updated_at": "2024-12-01T16:00:00Z",
+    "closed_at": null,
+    "author_association": "NONE",
+    "active_lock_reason": null,
+    "body": "## Description\n\nWhen I try to process a file larger than 100MB, the application crashes with an out of memory error.\n\n## Steps to Reproduce\n\n1. Open the application\n2. Select a file larger than 100MB\n3. Click 'Process'\n4. Application crashes\n\n## Expected Behavior\n\nThe application should handle large files gracefully.\n\n## Environment\n\n- OS: Ubuntu 22.04\n- Python: 3.11\n- AutoGPT Version: 1.0.0",
+    "reactions": {
+      "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/issues/12345/reactions",
+      "total_count": 0,
+      "+1": 0,
+      "-1": 0,
+      "laugh": 0,
+      "hooray": 0,
+      "confused": 0,
+      "heart": 0,
+      "rocket": 0,
+      "eyes": 0
+    },
+    "timeline_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/issues/12345/timeline",
+    "state_reason": null
+  },
+  "repository": {
+    "id": 614765452,
+    "node_id": "R_kgDOJKSTjA",
+    "name": "AutoGPT",
+    "full_name": "Significant-Gravitas/AutoGPT",
+    "private": false,
+    "owner": {
+      "login": "Significant-Gravitas",
+      "id": 130738209,
+      "node_id": "O_kgDOB8roIQ",
+      "avatar_url": "https://avatars.githubusercontent.com/u/130738209?v=4",
+      "url": "https://api.github.com/users/Significant-Gravitas",
+      "html_url": "https://github.com/Significant-Gravitas",
+      "type": "Organization",
+      "site_admin": false
+    },
+    "html_url": "https://github.com/Significant-Gravitas/AutoGPT",
+    "description": "AutoGPT is the vision of accessible AI for everyone, to use and to build on.",
+    "fork": false,
+    "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT",
+    "created_at": "2023-03-16T09:21:07Z",
+    "updated_at": "2024-12-01T16:00:00Z",
+    "pushed_at": "2024-12-01T12:00:00Z",
+    "stargazers_count": 170000,
+    "watchers_count": 170000,
+    "language": "Python",
+    "forks_count": 45000,
+    "open_issues_count": 190,
+    "visibility": "public",
+    "default_branch": "master"
+  },
+  "organization": {
+    "login": "Significant-Gravitas",
+    "id": 130738209,
+    "node_id": "O_kgDOB8roIQ",
+    "url": "https://api.github.com/orgs/Significant-Gravitas",
+    "avatar_url": "https://avatars.githubusercontent.com/u/130738209?v=4",
+    "description": ""
+  },
+  "sender": {
+    "login": "bug-reporter",
+    "id": 11111111,
+    "node_id": "MDQ6VXNlcjExMTExMTEx",
+    "avatar_url": "https://avatars.githubusercontent.com/u/11111111?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/bug-reporter",
+    "html_url": "https://github.com/bug-reporter",
+    "type": "User",
+    "site_admin": false
+  }
+}

autogpt_platform/backend/backend/blocks/github/example_payloads/release.published.json

@@ -0,0 +1,97 @@
+{
+  "action": "published",
+  "release": {
+    "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/releases/123456789",
+    "assets_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/releases/123456789/assets",
+    "upload_url": "https://uploads.github.com/repos/Significant-Gravitas/AutoGPT/releases/123456789/assets{?name,label}",
+    "html_url": "https://github.com/Significant-Gravitas/AutoGPT/releases/tag/v1.0.0",
+    "id": 123456789,
+    "author": {
+      "login": "ntindle",
+      "id": 12345678,
+      "node_id": "MDQ6VXNlcjEyMzQ1Njc4",
+      "avatar_url": "https://avatars.githubusercontent.com/u/12345678?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/ntindle",
+      "html_url": "https://github.com/ntindle",
+      "type": "User",
+      "site_admin": false
+    },
+    "node_id": "RE_kwDOJKSTjM4HWwAA",
+    "tag_name": "v1.0.0",
+    "target_commitish": "master",
+    "name": "AutoGPT Platform v1.0.0",
+    "draft": false,
+    "prerelease": false,
+    "created_at": "2024-12-01T10:00:00Z",
+    "published_at": "2024-12-01T12:00:00Z",
+    "assets": [
+      {
+        "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/releases/assets/987654321",
+        "id": 987654321,
+        "node_id": "RA_kwDOJKSTjM4HWwBB",
+        "name": "autogpt-v1.0.0.zip",
+        "label": "Release Package",
+        "content_type": "application/zip",
+        "state": "uploaded",
+        "size": 52428800,
+        "download_count": 0,
+        "created_at": "2024-12-01T11:30:00Z",
+        "updated_at": "2024-12-01T11:35:00Z",
+        "browser_download_url": "https://github.com/Significant-Gravitas/AutoGPT/releases/download/v1.0.0/autogpt-v1.0.0.zip"
+      }
+    ],
+    "tarball_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/tarball/v1.0.0",
+    "zipball_url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT/zipball/v1.0.0",
+    "body": "## What's New\n\n- Feature 1: Amazing new capability\n- Feature 2: Performance improvements\n- Bug fixes and stability improvements\n\n## Breaking Changes\n\nNone\n\n## Contributors\n\nThanks to all our contributors!"
+  },
+  "repository": {
+    "id": 614765452,
+    "node_id": "R_kgDOJKSTjA",
+    "name": "AutoGPT",
+    "full_name": "Significant-Gravitas/AutoGPT",
+    "private": false,
+    "owner": {
+      "login": "Significant-Gravitas",
+      "id": 130738209,
+      "node_id": "O_kgDOB8roIQ",
+      "avatar_url": "https://avatars.githubusercontent.com/u/130738209?v=4",
+      "url": "https://api.github.com/users/Significant-Gravitas",
+      "html_url": "https://github.com/Significant-Gravitas",
+      "type": "Organization",
+      "site_admin": false
+    },
+    "html_url": "https://github.com/Significant-Gravitas/AutoGPT",
+    "description": "AutoGPT is the vision of accessible AI for everyone, to use and to build on.",
+    "fork": false,
+    "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT",
+    "created_at": "2023-03-16T09:21:07Z",
+    "updated_at": "2024-12-01T12:00:00Z",
+    "pushed_at": "2024-12-01T12:00:00Z",
+    "stargazers_count": 170000,
+    "watchers_count": 170000,
+    "language": "Python",
+    "forks_count": 45000,
+    "visibility": "public",
+    "default_branch": "master"
+  },
+  "organization": {
+    "login": "Significant-Gravitas",
+    "id": 130738209,
+    "node_id": "O_kgDOB8roIQ",
+    "url": "https://api.github.com/orgs/Significant-Gravitas",
+    "avatar_url": "https://avatars.githubusercontent.com/u/130738209?v=4",
+    "description": ""
+  },
+  "sender": {
+    "login": "ntindle",
+    "id": 12345678,
+    "node_id": "MDQ6VXNlcjEyMzQ1Njc4",
+    "avatar_url": "https://avatars.githubusercontent.com/u/12345678?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/ntindle",
+    "html_url": "https://github.com/ntindle",
+    "type": "User",
+    "site_admin": false
+  }
+}

autogpt_platform/backend/backend/blocks/github/example_payloads/star.created.json

@@ -0,0 +1,53 @@
+{
+  "action": "created",
+  "starred_at": "2024-12-01T15:30:00Z",
+  "repository": {
+    "id": 614765452,
+    "node_id": "R_kgDOJKSTjA",
+    "name": "AutoGPT",
+    "full_name": "Significant-Gravitas/AutoGPT",
+    "private": false,
+    "owner": {
+      "login": "Significant-Gravitas",
+      "id": 130738209,
+      "node_id": "O_kgDOB8roIQ",
+      "avatar_url": "https://avatars.githubusercontent.com/u/130738209?v=4",
+      "url": "https://api.github.com/users/Significant-Gravitas",
+      "html_url": "https://github.com/Significant-Gravitas",
+      "type": "Organization",
+      "site_admin": false
+    },
+    "html_url": "https://github.com/Significant-Gravitas/AutoGPT",
+    "description": "AutoGPT is the vision of accessible AI for everyone, to use and to build on.",
+    "fork": false,
+    "url": "https://api.github.com/repos/Significant-Gravitas/AutoGPT",
+    "created_at": "2023-03-16T09:21:07Z",
+    "updated_at": "2024-12-01T15:30:00Z",
+    "pushed_at": "2024-12-01T12:00:00Z",
+    "stargazers_count": 170001,
+    "watchers_count": 170001,
+    "language": "Python",
+    "forks_count": 45000,
+    "visibility": "public",
+    "default_branch": "master"
+  },
+  "organization": {
+    "login": "Significant-Gravitas",
+    "id": 130738209,
+    "node_id": "O_kgDOB8roIQ",
+    "url": "https://api.github.com/orgs/Significant-Gravitas",
+    "avatar_url": "https://avatars.githubusercontent.com/u/130738209?v=4",
+    "description": ""
+  },
+  "sender": {
+    "login": "awesome-contributor",
+    "id": 98765432,
+    "node_id": "MDQ6VXNlcjk4NzY1NDMy",
+    "avatar_url": "https://avatars.githubusercontent.com/u/98765432?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/awesome-contributor",
+    "html_url": "https://github.com/awesome-contributor",
+    "type": "User",
+    "site_admin": false
+  }
+}

autogpt_platform/backend/backend/blocks/github/triggers.py

@@ -159,3 +159,391 @@ class GithubPullRequestTriggerBlock(GitHubTriggerBase, Block):
 
 
 # --8<-- [end:GithubTriggerExample]
+
+
+class GithubStarTriggerBlock(GitHubTriggerBase, Block):
+    """Trigger block for GitHub star events - useful for milestone celebrations."""
+
+    EXAMPLE_PAYLOAD_FILE = (
+        Path(__file__).parent / "example_payloads" / "star.created.json"
+    )
+
+    class Input(GitHubTriggerBase.Input):
+        class EventsFilter(BaseModel):
+            """
+            https://docs.github.com/en/webhooks/webhook-events-and-payloads#star
+            """
+
+            created: bool = False
+            deleted: bool = False
+
+        events: EventsFilter = SchemaField(
+            title="Events", description="The star events to subscribe to"
+        )
+
+    class Output(GitHubTriggerBase.Output):
+        event: str = SchemaField(
+            description="The star event that triggered the webhook ('created' or 'deleted')"
+        )
+        starred_at: str = SchemaField(
+            description="ISO timestamp when the repo was starred (empty if deleted)"
+        )
+        stargazers_count: int = SchemaField(
+            description="Current number of stars on the repository"
+        )
+        repository_name: str = SchemaField(
+            description="Full name of the repository (owner/repo)"
+        )
+        repository_url: str = SchemaField(description="URL to the repository")
+
+    def __init__(self):
+        from backend.integrations.webhooks.github import GithubWebhookType
+
+        example_payload = json.loads(
+            self.EXAMPLE_PAYLOAD_FILE.read_text(encoding="utf-8")
+        )
+
+        super().__init__(
+            id="551e0a35-100b-49b7-89b8-3031322239b6",
+            description="This block triggers on GitHub star events. "
+            "Useful for celebrating milestones (e.g., 1k, 10k stars) or tracking engagement.",
+            categories={BlockCategory.DEVELOPER_TOOLS, BlockCategory.INPUT},
+            input_schema=GithubStarTriggerBlock.Input,
+            output_schema=GithubStarTriggerBlock.Output,
+            webhook_config=BlockWebhookConfig(
+                provider=ProviderName.GITHUB,
+                webhook_type=GithubWebhookType.REPO,
+                resource_format="{repo}",
+                event_filter_input="events",
+                event_format="star.{event}",
+            ),
+            test_input={
+                "repo": "Significant-Gravitas/AutoGPT",
+                "events": {"created": True},
+                "credentials": TEST_CREDENTIALS_INPUT,
+                "payload": example_payload,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("payload", example_payload),
+                ("triggered_by_user", example_payload["sender"]),
+                ("event", example_payload["action"]),
+                ("starred_at", example_payload.get("starred_at", "")),
+                ("stargazers_count", example_payload["repository"]["stargazers_count"]),
+                ("repository_name", example_payload["repository"]["full_name"]),
+                ("repository_url", example_payload["repository"]["html_url"]),
+            ],
+        )
+
+    async def run(self, input_data: Input, **kwargs) -> BlockOutput:  # type: ignore
+        async for name, value in super().run(input_data, **kwargs):
+            yield name, value
+        yield "event", input_data.payload["action"]
+        yield "starred_at", input_data.payload.get("starred_at", "")
+        yield "stargazers_count", input_data.payload["repository"]["stargazers_count"]
+        yield "repository_name", input_data.payload["repository"]["full_name"]
+        yield "repository_url", input_data.payload["repository"]["html_url"]
+
+
+class GithubReleaseTriggerBlock(GitHubTriggerBase, Block):
+    """Trigger block for GitHub release events - ideal for announcing new versions."""
+
+    EXAMPLE_PAYLOAD_FILE = (
+        Path(__file__).parent / "example_payloads" / "release.published.json"
+    )
+
+    class Input(GitHubTriggerBase.Input):
+        class EventsFilter(BaseModel):
+            """
+            https://docs.github.com/en/webhooks/webhook-events-and-payloads#release
+            """
+
+            published: bool = False
+            unpublished: bool = False
+            created: bool = False
+            edited: bool = False
+            deleted: bool = False
+            prereleased: bool = False
+            released: bool = False
+
+        events: EventsFilter = SchemaField(
+            title="Events", description="The release events to subscribe to"
+        )
+
+    class Output(GitHubTriggerBase.Output):
+        event: str = SchemaField(
+            description="The release event that triggered the webhook (e.g., 'published')"
+        )
+        release: dict = SchemaField(description="The full release object")
+        release_url: str = SchemaField(description="URL to the release page")
+        tag_name: str = SchemaField(description="The release tag name (e.g., 'v1.0.0')")
+        release_name: str = SchemaField(description="Human-readable release name")
+        body: str = SchemaField(description="Release notes/description")
+        prerelease: bool = SchemaField(description="Whether this is a prerelease")
+        draft: bool = SchemaField(description="Whether this is a draft release")
+        assets: list = SchemaField(description="List of release assets/files")
+
+    def __init__(self):
+        from backend.integrations.webhooks.github import GithubWebhookType
+
+        example_payload = json.loads(
+            self.EXAMPLE_PAYLOAD_FILE.read_text(encoding="utf-8")
+        )
+
+        super().__init__(
+            id="2052dd1b-74e1-46ac-9c87-c7a0e057b60b",
+            description="This block triggers on GitHub release events. "
+            "Perfect for automating announcements to Discord, Twitter, or other platforms.",
+            categories={BlockCategory.DEVELOPER_TOOLS, BlockCategory.INPUT},
+            input_schema=GithubReleaseTriggerBlock.Input,
+            output_schema=GithubReleaseTriggerBlock.Output,
+            webhook_config=BlockWebhookConfig(
+                provider=ProviderName.GITHUB,
+                webhook_type=GithubWebhookType.REPO,
+                resource_format="{repo}",
+                event_filter_input="events",
+                event_format="release.{event}",
+            ),
+            test_input={
+                "repo": "Significant-Gravitas/AutoGPT",
+                "events": {"published": True},
+                "credentials": TEST_CREDENTIALS_INPUT,
+                "payload": example_payload,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("payload", example_payload),
+                ("triggered_by_user", example_payload["sender"]),
+                ("event", example_payload["action"]),
+                ("release", example_payload["release"]),
+                ("release_url", example_payload["release"]["html_url"]),
+                ("tag_name", example_payload["release"]["tag_name"]),
+                ("release_name", example_payload["release"]["name"]),
+                ("body", example_payload["release"]["body"]),
+                ("prerelease", example_payload["release"]["prerelease"]),
+                ("draft", example_payload["release"]["draft"]),
+                ("assets", example_payload["release"]["assets"]),
+            ],
+        )
+
+    async def run(self, input_data: Input, **kwargs) -> BlockOutput:  # type: ignore
+        async for name, value in super().run(input_data, **kwargs):
+            yield name, value
+        release = input_data.payload["release"]
+        yield "event", input_data.payload["action"]
+        yield "release", release
+        yield "release_url", release["html_url"]
+        yield "tag_name", release["tag_name"]
+        yield "release_name", release.get("name", "")
+        yield "body", release.get("body", "")
+        yield "prerelease", release["prerelease"]
+        yield "draft", release["draft"]
+        yield "assets", release["assets"]
+
+
+class GithubIssuesTriggerBlock(GitHubTriggerBase, Block):
+    """Trigger block for GitHub issues events - great for triage and notifications."""
+
+    EXAMPLE_PAYLOAD_FILE = (
+        Path(__file__).parent / "example_payloads" / "issues.opened.json"
+    )
+
+    class Input(GitHubTriggerBase.Input):
+        class EventsFilter(BaseModel):
+            """
+            https://docs.github.com/en/webhooks/webhook-events-and-payloads#issues
+            """
+
+            opened: bool = False
+            edited: bool = False
+            deleted: bool = False
+            closed: bool = False
+            reopened: bool = False
+            assigned: bool = False
+            unassigned: bool = False
+            labeled: bool = False
+            unlabeled: bool = False
+            locked: bool = False
+            unlocked: bool = False
+            transferred: bool = False
+            milestoned: bool = False
+            demilestoned: bool = False
+            pinned: bool = False
+            unpinned: bool = False
+
+        events: EventsFilter = SchemaField(
+            title="Events", description="The issue events to subscribe to"
+        )
+
+    class Output(GitHubTriggerBase.Output):
+        event: str = SchemaField(
+            description="The issue event that triggered the webhook (e.g., 'opened')"
+        )
+        number: int = SchemaField(description="The issue number")
+        issue: dict = SchemaField(description="The full issue object")
+        issue_url: str = SchemaField(description="URL to the issue")
+        issue_title: str = SchemaField(description="The issue title")
+        issue_body: str = SchemaField(description="The issue body/description")
+        labels: list = SchemaField(description="List of labels on the issue")
+        assignees: list = SchemaField(description="List of assignees")
+        state: str = SchemaField(description="Issue state ('open' or 'closed')")
+
+    def __init__(self):
+        from backend.integrations.webhooks.github import GithubWebhookType
+
+        example_payload = json.loads(
+            self.EXAMPLE_PAYLOAD_FILE.read_text(encoding="utf-8")
+        )
+
+        super().__init__(
+            id="b2605464-e486-4bf4-aad3-d8a213c8a48a",
+            description="This block triggers on GitHub issues events. "
+            "Useful for automated triage, notifications, and welcoming first-time contributors.",
+            categories={BlockCategory.DEVELOPER_TOOLS, BlockCategory.INPUT},
+            input_schema=GithubIssuesTriggerBlock.Input,
+            output_schema=GithubIssuesTriggerBlock.Output,
+            webhook_config=BlockWebhookConfig(
+                provider=ProviderName.GITHUB,
+                webhook_type=GithubWebhookType.REPO,
+                resource_format="{repo}",
+                event_filter_input="events",
+                event_format="issues.{event}",
+            ),
+            test_input={
+                "repo": "Significant-Gravitas/AutoGPT",
+                "events": {"opened": True},
+                "credentials": TEST_CREDENTIALS_INPUT,
+                "payload": example_payload,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("payload", example_payload),
+                ("triggered_by_user", example_payload["sender"]),
+                ("event", example_payload["action"]),
+                ("number", example_payload["issue"]["number"]),
+                ("issue", example_payload["issue"]),
+                ("issue_url", example_payload["issue"]["html_url"]),
+                ("issue_title", example_payload["issue"]["title"]),
+                ("issue_body", example_payload["issue"]["body"]),
+                ("labels", example_payload["issue"]["labels"]),
+                ("assignees", example_payload["issue"]["assignees"]),
+                ("state", example_payload["issue"]["state"]),
+            ],
+        )
+
+    async def run(self, input_data: Input, **kwargs) -> BlockOutput:  # type: ignore
+        async for name, value in super().run(input_data, **kwargs):
+            yield name, value
+        issue = input_data.payload["issue"]
+        yield "event", input_data.payload["action"]
+        yield "number", issue["number"]
+        yield "issue", issue
+        yield "issue_url", issue["html_url"]
+        yield "issue_title", issue["title"]
+        yield "issue_body", issue.get("body") or ""
+        yield "labels", issue["labels"]
+        yield "assignees", issue["assignees"]
+        yield "state", issue["state"]
+
+
+class GithubDiscussionTriggerBlock(GitHubTriggerBase, Block):
+    """Trigger block for GitHub discussion events - perfect for community Q&A sync."""
+
+    EXAMPLE_PAYLOAD_FILE = (
+        Path(__file__).parent / "example_payloads" / "discussion.created.json"
+    )
+
+    class Input(GitHubTriggerBase.Input):
+        class EventsFilter(BaseModel):
+            """
+            https://docs.github.com/en/webhooks/webhook-events-and-payloads#discussion
+            """
+
+            created: bool = False
+            edited: bool = False
+            deleted: bool = False
+            answered: bool = False
+            unanswered: bool = False
+            labeled: bool = False
+            unlabeled: bool = False
+            locked: bool = False
+            unlocked: bool = False
+            category_changed: bool = False
+            transferred: bool = False
+            pinned: bool = False
+            unpinned: bool = False
+
+        events: EventsFilter = SchemaField(
+            title="Events", description="The discussion events to subscribe to"
+        )
+
+    class Output(GitHubTriggerBase.Output):
+        event: str = SchemaField(
+            description="The discussion event that triggered the webhook"
+        )
+        number: int = SchemaField(description="The discussion number")
+        discussion: dict = SchemaField(description="The full discussion object")
+        discussion_url: str = SchemaField(description="URL to the discussion")
+        title: str = SchemaField(description="The discussion title")
+        body: str = SchemaField(description="The discussion body")
+        category: dict = SchemaField(description="The discussion category object")
+        category_name: str = SchemaField(description="Name of the category")
+        state: str = SchemaField(description="Discussion state")
+
+    def __init__(self):
+        from backend.integrations.webhooks.github import GithubWebhookType
+
+        example_payload = json.loads(
+            self.EXAMPLE_PAYLOAD_FILE.read_text(encoding="utf-8")
+        )
+
+        super().__init__(
+            id="87f847b3-d81a-424e-8e89-acadb5c9d52b",
+            description="This block triggers on GitHub Discussions events. "
+            "Great for syncing Q&A to Discord or auto-responding to common questions. "
+            "Note: Discussions must be enabled on the repository.",
+            categories={BlockCategory.DEVELOPER_TOOLS, BlockCategory.INPUT},
+            input_schema=GithubDiscussionTriggerBlock.Input,
+            output_schema=GithubDiscussionTriggerBlock.Output,
+            webhook_config=BlockWebhookConfig(
+                provider=ProviderName.GITHUB,
+                webhook_type=GithubWebhookType.REPO,
+                resource_format="{repo}",
+                event_filter_input="events",
+                event_format="discussion.{event}",
+            ),
+            test_input={
+                "repo": "Significant-Gravitas/AutoGPT",
+                "events": {"created": True},
+                "credentials": TEST_CREDENTIALS_INPUT,
+                "payload": example_payload,
+            },
+            test_credentials=TEST_CREDENTIALS,
+            test_output=[
+                ("payload", example_payload),
+                ("triggered_by_user", example_payload["sender"]),
+                ("event", example_payload["action"]),
+                ("number", example_payload["discussion"]["number"]),
+                ("discussion", example_payload["discussion"]),
+                ("discussion_url", example_payload["discussion"]["html_url"]),
+                ("title", example_payload["discussion"]["title"]),
+                ("body", example_payload["discussion"]["body"]),
+                ("category", example_payload["discussion"]["category"]),
+                ("category_name", example_payload["discussion"]["category"]["name"]),
+                ("state", example_payload["discussion"]["state"]),
+            ],
+        )
+
+    async def run(self, input_data: Input, **kwargs) -> BlockOutput:  # type: ignore
+        async for name, value in super().run(input_data, **kwargs):
+            yield name, value
+        discussion = input_data.payload["discussion"]
+        yield "event", input_data.payload["action"]
+        yield "number", discussion["number"]
+        yield "discussion", discussion
+        yield "discussion_url", discussion["html_url"]
+        yield "title", discussion["title"]
+        yield "body", discussion.get("body") or ""
+        yield "category", discussion["category"]
+        yield "category_name", discussion["category"]["name"]
+        yield "state", discussion["state"]

autogpt_platform/backend/backend/blocks/human_in_the_loop.py

@@ -1,5 +1,5 @@
 import logging
-from typing import Any, Literal
+from typing import Any
 
 from prisma.enums import ReviewStatus
 
@@ -45,11 +45,11 @@ class HumanInTheLoopBlock(Block):
         )
 
     class Output(BlockSchemaOutput):
-        reviewed_data: Any = SchemaField(
-            description="The data after human review (may be modified)"
+        approved_data: Any = SchemaField(
+            description="The data when approved (may be modified by reviewer)"
         )
-        status: Literal["approved", "rejected"] = SchemaField(
-            description="Status of the review: 'approved' or 'rejected'"
+        rejected_data: Any = SchemaField(
+            description="The data when rejected (may be modified by reviewer)"
         )
         review_message: str = SchemaField(
             description="Any message provided by the reviewer", default=""
@@ -69,8 +69,7 @@ class HumanInTheLoopBlock(Block):
                 "editable": True,
             },
             test_output=[
-                ("status", "approved"),
-                ("reviewed_data", {"name": "John Doe", "age": 30}),
+                ("approved_data", {"name": "John Doe", "age": 30}),
             ],
             test_mock={
                 "get_or_create_human_review": lambda *_args, **_kwargs: ReviewResult(
@@ -116,8 +115,7 @@ class HumanInTheLoopBlock(Block):
             logger.info(
                 f"HITL block skipping review for node {node_exec_id} - safe mode disabled"
             )
-            yield "status", "approved"
-            yield "reviewed_data", input_data.data
+            yield "approved_data", input_data.data
             yield "review_message", "Auto-approved (safe mode disabled)"
             return
 
@@ -158,12 +156,11 @@ class HumanInTheLoopBlock(Block):
             )
 
             if result.status == ReviewStatus.APPROVED:
-                yield "status", "approved"
-                yield "reviewed_data", result.data
+                yield "approved_data", result.data
                 if result.message:
                     yield "review_message", result.message
 
             elif result.status == ReviewStatus.REJECTED:
-                yield "status", "rejected"
+                yield "rejected_data", result.data
                 if result.message:
                     yield "review_message", result.message

autogpt_platform/backend/backend/blocks/ideogram.py

@@ -2,7 +2,6 @@ from enum import Enum
 from typing import Any, Dict, Literal, Optional
 
 from pydantic import SecretStr
-from requests.exceptions import RequestException
 
 from backend.data.block import (
     Block,
@@ -332,8 +331,8 @@ class IdeogramModelBlock(Block):
         try:
             response = await Requests().post(url, headers=headers, json=data)
             return response.json()["data"][0]["url"]
-        except RequestException as e:
-            raise Exception(f"Failed to fetch image with V3 endpoint: {str(e)}")
+        except Exception as e:
+            raise ValueError(f"Failed to fetch image with V3 endpoint: {e}") from e
 
     async def _run_model_legacy(
         self,
@@ -385,8 +384,8 @@ class IdeogramModelBlock(Block):
         try:
             response = await Requests().post(url, headers=headers, json=data)
             return response.json()["data"][0]["url"]
-        except RequestException as e:
-            raise Exception(f"Failed to fetch image with legacy endpoint: {str(e)}")
+        except Exception as e:
+            raise ValueError(f"Failed to fetch image with legacy endpoint: {e}") from e
 
     async def upscale_image(self, api_key: SecretStr, image_url: str):
         url = "https://api.ideogram.ai/upscale"
@@ -413,5 +412,5 @@ class IdeogramModelBlock(Block):
 
             return (response.json())["data"][0]["url"]
 
-        except RequestException as e:
-            raise Exception(f"Failed to upscale image: {str(e)}")
+        except Exception as e:
+            raise ValueError(f"Failed to upscale image: {e}") from e

autogpt_platform/backend/backend/blocks/jina/search.py

@@ -16,6 +16,7 @@ from backend.data.block import (
     BlockSchemaOutput,
 )
 from backend.data.model import SchemaField
+from backend.util.exceptions import BlockExecutionError
 
 
 class SearchTheWebBlock(Block, GetRequest):
@@ -56,7 +57,17 @@ class SearchTheWebBlock(Block, GetRequest):
 
         # Prepend the Jina Search URL to the encoded query
         jina_search_url = f"https://s.jina.ai/{encoded_query}"
-        results = await self.get_request(jina_search_url, headers=headers, json=False)
+
+        try:
+            results = await self.get_request(
+                jina_search_url, headers=headers, json=False
+            )
+        except Exception as e:
+            raise BlockExecutionError(
+                message=f"Search failed: {e}",
+                block_name=self.name,
+                block_id=self.id,
+            ) from e
 
         # Output the search results
         yield "results", results

autogpt_platform/backend/backend/blocks/reddit.py

@@ -1,3 +1,4 @@
+import logging
 from datetime import datetime, timezone
 from typing import Iterator, Literal
 
@@ -64,6 +65,7 @@ class RedditComment(BaseModel):
 
 
 settings = Settings()
+logger = logging.getLogger(__name__)
 
 
 def get_praw(creds: RedditCredentials) -> praw.Reddit:
@@ -77,7 +79,7 @@ def get_praw(creds: RedditCredentials) -> praw.Reddit:
     me = client.user.me()
     if not me:
         raise ValueError("Invalid Reddit credentials.")
-    print(f"Logged in as Reddit user: {me.name}")
+    logger.info(f"Logged in as Reddit user: {me.name}")
     return client
 
 

autogpt_platform/backend/backend/blocks/replicate/replicate_block.py

@@ -18,6 +18,7 @@ from backend.data.block import (
     BlockSchemaOutput,
 )
 from backend.data.model import APIKeyCredentials, CredentialsField, SchemaField
+from backend.util.exceptions import BlockExecutionError, BlockInputError
 
 logger = logging.getLogger(__name__)
 
@@ -111,9 +112,27 @@ class ReplicateModelBlock(Block):
             yield "status", "succeeded"
             yield "model_name", input_data.model_name
         except Exception as e:
-            error_msg = f"Unexpected error running Replicate model: {str(e)}"
-            logger.error(error_msg)
-            raise RuntimeError(error_msg)
+            error_msg = str(e)
+            logger.error(f"Error running Replicate model: {error_msg}")
+
+            # Input validation errors (422, 400) → BlockInputError
+            if (
+                "422" in error_msg
+                or "Input validation failed" in error_msg
+                or "400" in error_msg
+            ):
+                raise BlockInputError(
+                    message=f"Invalid model inputs: {error_msg}",
+                    block_name=self.name,
+                    block_id=self.id,
+                ) from e
+            # Everything else → BlockExecutionError
+            else:
+                raise BlockExecutionError(
+                    message=f"Replicate model error: {error_msg}",
+                    block_name=self.name,
+                    block_id=self.id,
+                ) from e
 
     async def run_model(self, model_ref: str, model_inputs: dict, api_key: SecretStr):
         """

autogpt_platform/backend/backend/blocks/search.py

@@ -45,10 +45,16 @@ class GetWikipediaSummaryBlock(Block, GetRequest):
     async def run(self, input_data: Input, **kwargs) -> BlockOutput:
         topic = input_data.topic
         url = f"https://en.wikipedia.org/api/rest_v1/page/summary/{topic}"
-        response = await self.get_request(url, json=True)
-        if "extract" not in response:
-            raise RuntimeError(f"Unable to parse Wikipedia response: {response}")
-        yield "summary", response["extract"]
+
+        # Note: User-Agent is now automatically set by the request library
+        # to comply with Wikimedia's robot policy (https://w.wiki/4wJS)
+        try:
+            response = await self.get_request(url, json=True)
+            if "extract" not in response:
+                raise ValueError(f"Unable to parse Wikipedia response: {response}")
+            yield "summary", response["extract"]
+        except Exception as e:
+            raise ValueError(f"Failed to fetch Wikipedia summary: {e}") from e
 
 
 TEST_CREDENTIALS = APIKeyCredentials(

autogpt_platform/backend/backend/blocks/smart_decision_maker.py

@@ -1,8 +1,11 @@
 import logging
 import re
 from collections import Counter
+from concurrent.futures import Future
 from typing import TYPE_CHECKING, Any
 
+from pydantic import BaseModel
+
 import backend.blocks.llm as llm
 from backend.blocks.agent import AgentExecutorBlock
 from backend.data.block import (
@@ -20,16 +23,41 @@ from backend.data.dynamic_fields import (
     is_dynamic_field,
     is_tool_pin,
 )
+from backend.data.execution import ExecutionContext
 from backend.data.model import NodeExecutionStats, SchemaField
 from backend.util import json
 from backend.util.clients import get_database_manager_async_client
+from backend.util.prompt import MAIN_OBJECTIVE_PREFIX
 
 if TYPE_CHECKING:
     from backend.data.graph import Link, Node
+    from backend.executor.manager import ExecutionProcessor
 
 logger = logging.getLogger(__name__)
 
 
+class ToolInfo(BaseModel):
+    """Processed tool call information."""
+
+    tool_call: Any  # The original tool call object from LLM response
+    tool_name: str  # The function name
+    tool_def: dict[str, Any]  # The tool definition from tool_functions
+    input_data: dict[str, Any]  # Processed input data ready for tool execution
+    field_mapping: dict[str, str]  # Field name mapping for the tool
+
+
+class ExecutionParams(BaseModel):
+    """Tool execution parameters."""
+
+    user_id: str
+    graph_id: str
+    node_id: str
+    graph_version: int
+    graph_exec_id: str
+    node_exec_id: str
+    execution_context: "ExecutionContext"
+
+
 def _get_tool_requests(entry: dict[str, Any]) -> list[str]:
     """
     Return a list of tool_call_ids if the entry is a tool request.
@@ -105,6 +133,50 @@ def _create_tool_response(call_id: str, output: Any) -> dict[str, Any]:
     return {"role": "tool", "tool_call_id": call_id, "content": content}
 
 
+def _combine_tool_responses(tool_outputs: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    """
+    Combine multiple Anthropic tool responses into a single user message.
+    For non-Anthropic formats, returns the original list unchanged.
+    """
+    if len(tool_outputs) <= 1:
+        return tool_outputs
+
+    # Anthropic responses have role="user", type="message", and content is a list with tool_result items
+    anthropic_responses = [
+        output
+        for output in tool_outputs
+        if (
+            output.get("role") == "user"
+            and output.get("type") == "message"
+            and isinstance(output.get("content"), list)
+            and any(
+                item.get("type") == "tool_result"
+                for item in output.get("content", [])
+                if isinstance(item, dict)
+            )
+        )
+    ]
+
+    if len(anthropic_responses) > 1:
+        combined_content = [
+            item for response in anthropic_responses for item in response["content"]
+        ]
+
+        combined_response = {
+            "role": "user",
+            "type": "message",
+            "content": combined_content,
+        }
+
+        non_anthropic_responses = [
+            output for output in tool_outputs if output not in anthropic_responses
+        ]
+
+        return [combined_response] + non_anthropic_responses
+
+    return tool_outputs
+
+
 def _convert_raw_response_to_dict(raw_response: Any) -> dict[str, Any]:
     """
     Safely convert raw_response to dictionary format for conversation history.
@@ -204,6 +276,17 @@ class SmartDecisionMakerBlock(Block):
             default="localhost:11434",
             description="Ollama host for local  models",
         )
+        agent_mode_max_iterations: int = SchemaField(
+            title="Agent Mode Max Iterations",
+            description="Maximum iterations for agent mode. 0 = traditional mode (single LLM call, yield tool calls for external execution), -1 = infinite agent mode (loop until finished), 1+ = agent mode with max iterations limit.",
+            advanced=True,
+            default=0,
+        )
+        conversation_compaction: bool = SchemaField(
+            default=True,
+            title="Context window auto-compaction",
+            description="Automatically compact the context window once it hits the limit",
+        )
 
         @classmethod
         def get_missing_links(cls, data: BlockInput, links: list["Link"]) -> set[str]:
@@ -506,6 +589,7 @@ class SmartDecisionMakerBlock(Block):
         Returns the response if successful, raises ValueError if validation fails.
         """
         resp = await llm.llm_call(
+            compress_prompt_to_fit=input_data.conversation_compaction,
             credentials=credentials,
             llm_model=input_data.model,
             prompt=current_prompt,
@@ -593,6 +677,291 @@ class SmartDecisionMakerBlock(Block):
 
         return resp
 
+    def _process_tool_calls(
+        self, response, tool_functions: list[dict[str, Any]]
+    ) -> list[ToolInfo]:
+        """Process tool calls and extract tool definitions, arguments, and input data.
+
+        Returns a list of tool info dicts with:
+        - tool_call: The original tool call object
+        - tool_name: The function name
+        - tool_def: The tool definition from tool_functions
+        - input_data: Processed input data dict (includes None values)
+        - field_mapping: Field name mapping for the tool
+        """
+        if not response.tool_calls:
+            return []
+
+        processed_tools = []
+        for tool_call in response.tool_calls:
+            tool_name = tool_call.function.name
+            tool_args = json.loads(tool_call.function.arguments)
+
+            tool_def = next(
+                (
+                    tool
+                    for tool in tool_functions
+                    if tool["function"]["name"] == tool_name
+                ),
+                None,
+            )
+            if not tool_def:
+                if len(tool_functions) == 1:
+                    tool_def = tool_functions[0]
+                else:
+                    continue
+
+            # Build input data for the tool
+            input_data = {}
+            field_mapping = tool_def["function"].get("_field_mapping", {})
+            if "function" in tool_def and "parameters" in tool_def["function"]:
+                expected_args = tool_def["function"]["parameters"].get("properties", {})
+                for clean_arg_name in expected_args:
+                    original_field_name = field_mapping.get(
+                        clean_arg_name, clean_arg_name
+                    )
+                    arg_value = tool_args.get(clean_arg_name)
+                    # Include all expected parameters, even if None (for backward compatibility with tests)
+                    input_data[original_field_name] = arg_value
+
+            processed_tools.append(
+                ToolInfo(
+                    tool_call=tool_call,
+                    tool_name=tool_name,
+                    tool_def=tool_def,
+                    input_data=input_data,
+                    field_mapping=field_mapping,
+                )
+            )
+
+        return processed_tools
+
+    def _update_conversation(
+        self, prompt: list[dict], response, tool_outputs: list | None = None
+    ):
+        """Update conversation history with response and tool outputs."""
+        # Don't add separate reasoning message with tool calls (breaks Anthropic's tool_use->tool_result pairing)
+        assistant_message = _convert_raw_response_to_dict(response.raw_response)
+        has_tool_calls = isinstance(assistant_message.get("content"), list) and any(
+            item.get("type") == "tool_use"
+            for item in assistant_message.get("content", [])
+        )
+
+        if response.reasoning and not has_tool_calls:
+            prompt.append(
+                {"role": "assistant", "content": f"[Reasoning]: {response.reasoning}"}
+            )
+
+        prompt.append(assistant_message)
+
+        if tool_outputs:
+            prompt.extend(tool_outputs)
+
+    async def _execute_single_tool_with_manager(
+        self,
+        tool_info: ToolInfo,
+        execution_params: ExecutionParams,
+        execution_processor: "ExecutionProcessor",
+    ) -> dict:
+        """Execute a single tool using the execution manager for proper integration."""
+        # Lazy imports to avoid circular dependencies
+        from backend.data.execution import NodeExecutionEntry
+
+        tool_call = tool_info.tool_call
+        tool_def = tool_info.tool_def
+        raw_input_data = tool_info.input_data
+
+        # Get sink node and field mapping
+        sink_node_id = tool_def["function"]["_sink_node_id"]
+
+        # Use proper database operations for tool execution
+        db_client = get_database_manager_async_client()
+
+        # Get target node
+        target_node = await db_client.get_node(sink_node_id)
+        if not target_node:
+            raise ValueError(f"Target node {sink_node_id} not found")
+
+        # Create proper node execution using upsert_execution_input
+        node_exec_result = None
+        final_input_data = None
+
+        # Add all inputs to the execution
+        if not raw_input_data:
+            raise ValueError(f"Tool call has no input data: {tool_call}")
+
+        for input_name, input_value in raw_input_data.items():
+            node_exec_result, final_input_data = await db_client.upsert_execution_input(
+                node_id=sink_node_id,
+                graph_exec_id=execution_params.graph_exec_id,
+                input_name=input_name,
+                input_data=input_value,
+            )
+
+        assert node_exec_result is not None, "node_exec_result should not be None"
+
+        # Create NodeExecutionEntry for execution manager
+        node_exec_entry = NodeExecutionEntry(
+            user_id=execution_params.user_id,
+            graph_exec_id=execution_params.graph_exec_id,
+            graph_id=execution_params.graph_id,
+            graph_version=execution_params.graph_version,
+            node_exec_id=node_exec_result.node_exec_id,
+            node_id=sink_node_id,
+            block_id=target_node.block_id,
+            inputs=final_input_data or {},
+            execution_context=execution_params.execution_context,
+        )
+
+        # Use the execution manager to execute the tool node
+        try:
+            # Get NodeExecutionProgress from the execution manager's running nodes
+            node_exec_progress = execution_processor.running_node_execution[
+                sink_node_id
+            ]
+
+            # Use the execution manager's own graph stats
+            graph_stats_pair = (
+                execution_processor.execution_stats,
+                execution_processor.execution_stats_lock,
+            )
+
+            # Create a completed future for the task tracking system
+            node_exec_future = Future()
+            node_exec_progress.add_task(
+                node_exec_id=node_exec_result.node_exec_id,
+                task=node_exec_future,
+            )
+
+            # Execute the node directly since we're in the SmartDecisionMaker context
+            node_exec_future.set_result(
+                await execution_processor.on_node_execution(
+                    node_exec=node_exec_entry,
+                    node_exec_progress=node_exec_progress,
+                    nodes_input_masks=None,
+                    graph_stats_pair=graph_stats_pair,
+                )
+            )
+
+            # Get outputs from database after execution completes using database manager client
+            node_outputs = await db_client.get_execution_outputs_by_node_exec_id(
+                node_exec_result.node_exec_id
+            )
+
+            # Create tool response
+            tool_response_content = (
+                json.dumps(node_outputs)
+                if node_outputs
+                else "Tool executed successfully"
+            )
+            return _create_tool_response(tool_call.id, tool_response_content)
+
+        except Exception as e:
+            logger.error(f"Tool execution with manager failed: {e}")
+            # Return error response
+            return _create_tool_response(
+                tool_call.id, f"Tool execution failed: {str(e)}"
+            )
+
+    async def _execute_tools_agent_mode(
+        self,
+        input_data,
+        credentials,
+        tool_functions: list[dict[str, Any]],
+        prompt: list[dict],
+        graph_exec_id: str,
+        node_id: str,
+        node_exec_id: str,
+        user_id: str,
+        graph_id: str,
+        graph_version: int,
+        execution_context: ExecutionContext,
+        execution_processor: "ExecutionProcessor",
+    ):
+        """Execute tools in agent mode with a loop until finished."""
+        max_iterations = input_data.agent_mode_max_iterations
+        iteration = 0
+
+        # Execution parameters for tool execution
+        execution_params = ExecutionParams(
+            user_id=user_id,
+            graph_id=graph_id,
+            node_id=node_id,
+            graph_version=graph_version,
+            graph_exec_id=graph_exec_id,
+            node_exec_id=node_exec_id,
+            execution_context=execution_context,
+        )
+
+        current_prompt = list(prompt)
+
+        while max_iterations < 0 or iteration < max_iterations:
+            iteration += 1
+            logger.debug(f"Agent mode iteration {iteration}")
+
+            # Prepare prompt for this iteration
+            iteration_prompt = list(current_prompt)
+
+            # On the last iteration, add a special system message to encourage completion
+            if max_iterations > 0 and iteration == max_iterations:
+                last_iteration_message = {
+                    "role": "system",
+                    "content": f"{MAIN_OBJECTIVE_PREFIX}This is your last iteration ({iteration}/{max_iterations}). "
+                    "Try to complete the task with the information you have. If you cannot fully complete it, "
+                    "provide a summary of what you've accomplished and what remains to be done. "
+                    "Prefer finishing with a clear response rather than making additional tool calls.",
+                }
+                iteration_prompt.append(last_iteration_message)
+
+            # Get LLM response
+            try:
+                response = await self._attempt_llm_call_with_validation(
+                    credentials, input_data, iteration_prompt, tool_functions
+                )
+            except Exception as e:
+                yield "error", f"LLM call failed in agent mode iteration {iteration}: {str(e)}"
+                return
+
+            # Process tool calls
+            processed_tools = self._process_tool_calls(response, tool_functions)
+
+            # If no tool calls, we're done
+            if not processed_tools:
+                yield "finished", response.response
+                self._update_conversation(current_prompt, response)
+                yield "conversations", current_prompt
+                return
+
+            # Execute tools and collect responses
+            tool_outputs = []
+            for tool_info in processed_tools:
+                try:
+                    tool_response = await self._execute_single_tool_with_manager(
+                        tool_info, execution_params, execution_processor
+                    )
+                    tool_outputs.append(tool_response)
+                except Exception as e:
+                    logger.error(f"Tool execution failed: {e}")
+                    # Create error response for the tool
+                    error_response = _create_tool_response(
+                        tool_info.tool_call.id, f"Error: {str(e)}"
+                    )
+                    tool_outputs.append(error_response)
+
+            tool_outputs = _combine_tool_responses(tool_outputs)
+
+            self._update_conversation(current_prompt, response, tool_outputs)
+
+            # Yield intermediate conversation state
+            yield "conversations", current_prompt
+
+        # If we reach max iterations, yield the current state
+        if max_iterations < 0:
+            yield "finished", f"Agent mode completed after {iteration} iterations"
+        else:
+            yield "finished", f"Agent mode completed after {max_iterations} iterations (limit reached)"
+        yield "conversations", current_prompt
+
     async def run(
         self,
         input_data: Input,
@@ -603,8 +972,12 @@ class SmartDecisionMakerBlock(Block):
         graph_exec_id: str,
         node_exec_id: str,
         user_id: str,
+        graph_version: int,
+        execution_context: ExecutionContext,
+        execution_processor: "ExecutionProcessor",
         **kwargs,
     ) -> BlockOutput:
+
         tool_functions = await self._create_tool_node_signatures(node_id)
         yield "tool_functions", json.dumps(tool_functions)
 
@@ -648,24 +1021,52 @@ class SmartDecisionMakerBlock(Block):
             input_data.prompt = llm.fmt.format_string(input_data.prompt, values)
             input_data.sys_prompt = llm.fmt.format_string(input_data.sys_prompt, values)
 
-        prefix = "[Main Objective Prompt]: "
-
         if input_data.sys_prompt and not any(
-            p["role"] == "system" and p["content"].startswith(prefix) for p in prompt
+            p["role"] == "system" and p["content"].startswith(MAIN_OBJECTIVE_PREFIX)
+            for p in prompt
         ):
-            prompt.append({"role": "system", "content": prefix + input_data.sys_prompt})
+            prompt.append(
+                {
+                    "role": "system",
+                    "content": MAIN_OBJECTIVE_PREFIX + input_data.sys_prompt,
+                }
+            )
 
         if input_data.prompt and not any(
-            p["role"] == "user" and p["content"].startswith(prefix) for p in prompt
+            p["role"] == "user" and p["content"].startswith(MAIN_OBJECTIVE_PREFIX)
+            for p in prompt
         ):
-            prompt.append({"role": "user", "content": prefix + input_data.prompt})
+            prompt.append(
+                {"role": "user", "content": MAIN_OBJECTIVE_PREFIX + input_data.prompt}
+            )
 
+        # Execute tools based on the selected mode
+        if input_data.agent_mode_max_iterations != 0:
+            # In agent mode, execute tools directly in a loop until finished
+            async for result in self._execute_tools_agent_mode(
+                input_data=input_data,
+                credentials=credentials,
+                tool_functions=tool_functions,
+                prompt=prompt,
+                graph_exec_id=graph_exec_id,
+                node_id=node_id,
+                node_exec_id=node_exec_id,
+                user_id=user_id,
+                graph_id=graph_id,
+                graph_version=graph_version,
+                execution_context=execution_context,
+                execution_processor=execution_processor,
+            ):
+                yield result
+            return
+
+        # One-off mode: single LLM call and yield tool calls for external execution
         current_prompt = list(prompt)
         max_attempts = max(1, int(input_data.retry))
         response = None
 
         last_error = None
-        for attempt in range(max_attempts):
+        for _ in range(max_attempts):
             try:
                 response = await self._attempt_llm_call_with_validation(
                     credentials, input_data, current_prompt, tool_functions

autogpt_platform/backend/backend/blocks/test/test_smart_decision_maker.py

@@ -1,7 +1,11 @@
 import logging
+import threading
+from collections import defaultdict
+from unittest.mock import AsyncMock, MagicMock, patch
 
 import pytest
 
+from backend.data.execution import ExecutionContext
 from backend.data.model import ProviderName, User
 from backend.server.model import CreateGraph
 from backend.server.rest_api import AgentServer
@@ -17,10 +21,10 @@ async def create_graph(s: SpinTestServer, g, u: User):
 
 
 async def create_credentials(s: SpinTestServer, u: User):
-    import backend.blocks.llm as llm
+    import backend.blocks.llm as llm_module
 
     provider = ProviderName.OPENAI
-    credentials = llm.TEST_CREDENTIALS
+    credentials = llm_module.TEST_CREDENTIALS
     return await s.agent_server.test_create_credentials(u.id, provider, credentials)
 
 
@@ -196,8 +200,6 @@ async def test_smart_decision_maker_function_signature(server: SpinTestServer):
 @pytest.mark.asyncio
 async def test_smart_decision_maker_tracks_llm_stats():
     """Test that SmartDecisionMakerBlock correctly tracks LLM usage stats."""
-    from unittest.mock import MagicMock, patch
-
     import backend.blocks.llm as llm_module
     from backend.blocks.smart_decision_maker import SmartDecisionMakerBlock
 
@@ -216,7 +218,6 @@ async def test_smart_decision_maker_tracks_llm_stats():
     }
 
     # Mock the _create_tool_node_signatures method to avoid database calls
-    from unittest.mock import AsyncMock
 
     with patch(
         "backend.blocks.llm.llm_call",
@@ -234,10 +235,19 @@ async def test_smart_decision_maker_tracks_llm_stats():
             prompt="Should I continue with this task?",
             model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
+            agent_mode_max_iterations=0,
         )
 
         # Execute the block
         outputs = {}
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
         async for output_name, output_data in block.run(
             input_data,
             credentials=llm_module.TEST_CREDENTIALS,
@@ -246,6 +256,9 @@ async def test_smart_decision_maker_tracks_llm_stats():
             graph_exec_id="test-exec-id",
             node_exec_id="test-node-exec-id",
             user_id="test-user-id",
+            graph_version=1,
+            execution_context=mock_execution_context,
+            execution_processor=mock_execution_processor,
         ):
             outputs[output_name] = output_data
 
@@ -263,8 +276,6 @@ async def test_smart_decision_maker_tracks_llm_stats():
 @pytest.mark.asyncio
 async def test_smart_decision_maker_parameter_validation():
     """Test that SmartDecisionMakerBlock correctly validates tool call parameters."""
-    from unittest.mock import MagicMock, patch
-
     import backend.blocks.llm as llm_module
     from backend.blocks.smart_decision_maker import SmartDecisionMakerBlock
 
@@ -311,8 +322,6 @@ async def test_smart_decision_maker_parameter_validation():
     mock_response_with_typo.reasoning = None
     mock_response_with_typo.raw_response = {"role": "assistant", "content": None}
 
-    from unittest.mock import AsyncMock
-
     with patch(
         "backend.blocks.llm.llm_call",
         new_callable=AsyncMock,
@@ -329,8 +338,17 @@ async def test_smart_decision_maker_parameter_validation():
             model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             retry=2,  # Set retry to 2 for testing
+            agent_mode_max_iterations=0,
         )
 
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
         # Should raise ValueError after retries due to typo'd parameter name
         with pytest.raises(ValueError) as exc_info:
             outputs = {}
@@ -342,6 +360,9 @@ async def test_smart_decision_maker_parameter_validation():
                 graph_exec_id="test-exec-id",
                 node_exec_id="test-node-exec-id",
                 user_id="test-user-id",
+                graph_version=1,
+                execution_context=mock_execution_context,
+                execution_processor=mock_execution_processor,
             ):
                 outputs[output_name] = output_data
 
@@ -368,8 +389,6 @@ async def test_smart_decision_maker_parameter_validation():
     mock_response_missing_required.reasoning = None
     mock_response_missing_required.raw_response = {"role": "assistant", "content": None}
 
-    from unittest.mock import AsyncMock
-
     with patch(
         "backend.blocks.llm.llm_call",
         new_callable=AsyncMock,
@@ -385,8 +404,17 @@ async def test_smart_decision_maker_parameter_validation():
             prompt="Search for keywords",
             model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
+            agent_mode_max_iterations=0,
         )
 
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
         # Should raise ValueError due to missing required parameter
         with pytest.raises(ValueError) as exc_info:
             outputs = {}
@@ -398,6 +426,9 @@ async def test_smart_decision_maker_parameter_validation():
                 graph_exec_id="test-exec-id",
                 node_exec_id="test-node-exec-id",
                 user_id="test-user-id",
+                graph_version=1,
+                execution_context=mock_execution_context,
+                execution_processor=mock_execution_processor,
             ):
                 outputs[output_name] = output_data
 
@@ -418,8 +449,6 @@ async def test_smart_decision_maker_parameter_validation():
     mock_response_valid.reasoning = None
     mock_response_valid.raw_response = {"role": "assistant", "content": None}
 
-    from unittest.mock import AsyncMock
-
     with patch(
         "backend.blocks.llm.llm_call",
         new_callable=AsyncMock,
@@ -435,10 +464,19 @@ async def test_smart_decision_maker_parameter_validation():
             prompt="Search for keywords",
             model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
+            agent_mode_max_iterations=0,
         )
 
         # Should succeed - optional parameter missing is OK
         outputs = {}
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
         async for output_name, output_data in block.run(
             input_data,
             credentials=llm_module.TEST_CREDENTIALS,
@@ -447,6 +485,9 @@ async def test_smart_decision_maker_parameter_validation():
             graph_exec_id="test-exec-id",
             node_exec_id="test-node-exec-id",
             user_id="test-user-id",
+            graph_version=1,
+            execution_context=mock_execution_context,
+            execution_processor=mock_execution_processor,
         ):
             outputs[output_name] = output_data
 
@@ -472,8 +513,6 @@ async def test_smart_decision_maker_parameter_validation():
     mock_response_all_params.reasoning = None
     mock_response_all_params.raw_response = {"role": "assistant", "content": None}
 
-    from unittest.mock import AsyncMock
-
     with patch(
         "backend.blocks.llm.llm_call",
         new_callable=AsyncMock,
@@ -489,10 +528,19 @@ async def test_smart_decision_maker_parameter_validation():
             prompt="Search for keywords",
             model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
+            agent_mode_max_iterations=0,
         )
 
         # Should succeed with all parameters
         outputs = {}
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
         async for output_name, output_data in block.run(
             input_data,
             credentials=llm_module.TEST_CREDENTIALS,
@@ -501,6 +549,9 @@ async def test_smart_decision_maker_parameter_validation():
             graph_exec_id="test-exec-id",
             node_exec_id="test-node-exec-id",
             user_id="test-user-id",
+            graph_version=1,
+            execution_context=mock_execution_context,
+            execution_processor=mock_execution_processor,
         ):
             outputs[output_name] = output_data
 
@@ -513,8 +564,6 @@ async def test_smart_decision_maker_parameter_validation():
 @pytest.mark.asyncio
 async def test_smart_decision_maker_raw_response_conversion():
     """Test that SmartDecisionMaker correctly handles different raw_response types with retry mechanism."""
-    from unittest.mock import MagicMock, patch
-
     import backend.blocks.llm as llm_module
     from backend.blocks.smart_decision_maker import SmartDecisionMakerBlock
 
@@ -584,7 +633,6 @@ async def test_smart_decision_maker_raw_response_conversion():
     )
 
     # Mock llm_call to return different responses on different calls
-    from unittest.mock import AsyncMock
 
     with patch(
         "backend.blocks.llm.llm_call", new_callable=AsyncMock
@@ -603,10 +651,19 @@ async def test_smart_decision_maker_raw_response_conversion():
             model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
             retry=2,
+            agent_mode_max_iterations=0,
         )
 
         # Should succeed after retry, demonstrating our helper function works
         outputs = {}
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
         async for output_name, output_data in block.run(
             input_data,
             credentials=llm_module.TEST_CREDENTIALS,
@@ -615,6 +672,9 @@ async def test_smart_decision_maker_raw_response_conversion():
             graph_exec_id="test-exec-id",
             node_exec_id="test-node-exec-id",
             user_id="test-user-id",
+            graph_version=1,
+            execution_context=mock_execution_context,
+            execution_processor=mock_execution_processor,
         ):
             outputs[output_name] = output_data
 
@@ -650,8 +710,6 @@ async def test_smart_decision_maker_raw_response_conversion():
         "I'll help you with that."  # Ollama returns string
     )
 
-    from unittest.mock import AsyncMock
-
     with patch(
         "backend.blocks.llm.llm_call",
         new_callable=AsyncMock,
@@ -666,9 +724,18 @@ async def test_smart_decision_maker_raw_response_conversion():
             prompt="Simple prompt",
             model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
+            agent_mode_max_iterations=0,
         )
 
         outputs = {}
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
         async for output_name, output_data in block.run(
             input_data,
             credentials=llm_module.TEST_CREDENTIALS,
@@ -677,6 +744,9 @@ async def test_smart_decision_maker_raw_response_conversion():
             graph_exec_id="test-exec-id",
             node_exec_id="test-node-exec-id",
             user_id="test-user-id",
+            graph_version=1,
+            execution_context=mock_execution_context,
+            execution_processor=mock_execution_processor,
         ):
             outputs[output_name] = output_data
 
@@ -696,8 +766,6 @@ async def test_smart_decision_maker_raw_response_conversion():
         "content": "Test response",
     }  # Dict format
 
-    from unittest.mock import AsyncMock
-
     with patch(
         "backend.blocks.llm.llm_call",
         new_callable=AsyncMock,
@@ -712,6 +780,160 @@ async def test_smart_decision_maker_raw_response_conversion():
             prompt="Another test",
             model=llm_module.LlmModel.GPT4O,
             credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
+            agent_mode_max_iterations=0,
+        )
+
+        outputs = {}
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
+        async for output_name, output_data in block.run(
+            input_data,
+            credentials=llm_module.TEST_CREDENTIALS,
+            graph_id="test-graph-id",
+            node_id="test-node-id",
+            graph_exec_id="test-exec-id",
+            node_exec_id="test-node-exec-id",
+            user_id="test-user-id",
+            graph_version=1,
+            execution_context=mock_execution_context,
+            execution_processor=mock_execution_processor,
+        ):
+            outputs[output_name] = output_data
+
+        assert "finished" in outputs
+        assert outputs["finished"] == "Test response"
+
+
+@pytest.mark.asyncio
+async def test_smart_decision_maker_agent_mode():
+    """Test that agent mode executes tools directly and loops until finished."""
+    import backend.blocks.llm as llm_module
+    from backend.blocks.smart_decision_maker import SmartDecisionMakerBlock
+
+    block = SmartDecisionMakerBlock()
+
+    # Mock tool call that requires multiple iterations
+    mock_tool_call_1 = MagicMock()
+    mock_tool_call_1.id = "call_1"
+    mock_tool_call_1.function.name = "search_keywords"
+    mock_tool_call_1.function.arguments = (
+        '{"query": "test", "max_keyword_difficulty": 50}'
+    )
+
+    mock_response_1 = MagicMock()
+    mock_response_1.response = None
+    mock_response_1.tool_calls = [mock_tool_call_1]
+    mock_response_1.prompt_tokens = 50
+    mock_response_1.completion_tokens = 25
+    mock_response_1.reasoning = "Using search tool"
+    mock_response_1.raw_response = {
+        "role": "assistant",
+        "content": None,
+        "tool_calls": [{"id": "call_1", "type": "function"}],
+    }
+
+    # Final response with no tool calls (finished)
+    mock_response_2 = MagicMock()
+    mock_response_2.response = "Task completed successfully"
+    mock_response_2.tool_calls = []
+    mock_response_2.prompt_tokens = 30
+    mock_response_2.completion_tokens = 15
+    mock_response_2.reasoning = None
+    mock_response_2.raw_response = {
+        "role": "assistant",
+        "content": "Task completed successfully",
+    }
+
+    # Mock the LLM call to return different responses on each iteration
+    llm_call_mock = AsyncMock()
+    llm_call_mock.side_effect = [mock_response_1, mock_response_2]
+
+    # Mock tool node signatures
+    mock_tool_signatures = [
+        {
+            "type": "function",
+            "function": {
+                "name": "search_keywords",
+                "_sink_node_id": "test-sink-node-id",
+                "_field_mapping": {},
+                "parameters": {
+                    "properties": {
+                        "query": {"type": "string"},
+                        "max_keyword_difficulty": {"type": "integer"},
+                    },
+                    "required": ["query", "max_keyword_difficulty"],
+                },
+            },
+        }
+    ]
+
+    # Mock database and execution components
+    mock_db_client = AsyncMock()
+    mock_node = MagicMock()
+    mock_node.block_id = "test-block-id"
+    mock_db_client.get_node.return_value = mock_node
+
+    # Mock upsert_execution_input to return proper NodeExecutionResult and input data
+    mock_node_exec_result = MagicMock()
+    mock_node_exec_result.node_exec_id = "test-tool-exec-id"
+    mock_input_data = {"query": "test", "max_keyword_difficulty": 50}
+    mock_db_client.upsert_execution_input.return_value = (
+        mock_node_exec_result,
+        mock_input_data,
+    )
+
+    # No longer need mock_execute_node since we use execution_processor.on_node_execution
+
+    with patch("backend.blocks.llm.llm_call", llm_call_mock), patch.object(
+        block, "_create_tool_node_signatures", return_value=mock_tool_signatures
+    ), patch(
+        "backend.blocks.smart_decision_maker.get_database_manager_async_client",
+        return_value=mock_db_client,
+    ), patch(
+        "backend.executor.manager.async_update_node_execution_status",
+        new_callable=AsyncMock,
+    ), patch(
+        "backend.integrations.creds_manager.IntegrationCredentialsManager"
+    ):
+
+        # Create a mock execution context
+
+        mock_execution_context = ExecutionContext(
+            safe_mode=False,
+        )
+
+        # Create a mock execution processor for agent mode tests
+
+        mock_execution_processor = AsyncMock()
+        # Configure the execution processor mock with required attributes
+        mock_execution_processor.running_node_execution = defaultdict(MagicMock)
+        mock_execution_processor.execution_stats = MagicMock()
+        mock_execution_processor.execution_stats_lock = threading.Lock()
+
+        # Mock the on_node_execution method to return successful stats
+        mock_node_stats = MagicMock()
+        mock_node_stats.error = None  # No error
+        mock_execution_processor.on_node_execution = AsyncMock(
+            return_value=mock_node_stats
+        )
+
+        # Mock the get_execution_outputs_by_node_exec_id method
+        mock_db_client.get_execution_outputs_by_node_exec_id.return_value = {
+            "result": {"status": "success", "data": "search completed"}
+        }
+
+        # Test agent mode with max_iterations = 3
+        input_data = SmartDecisionMakerBlock.Input(
+            prompt="Complete this task using tools",
+            model=llm_module.LlmModel.GPT4O,
+            credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
+            agent_mode_max_iterations=3,  # Enable agent mode with 3 max iterations
         )
 
         outputs = {}
@@ -723,8 +945,115 @@ async def test_smart_decision_maker_raw_response_conversion():
             graph_exec_id="test-exec-id",
             node_exec_id="test-node-exec-id",
             user_id="test-user-id",
+            graph_version=1,
+            execution_context=mock_execution_context,
+            execution_processor=mock_execution_processor,
         ):
             outputs[output_name] = output_data
 
+        # Verify agent mode behavior
+        assert "tool_functions" in outputs  # tool_functions is yielded in both modes
         assert "finished" in outputs
-        assert outputs["finished"] == "Test response"
+        assert outputs["finished"] == "Task completed successfully"
+        assert "conversations" in outputs
+
+        # Verify the conversation includes tool responses
+        conversations = outputs["conversations"]
+        assert len(conversations) > 2  # Should have multiple conversation entries
+
+        # Verify LLM was called twice (once for tool call, once for finish)
+        assert llm_call_mock.call_count == 2
+
+        # Verify tool was executed via execution processor
+        assert mock_execution_processor.on_node_execution.call_count == 1
+
+
+@pytest.mark.asyncio
+async def test_smart_decision_maker_traditional_mode_default():
+    """Test that default behavior (agent_mode_max_iterations=0) works as traditional mode."""
+    import backend.blocks.llm as llm_module
+    from backend.blocks.smart_decision_maker import SmartDecisionMakerBlock
+
+    block = SmartDecisionMakerBlock()
+
+    # Mock tool call
+    mock_tool_call = MagicMock()
+    mock_tool_call.function.name = "search_keywords"
+    mock_tool_call.function.arguments = (
+        '{"query": "test", "max_keyword_difficulty": 50}'
+    )
+
+    mock_response = MagicMock()
+    mock_response.response = None
+    mock_response.tool_calls = [mock_tool_call]
+    mock_response.prompt_tokens = 50
+    mock_response.completion_tokens = 25
+    mock_response.reasoning = None
+    mock_response.raw_response = {"role": "assistant", "content": None}
+
+    mock_tool_signatures = [
+        {
+            "type": "function",
+            "function": {
+                "name": "search_keywords",
+                "_sink_node_id": "test-sink-node-id",
+                "_field_mapping": {},
+                "parameters": {
+                    "properties": {
+                        "query": {"type": "string"},
+                        "max_keyword_difficulty": {"type": "integer"},
+                    },
+                    "required": ["query", "max_keyword_difficulty"],
+                },
+            },
+        }
+    ]
+
+    with patch(
+        "backend.blocks.llm.llm_call",
+        new_callable=AsyncMock,
+        return_value=mock_response,
+    ), patch.object(
+        block, "_create_tool_node_signatures", return_value=mock_tool_signatures
+    ):
+
+        # Test default behavior (traditional mode)
+        input_data = SmartDecisionMakerBlock.Input(
+            prompt="Test prompt",
+            model=llm_module.LlmModel.GPT4O,
+            credentials=llm_module.TEST_CREDENTIALS_INPUT,  # type: ignore
+            agent_mode_max_iterations=0,  # Traditional mode
+        )
+
+        # Create execution context
+
+        mock_execution_context = ExecutionContext(safe_mode=False)
+
+        # Create a mock execution processor for tests
+
+        mock_execution_processor = MagicMock()
+
+        outputs = {}
+        async for output_name, output_data in block.run(
+            input_data,
+            credentials=llm_module.TEST_CREDENTIALS,
+            graph_id="test-graph-id",
+            node_id="test-node-id",
+            graph_exec_id="test-exec-id",
+            node_exec_id="test-node-exec-id",
+            user_id="test-user-id",
+            graph_version=1,
+            execution_context=mock_execution_context,
+            execution_processor=mock_execution_processor,
+        ):
+            outputs[output_name] = output_data
+
+        # Verify traditional mode behavior
+        assert (
+            "tool_functions" in outputs
+        )  # Should yield tool_functions in traditional mode
+        assert (
+            "tools_^_test-sink-node-id_~_query" in outputs
+        )  # Should yield individual tool parameters
+        assert "tools_^_test-sink-node-id_~_max_keyword_difficulty" in outputs
+        assert "conversations" in outputs

autogpt_platform/backend/backend/blocks/test/test_smart_decision_maker_dynamic_fields.py

@@ -1,7 +1,7 @@
 """Comprehensive tests for SmartDecisionMakerBlock dynamic field handling."""
 
 import json
-from unittest.mock import AsyncMock, Mock, patch
+from unittest.mock import AsyncMock, MagicMock, Mock, patch
 
 import pytest
 
@@ -308,10 +308,47 @@ async def test_output_yielding_with_dynamic_fields():
     ) as mock_llm:
         mock_llm.return_value = mock_response
 
-        # Mock the function signature creation
-        with patch.object(
+        # Mock the database manager to avoid HTTP calls during tool execution
+        with patch(
+            "backend.blocks.smart_decision_maker.get_database_manager_async_client"
+        ) as mock_db_manager, patch.object(
             block, "_create_tool_node_signatures", new_callable=AsyncMock
         ) as mock_sig:
+            # Set up the mock database manager
+            mock_db_client = AsyncMock()
+            mock_db_manager.return_value = mock_db_client
+
+            # Mock the node retrieval
+            mock_target_node = Mock()
+            mock_target_node.id = "test-sink-node-id"
+            mock_target_node.block_id = "CreateDictionaryBlock"
+            mock_target_node.block = Mock()
+            mock_target_node.block.name = "Create Dictionary"
+            mock_db_client.get_node.return_value = mock_target_node
+
+            # Mock the execution result creation
+            mock_node_exec_result = Mock()
+            mock_node_exec_result.node_exec_id = "mock-node-exec-id"
+            mock_final_input_data = {
+                "values_#_name": "Alice",
+                "values_#_age": 30,
+                "values_#_email": "alice@example.com",
+            }
+            mock_db_client.upsert_execution_input.return_value = (
+                mock_node_exec_result,
+                mock_final_input_data,
+            )
+
+            # Mock the output retrieval
+            mock_outputs = {
+                "values_#_name": "Alice",
+                "values_#_age": 30,
+                "values_#_email": "alice@example.com",
+            }
+            mock_db_client.get_execution_outputs_by_node_exec_id.return_value = (
+                mock_outputs
+            )
+
             mock_sig.return_value = [
                 {
                     "type": "function",
@@ -337,10 +374,16 @@ async def test_output_yielding_with_dynamic_fields():
                 prompt="Create a user dictionary",
                 credentials=llm.TEST_CREDENTIALS_INPUT,
                 model=llm.LlmModel.GPT4O,
+                agent_mode_max_iterations=0,  # Use traditional mode to test output yielding
             )
 
             # Run the block
             outputs = {}
+            from backend.data.execution import ExecutionContext
+
+            mock_execution_context = ExecutionContext(safe_mode=False)
+            mock_execution_processor = MagicMock()
+
             async for output_name, output_value in block.run(
                 input_data,
                 credentials=llm.TEST_CREDENTIALS,
@@ -349,6 +392,9 @@ async def test_output_yielding_with_dynamic_fields():
                 graph_exec_id="test_exec",
                 node_exec_id="test_node_exec",
                 user_id="test_user",
+                graph_version=1,
+                execution_context=mock_execution_context,
+                execution_processor=mock_execution_processor,
             ):
                 outputs[output_name] = output_value
 
@@ -511,45 +557,108 @@ async def test_validation_errors_dont_pollute_conversation():
                 }
             ]
 
-            # Create input data
-            from backend.blocks import llm
+            # Mock the database manager to avoid HTTP calls during tool execution
+            with patch(
+                "backend.blocks.smart_decision_maker.get_database_manager_async_client"
+            ) as mock_db_manager:
+                # Set up the mock database manager for agent mode
+                mock_db_client = AsyncMock()
+                mock_db_manager.return_value = mock_db_client
 
-            input_data = block.input_schema(
-                prompt="Test prompt",
-                credentials=llm.TEST_CREDENTIALS_INPUT,
-                model=llm.LlmModel.GPT4O,
-                retry=3,  # Allow retries
-            )
+                # Mock the node retrieval
+                mock_target_node = Mock()
+                mock_target_node.id = "test-sink-node-id"
+                mock_target_node.block_id = "TestBlock"
+                mock_target_node.block = Mock()
+                mock_target_node.block.name = "Test Block"
+                mock_db_client.get_node.return_value = mock_target_node
 
-            # Run the block
-            outputs = {}
-            async for output_name, output_value in block.run(
-                input_data,
-                credentials=llm.TEST_CREDENTIALS,
-                graph_id="test_graph",
-                node_id="test_node",
-                graph_exec_id="test_exec",
-                node_exec_id="test_node_exec",
-                user_id="test_user",
-            ):
-                outputs[output_name] = output_value
+                # Mock the execution result creation
+                mock_node_exec_result = Mock()
+                mock_node_exec_result.node_exec_id = "mock-node-exec-id"
+                mock_final_input_data = {"correct_param": "value"}
+                mock_db_client.upsert_execution_input.return_value = (
+                    mock_node_exec_result,
+                    mock_final_input_data,
+                )
 
-            # Verify we had 2 LLM calls (initial + retry)
-            assert call_count == 2
+                # Mock the output retrieval
+                mock_outputs = {"correct_param": "value"}
+                mock_db_client.get_execution_outputs_by_node_exec_id.return_value = (
+                    mock_outputs
+                )
 
-            # Check the final conversation output
-            final_conversation = outputs.get("conversations", [])
+                # Create input data
+                from backend.blocks import llm
 
-            # The final conversation should NOT contain the validation error message
-            error_messages = [
-                msg
-                for msg in final_conversation
-                if msg.get("role") == "user"
-                and "parameter errors" in msg.get("content", "")
-            ]
-            assert (
-                len(error_messages) == 0
-            ), "Validation error leaked into final conversation"
+                input_data = block.input_schema(
+                    prompt="Test prompt",
+                    credentials=llm.TEST_CREDENTIALS_INPUT,
+                    model=llm.LlmModel.GPT4O,
+                    retry=3,  # Allow retries
+                    agent_mode_max_iterations=1,
+                )
 
-            # The final conversation should only have the successful response
-            assert final_conversation[-1]["content"] == "valid"
+                # Run the block
+                outputs = {}
+                from backend.data.execution import ExecutionContext
+
+                mock_execution_context = ExecutionContext(safe_mode=False)
+
+                # Create a proper mock execution processor for agent mode
+                from collections import defaultdict
+
+                mock_execution_processor = AsyncMock()
+                mock_execution_processor.execution_stats = MagicMock()
+                mock_execution_processor.execution_stats_lock = MagicMock()
+
+                # Create a mock NodeExecutionProgress for the sink node
+                mock_node_exec_progress = MagicMock()
+                mock_node_exec_progress.add_task = MagicMock()
+                mock_node_exec_progress.pop_output = MagicMock(
+                    return_value=None
+                )  # No outputs to process
+
+                # Set up running_node_execution as a defaultdict that returns our mock for any key
+                mock_execution_processor.running_node_execution = defaultdict(
+                    lambda: mock_node_exec_progress
+                )
+
+                # Mock the on_node_execution method that gets called during tool execution
+                mock_node_stats = MagicMock()
+                mock_node_stats.error = None
+                mock_execution_processor.on_node_execution.return_value = (
+                    mock_node_stats
+                )
+
+                async for output_name, output_value in block.run(
+                    input_data,
+                    credentials=llm.TEST_CREDENTIALS,
+                    graph_id="test_graph",
+                    node_id="test_node",
+                    graph_exec_id="test_exec",
+                    node_exec_id="test_node_exec",
+                    user_id="test_user",
+                    graph_version=1,
+                    execution_context=mock_execution_context,
+                    execution_processor=mock_execution_processor,
+                ):
+                    outputs[output_name] = output_value
+
+                # Verify we had at least 1 LLM call
+                assert call_count >= 1
+
+                # Check the final conversation output
+                final_conversation = outputs.get("conversations", [])
+
+                # The final conversation should NOT contain validation error messages
+                # Even if retries don't happen in agent mode, we should not leak errors
+                error_messages = [
+                    msg
+                    for msg in final_conversation
+                    if msg.get("role") == "user"
+                    and "parameter errors" in msg.get("content", "")
+                ]
+                assert (
+                    len(error_messages) == 0
+                ), "Validation error leaked into final conversation"

autogpt_platform/backend/backend/cli/__init__.py

@@ -0,0 +1 @@
+"""CLI utilities for backend development & administration"""

autogpt_platform/backend/backend/cli/generate_openapi_json.py

@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+"""
+Script to generate OpenAPI JSON specification for the FastAPI app.
+
+This script imports the FastAPI app from backend.server.rest_api and outputs
+the OpenAPI specification as JSON to stdout or a specified file.
+
+Usage:
+  `poetry run python generate_openapi_json.py`
+  `poetry run python generate_openapi_json.py --output openapi.json`
+  `poetry run python generate_openapi_json.py --indent 4 --output openapi.json`
+"""
+
+import json
+import os
+from pathlib import Path
+
+import click
+
+
+@click.command()
+@click.option(
+    "--output",
+    type=click.Path(dir_okay=False, path_type=Path),
+    help="Output file path (default: stdout)",
+)
+@click.option(
+    "--pretty",
+    type=click.BOOL,
+    default=False,
+    help="Pretty-print JSON output (indented 2 spaces)",
+)
+def main(output: Path, pretty: bool):
+    """Generate and output the OpenAPI JSON specification."""
+    openapi_schema = get_openapi_schema()
+
+    json_output = json.dumps(openapi_schema, indent=2 if pretty else None)
+
+    if output:
+        output.write_text(json_output)
+        click.echo(f"✅ OpenAPI specification written to {output}\n\nPreview:")
+        click.echo(f"\n{json_output[:500]} ...")
+    else:
+        print(json_output)
+
+
+def get_openapi_schema():
+    """Get the OpenAPI schema from the FastAPI app"""
+    from backend.server.rest_api import app
+
+    return app.openapi()
+
+
+if __name__ == "__main__":
+    os.environ["LOG_LEVEL"] = "ERROR"  # disable stdout log output
+
+    main()

autogpt_platform/backend/backend/data/analytics.py

@@ -1,12 +1,45 @@
 import logging
+from datetime import datetime, timedelta, timezone
+from typing import Optional
 
 import prisma.types
+from pydantic import BaseModel
 
+from backend.data.db import query_raw_with_schema
 from backend.util.json import SafeJson
 
 logger = logging.getLogger(__name__)
 
 
+class AccuracyAlertData(BaseModel):
+    """Alert data when accuracy drops significantly."""
+
+    graph_id: str
+    user_id: Optional[str]
+    drop_percent: float
+    three_day_avg: float
+    seven_day_avg: float
+    detected_at: datetime
+
+
+class AccuracyLatestData(BaseModel):
+    """Latest execution accuracy data point."""
+
+    date: datetime
+    daily_score: Optional[float]
+    three_day_avg: Optional[float]
+    seven_day_avg: Optional[float]
+    fourteen_day_avg: Optional[float]
+
+
+class AccuracyTrendsResponse(BaseModel):
+    """Response model for accuracy trends and alerts."""
+
+    latest_data: AccuracyLatestData
+    alert: Optional[AccuracyAlertData]
+    historical_data: Optional[list[AccuracyLatestData]] = None
+
+
 async def log_raw_analytics(
     user_id: str,
     type: str,
@@ -43,3 +76,217 @@ async def log_raw_metric(
     )
 
     return result
+
+
+async def get_accuracy_trends_and_alerts(
+    graph_id: str,
+    days_back: int = 30,
+    user_id: Optional[str] = None,
+    drop_threshold: float = 10.0,
+    include_historical: bool = False,
+) -> AccuracyTrendsResponse:
+    """Get accuracy trends and detect alerts for a specific graph."""
+    query_template = """
+    WITH daily_scores AS (
+        SELECT 
+            DATE(e."createdAt") as execution_date,
+            AVG(CASE 
+                WHEN e.stats IS NOT NULL 
+                AND e.stats::json->>'correctness_score' IS NOT NULL
+                AND e.stats::json->>'correctness_score' != 'null'
+                THEN (e.stats::json->>'correctness_score')::float * 100
+                ELSE NULL 
+            END) as daily_score
+        FROM {schema_prefix}"AgentGraphExecution" e
+        WHERE e."agentGraphId" = $1::text
+            AND e."isDeleted" = false
+            AND e."createdAt" >= $2::timestamp
+            AND e."executionStatus" IN ('COMPLETED', 'FAILED', 'TERMINATED')
+            {user_filter}
+        GROUP BY DATE(e."createdAt")
+        HAVING COUNT(*) >= 3  -- Need at least 3 executions per day
+    ),
+    trends AS (
+        SELECT 
+            execution_date,
+            daily_score,
+            AVG(daily_score) OVER (
+                ORDER BY execution_date 
+                ROWS BETWEEN 2 PRECEDING AND CURRENT ROW
+            ) as three_day_avg,
+            AVG(daily_score) OVER (
+                ORDER BY execution_date 
+                ROWS BETWEEN 6 PRECEDING AND CURRENT ROW
+            ) as seven_day_avg,
+            AVG(daily_score) OVER (
+                ORDER BY execution_date 
+                ROWS BETWEEN 13 PRECEDING AND CURRENT ROW
+            ) as fourteen_day_avg
+        FROM daily_scores
+    )
+    SELECT *,
+        CASE 
+            WHEN three_day_avg IS NOT NULL AND seven_day_avg IS NOT NULL AND seven_day_avg > 0
+            THEN ((seven_day_avg - three_day_avg) / seven_day_avg * 100)
+            ELSE NULL
+        END as drop_percent
+    FROM trends
+    ORDER BY execution_date DESC
+    {limit_clause}
+    """
+
+    start_date = datetime.now(timezone.utc) - timedelta(days=days_back)
+    params = [graph_id, start_date]
+    user_filter = ""
+    if user_id:
+        user_filter = 'AND e."userId" = $3::text'
+        params.append(user_id)
+
+    # Determine limit clause
+    limit_clause = "" if include_historical else "LIMIT 1"
+
+    final_query = query_template.format(
+        schema_prefix="{schema_prefix}",
+        user_filter=user_filter,
+        limit_clause=limit_clause,
+    )
+
+    result = await query_raw_with_schema(final_query, *params)
+
+    if not result:
+        return AccuracyTrendsResponse(
+            latest_data=AccuracyLatestData(
+                date=datetime.now(timezone.utc),
+                daily_score=None,
+                three_day_avg=None,
+                seven_day_avg=None,
+                fourteen_day_avg=None,
+            ),
+            alert=None,
+        )
+
+    latest = result[0]
+
+    alert = None
+    if (
+        latest["drop_percent"] is not None
+        and latest["drop_percent"] >= drop_threshold
+        and latest["three_day_avg"] is not None
+        and latest["seven_day_avg"] is not None
+    ):
+        alert = AccuracyAlertData(
+            graph_id=graph_id,
+            user_id=user_id,
+            drop_percent=float(latest["drop_percent"]),
+            three_day_avg=float(latest["three_day_avg"]),
+            seven_day_avg=float(latest["seven_day_avg"]),
+            detected_at=datetime.now(timezone.utc),
+        )
+
+    # Prepare historical data if requested
+    historical_data = None
+    if include_historical:
+        historical_data = []
+        for row in result:
+            historical_data.append(
+                AccuracyLatestData(
+                    date=row["execution_date"],
+                    daily_score=(
+                        float(row["daily_score"])
+                        if row["daily_score"] is not None
+                        else None
+                    ),
+                    three_day_avg=(
+                        float(row["three_day_avg"])
+                        if row["three_day_avg"] is not None
+                        else None
+                    ),
+                    seven_day_avg=(
+                        float(row["seven_day_avg"])
+                        if row["seven_day_avg"] is not None
+                        else None
+                    ),
+                    fourteen_day_avg=(
+                        float(row["fourteen_day_avg"])
+                        if row["fourteen_day_avg"] is not None
+                        else None
+                    ),
+                )
+            )
+
+    return AccuracyTrendsResponse(
+        latest_data=AccuracyLatestData(
+            date=latest["execution_date"],
+            daily_score=(
+                float(latest["daily_score"])
+                if latest["daily_score"] is not None
+                else None
+            ),
+            three_day_avg=(
+                float(latest["three_day_avg"])
+                if latest["three_day_avg"] is not None
+                else None
+            ),
+            seven_day_avg=(
+                float(latest["seven_day_avg"])
+                if latest["seven_day_avg"] is not None
+                else None
+            ),
+            fourteen_day_avg=(
+                float(latest["fourteen_day_avg"])
+                if latest["fourteen_day_avg"] is not None
+                else None
+            ),
+        ),
+        alert=alert,
+        historical_data=historical_data,
+    )
+
+
+class MarketplaceGraphData(BaseModel):
+    """Data structure for marketplace graph monitoring."""
+
+    graph_id: str
+    user_id: Optional[str]
+    execution_count: int
+
+
+async def get_marketplace_graphs_for_monitoring(
+    days_back: int = 30,
+    min_executions: int = 10,
+) -> list[MarketplaceGraphData]:
+    """Get published marketplace graphs with recent executions for monitoring."""
+    query_template = """
+    WITH marketplace_graphs AS (
+        SELECT DISTINCT 
+            slv."agentGraphId" as graph_id,
+            slv."agentGraphVersion" as graph_version
+        FROM {schema_prefix}"StoreListing" sl
+        JOIN {schema_prefix}"StoreListingVersion" slv ON sl."activeVersionId" = slv."id"
+        WHERE sl."hasApprovedVersion" = true
+            AND sl."isDeleted" = false
+    )
+    SELECT DISTINCT 
+        mg.graph_id,
+        NULL as user_id,  -- Marketplace graphs don't have a specific user_id for monitoring
+        COUNT(*) as execution_count
+    FROM marketplace_graphs mg
+    JOIN {schema_prefix}"AgentGraphExecution" e ON e."agentGraphId" = mg.graph_id
+    WHERE e."createdAt" >= $1::timestamp
+        AND e."isDeleted" = false
+        AND e."executionStatus" IN ('COMPLETED', 'FAILED', 'TERMINATED')
+    GROUP BY mg.graph_id
+    HAVING COUNT(*) >= $2
+    ORDER BY execution_count DESC
+    """
+    start_date = datetime.now(timezone.utc) - timedelta(days=days_back)
+    result = await query_raw_with_schema(query_template, start_date, min_executions)
+
+    return [
+        MarketplaceGraphData(
+            graph_id=row["graph_id"],
+            user_id=row["user_id"],
+            execution_count=int(row["execution_count"]),
+        )
+        for row in result
+    ]

autogpt_platform/backend/backend/data/auth/api_key.py

@@ -1,22 +1,24 @@
 import logging
 import uuid
 from datetime import datetime, timezone
-from typing import Optional
+from typing import Literal, Optional, cast
 
 from autogpt_libs.api_key.keysmith import APIKeySmith
 from prisma.enums import APIKeyPermission, APIKeyStatus
 from prisma.models import APIKey as PrismaAPIKey
-from prisma.types import APIKeyWhereUniqueInput
-from pydantic import BaseModel, Field
+from prisma.types import APIKeyCreateInput, APIKeyWhereUniqueInput
+from pydantic import Field
 
 from backend.data.includes import MAX_USER_API_KEYS_FETCH
 from backend.util.exceptions import NotAuthorizedError, NotFoundError
 
+from .base import APIAuthorizationInfo
+
 logger = logging.getLogger(__name__)
 keysmith = APIKeySmith()
 
 
-class APIKeyInfo(BaseModel):
+class APIKeyInfo(APIAuthorizationInfo):
     id: str
     name: str
     head: str = Field(
@@ -26,12 +28,9 @@ class APIKeyInfo(BaseModel):
         description=f"The last {APIKeySmith.TAIL_LENGTH} characters of the key"
     )
     status: APIKeyStatus
-    permissions: list[APIKeyPermission]
-    created_at: datetime
-    last_used_at: Optional[datetime] = None
-    revoked_at: Optional[datetime] = None
     description: Optional[str] = None
-    user_id: str
+
+    type: Literal["api_key"] = "api_key"  # type: ignore
 
     @staticmethod
     def from_db(api_key: PrismaAPIKey):
@@ -41,7 +40,7 @@ class APIKeyInfo(BaseModel):
             head=api_key.head,
             tail=api_key.tail,
             status=APIKeyStatus(api_key.status),
-            permissions=[APIKeyPermission(p) for p in api_key.permissions],
+            scopes=[APIKeyPermission(p) for p in api_key.permissions],
             created_at=api_key.createdAt,
             last_used_at=api_key.lastUsedAt,
             revoked_at=api_key.revokedAt,
@@ -83,17 +82,20 @@ async def create_api_key(
     generated_key = keysmith.generate_key()
 
     saved_key_obj = await PrismaAPIKey.prisma().create(
-        data={
-            "id": str(uuid.uuid4()),
-            "name": name,
-            "head": generated_key.head,
-            "tail": generated_key.tail,
-            "hash": generated_key.hash,
-            "salt": generated_key.salt,
-            "permissions": [p for p in permissions],
-            "description": description,
-            "userId": user_id,
-        }
+        data=cast(
+            APIKeyCreateInput,
+            {
+                "id": str(uuid.uuid4()),
+                "name": name,
+                "head": generated_key.head,
+                "tail": generated_key.tail,
+                "hash": generated_key.hash,
+                "salt": generated_key.salt,
+                "permissions": [p for p in permissions],
+                "description": description,
+                "userId": user_id,
+            },
+        )
     )
 
     return APIKeyInfo.from_db(saved_key_obj), generated_key.key
@@ -211,7 +213,7 @@ async def suspend_api_key(key_id: str, user_id: str) -> APIKeyInfo:
 
 
 def has_permission(api_key: APIKeyInfo, required_permission: APIKeyPermission) -> bool:
-    return required_permission in api_key.permissions
+    return required_permission in api_key.scopes
 
 
 async def get_api_key_by_id(key_id: str, user_id: str) -> Optional[APIKeyInfo]:

autogpt_platform/backend/backend/data/auth/base.py

@@ -0,0 +1,15 @@
+from datetime import datetime
+from typing import Literal, Optional
+
+from prisma.enums import APIKeyPermission
+from pydantic import BaseModel
+
+
+class APIAuthorizationInfo(BaseModel):
+    user_id: str
+    scopes: list[APIKeyPermission]
+    type: Literal["oauth", "api_key"]
+    created_at: datetime
+    expires_at: Optional[datetime] = None
+    last_used_at: Optional[datetime] = None
+    revoked_at: Optional[datetime] = None

autogpt_platform/backend/backend/data/auth/oauth.py

@@ -0,0 +1,886 @@
+"""
+OAuth 2.0 Provider Data Layer
+
+Handles management of OAuth applications, authorization codes,
+access tokens, and refresh tokens.
+
+Hashing strategy:
+- Access tokens & Refresh tokens: SHA256 (deterministic, allows direct lookup by hash)
+- Client secrets: Scrypt with salt (lookup by client_id, then verify with salt)
+"""
+
+import hashlib
+import logging
+import secrets
+import uuid
+from datetime import datetime, timedelta, timezone
+from typing import Literal, Optional, cast
+
+from autogpt_libs.api_key.keysmith import APIKeySmith
+from prisma.enums import APIKeyPermission as APIPermission
+from prisma.models import OAuthAccessToken as PrismaOAuthAccessToken
+from prisma.models import OAuthApplication as PrismaOAuthApplication
+from prisma.models import OAuthAuthorizationCode as PrismaOAuthAuthorizationCode
+from prisma.models import OAuthRefreshToken as PrismaOAuthRefreshToken
+from prisma.types import (
+    OAuthAccessTokenCreateInput,
+    OAuthApplicationUpdateInput,
+    OAuthAuthorizationCodeCreateInput,
+    OAuthRefreshTokenCreateInput,
+)
+from pydantic import BaseModel, Field, SecretStr
+
+from .base import APIAuthorizationInfo
+
+logger = logging.getLogger(__name__)
+keysmith = APIKeySmith()  # Only used for client secret hashing (Scrypt)
+
+
+def _generate_token() -> str:
+    """Generate a cryptographically secure random token."""
+    return secrets.token_urlsafe(32)
+
+
+def _hash_token(token: str) -> str:
+    """Hash a token using SHA256 (deterministic, for direct lookup)."""
+    return hashlib.sha256(token.encode()).hexdigest()
+
+
+# Token TTLs
+AUTHORIZATION_CODE_TTL = timedelta(minutes=10)
+ACCESS_TOKEN_TTL = timedelta(hours=1)
+REFRESH_TOKEN_TTL = timedelta(days=30)
+
+ACCESS_TOKEN_PREFIX = "agpt_xt_"
+REFRESH_TOKEN_PREFIX = "agpt_rt_"
+
+
+# ============================================================================
+# Exception Classes
+# ============================================================================
+
+
+class OAuthError(Exception):
+    """Base OAuth error"""
+
+    pass
+
+
+class InvalidClientError(OAuthError):
+    """Invalid client_id or client_secret"""
+
+    pass
+
+
+class InvalidGrantError(OAuthError):
+    """Invalid or expired authorization code/refresh token"""
+
+    def __init__(self, reason: str):
+        self.reason = reason
+        super().__init__(f"Invalid grant: {reason}")
+
+
+class InvalidTokenError(OAuthError):
+    """Invalid, expired, or revoked token"""
+
+    def __init__(self, reason: str):
+        self.reason = reason
+        super().__init__(f"Invalid token: {reason}")
+
+
+# ============================================================================
+# Data Models
+# ============================================================================
+
+
+class OAuthApplicationInfo(BaseModel):
+    """OAuth application information (without client secret hash)"""
+
+    id: str
+    name: str
+    description: Optional[str] = None
+    logo_url: Optional[str] = None
+    client_id: str
+    redirect_uris: list[str]
+    grant_types: list[str]
+    scopes: list[APIPermission]
+    owner_id: str
+    is_active: bool
+    created_at: datetime
+    updated_at: datetime
+
+    @staticmethod
+    def from_db(app: PrismaOAuthApplication):
+        return OAuthApplicationInfo(
+            id=app.id,
+            name=app.name,
+            description=app.description,
+            logo_url=app.logoUrl,
+            client_id=app.clientId,
+            redirect_uris=app.redirectUris,
+            grant_types=app.grantTypes,
+            scopes=[APIPermission(s) for s in app.scopes],
+            owner_id=app.ownerId,
+            is_active=app.isActive,
+            created_at=app.createdAt,
+            updated_at=app.updatedAt,
+        )
+
+
+class OAuthApplicationInfoWithSecret(OAuthApplicationInfo):
+    """OAuth application with client secret hash (for validation)"""
+
+    client_secret_hash: str
+    client_secret_salt: str
+
+    @staticmethod
+    def from_db(app: PrismaOAuthApplication):
+        return OAuthApplicationInfoWithSecret(
+            **OAuthApplicationInfo.from_db(app).model_dump(),
+            client_secret_hash=app.clientSecret,
+            client_secret_salt=app.clientSecretSalt,
+        )
+
+    def verify_secret(self, plaintext_secret: str) -> bool:
+        """Verify a plaintext client secret against the stored hash"""
+        # Use keysmith.verify_key() with stored salt
+        return keysmith.verify_key(
+            plaintext_secret, self.client_secret_hash, self.client_secret_salt
+        )
+
+
+class OAuthAuthorizationCodeInfo(BaseModel):
+    """Authorization code information"""
+
+    id: str
+    code: str
+    created_at: datetime
+    expires_at: datetime
+    application_id: str
+    user_id: str
+    scopes: list[APIPermission]
+    redirect_uri: str
+    code_challenge: Optional[str] = None
+    code_challenge_method: Optional[str] = None
+    used_at: Optional[datetime] = None
+
+    @property
+    def is_used(self) -> bool:
+        return self.used_at is not None
+
+    @staticmethod
+    def from_db(code: PrismaOAuthAuthorizationCode):
+        return OAuthAuthorizationCodeInfo(
+            id=code.id,
+            code=code.code,
+            created_at=code.createdAt,
+            expires_at=code.expiresAt,
+            application_id=code.applicationId,
+            user_id=code.userId,
+            scopes=[APIPermission(s) for s in code.scopes],
+            redirect_uri=code.redirectUri,
+            code_challenge=code.codeChallenge,
+            code_challenge_method=code.codeChallengeMethod,
+            used_at=code.usedAt,
+        )
+
+
+class OAuthAccessTokenInfo(APIAuthorizationInfo):
+    """Access token information"""
+
+    id: str
+    expires_at: datetime  # type: ignore
+    application_id: str
+
+    type: Literal["oauth"] = "oauth"  # type: ignore
+
+    @staticmethod
+    def from_db(token: PrismaOAuthAccessToken):
+        return OAuthAccessTokenInfo(
+            id=token.id,
+            user_id=token.userId,
+            scopes=[APIPermission(s) for s in token.scopes],
+            created_at=token.createdAt,
+            expires_at=token.expiresAt,
+            last_used_at=None,
+            revoked_at=token.revokedAt,
+            application_id=token.applicationId,
+        )
+
+
+class OAuthAccessToken(OAuthAccessTokenInfo):
+    """Access token with plaintext token included (sensitive)"""
+
+    token: SecretStr = Field(description="Plaintext token (sensitive)")
+
+    @staticmethod
+    def from_db(token: PrismaOAuthAccessToken, plaintext_token: str):  # type: ignore
+        return OAuthAccessToken(
+            **OAuthAccessTokenInfo.from_db(token).model_dump(),
+            token=SecretStr(plaintext_token),
+        )
+
+
+class OAuthRefreshTokenInfo(BaseModel):
+    """Refresh token information"""
+
+    id: str
+    user_id: str
+    scopes: list[APIPermission]
+    created_at: datetime
+    expires_at: datetime
+    application_id: str
+    revoked_at: Optional[datetime] = None
+
+    @property
+    def is_revoked(self) -> bool:
+        return self.revoked_at is not None
+
+    @staticmethod
+    def from_db(token: PrismaOAuthRefreshToken):
+        return OAuthRefreshTokenInfo(
+            id=token.id,
+            user_id=token.userId,
+            scopes=[APIPermission(s) for s in token.scopes],
+            created_at=token.createdAt,
+            expires_at=token.expiresAt,
+            application_id=token.applicationId,
+            revoked_at=token.revokedAt,
+        )
+
+
+class OAuthRefreshToken(OAuthRefreshTokenInfo):
+    """Refresh token with plaintext token included (sensitive)"""
+
+    token: SecretStr = Field(description="Plaintext token (sensitive)")
+
+    @staticmethod
+    def from_db(token: PrismaOAuthRefreshToken, plaintext_token: str):  # type: ignore
+        return OAuthRefreshToken(
+            **OAuthRefreshTokenInfo.from_db(token).model_dump(),
+            token=SecretStr(plaintext_token),
+        )
+
+
+class TokenIntrospectionResult(BaseModel):
+    """Result of token introspection (RFC 7662)"""
+
+    active: bool
+    scopes: Optional[list[str]] = None
+    client_id: Optional[str] = None
+    user_id: Optional[str] = None
+    exp: Optional[int] = None  # Unix timestamp
+    token_type: Optional[Literal["access_token", "refresh_token"]] = None
+
+
+# ============================================================================
+# OAuth Application Management
+# ============================================================================
+
+
+async def get_oauth_application(client_id: str) -> Optional[OAuthApplicationInfo]:
+    """Get OAuth application by client ID (without secret)"""
+    app = await PrismaOAuthApplication.prisma().find_unique(
+        where={"clientId": client_id}
+    )
+    if not app:
+        return None
+    return OAuthApplicationInfo.from_db(app)
+
+
+async def get_oauth_application_with_secret(
+    client_id: str,
+) -> Optional[OAuthApplicationInfoWithSecret]:
+    """Get OAuth application by client ID (with secret hash for validation)"""
+    app = await PrismaOAuthApplication.prisma().find_unique(
+        where={"clientId": client_id}
+    )
+    if not app:
+        return None
+    return OAuthApplicationInfoWithSecret.from_db(app)
+
+
+async def validate_client_credentials(
+    client_id: str, client_secret: str
+) -> OAuthApplicationInfo:
+    """
+    Validate client credentials and return application info.
+
+    Raises:
+        InvalidClientError: If client_id or client_secret is invalid, or app is inactive
+    """
+    app = await get_oauth_application_with_secret(client_id)
+    if not app:
+        raise InvalidClientError("Invalid client_id")
+
+    if not app.is_active:
+        raise InvalidClientError("Application is not active")
+
+    # Verify client secret
+    if not app.verify_secret(client_secret):
+        raise InvalidClientError("Invalid client_secret")
+
+    # Return without secret hash
+    return OAuthApplicationInfo(**app.model_dump(exclude={"client_secret_hash"}))
+
+
+def validate_redirect_uri(app: OAuthApplicationInfo, redirect_uri: str) -> bool:
+    """Validate that redirect URI is registered for the application"""
+    return redirect_uri in app.redirect_uris
+
+
+def validate_scopes(
+    app: OAuthApplicationInfo, requested_scopes: list[APIPermission]
+) -> bool:
+    """Validate that all requested scopes are allowed for the application"""
+    return all(scope in app.scopes for scope in requested_scopes)
+
+
+# ============================================================================
+# Authorization Code Flow
+# ============================================================================
+
+
+def _generate_authorization_code() -> str:
+    """Generate a cryptographically secure authorization code"""
+    # 32 bytes = 256 bits of entropy
+    return secrets.token_urlsafe(32)
+
+
+async def create_authorization_code(
+    application_id: str,
+    user_id: str,
+    scopes: list[APIPermission],
+    redirect_uri: str,
+    code_challenge: Optional[str] = None,
+    code_challenge_method: Optional[Literal["S256", "plain"]] = None,
+) -> OAuthAuthorizationCodeInfo:
+    """
+    Create a new authorization code.
+    Expires in 10 minutes and can only be used once.
+    """
+    code = _generate_authorization_code()
+    now = datetime.now(timezone.utc)
+    expires_at = now + AUTHORIZATION_CODE_TTL
+
+    saved_code = await PrismaOAuthAuthorizationCode.prisma().create(
+        data=cast(
+            OAuthAuthorizationCodeCreateInput,
+            {
+                "id": str(uuid.uuid4()),
+                "code": code,
+                "expiresAt": expires_at,
+                "applicationId": application_id,
+                "userId": user_id,
+                "scopes": [s for s in scopes],
+                "redirectUri": redirect_uri,
+                "codeChallenge": code_challenge,
+                "codeChallengeMethod": code_challenge_method,
+            },
+        )
+    )
+
+    return OAuthAuthorizationCodeInfo.from_db(saved_code)
+
+
+async def consume_authorization_code(
+    code: str,
+    application_id: str,
+    redirect_uri: str,
+    code_verifier: Optional[str] = None,
+) -> tuple[str, list[APIPermission]]:
+    """
+    Consume an authorization code and return (user_id, scopes).
+
+    This marks the code as used and validates:
+    - Code exists and matches application
+    - Code is not expired
+    - Code has not been used
+    - Redirect URI matches
+    - PKCE code verifier matches (if code challenge was provided)
+
+    Raises:
+        InvalidGrantError: If code is invalid, expired, used, or PKCE fails
+    """
+    auth_code = await PrismaOAuthAuthorizationCode.prisma().find_unique(
+        where={"code": code}
+    )
+
+    if not auth_code:
+        raise InvalidGrantError("authorization code not found")
+
+    # Validate application
+    if auth_code.applicationId != application_id:
+        raise InvalidGrantError(
+            "authorization code does not belong to this application"
+        )
+
+    # Check if already used
+    if auth_code.usedAt is not None:
+        raise InvalidGrantError(
+            f"authorization code already used at {auth_code.usedAt}"
+        )
+
+    # Check expiration
+    now = datetime.now(timezone.utc)
+    if auth_code.expiresAt < now:
+        raise InvalidGrantError("authorization code expired")
+
+    # Validate redirect URI
+    if auth_code.redirectUri != redirect_uri:
+        raise InvalidGrantError("redirect_uri mismatch")
+
+    # Validate PKCE if code challenge was provided
+    if auth_code.codeChallenge:
+        if not code_verifier:
+            raise InvalidGrantError("code_verifier required but not provided")
+
+        if not _verify_pkce(
+            code_verifier, auth_code.codeChallenge, auth_code.codeChallengeMethod
+        ):
+            raise InvalidGrantError("PKCE verification failed")
+
+    # Mark code as used
+    await PrismaOAuthAuthorizationCode.prisma().update(
+        where={"code": code},
+        data={"usedAt": now},
+    )
+
+    return auth_code.userId, [APIPermission(s) for s in auth_code.scopes]
+
+
+def _verify_pkce(
+    code_verifier: str, code_challenge: str, code_challenge_method: Optional[str]
+) -> bool:
+    """
+    Verify PKCE code verifier against code challenge.
+
+    Supports:
+    - S256: SHA256(code_verifier) == code_challenge
+    - plain: code_verifier == code_challenge
+    """
+    if code_challenge_method == "S256":
+        # Hash the verifier with SHA256 and base64url encode
+        hashed = hashlib.sha256(code_verifier.encode("ascii")).digest()
+        computed_challenge = (
+            secrets.token_urlsafe(len(hashed)).encode("ascii").decode("ascii")
+        )
+        # For proper base64url encoding
+        import base64
+
+        computed_challenge = (
+            base64.urlsafe_b64encode(hashed).decode("ascii").rstrip("=")
+        )
+        return secrets.compare_digest(computed_challenge, code_challenge)
+    elif code_challenge_method == "plain" or code_challenge_method is None:
+        # Plain comparison
+        return secrets.compare_digest(code_verifier, code_challenge)
+    else:
+        logger.warning(f"Unsupported code challenge method: {code_challenge_method}")
+        return False
+
+
+# ============================================================================
+# Access Token Management
+# ============================================================================
+
+
+async def create_access_token(
+    application_id: str, user_id: str, scopes: list[APIPermission]
+) -> OAuthAccessToken:
+    """
+    Create a new access token.
+    Returns OAuthAccessToken (with plaintext token).
+    """
+    plaintext_token = ACCESS_TOKEN_PREFIX + _generate_token()
+    token_hash = _hash_token(plaintext_token)
+    now = datetime.now(timezone.utc)
+    expires_at = now + ACCESS_TOKEN_TTL
+
+    saved_token = await PrismaOAuthAccessToken.prisma().create(
+        data=cast(
+            OAuthAccessTokenCreateInput,
+            {
+                "id": str(uuid.uuid4()),
+                "token": token_hash,  # SHA256 hash for direct lookup
+                "expiresAt": expires_at,
+                "applicationId": application_id,
+                "userId": user_id,
+                "scopes": [s for s in scopes],
+            },
+        )
+    )
+
+    return OAuthAccessToken.from_db(saved_token, plaintext_token=plaintext_token)
+
+
+async def validate_access_token(
+    token: str,
+) -> tuple[OAuthAccessTokenInfo, OAuthApplicationInfo]:
+    """
+    Validate an access token and return token info.
+
+    Raises:
+        InvalidTokenError: If token is invalid, expired, or revoked
+        InvalidClientError: If the client application is not marked as active
+    """
+    token_hash = _hash_token(token)
+
+    # Direct lookup by hash
+    access_token = await PrismaOAuthAccessToken.prisma().find_unique(
+        where={"token": token_hash}, include={"Application": True}
+    )
+
+    if not access_token:
+        raise InvalidTokenError("access token not found")
+
+    if not access_token.Application:  # should be impossible
+        raise InvalidClientError("Client application not found")
+
+    if not access_token.Application.isActive:
+        raise InvalidClientError("Client application is disabled")
+
+    if access_token.revokedAt is not None:
+        raise InvalidTokenError("access token has been revoked")
+
+    # Check expiration
+    now = datetime.now(timezone.utc)
+    if access_token.expiresAt < now:
+        raise InvalidTokenError("access token expired")
+
+    return (
+        OAuthAccessTokenInfo.from_db(access_token),
+        OAuthApplicationInfo.from_db(access_token.Application),
+    )
+
+
+async def revoke_access_token(
+    token: str, application_id: str
+) -> OAuthAccessTokenInfo | None:
+    """
+    Revoke an access token.
+
+    Args:
+        token: The plaintext access token to revoke
+        application_id: The application ID making the revocation request.
+            Only tokens belonging to this application will be revoked.
+
+    Returns:
+        OAuthAccessTokenInfo if token was found and revoked, None otherwise.
+
+    Note:
+        Always performs exactly 2 DB queries regardless of outcome to prevent
+        timing side-channel attacks that could reveal token existence.
+    """
+    try:
+        token_hash = _hash_token(token)
+
+        # Use update_many to filter by both token and applicationId
+        updated_count = await PrismaOAuthAccessToken.prisma().update_many(
+            where={
+                "token": token_hash,
+                "applicationId": application_id,
+                "revokedAt": None,
+            },
+            data={"revokedAt": datetime.now(timezone.utc)},
+        )
+
+        # Always perform second query to ensure constant time
+        result = await PrismaOAuthAccessToken.prisma().find_unique(
+            where={"token": token_hash}
+        )
+
+        # Only return result if we actually revoked something
+        if updated_count == 0:
+            return None
+
+        return OAuthAccessTokenInfo.from_db(result) if result else None
+    except Exception as e:
+        logger.exception(f"Error revoking access token: {e}")
+        return None
+
+
+# ============================================================================
+# Refresh Token Management
+# ============================================================================
+
+
+async def create_refresh_token(
+    application_id: str, user_id: str, scopes: list[APIPermission]
+) -> OAuthRefreshToken:
+    """
+    Create a new refresh token.
+    Returns OAuthRefreshToken (with plaintext token).
+    """
+    plaintext_token = REFRESH_TOKEN_PREFIX + _generate_token()
+    token_hash = _hash_token(plaintext_token)
+    now = datetime.now(timezone.utc)
+    expires_at = now + REFRESH_TOKEN_TTL
+
+    saved_token = await PrismaOAuthRefreshToken.prisma().create(
+        data=cast(
+            OAuthRefreshTokenCreateInput,
+            {
+                "id": str(uuid.uuid4()),
+                "token": token_hash,  # SHA256 hash for direct lookup
+                "expiresAt": expires_at,
+                "applicationId": application_id,
+                "userId": user_id,
+                "scopes": [s for s in scopes],
+            },
+        )
+    )
+
+    return OAuthRefreshToken.from_db(saved_token, plaintext_token=plaintext_token)
+
+
+async def refresh_tokens(
+    refresh_token: str, application_id: str
+) -> tuple[OAuthAccessToken, OAuthRefreshToken]:
+    """
+    Use a refresh token to create new access and refresh tokens.
+    Returns (new_access_token, new_refresh_token) both with plaintext tokens included.
+
+    Raises:
+        InvalidGrantError: If refresh token is invalid, expired, or revoked
+    """
+    token_hash = _hash_token(refresh_token)
+
+    # Direct lookup by hash
+    rt = await PrismaOAuthRefreshToken.prisma().find_unique(where={"token": token_hash})
+
+    if not rt:
+        raise InvalidGrantError("refresh token not found")
+
+    # NOTE: no need to check Application.isActive, this is checked by the token endpoint
+
+    if rt.revokedAt is not None:
+        raise InvalidGrantError("refresh token has been revoked")
+
+    # Validate application
+    if rt.applicationId != application_id:
+        raise InvalidGrantError("refresh token does not belong to this application")
+
+    # Check expiration
+    now = datetime.now(timezone.utc)
+    if rt.expiresAt < now:
+        raise InvalidGrantError("refresh token expired")
+
+    # Revoke old refresh token
+    await PrismaOAuthRefreshToken.prisma().update(
+        where={"token": token_hash},
+        data={"revokedAt": now},
+    )
+
+    # Create new access and refresh tokens with same scopes
+    scopes = [APIPermission(s) for s in rt.scopes]
+    new_access_token = await create_access_token(
+        rt.applicationId,
+        rt.userId,
+        scopes,
+    )
+    new_refresh_token = await create_refresh_token(
+        rt.applicationId,
+        rt.userId,
+        scopes,
+    )
+
+    return new_access_token, new_refresh_token
+
+
+async def revoke_refresh_token(
+    token: str, application_id: str
+) -> OAuthRefreshTokenInfo | None:
+    """
+    Revoke a refresh token.
+
+    Args:
+        token: The plaintext refresh token to revoke
+        application_id: The application ID making the revocation request.
+            Only tokens belonging to this application will be revoked.
+
+    Returns:
+        OAuthRefreshTokenInfo if token was found and revoked, None otherwise.
+
+    Note:
+        Always performs exactly 2 DB queries regardless of outcome to prevent
+        timing side-channel attacks that could reveal token existence.
+    """
+    try:
+        token_hash = _hash_token(token)
+
+        # Use update_many to filter by both token and applicationId
+        updated_count = await PrismaOAuthRefreshToken.prisma().update_many(
+            where={
+                "token": token_hash,
+                "applicationId": application_id,
+                "revokedAt": None,
+            },
+            data={"revokedAt": datetime.now(timezone.utc)},
+        )
+
+        # Always perform second query to ensure constant time
+        result = await PrismaOAuthRefreshToken.prisma().find_unique(
+            where={"token": token_hash}
+        )
+
+        # Only return result if we actually revoked something
+        if updated_count == 0:
+            return None
+
+        return OAuthRefreshTokenInfo.from_db(result) if result else None
+    except Exception as e:
+        logger.exception(f"Error revoking refresh token: {e}")
+        return None
+
+
+# ============================================================================
+# Token Introspection
+# ============================================================================
+
+
+async def introspect_token(
+    token: str,
+    token_type_hint: Optional[Literal["access_token", "refresh_token"]] = None,
+) -> TokenIntrospectionResult:
+    """
+    Introspect a token and return its metadata (RFC 7662).
+
+    Returns TokenIntrospectionResult with active=True and metadata if valid,
+    or active=False if the token is invalid/expired/revoked.
+    """
+    # Try as access token first (or if hint says "access_token")
+    if token_type_hint != "refresh_token":
+        try:
+            token_info, app = await validate_access_token(token)
+            return TokenIntrospectionResult(
+                active=True,
+                scopes=list(s.value for s in token_info.scopes),
+                client_id=app.client_id if app else None,
+                user_id=token_info.user_id,
+                exp=int(token_info.expires_at.timestamp()),
+                token_type="access_token",
+            )
+        except InvalidTokenError:
+            pass  # Try as refresh token
+
+    # Try as refresh token
+    token_hash = _hash_token(token)
+    refresh_token = await PrismaOAuthRefreshToken.prisma().find_unique(
+        where={"token": token_hash}
+    )
+
+    if refresh_token and refresh_token.revokedAt is None:
+        # Check if valid (not expired)
+        now = datetime.now(timezone.utc)
+        if refresh_token.expiresAt > now:
+            app = await get_oauth_application_by_id(refresh_token.applicationId)
+            return TokenIntrospectionResult(
+                active=True,
+                scopes=list(s for s in refresh_token.scopes),
+                client_id=app.client_id if app else None,
+                user_id=refresh_token.userId,
+                exp=int(refresh_token.expiresAt.timestamp()),
+                token_type="refresh_token",
+            )
+
+    # Token not found or inactive
+    return TokenIntrospectionResult(active=False)
+
+
+async def get_oauth_application_by_id(app_id: str) -> Optional[OAuthApplicationInfo]:
+    """Get OAuth application by ID"""
+    app = await PrismaOAuthApplication.prisma().find_unique(where={"id": app_id})
+    if not app:
+        return None
+    return OAuthApplicationInfo.from_db(app)
+
+
+async def list_user_oauth_applications(user_id: str) -> list[OAuthApplicationInfo]:
+    """Get all OAuth applications owned by a user"""
+    apps = await PrismaOAuthApplication.prisma().find_many(
+        where={"ownerId": user_id},
+        order={"createdAt": "desc"},
+    )
+    return [OAuthApplicationInfo.from_db(app) for app in apps]
+
+
+async def update_oauth_application(
+    app_id: str,
+    *,
+    owner_id: str,
+    is_active: Optional[bool] = None,
+    logo_url: Optional[str] = None,
+) -> Optional[OAuthApplicationInfo]:
+    """
+    Update OAuth application active status.
+    Only the owner can update their app's status.
+
+    Returns the updated app info, or None if app not found or not owned by user.
+    """
+    # First verify ownership
+    app = await PrismaOAuthApplication.prisma().find_first(
+        where={"id": app_id, "ownerId": owner_id}
+    )
+    if not app:
+        return None
+
+    patch: OAuthApplicationUpdateInput = {}
+    if is_active is not None:
+        patch["isActive"] = is_active
+    if logo_url:
+        patch["logoUrl"] = logo_url
+    if not patch:
+        return OAuthApplicationInfo.from_db(app)  # return unchanged
+
+    updated_app = await PrismaOAuthApplication.prisma().update(
+        where={"id": app_id},
+        data=patch,
+    )
+    return OAuthApplicationInfo.from_db(updated_app) if updated_app else None
+
+
+# ============================================================================
+# Token Cleanup
+# ============================================================================
+
+
+async def cleanup_expired_oauth_tokens() -> dict[str, int]:
+    """
+    Delete expired OAuth tokens from the database.
+
+    This removes:
+    - Expired authorization codes (10 min TTL)
+    - Expired access tokens (1 hour TTL)
+    - Expired refresh tokens (30 day TTL)
+
+    Returns a dict with counts of deleted tokens by type.
+    """
+    now = datetime.now(timezone.utc)
+
+    # Delete expired authorization codes
+    codes_result = await PrismaOAuthAuthorizationCode.prisma().delete_many(
+        where={"expiresAt": {"lt": now}}
+    )
+
+    # Delete expired access tokens
+    access_result = await PrismaOAuthAccessToken.prisma().delete_many(
+        where={"expiresAt": {"lt": now}}
+    )
+
+    # Delete expired refresh tokens
+    refresh_result = await PrismaOAuthRefreshToken.prisma().delete_many(
+        where={"expiresAt": {"lt": now}}
+    )
+
+    deleted = {
+        "authorization_codes": codes_result,
+        "access_tokens": access_result,
+        "refresh_tokens": refresh_result,
+    }
+
+    total = sum(deleted.values())
+    if total > 0:
+        logger.info(f"Cleaned up {total} expired OAuth tokens: {deleted}")
+
+    return deleted

autogpt_platform/backend/backend/data/block.py

@@ -601,14 +601,18 @@ class Block(ABC, Generic[BlockSchemaInputType, BlockSchemaOutputType]):
             async for output_name, output_data in self._execute(input_data, **kwargs):
                 yield output_name, output_data
         except Exception as ex:
-            if not isinstance(ex, BlockError):
-                raise BlockUnknownError(
+            if isinstance(ex, BlockError):
+                raise ex
+            else:
+                raise (
+                    BlockExecutionError
+                    if isinstance(ex, ValueError)
+                    else BlockUnknownError
+                )(
                     message=str(ex),
                     block_name=self.name,
                     block_id=self.id,
                 ) from ex
-            else:
-                raise ex
 
     async def _execute(self, input_data: BlockInput, **kwargs) -> BlockOutput:
         if error := self.input_schema.validate_data(input_data):

autogpt_platform/backend/backend/data/credit_ceiling_test.py

@@ -5,12 +5,14 @@ This test was added to cover a previously untested code path that could lead to
 incorrect balance capping behavior.
 """
 
+from typing import cast
 from uuid import uuid4
 
 import pytest
 from prisma.enums import CreditTransactionType
 from prisma.errors import UniqueViolationError
 from prisma.models import CreditTransaction, User, UserBalance
+from prisma.types import UserBalanceUpsertInput, UserCreateInput
 
 from backend.data.credit import UserCredit
 from backend.util.json import SafeJson
@@ -21,11 +23,14 @@ async def create_test_user(user_id: str) -> None:
     """Create a test user for ceiling tests."""
     try:
         await User.prisma().create(
-            data={
-                "id": user_id,
-                "email": f"test-{user_id}@example.com",
-                "name": f"Test User {user_id[:8]}",
-            }
+            data=cast(
+                UserCreateInput,
+                {
+                    "id": user_id,
+                    "email": f"test-{user_id}@example.com",
+                    "name": f"Test User {user_id[:8]}",
+                },
+            )
         )
     except UniqueViolationError:
         # User already exists, continue
@@ -33,7 +38,10 @@ async def create_test_user(user_id: str) -> None:
 
     await UserBalance.prisma().upsert(
         where={"userId": user_id},
-        data={"create": {"userId": user_id, "balance": 0}, "update": {"balance": 0}},
+        data=cast(
+            UserBalanceUpsertInput,
+            {"create": {"userId": user_id, "balance": 0}, "update": {"balance": 0}},
+        ),
     )
 
 

autogpt_platform/backend/backend/data/credit_concurrency_test.py

@@ -7,6 +7,7 @@ without race conditions, deadlocks, or inconsistent state.
 
 import asyncio
 import random
+from typing import cast
 from uuid import uuid4
 
 import prisma.enums
@@ -14,6 +15,7 @@ import pytest
 from prisma.enums import CreditTransactionType
 from prisma.errors import UniqueViolationError
 from prisma.models import CreditTransaction, User, UserBalance
+from prisma.types import UserBalanceUpsertInput, UserCreateInput
 
 from backend.data.credit import POSTGRES_INT_MAX, UsageTransactionMetadata, UserCredit
 from backend.util.exceptions import InsufficientBalanceError
@@ -28,11 +30,14 @@ async def create_test_user(user_id: str) -> None:
     """Create a test user with initial balance."""
     try:
         await User.prisma().create(
-            data={
-                "id": user_id,
-                "email": f"test-{user_id}@example.com",
-                "name": f"Test User {user_id[:8]}",
-            }
+            data=cast(
+                UserCreateInput,
+                {
+                    "id": user_id,
+                    "email": f"test-{user_id}@example.com",
+                    "name": f"Test User {user_id[:8]}",
+                },
+            )
         )
     except UniqueViolationError:
         # User already exists, continue
@@ -41,7 +46,10 @@ async def create_test_user(user_id: str) -> None:
     # Ensure UserBalance record exists
     await UserBalance.prisma().upsert(
         where={"userId": user_id},
-        data={"create": {"userId": user_id, "balance": 0}, "update": {"balance": 0}},
+        data=cast(
+            UserBalanceUpsertInput,
+            {"create": {"userId": user_id, "balance": 0}, "update": {"balance": 0}},
+        ),
     )
 
 
@@ -342,10 +350,13 @@ async def test_integer_overflow_protection(server: SpinTestServer):
         # First, set balance near max
         await UserBalance.prisma().upsert(
             where={"userId": user_id},
-            data={
-                "create": {"userId": user_id, "balance": max_int - 100},
-                "update": {"balance": max_int - 100},
-            },
+            data=cast(
+                UserBalanceUpsertInput,
+                {
+                    "create": {"userId": user_id, "balance": max_int - 100},
+                    "update": {"balance": max_int - 100},
+                },
+            ),
         )
 
         # Try to add more than possible - should clamp to POSTGRES_INT_MAX

autogpt_platform/backend/backend/data/credit_integration_test.py

@@ -5,9 +5,12 @@ These tests run actual database operations to ensure SQL queries work correctly,
 which would have caught the CreditTransactionType enum casting bug.
 """
 
+from typing import cast
+
 import pytest
 from prisma.enums import CreditTransactionType
 from prisma.models import CreditTransaction, User, UserBalance
+from prisma.types import UserCreateInput
 
 from backend.data.credit import (
     AutoTopUpConfig,
@@ -29,12 +32,15 @@ async def cleanup_test_user():
     # Create the user first
     try:
         await User.prisma().create(
-            data={
-                "id": user_id,
-                "email": f"test-{user_id}@example.com",
-                "topUpConfig": SafeJson({}),
-                "timezone": "UTC",
-            }
+            data=cast(
+                UserCreateInput,
+                {
+                    "id": user_id,
+                    "email": f"test-{user_id}@example.com",
+                    "topUpConfig": SafeJson({}),
+                    "timezone": "UTC",
+                },
+            )
         )
     except Exception:
         # User might already exist, that's fine

autogpt_platform/backend/backend/data/credit_refund_test.py

@@ -6,12 +6,19 @@ are atomic and maintain data consistency.
 """
 
 from datetime import datetime, timezone
+from typing import cast
 from unittest.mock import MagicMock, patch
 
 import pytest
 import stripe
 from prisma.enums import CreditTransactionType
 from prisma.models import CreditRefundRequest, CreditTransaction, User, UserBalance
+from prisma.types import (
+    CreditRefundRequestCreateInput,
+    CreditTransactionCreateInput,
+    UserBalanceCreateInput,
+    UserCreateInput,
+)
 
 from backend.data.credit import UserCredit
 from backend.util.json import SafeJson
@@ -35,32 +42,41 @@ async def setup_test_user_with_topup():
 
     # Create user
     await User.prisma().create(
-        data={
-            "id": REFUND_TEST_USER_ID,
-            "email": f"{REFUND_TEST_USER_ID}@example.com",
-            "name": "Refund Test User",
-        }
+        data=cast(
+            UserCreateInput,
+            {
+                "id": REFUND_TEST_USER_ID,
+                "email": f"{REFUND_TEST_USER_ID}@example.com",
+                "name": "Refund Test User",
+            },
+        )
     )
 
     # Create user balance
     await UserBalance.prisma().create(
-        data={
-            "userId": REFUND_TEST_USER_ID,
-            "balance": 1000,  # $10
-        }
+        data=cast(
+            UserBalanceCreateInput,
+            {
+                "userId": REFUND_TEST_USER_ID,
+                "balance": 1000,  # $10
+            },
+        )
     )
 
     # Create a top-up transaction that can be refunded
     topup_tx = await CreditTransaction.prisma().create(
-        data={
-            "userId": REFUND_TEST_USER_ID,
-            "amount": 1000,
-            "type": CreditTransactionType.TOP_UP,
-            "transactionKey": "pi_test_12345",
-            "runningBalance": 1000,
-            "isActive": True,
-            "metadata": SafeJson({"stripe_payment_intent": "pi_test_12345"}),
-        }
+        data=cast(
+            CreditTransactionCreateInput,
+            {
+                "userId": REFUND_TEST_USER_ID,
+                "amount": 1000,
+                "type": CreditTransactionType.TOP_UP,
+                "transactionKey": "pi_test_12345",
+                "runningBalance": 1000,
+                "isActive": True,
+                "metadata": SafeJson({"stripe_payment_intent": "pi_test_12345"}),
+            },
+        )
     )
 
     return topup_tx
@@ -93,12 +109,15 @@ async def test_deduct_credits_atomic(server: SpinTestServer):
 
         # Create refund request record (simulating webhook flow)
         await CreditRefundRequest.prisma().create(
-            data={
-                "userId": REFUND_TEST_USER_ID,
-                "amount": 500,
-                "transactionKey": topup_tx.transactionKey,  # Should match the original transaction
-                "reason": "Test refund",
-            }
+            data=cast(
+                CreditRefundRequestCreateInput,
+                {
+                    "userId": REFUND_TEST_USER_ID,
+                    "amount": 500,
+                    "transactionKey": topup_tx.transactionKey,  # Should match the original transaction
+                    "reason": "Test refund",
+                },
+            )
         )
 
         # Call deduct_credits
@@ -286,12 +305,15 @@ async def test_concurrent_refunds(server: SpinTestServer):
         refund_requests = []
         for i in range(5):
             req = await CreditRefundRequest.prisma().create(
-                data={
-                    "userId": REFUND_TEST_USER_ID,
-                    "amount": 100,  # $1 each
-                    "transactionKey": topup_tx.transactionKey,
-                    "reason": f"Test refund {i}",
-                }
+                data=cast(
+                    CreditRefundRequestCreateInput,
+                    {
+                        "userId": REFUND_TEST_USER_ID,
+                        "amount": 100,  # $1 each
+                        "transactionKey": topup_tx.transactionKey,
+                        "reason": f"Test refund {i}",
+                    },
+                )
             )
             refund_requests.append(req)
 

autogpt_platform/backend/backend/data/credit_test.py

@@ -1,8 +1,10 @@
 from datetime import datetime, timedelta, timezone
+from typing import cast
 
 import pytest
 from prisma.enums import CreditTransactionType
 from prisma.models import CreditTransaction, UserBalance
+from prisma.types import CreditTransactionCreateInput, UserBalanceUpsertInput
 
 from backend.blocks.llm import AITextGeneratorBlock
 from backend.data.block import get_block
@@ -23,10 +25,13 @@ async def disable_test_user_transactions():
     old_date = datetime.now(timezone.utc) - timedelta(days=35)  # More than a month ago
     await UserBalance.prisma().upsert(
         where={"userId": DEFAULT_USER_ID},
-        data={
-            "create": {"userId": DEFAULT_USER_ID, "balance": 0},
-            "update": {"balance": 0, "updatedAt": old_date},
-        },
+        data=cast(
+            UserBalanceUpsertInput,
+            {
+                "create": {"userId": DEFAULT_USER_ID, "balance": 0},
+                "update": {"balance": 0, "updatedAt": old_date},
+            },
+        ),
     )
 
 
@@ -140,23 +145,29 @@ async def test_block_credit_reset(server: SpinTestServer):
 
         # Manually create a transaction with month 1 timestamp to establish history
         await CreditTransaction.prisma().create(
-            data={
-                "userId": DEFAULT_USER_ID,
-                "amount": 100,
-                "type": CreditTransactionType.TOP_UP,
-                "runningBalance": 1100,
-                "isActive": True,
-                "createdAt": month1,  # Set specific timestamp
-            }
+            data=cast(
+                CreditTransactionCreateInput,
+                {
+                    "userId": DEFAULT_USER_ID,
+                    "amount": 100,
+                    "type": CreditTransactionType.TOP_UP,
+                    "runningBalance": 1100,
+                    "isActive": True,
+                    "createdAt": month1,  # Set specific timestamp
+                },
+            )
         )
 
         # Update user balance to match
         await UserBalance.prisma().upsert(
             where={"userId": DEFAULT_USER_ID},
-            data={
-                "create": {"userId": DEFAULT_USER_ID, "balance": 1100},
-                "update": {"balance": 1100},
-            },
+            data=cast(
+                UserBalanceUpsertInput,
+                {
+                    "create": {"userId": DEFAULT_USER_ID, "balance": 1100},
+                    "update": {"balance": 1100},
+                },
+            ),
         )
 
         # Now test month 2 behavior
@@ -175,14 +186,17 @@ async def test_block_credit_reset(server: SpinTestServer):
 
         # Create a month 2 transaction to update the last transaction time
         await CreditTransaction.prisma().create(
-            data={
-                "userId": DEFAULT_USER_ID,
-                "amount": -700,  # Spent 700 to get to 400
-                "type": CreditTransactionType.USAGE,
-                "runningBalance": 400,
-                "isActive": True,
-                "createdAt": month2,
-            }
+            data=cast(
+                CreditTransactionCreateInput,
+                {
+                    "userId": DEFAULT_USER_ID,
+                    "amount": -700,  # Spent 700 to get to 400
+                    "type": CreditTransactionType.USAGE,
+                    "runningBalance": 400,
+                    "isActive": True,
+                    "createdAt": month2,
+                },
+            )
         )
 
         # Move to month 3

autogpt_platform/backend/backend/data/credit_underflow_test.py

@@ -6,12 +6,14 @@ doesn't underflow below POSTGRES_INT_MIN, which could cause integer wraparound i
 """
 
 import asyncio
+from typing import cast
 from uuid import uuid4
 
 import pytest
 from prisma.enums import CreditTransactionType
 from prisma.errors import UniqueViolationError
 from prisma.models import CreditTransaction, User, UserBalance
+from prisma.types import UserBalanceUpsertInput, UserCreateInput
 
 from backend.data.credit import POSTGRES_INT_MIN, UserCredit
 from backend.util.test import SpinTestServer
@@ -21,11 +23,14 @@ async def create_test_user(user_id: str) -> None:
     """Create a test user for underflow tests."""
     try:
         await User.prisma().create(
-            data={
-                "id": user_id,
-                "email": f"test-{user_id}@example.com",
-                "name": f"Test User {user_id[:8]}",
-            }
+            data=cast(
+                UserCreateInput,
+                {
+                    "id": user_id,
+                    "email": f"test-{user_id}@example.com",
+                    "name": f"Test User {user_id[:8]}",
+                },
+            )
         )
     except UniqueViolationError:
         # User already exists, continue
@@ -33,7 +38,10 @@ async def create_test_user(user_id: str) -> None:
 
     await UserBalance.prisma().upsert(
         where={"userId": user_id},
-        data={"create": {"userId": user_id, "balance": 0}, "update": {"balance": 0}},
+        data=cast(
+            UserBalanceUpsertInput,
+            {"create": {"userId": user_id, "balance": 0}, "update": {"balance": 0}},
+        ),
     )
 
 
@@ -70,10 +78,13 @@ async def test_debug_underflow_step_by_step(server: SpinTestServer):
 
         await UserBalance.prisma().upsert(
             where={"userId": user_id},
-            data={
-                "create": {"userId": user_id, "balance": initial_balance_target},
-                "update": {"balance": initial_balance_target},
-            },
+            data=cast(
+                UserBalanceUpsertInput,
+                {
+                    "create": {"userId": user_id, "balance": initial_balance_target},
+                    "update": {"balance": initial_balance_target},
+                },
+            ),
         )
 
         current_balance = await credit_system.get_credits(user_id)
@@ -110,10 +121,13 @@ async def test_debug_underflow_step_by_step(server: SpinTestServer):
         # Set balance to exactly POSTGRES_INT_MIN
         await UserBalance.prisma().upsert(
             where={"userId": user_id},
-            data={
-                "create": {"userId": user_id, "balance": POSTGRES_INT_MIN},
-                "update": {"balance": POSTGRES_INT_MIN},
-            },
+            data=cast(
+                UserBalanceUpsertInput,
+                {
+                    "create": {"userId": user_id, "balance": POSTGRES_INT_MIN},
+                    "update": {"balance": POSTGRES_INT_MIN},
+                },
+            ),
         )
 
         edge_balance = await credit_system.get_credits(user_id)
@@ -152,10 +166,13 @@ async def test_underflow_protection_large_refunds(server: SpinTestServer):
         test_balance = POSTGRES_INT_MIN + 1000
         await UserBalance.prisma().upsert(
             where={"userId": user_id},
-            data={
-                "create": {"userId": user_id, "balance": test_balance},
-                "update": {"balance": test_balance},
-            },
+            data=cast(
+                UserBalanceUpsertInput,
+                {
+                    "create": {"userId": user_id, "balance": test_balance},
+                    "update": {"balance": test_balance},
+                },
+            ),
         )
 
         current_balance = await credit_system.get_credits(user_id)
@@ -217,10 +234,13 @@ async def test_multiple_large_refunds_cumulative_underflow(server: SpinTestServe
         initial_balance = POSTGRES_INT_MIN + 500  # Close to minimum but with some room
         await UserBalance.prisma().upsert(
             where={"userId": user_id},
-            data={
-                "create": {"userId": user_id, "balance": initial_balance},
-                "update": {"balance": initial_balance},
-            },
+            data=cast(
+                UserBalanceUpsertInput,
+                {
+                    "create": {"userId": user_id, "balance": initial_balance},
+                    "update": {"balance": initial_balance},
+                },
+            ),
         )
 
         # Apply multiple refunds that would cumulatively underflow
@@ -295,10 +315,13 @@ async def test_concurrent_large_refunds_no_underflow(server: SpinTestServer):
         initial_balance = POSTGRES_INT_MIN + 1000  # Close to minimum
         await UserBalance.prisma().upsert(
             where={"userId": user_id},
-            data={
-                "create": {"userId": user_id, "balance": initial_balance},
-                "update": {"balance": initial_balance},
-            },
+            data=cast(
+                UserBalanceUpsertInput,
+                {
+                    "create": {"userId": user_id, "balance": initial_balance},
+                    "update": {"balance": initial_balance},
+                },
+            ),
         )
 
         async def large_refund(amount: int, label: str):

autogpt_platform/backend/backend/data/credit_user_balance_migration_test.py

@@ -9,11 +9,13 @@ This test ensures that:
 
 import asyncio
 from datetime import datetime
+from typing import cast
 
 import pytest
 from prisma.enums import CreditTransactionType
 from prisma.errors import UniqueViolationError
 from prisma.models import CreditTransaction, User, UserBalance
+from prisma.types import UserBalanceCreateInput, UserCreateInput
 
 from backend.data.credit import UsageTransactionMetadata, UserCredit
 from backend.util.json import SafeJson
@@ -24,11 +26,14 @@ async def create_test_user(user_id: str) -> None:
     """Create a test user for migration tests."""
     try:
         await User.prisma().create(
-            data={
-                "id": user_id,
-                "email": f"test-{user_id}@example.com",
-                "name": f"Test User {user_id[:8]}",
-            }
+            data=cast(
+                UserCreateInput,
+                {
+                    "id": user_id,
+                    "email": f"test-{user_id}@example.com",
+                    "name": f"Test User {user_id[:8]}",
+                },
+            )
         )
     except UniqueViolationError:
         # User already exists, continue
@@ -121,7 +126,9 @@ async def test_detect_stale_user_balance_queries(server: SpinTestServer):
     try:
         # Create UserBalance with specific value
         await UserBalance.prisma().create(
-            data={"userId": user_id, "balance": 5000}  # $50
+            data=cast(
+                UserBalanceCreateInput, {"userId": user_id, "balance": 5000}
+            )  # $50
         )
 
         # Verify that get_credits returns UserBalance value (5000), not any stale User.balance value
@@ -160,7 +167,9 @@ async def test_concurrent_operations_use_userbalance_only(server: SpinTestServer
 
     try:
         # Set initial balance in UserBalance
-        await UserBalance.prisma().create(data={"userId": user_id, "balance": 1000})
+        await UserBalance.prisma().create(
+            data=cast(UserBalanceCreateInput, {"userId": user_id, "balance": 1000})
+        )
 
         # Run concurrent operations to ensure they all use UserBalance atomic operations
         async def concurrent_spend(amount: int, label: str):

autogpt_platform/backend/backend/data/execution.py

@@ -5,6 +5,7 @@ from enum import Enum
 from multiprocessing import Manager
 from queue import Empty
 from typing import (
+    TYPE_CHECKING,
     Annotated,
     Any,
     AsyncGenerator,
@@ -27,6 +28,7 @@ from prisma.models import (
     AgentNodeExecutionKeyValueData,
 )
 from prisma.types import (
+    AgentGraphExecutionCreateInput,
     AgentGraphExecutionUpdateManyMutationInput,
     AgentGraphExecutionWhereInput,
     AgentNodeExecutionCreateInput,
@@ -34,7 +36,6 @@ from prisma.types import (
     AgentNodeExecutionKeyValueDataCreateInput,
     AgentNodeExecutionUpdateInput,
     AgentNodeExecutionWhereInput,
-    AgentNodeExecutionWhereUniqueInput,
 )
 from pydantic import BaseModel, ConfigDict, JsonValue, ValidationError
 from pydantic.fields import Field
@@ -65,6 +66,9 @@ from .includes import (
 )
 from .model import CredentialsMetaInput, GraphExecutionStats, NodeExecutionStats
 
+if TYPE_CHECKING:
+    pass
+
 T = TypeVar("T")
 
 logger = logging.getLogger(__name__)
@@ -705,37 +709,40 @@ async def create_graph_execution(
         The id of the AgentGraphExecution and the list of ExecutionResult for each node.
     """
     result = await AgentGraphExecution.prisma().create(
-        data={
-            "agentGraphId": graph_id,
-            "agentGraphVersion": graph_version,
-            "executionStatus": ExecutionStatus.INCOMPLETE,
-            "inputs": SafeJson(inputs),
-            "credentialInputs": (
-                SafeJson(credential_inputs) if credential_inputs else Json({})
-            ),
-            "nodesInputMasks": (
-                SafeJson(nodes_input_masks) if nodes_input_masks else Json({})
-            ),
-            "NodeExecutions": {
-                "create": [
-                    AgentNodeExecutionCreateInput(
-                        agentNodeId=node_id,
-                        executionStatus=ExecutionStatus.QUEUED,
-                        queuedTime=datetime.now(tz=timezone.utc),
-                        Input={
-                            "create": [
-                                {"name": name, "data": SafeJson(data)}
-                                for name, data in node_input.items()
-                            ]
-                        },
-                    )
-                    for node_id, node_input in starting_nodes_input
-                ]
+        data=cast(
+            AgentGraphExecutionCreateInput,
+            {
+                "agentGraphId": graph_id,
+                "agentGraphVersion": graph_version,
+                "executionStatus": ExecutionStatus.INCOMPLETE,
+                "inputs": SafeJson(inputs),
+                "credentialInputs": (
+                    SafeJson(credential_inputs) if credential_inputs else Json({})
+                ),
+                "nodesInputMasks": (
+                    SafeJson(nodes_input_masks) if nodes_input_masks else Json({})
+                ),
+                "NodeExecutions": {
+                    "create": [
+                        AgentNodeExecutionCreateInput(
+                            agentNodeId=node_id,
+                            executionStatus=ExecutionStatus.QUEUED,
+                            queuedTime=datetime.now(tz=timezone.utc),
+                            Input={
+                                "create": [
+                                    {"name": name, "data": SafeJson(data)}
+                                    for name, data in node_input.items()
+                                ]
+                            },
+                        )
+                        for node_id, node_input in starting_nodes_input
+                    ]
+                },
+                "userId": user_id,
+                "agentPresetId": preset_id,
+                "parentGraphExecutionId": parent_graph_exec_id,
             },
-            "userId": user_id,
-            "agentPresetId": preset_id,
-            "parentGraphExecutionId": parent_graph_exec_id,
-        },
+        ),
         include=GRAPH_EXECUTION_INCLUDE_WITH_NODES,
     )
 
@@ -827,15 +834,42 @@ async def upsert_execution_output(
     """
     Insert AgentNodeExecutionInputOutput record for as one of AgentNodeExecution.Output.
     """
-    data: AgentNodeExecutionInputOutputCreateInput = {
-        "name": output_name,
-        "referencedByOutputExecId": node_exec_id,
-    }
+    data: AgentNodeExecutionInputOutputCreateInput = cast(
+        AgentNodeExecutionInputOutputCreateInput,
+        {
+            "name": output_name,
+            "referencedByOutputExecId": node_exec_id,
+        },
+    )
     if output_data is not None:
         data["data"] = SafeJson(output_data)
     await AgentNodeExecutionInputOutput.prisma().create(data=data)
 
 
+async def get_execution_outputs_by_node_exec_id(
+    node_exec_id: str,
+) -> dict[str, Any]:
+    """
+    Get all execution outputs for a specific node execution ID.
+
+    Args:
+        node_exec_id: The node execution ID to get outputs for
+
+    Returns:
+        Dictionary mapping output names to their data values
+    """
+    outputs = await AgentNodeExecutionInputOutput.prisma().find_many(
+        where={"referencedByOutputExecId": node_exec_id}
+    )
+
+    result = {}
+    for output in outputs:
+        if output.data is not None:
+            result[output.name] = type_utils.convert(output.data, JsonValue)
+
+    return result
+
+
 async def update_graph_execution_start_time(
     graph_exec_id: str,
 ) -> GraphExecution | None:
@@ -946,25 +980,30 @@ async def update_node_execution_status(
             f"Invalid status transition: {status} has no valid source statuses"
         )
 
-    if res := await AgentNodeExecution.prisma().update(
-        where=cast(
-            AgentNodeExecutionWhereUniqueInput,
-            {
-                "id": node_exec_id,
-                "executionStatus": {"in": [s.value for s in allowed_from]},
-            },
-        ),
+    # First verify the current status allows this transition
+    current_exec = await AgentNodeExecution.prisma().find_unique(
+        where={"id": node_exec_id}, include=EXECUTION_RESULT_INCLUDE
+    )
+
+    if not current_exec:
+        raise ValueError(f"Execution {node_exec_id} not found.")
+
+    # Check if current status allows the requested transition
+    if current_exec.executionStatus not in allowed_from:
+        # Status transition not allowed, return current state without updating
+        return NodeExecutionResult.from_db(current_exec)
+
+    # Status transition is valid, perform the update
+    updated_exec = await AgentNodeExecution.prisma().update(
+        where={"id": node_exec_id},
         data=_get_update_status_data(status, execution_data, stats),
         include=EXECUTION_RESULT_INCLUDE,
-    ):
-        return NodeExecutionResult.from_db(res)
+    )
 
-    if res := await AgentNodeExecution.prisma().find_unique(
-        where={"id": node_exec_id}, include=EXECUTION_RESULT_INCLUDE
-    ):
-        return NodeExecutionResult.from_db(res)
+    if not updated_exec:
+        raise ValueError(f"Failed to update execution {node_exec_id}.")
 
-    raise ValueError(f"Execution {node_exec_id} not found.")
+    return NodeExecutionResult.from_db(updated_exec)
 
 
 def _get_update_status_data(
@@ -1465,3 +1504,35 @@ async def get_graph_execution_by_share_token(
         created_at=execution.createdAt,
         outputs=outputs,
     )
+
+
+async def get_frequently_executed_graphs(
+    days_back: int = 30,
+    min_executions: int = 10,
+) -> list[dict]:
+    """Get graphs that have been frequently executed for monitoring."""
+    query_template = """
+    SELECT DISTINCT 
+        e."agentGraphId" as graph_id,
+        e."userId" as user_id,
+        COUNT(*) as execution_count
+    FROM {schema_prefix}"AgentGraphExecution" e
+    WHERE e."createdAt" >= $1::timestamp
+        AND e."isDeleted" = false
+        AND e."executionStatus" IN ('COMPLETED', 'FAILED', 'TERMINATED')
+    GROUP BY e."agentGraphId", e."userId"
+    HAVING COUNT(*) >= $2
+    ORDER BY execution_count DESC
+    """
+
+    start_date = datetime.now(timezone.utc) - timedelta(days=days_back)
+    result = await query_raw_with_schema(query_template, start_date, min_executions)
+
+    return [
+        {
+            "graph_id": row["graph_id"],
+            "user_id": row["user_id"],
+            "execution_count": int(row["execution_count"]),
+        }
+        for row in result
+    ]

autogpt_platform/backend/backend/data/human_review.py

@@ -6,11 +6,11 @@ Handles all database operations for pending human reviews.
 import asyncio
 import logging
 from datetime import datetime, timezone
-from typing import Optional
+from typing import Optional, cast
 
 from prisma.enums import ReviewStatus
 from prisma.models import PendingHumanReview
-from prisma.types import PendingHumanReviewUpdateInput
+from prisma.types import PendingHumanReviewUpdateInput, PendingHumanReviewUpsertInput
 from pydantic import BaseModel
 
 from backend.server.v2.executions.review.model import (
@@ -66,20 +66,23 @@ async def get_or_create_human_review(
         # Upsert - get existing or create new review
         review = await PendingHumanReview.prisma().upsert(
             where={"nodeExecId": node_exec_id},
-            data={
-                "create": {
-                    "userId": user_id,
-                    "nodeExecId": node_exec_id,
-                    "graphExecId": graph_exec_id,
-                    "graphId": graph_id,
-                    "graphVersion": graph_version,
-                    "payload": SafeJson(input_data),
-                    "instructions": message,
-                    "editable": editable,
-                    "status": ReviewStatus.WAITING,
+            data=cast(
+                PendingHumanReviewUpsertInput,
+                {
+                    "create": {
+                        "userId": user_id,
+                        "nodeExecId": node_exec_id,
+                        "graphExecId": graph_exec_id,
+                        "graphId": graph_id,
+                        "graphVersion": graph_version,
+                        "payload": SafeJson(input_data),
+                        "instructions": message,
+                        "editable": editable,
+                        "status": ReviewStatus.WAITING,
+                    },
+                    "update": {},  # Do nothing on update - keep existing review as is
                 },
-                "update": {},  # Do nothing on update - keep existing review as is
-            },
+            ),
         )
 
         logger.info(
@@ -100,7 +103,7 @@ async def get_or_create_human_review(
         return None
     else:
         return ReviewResult(
-            data=review.payload if review.status == ReviewStatus.APPROVED else None,
+            data=review.payload,
             status=review.status,
             message=review.reviewMessage or "",
             processed=review.processed,

autogpt_platform/backend/backend/data/model.py

@@ -22,7 +22,7 @@ from typing import (
 from urllib.parse import urlparse
 from uuid import uuid4
 
-from prisma.enums import CreditTransactionType
+from prisma.enums import CreditTransactionType, OnboardingStep
 from pydantic import (
     BaseModel,
     ConfigDict,
@@ -868,3 +868,20 @@ class UserExecutionSummaryStats(BaseModel):
     total_execution_time: float = Field(default=0)
     average_execution_time: float = Field(default=0)
     cost_breakdown: dict[str, float] = Field(default_factory=dict)
+
+
+class UserOnboarding(BaseModel):
+    userId: str
+    completedSteps: list[OnboardingStep]
+    walletShown: bool
+    notified: list[OnboardingStep]
+    rewardedFor: list[OnboardingStep]
+    usageReason: Optional[str]
+    integrations: list[str]
+    otherIntegrations: Optional[str]
+    selectedStoreListingVersionId: Optional[str]
+    agentInput: Optional[dict[str, Any]]
+    onboardingAgentExecutionId: Optional[str]
+    agentRuns: int
+    lastRunAt: Optional[datetime]
+    consecutiveRunDays: int

autogpt_platform/backend/backend/data/notification_bus.py

@@ -2,7 +2,7 @@ from __future__ import annotations
 
 from typing import AsyncGenerator
 
-from pydantic import BaseModel
+from pydantic import BaseModel, field_serializer
 
 from backend.data.event_bus import AsyncRedisEventBus
 from backend.server.model import NotificationPayload
@@ -15,6 +15,11 @@ class NotificationEvent(BaseModel):
     user_id: str
     payload: NotificationPayload
 
+    @field_serializer("payload")
+    def serialize_payload(self, payload: NotificationPayload):
+        """Ensure extra fields survive Redis serialization."""
+        return payload.model_dump()
+
 
 class AsyncRedisNotificationEventBus(AsyncRedisEventBus[NotificationEvent]):
     Model = NotificationEvent  # type: ignore

autogpt_platform/backend/backend/data/onboarding.py

@@ -1,24 +1,30 @@
 import re
-from datetime import datetime
-from typing import Any, Optional
+from datetime import datetime, timedelta, timezone
+from typing import Any, Literal, Optional, cast
+from zoneinfo import ZoneInfo
 
 import prisma
 import pydantic
 from prisma.enums import OnboardingStep
 from prisma.models import UserOnboarding
-from prisma.types import UserOnboardingCreateInput, UserOnboardingUpdateInput
+from prisma.types import (
+    UserOnboardingCreateInput,
+    UserOnboardingUpdateInput,
+    UserOnboardingUpsertInput,
+)
 
-from backend.data.block import get_blocks
+from backend.data import execution as execution_db
 from backend.data.credit import get_user_credit_model
-from backend.data.model import CredentialsMetaInput
 from backend.data.notification_bus import (
     AsyncRedisNotificationEventBus,
     NotificationEvent,
 )
+from backend.data.user import get_user_by_id
 from backend.server.model import OnboardingNotificationPayload
 from backend.server.v2.store.model import StoreAgentDetails
 from backend.util.cache import cached
 from backend.util.json import SafeJson
+from backend.util.timezone_utils import get_user_timezone_or_utc
 
 # Mapping from user reason id to categories to search for when choosing agent to show
 REASON_MAPPING: dict[str, list[str]] = {
@@ -31,9 +37,20 @@ REASON_MAPPING: dict[str, list[str]] = {
 POINTS_AGENT_COUNT = 50  # Number of agents to calculate points for
 MIN_AGENT_COUNT = 2  # Minimum number of marketplace agents to enable onboarding
 
+FrontendOnboardingStep = Literal[
+    OnboardingStep.WELCOME,
+    OnboardingStep.USAGE_REASON,
+    OnboardingStep.INTEGRATIONS,
+    OnboardingStep.AGENT_CHOICE,
+    OnboardingStep.AGENT_NEW_RUN,
+    OnboardingStep.AGENT_INPUT,
+    OnboardingStep.CONGRATS,
+    OnboardingStep.MARKETPLACE_VISIT,
+    OnboardingStep.BUILDER_OPEN,
+]
+
 
 class UserOnboardingUpdate(pydantic.BaseModel):
-    completedSteps: Optional[list[OnboardingStep]] = None
     walletShown: Optional[bool] = None
     notified: Optional[list[OnboardingStep]] = None
     usageReason: Optional[str] = None
@@ -42,9 +59,6 @@ class UserOnboardingUpdate(pydantic.BaseModel):
     selectedStoreListingVersionId: Optional[str] = None
     agentInput: Optional[dict[str, Any]] = None
     onboardingAgentExecutionId: Optional[str] = None
-    agentRuns: Optional[int] = None
-    lastRunAt: Optional[datetime] = None
-    consecutiveRunDays: Optional[int] = None
 
 
 async def get_user_onboarding(user_id: str):
@@ -83,14 +97,6 @@ async def reset_user_onboarding(user_id: str):
 async def update_user_onboarding(user_id: str, data: UserOnboardingUpdate):
     update: UserOnboardingUpdateInput = {}
     onboarding = await get_user_onboarding(user_id)
-    if data.completedSteps is not None:
-        update["completedSteps"] = list(
-            set(data.completedSteps + onboarding.completedSteps)
-        )
-        for step in data.completedSteps:
-            if step not in onboarding.completedSteps:
-                await _reward_user(user_id, onboarding, step)
-                await _send_onboarding_notification(user_id, step)
     if data.walletShown:
         update["walletShown"] = data.walletShown
     if data.notified is not None:
@@ -107,19 +113,16 @@ async def update_user_onboarding(user_id: str, data: UserOnboardingUpdate):
         update["agentInput"] = SafeJson(data.agentInput)
     if data.onboardingAgentExecutionId is not None:
         update["onboardingAgentExecutionId"] = data.onboardingAgentExecutionId
-    if data.agentRuns is not None and data.agentRuns > onboarding.agentRuns:
-        update["agentRuns"] = data.agentRuns
-    if data.lastRunAt is not None:
-        update["lastRunAt"] = data.lastRunAt
-    if data.consecutiveRunDays is not None:
-        update["consecutiveRunDays"] = data.consecutiveRunDays
 
     return await UserOnboarding.prisma().upsert(
         where={"userId": user_id},
-        data={
-            "create": {"userId": user_id, **update},
-            "update": update,
-        },
+        data=cast(
+            UserOnboardingUpsertInput,
+            {
+                "create": {"userId": user_id, **update},
+                "update": update,
+            },
+        ),
     )
 
 
@@ -161,14 +164,12 @@ async def _reward_user(user_id: str, onboarding: UserOnboarding, step: Onboardin
     if step in onboarding.rewardedFor:
         return
 
-    onboarding.rewardedFor.append(step)
     user_credit_model = await get_user_credit_model(user_id)
     await user_credit_model.onboarding_reward(user_id, reward, step)
     await UserOnboarding.prisma().update(
         where={"userId": user_id},
         data={
-            "completedSteps": list(set(onboarding.completedSteps + [step])),
-            "rewardedFor": onboarding.rewardedFor,
+            "rewardedFor": list(set(onboarding.rewardedFor + [step])),
         },
     )
 
@@ -177,31 +178,52 @@ async def complete_onboarding_step(user_id: str, step: OnboardingStep):
     """
     Completes the specified onboarding step for the user if not already completed.
     """
-
     onboarding = await get_user_onboarding(user_id)
     if step not in onboarding.completedSteps:
-        await update_user_onboarding(
-            user_id,
-            UserOnboardingUpdate(completedSteps=onboarding.completedSteps + [step]),
+        await UserOnboarding.prisma().update(
+            where={"userId": user_id},
+            data={
+                "completedSteps": list(set(onboarding.completedSteps + [step])),
+            },
         )
+        await _reward_user(user_id, onboarding, step)
         await _send_onboarding_notification(user_id, step)
 
 
-async def _send_onboarding_notification(user_id: str, step: OnboardingStep):
+async def _send_onboarding_notification(
+    user_id: str, step: OnboardingStep | None, event: str = "step_completed"
+):
     """
-    Sends an onboarding notification to the user for the specified step.
+    Sends an onboarding notification to the user.
     """
     payload = OnboardingNotificationPayload(
         type="onboarding",
-        event="step_completed",
-        step=step.value,
+        event=event,
+        step=step,
     )
     await AsyncRedisNotificationEventBus().publish(
         NotificationEvent(user_id=user_id, payload=payload)
     )
 
 
-def clean_and_split(text: str) -> list[str]:
+async def complete_re_run_agent(user_id: str, graph_id: str) -> None:
+    """
+    Complete RE_RUN_AGENT step when a user runs a graph they've run before.
+    Keeps overhead low by only counting executions if the step is still pending.
+    """
+    onboarding = await get_user_onboarding(user_id)
+    if OnboardingStep.RE_RUN_AGENT in onboarding.completedSteps:
+        return
+
+    # Includes current execution, so count > 1 means there was at least one prior run.
+    previous_exec_count = await execution_db.get_graph_executions_count(
+        user_id=user_id, graph_id=graph_id
+    )
+    if previous_exec_count > 1:
+        await complete_onboarding_step(user_id, OnboardingStep.RE_RUN_AGENT)
+
+
+def _clean_and_split(text: str) -> list[str]:
     """
     Removes all special characters from a string, truncates it to 100 characters,
     and splits it by whitespace and commas.
@@ -224,7 +246,7 @@ def clean_and_split(text: str) -> list[str]:
     return words
 
 
-def calculate_points(
+def _calculate_points(
     agent, categories: list[str], custom: list[str], integrations: list[str]
 ) -> int:
     """
@@ -268,18 +290,85 @@ def calculate_points(
     return int(points)
 
 
-def get_credentials_blocks() -> dict[str, str]:
-    # Returns a dictionary of block id to credentials field name
-    creds: dict[str, str] = {}
-    blocks = get_blocks()
-    for id, block in blocks.items():
-        for field_name, field_info in block().input_schema.model_fields.items():
-            if field_info.annotation == CredentialsMetaInput:
-                creds[id] = field_name
-    return creds
+def _normalize_datetime(value: datetime | None) -> datetime | None:
+    if value is None:
+        return None
+    if value.tzinfo is None:
+        return value.replace(tzinfo=timezone.utc)
+    return value.astimezone(timezone.utc)
 
 
-CREDENTIALS_FIELDS: dict[str, str] = get_credentials_blocks()
+def _calculate_consecutive_run_days(
+    last_run_at: datetime | None, current_consecutive_days: int, user_timezone: str
+) -> tuple[datetime, int]:
+    tz = ZoneInfo(user_timezone)
+    local_now = datetime.now(tz)
+    normalized_last_run = _normalize_datetime(last_run_at)
+
+    if normalized_last_run is None:
+        return local_now.astimezone(timezone.utc), 1
+
+    last_run_local = normalized_last_run.astimezone(tz)
+    last_run_date = last_run_local.date()
+    today = local_now.date()
+
+    if last_run_date == today:
+        return local_now.astimezone(timezone.utc), current_consecutive_days
+
+    if last_run_date == today - timedelta(days=1):
+        return local_now.astimezone(timezone.utc), current_consecutive_days + 1
+
+    return local_now.astimezone(timezone.utc), 1
+
+
+def _get_run_milestone_steps(
+    new_run_count: int, consecutive_days: int
+) -> list[OnboardingStep]:
+    milestones: list[OnboardingStep] = []
+    if new_run_count >= 10:
+        milestones.append(OnboardingStep.RUN_AGENTS)
+    if new_run_count >= 100:
+        milestones.append(OnboardingStep.RUN_AGENTS_100)
+    if consecutive_days >= 3:
+        milestones.append(OnboardingStep.RUN_3_DAYS)
+    if consecutive_days >= 14:
+        milestones.append(OnboardingStep.RUN_14_DAYS)
+    return milestones
+
+
+async def _get_user_timezone(user_id: str) -> str:
+    user = await get_user_by_id(user_id)
+    return get_user_timezone_or_utc(user.timezone if user else None)
+
+
+async def increment_runs(user_id: str):
+    """
+    Increment a user's run counters and trigger any onboarding milestones.
+    """
+    user_timezone = await _get_user_timezone(user_id)
+    onboarding = await get_user_onboarding(user_id)
+    new_run_count = onboarding.agentRuns + 1
+    last_run_at, consecutive_run_days = _calculate_consecutive_run_days(
+        onboarding.lastRunAt, onboarding.consecutiveRunDays, user_timezone
+    )
+
+    await UserOnboarding.prisma().update(
+        where={"userId": user_id},
+        data={
+            "agentRuns": {"increment": 1},
+            "lastRunAt": last_run_at,
+            "consecutiveRunDays": consecutive_run_days,
+        },
+    )
+
+    milestones = _get_run_milestone_steps(new_run_count, consecutive_run_days)
+    new_steps = [step for step in milestones if step not in onboarding.completedSteps]
+
+    for step in new_steps:
+        await complete_onboarding_step(user_id, step)
+    # Send progress notification if no steps were completed, so client refetches onboarding state
+    if not new_steps:
+        await _send_onboarding_notification(user_id, None, event="increment_runs")
 
 
 async def get_recommended_agents(user_id: str) -> list[StoreAgentDetails]:
@@ -288,7 +377,7 @@ async def get_recommended_agents(user_id: str) -> list[StoreAgentDetails]:
 
     where_clause: dict[str, Any] = {}
 
-    custom = clean_and_split((user_onboarding.usageReason or "").lower())
+    custom = _clean_and_split((user_onboarding.usageReason or "").lower())
 
     if categories:
         where_clause["OR"] = [
@@ -336,7 +425,7 @@ async def get_recommended_agents(user_id: str) -> list[StoreAgentDetails]:
     # Calculate points for the first X agents and choose the top 2
     agent_points = []
     for agent in storeAgents[:POINTS_AGENT_COUNT]:
-        points = calculate_points(
+        points = _calculate_points(
             agent, categories, custom, user_onboarding.integrations
         )
         agent_points.append((agent, points))
@@ -350,6 +439,7 @@ async def get_recommended_agents(user_id: str) -> list[StoreAgentDetails]:
             slug=agent.slug,
             agent_name=agent.agent_name,
             agent_video=agent.agent_video or "",
+            agent_output_demo=agent.agent_output_demo or "",
             agent_image=agent.agent_image,
             creator=agent.creator_username,
             creator_avatar=agent.creator_avatar,

autogpt_platform/backend/backend/executor/database.py

@@ -3,12 +3,18 @@ from contextlib import asynccontextmanager
 from typing import TYPE_CHECKING, Callable, Concatenate, ParamSpec, TypeVar, cast
 
 from backend.data import db
+from backend.data.analytics import (
+    get_accuracy_trends_and_alerts,
+    get_marketplace_graphs_for_monitoring,
+)
 from backend.data.credit import UsageTransactionMetadata, get_user_credit_model
 from backend.data.execution import (
     create_graph_execution,
     get_block_error_stats,
     get_child_graph_executions,
     get_execution_kv_data,
+    get_execution_outputs_by_node_exec_id,
+    get_frequently_executed_graphs,
     get_graph_execution_meta,
     get_graph_executions,
     get_graph_executions_count,
@@ -142,9 +148,13 @@ class DatabaseManager(AppService):
     update_graph_execution_stats = _(update_graph_execution_stats)
     upsert_execution_input = _(upsert_execution_input)
     upsert_execution_output = _(upsert_execution_output)
+    get_execution_outputs_by_node_exec_id = _(get_execution_outputs_by_node_exec_id)
     get_execution_kv_data = _(get_execution_kv_data)
     set_execution_kv_data = _(set_execution_kv_data)
     get_block_error_stats = _(get_block_error_stats)
+    get_accuracy_trends_and_alerts = _(get_accuracy_trends_and_alerts)
+    get_frequently_executed_graphs = _(get_frequently_executed_graphs)
+    get_marketplace_graphs_for_monitoring = _(get_marketplace_graphs_for_monitoring)
 
     # Graphs
     get_node = _(get_node)
@@ -226,6 +236,10 @@ class DatabaseManagerClient(AppServiceClient):
 
     # Block error monitoring
     get_block_error_stats = _(d.get_block_error_stats)
+    # Execution accuracy monitoring
+    get_accuracy_trends_and_alerts = _(d.get_accuracy_trends_and_alerts)
+    get_frequently_executed_graphs = _(d.get_frequently_executed_graphs)
+    get_marketplace_graphs_for_monitoring = _(d.get_marketplace_graphs_for_monitoring)
 
     # Human In The Loop
     has_pending_reviews_for_graph_exec = _(d.has_pending_reviews_for_graph_exec)
@@ -265,6 +279,7 @@ class DatabaseManagerAsyncClient(AppServiceClient):
     get_user_integrations = d.get_user_integrations
     upsert_execution_input = d.upsert_execution_input
     upsert_execution_output = d.upsert_execution_output
+    get_execution_outputs_by_node_exec_id = d.get_execution_outputs_by_node_exec_id
     update_graph_execution_stats = d.update_graph_execution_stats
     update_node_execution_status = d.update_node_execution_status
     update_node_execution_status_batch = d.update_node_execution_status_batch

autogpt_platform/backend/backend/executor/manager.py

@@ -133,9 +133,8 @@ def execute_graph(
     cluster_lock: ClusterLock,
 ):
     """Execute graph using thread-local ExecutionProcessor instance"""
-    return _tls.processor.on_graph_execution(
-        graph_exec_entry, cancel_event, cluster_lock
-    )
+    processor: ExecutionProcessor = _tls.processor
+    return processor.on_graph_execution(graph_exec_entry, cancel_event, cluster_lock)
 
 
 T = TypeVar("T")
@@ -143,8 +142,8 @@ T = TypeVar("T")
 
 async def execute_node(
     node: Node,
-    creds_manager: IntegrationCredentialsManager,
     data: NodeExecutionEntry,
+    execution_processor: "ExecutionProcessor",
     execution_stats: NodeExecutionStats | None = None,
     nodes_input_masks: Optional[NodesInputMasks] = None,
 ) -> BlockOutput:
@@ -169,6 +168,7 @@ async def execute_node(
     node_id = data.node_id
     node_block = node.block
     execution_context = data.execution_context
+    creds_manager = execution_processor.creds_manager
 
     log_metadata = LogMetadata(
         logger=_logger,
@@ -212,6 +212,7 @@ async def execute_node(
         "node_exec_id": node_exec_id,
         "user_id": user_id,
         "execution_context": execution_context,
+        "execution_processor": execution_processor,
     }
 
     # Last-minute fetch credentials + acquire a system-wide read-write lock to prevent
@@ -608,8 +609,8 @@ class ExecutionProcessor:
 
             async for output_name, output_data in execute_node(
                 node=node,
-                creds_manager=self.creds_manager,
                 data=node_exec,
+                execution_processor=self,
                 execution_stats=stats,
                 nodes_input_masks=nodes_input_masks,
             ):
@@ -860,12 +861,17 @@ class ExecutionProcessor:
         execution_stats_lock = threading.Lock()
 
         # State holders ----------------------------------------------------
-        running_node_execution: dict[str, NodeExecutionProgress] = defaultdict(
+        self.running_node_execution: dict[str, NodeExecutionProgress] = defaultdict(
             NodeExecutionProgress
         )
-        running_node_evaluation: dict[str, Future] = {}
+        self.running_node_evaluation: dict[str, Future] = {}
+        self.execution_stats = execution_stats
+        self.execution_stats_lock = execution_stats_lock
         execution_queue = ExecutionQueue[NodeExecutionEntry]()
 
+        running_node_execution = self.running_node_execution
+        running_node_evaluation = self.running_node_evaluation
+
         try:
             if db_client.get_credits(graph_exec.user_id) <= 0:
                 raise InsufficientBalanceError(

autogpt_platform/backend/backend/executor/scheduler.py

@@ -23,15 +23,18 @@ from dotenv import load_dotenv
 from pydantic import BaseModel, Field, ValidationError
 from sqlalchemy import MetaData, create_engine
 
+from backend.data.auth.oauth import cleanup_expired_oauth_tokens
 from backend.data.block import BlockInput
 from backend.data.execution import GraphExecutionWithNodes
 from backend.data.model import CredentialsMetaInput
+from backend.data.onboarding import increment_runs
 from backend.executor import utils as execution_utils
 from backend.monitoring import (
     NotificationJobArgs,
     process_existing_batches,
     process_weekly_summary,
     report_block_error_rates,
+    report_execution_accuracy_alerts,
     report_late_executions,
 )
 from backend.util.clients import get_scheduler_client
@@ -153,6 +156,7 @@ async def _execute_graph(**kwargs):
             inputs=args.input_data,
             graph_credentials_inputs=args.input_credentials,
         )
+        await increment_runs(args.user_id)
         elapsed = asyncio.get_event_loop().time() - start_time
         logger.info(
             f"Graph execution started with ID {graph_exec.id} for graph {args.graph_id} "
@@ -239,6 +243,17 @@ def cleanup_expired_files():
     run_async(cleanup_expired_files_async())
 
 
+def cleanup_oauth_tokens():
+    """Clean up expired OAuth tokens from the database."""
+    # Wait for completion
+    run_async(cleanup_expired_oauth_tokens())
+
+
+def execution_accuracy_alerts():
+    """Check execution accuracy and send alerts if drops are detected."""
+    return report_execution_accuracy_alerts()
+
+
 # Monitoring functions are now imported from monitoring module
 
 
@@ -438,6 +453,28 @@ class Scheduler(AppService):
                 jobstore=Jobstores.EXECUTION.value,
             )
 
+            # OAuth Token Cleanup - configurable interval
+            self.scheduler.add_job(
+                cleanup_oauth_tokens,
+                id="cleanup_oauth_tokens",
+                trigger="interval",
+                replace_existing=True,
+                seconds=config.oauth_token_cleanup_interval_hours
+                * 3600,  # Convert hours to seconds
+                jobstore=Jobstores.EXECUTION.value,
+            )
+
+            # Execution Accuracy Monitoring - configurable interval
+            self.scheduler.add_job(
+                execution_accuracy_alerts,
+                id="report_execution_accuracy_alerts",
+                trigger="interval",
+                replace_existing=True,
+                seconds=config.execution_accuracy_check_interval_hours
+                * 3600,  # Convert hours to seconds
+                jobstore=Jobstores.EXECUTION.value,
+            )
+
         self.scheduler.add_listener(job_listener, EVENT_JOB_EXECUTED | EVENT_JOB_ERROR)
         self.scheduler.add_listener(job_missed_listener, EVENT_JOB_MISSED)
         self.scheduler.add_listener(job_max_instances_listener, EVENT_JOB_MAX_INSTANCES)
@@ -585,6 +622,16 @@ class Scheduler(AppService):
         """Manually trigger cleanup of expired cloud storage files."""
         return cleanup_expired_files()
 
+    @expose
+    def execute_cleanup_oauth_tokens(self):
+        """Manually trigger cleanup of expired OAuth tokens."""
+        return cleanup_oauth_tokens()
+
+    @expose
+    def execute_report_execution_accuracy_alerts(self):
+        """Manually trigger execution accuracy alert checking."""
+        return execution_accuracy_alerts()
+
 
 class SchedulerClient(AppServiceClient):
     @classmethod

autogpt_platform/backend/backend/integrations/webhooks/_manual_base.py

@@ -18,7 +18,9 @@ class ManualWebhookManagerBase(BaseWebhooksManager[WT]):
         ingress_url: str,
         secret: str,
     ) -> tuple[str, dict]:
-        print(ingress_url)  # FIXME: pass URL to user in front end
+        # TODO: pass ingress_url to user in frontend
+        # See: https://github.com/Significant-Gravitas/AutoGPT/issues/8537
+        logger.debug(f"Manual webhook registered with ingress URL: {ingress_url}")
 
         return "", {}
 

autogpt_platform/backend/backend/monitoring/__init__.py

@@ -1,5 +1,6 @@
 """Monitoring module for platform health and alerting."""
 
+from .accuracy_monitor import AccuracyMonitor, report_execution_accuracy_alerts
 from .block_error_monitor import BlockErrorMonitor, report_block_error_rates
 from .late_execution_monitor import (
     LateExecutionException,
@@ -13,10 +14,12 @@ from .notification_monitor import (
 )
 
 __all__ = [
+    "AccuracyMonitor",
     "BlockErrorMonitor",
     "LateExecutionMonitor",
     "LateExecutionException",
     "NotificationJobArgs",
+    "report_execution_accuracy_alerts",
     "report_block_error_rates",
     "report_late_executions",
     "process_existing_batches",

autogpt_platform/backend/backend/monitoring/accuracy_monitor.py

@@ -0,0 +1,107 @@
+"""Execution accuracy monitoring module."""
+
+import logging
+
+from backend.util.clients import (
+    get_database_manager_client,
+    get_notification_manager_client,
+)
+from backend.util.metrics import DiscordChannel, sentry_capture_error
+from backend.util.settings import Config
+
+logger = logging.getLogger(__name__)
+config = Config()
+
+
+class AccuracyMonitor:
+    """Monitor execution accuracy trends and send alerts for drops."""
+
+    def __init__(self, drop_threshold: float = 10.0):
+        self.config = config
+        self.notification_client = get_notification_manager_client()
+        self.database_client = get_database_manager_client()
+        self.drop_threshold = drop_threshold
+
+    def check_execution_accuracy_alerts(self) -> str:
+        """Check marketplace agents for accuracy drops and send alerts."""
+        try:
+            logger.info("Checking execution accuracy for marketplace agents")
+
+            # Get marketplace graphs using database client
+            graphs = self.database_client.get_marketplace_graphs_for_monitoring(
+                days_back=30, min_executions=10
+            )
+
+            alerts_found = 0
+
+            for graph_data in graphs:
+                result = self.database_client.get_accuracy_trends_and_alerts(
+                    graph_id=graph_data.graph_id,
+                    user_id=graph_data.user_id,
+                    days_back=21,  # 3 weeks
+                    drop_threshold=self.drop_threshold,
+                )
+
+                if result.alert:
+                    alert = result.alert
+
+                    # Get graph details for better alert info
+                    try:
+                        graph_info = self.database_client.get_graph_metadata(
+                            graph_id=alert.graph_id
+                        )
+                        graph_name = graph_info.name if graph_info else "Unknown Agent"
+                    except Exception:
+                        graph_name = "Unknown Agent"
+
+                    # Create detailed alert message
+                    alert_msg = (
+                        f"🚨 **AGENT ACCURACY DROP DETECTED**\n\n"
+                        f"**Agent:** {graph_name}\n"
+                        f"**Graph ID:** `{alert.graph_id}`\n"
+                        f"**Accuracy Drop:** {alert.drop_percent:.1f}%\n"
+                        f"**Recent Performance:**\n"
+                        f"  • 3-day average: {alert.three_day_avg:.1f}%\n"
+                        f"  • 7-day average: {alert.seven_day_avg:.1f}%\n"
+                    )
+
+                    if alert.user_id:
+                        alert_msg += f"**Owner:** {alert.user_id}\n"
+
+                    # Send individual alert for each agent (not batched)
+                    self.notification_client.discord_system_alert(
+                        alert_msg, DiscordChannel.PRODUCT
+                    )
+                    alerts_found += 1
+                    logger.warning(
+                        f"Sent accuracy alert for agent: {graph_name} ({alert.graph_id})"
+                    )
+
+            if alerts_found > 0:
+                return f"Alert sent for {alerts_found} agents with accuracy drops"
+
+            logger.info("No execution accuracy alerts detected")
+            return "No accuracy alerts detected"
+
+        except Exception as e:
+            logger.exception(f"Error checking execution accuracy alerts: {e}")
+
+            error = Exception(f"Error checking execution accuracy alerts: {e}")
+            msg = str(error)
+            sentry_capture_error(error)
+            self.notification_client.discord_system_alert(msg, DiscordChannel.PRODUCT)
+            return msg
+
+
+def report_execution_accuracy_alerts(drop_threshold: float = 10.0) -> str:
+    """
+    Check execution accuracy and send alerts if drops are detected.
+
+    Args:
+        drop_threshold: Percentage drop threshold to trigger alerts (default 10.0%)
+
+    Returns:
+        Status message indicating results of the check
+    """
+    monitor = AccuracyMonitor(drop_threshold=drop_threshold)
+    return monitor.check_execution_accuracy_alerts()

autogpt_platform/backend/backend/notifications/templates/refund_request.html.jinja2

@@ -49,11 +49,10 @@
     </p>
     <ol style="margin-bottom: 10px;">
       <li>
-        Visit the Supabase Dashboard:
-        https://supabase.com/dashboard/project/bgwpwdsxblryihinutbx/editor
+        Connect to the database using your preferred database client.
       </li>
       <li>
-        Navigate to the <strong>RefundRequest</strong> table.
+        Navigate to the <strong>RefundRequest</strong> table in the <strong>platform</strong> schema.
       </li>
       <li>
         Filter the <code>transactionKey</code> column with the Transaction ID: <strong>{{ data.transaction_id }}</strong>.

autogpt_platform/backend/backend/sdk/__init__.py

@@ -6,7 +6,7 @@ Usage: from backend.sdk import *
 
 This module provides:
 - All block base classes and types
-- All credential and authentication components  
+- All credential and authentication components
 - All cost tracking components
 - All webhook components
 - All utility functions

autogpt_platform/backend/backend/sdk/cost_integration.py

@@ -1,7 +1,7 @@
 """
 Integration between SDK provider costs and the execution cost system.
 
-This module provides the glue between provider-defined base costs and the 
+This module provides the glue between provider-defined base costs and the
 BLOCK_COSTS configuration used by the execution system.
 """
 

autogpt_platform/backend/backend/server/auth/__init__.py

@@ -0,0 +1,13 @@
+"""
+Authentication module for the AutoGPT Platform.
+
+This module provides FastAPI-based authentication supporting:
+- Email/password authentication with bcrypt hashing
+- Google OAuth authentication
+- JWT token management (access + refresh tokens)
+"""
+
+from .routes import router as auth_router
+from .service import AuthService
+
+__all__ = ["auth_router", "AuthService"]

autogpt_platform/backend/backend/server/auth/email.py

@@ -0,0 +1,170 @@
+"""
+Direct email sending for authentication flows.
+
+This module bypasses the notification queue system to ensure auth emails
+(password reset, email verification) are sent immediately in all environments.
+"""
+
+import logging
+import pathlib
+from typing import Optional
+
+from jinja2 import Environment, FileSystemLoader
+from postmarker.core import PostmarkClient
+
+from backend.util.settings import Settings
+
+logger = logging.getLogger(__name__)
+settings = Settings()
+
+# Template directory
+TEMPLATE_DIR = pathlib.Path(__file__).parent / "templates"
+
+
+class AuthEmailSender:
+    """Handles direct email sending for authentication flows."""
+
+    def __init__(self):
+        if settings.secrets.postmark_server_api_token:
+            self.postmark = PostmarkClient(
+                server_token=settings.secrets.postmark_server_api_token
+            )
+        else:
+            logger.warning(
+                "Postmark server API token not found, auth email sending disabled"
+            )
+            self.postmark = None
+
+        # Set up Jinja2 environment for templates
+        self.jinja_env: Optional[Environment] = None
+        if TEMPLATE_DIR.exists():
+            self.jinja_env = Environment(
+                loader=FileSystemLoader(str(TEMPLATE_DIR)),
+                autoescape=True,
+            )
+        else:
+            logger.warning(f"Auth email templates directory not found: {TEMPLATE_DIR}")
+
+    def _get_frontend_url(self) -> str:
+        """Get the frontend base URL for email links."""
+        return (
+            settings.config.frontend_base_url
+            or settings.config.platform_base_url
+            or "http://localhost:3000"
+        )
+
+    def _render_template(
+        self, template_name: str, subject: str, **context
+    ) -> tuple[str, str]:
+        """Render an email template with the base template wrapper."""
+        if not self.jinja_env:
+            raise RuntimeError("Email templates not available")
+
+        # Render the content template
+        content_template = self.jinja_env.get_template(template_name)
+        content = content_template.render(**context)
+
+        # Render with base template
+        base_template = self.jinja_env.get_template("base.html.jinja2")
+        html_body = base_template.render(
+            data={"title": subject, "message": content, "unsubscribe_link": None}
+        )
+
+        return subject, html_body
+
+    def _send_email(self, to_email: str, subject: str, html_body: str) -> bool:
+        """Send an email directly via Postmark."""
+        if not self.postmark:
+            logger.warning(
+                f"Postmark not configured. Would send email to {to_email}: {subject}"
+            )
+            return False
+
+        try:
+            self.postmark.emails.send(  # type: ignore[attr-defined]
+                From=settings.config.postmark_sender_email,
+                To=to_email,
+                Subject=subject,
+                HtmlBody=html_body,
+            )
+            logger.info(f"Auth email sent to {to_email}: {subject}")
+            return True
+        except Exception as e:
+            logger.error(f"Failed to send auth email to {to_email}: {e}")
+            return False
+
+    def send_password_reset_email(
+        self, to_email: str, reset_token: str, user_name: Optional[str] = None
+    ) -> bool:
+        """
+        Send a password reset email.
+
+        Args:
+            to_email: Recipient email address
+            reset_token: The raw password reset token
+            user_name: Optional user name for personalization
+
+        Returns:
+            True if email was sent successfully, False otherwise
+        """
+        try:
+            frontend_url = self._get_frontend_url()
+            reset_link = f"{frontend_url}/reset-password?token={reset_token}"
+
+            subject, html_body = self._render_template(
+                "password_reset.html.jinja2",
+                subject="Reset Your AutoGPT Password",
+                reset_link=reset_link,
+                user_name=user_name,
+                frontend_url=frontend_url,
+            )
+
+            return self._send_email(to_email, subject, html_body)
+        except Exception as e:
+            logger.error(f"Failed to send password reset email to {to_email}: {e}")
+            return False
+
+    def send_email_verification(
+        self, to_email: str, verification_token: str, user_name: Optional[str] = None
+    ) -> bool:
+        """
+        Send an email verification email.
+
+        Args:
+            to_email: Recipient email address
+            verification_token: The raw verification token
+            user_name: Optional user name for personalization
+
+        Returns:
+            True if email was sent successfully, False otherwise
+        """
+        try:
+            frontend_url = self._get_frontend_url()
+            verification_link = (
+                f"{frontend_url}/verify-email?token={verification_token}"
+            )
+
+            subject, html_body = self._render_template(
+                "email_verification.html.jinja2",
+                subject="Verify Your AutoGPT Email",
+                verification_link=verification_link,
+                user_name=user_name,
+                frontend_url=frontend_url,
+            )
+
+            return self._send_email(to_email, subject, html_body)
+        except Exception as e:
+            logger.error(f"Failed to send verification email to {to_email}: {e}")
+            return False
+
+
+# Singleton instance
+_auth_email_sender: Optional[AuthEmailSender] = None
+
+
+def get_auth_email_sender() -> AuthEmailSender:
+    """Get or create the auth email sender singleton."""
+    global _auth_email_sender
+    if _auth_email_sender is None:
+        _auth_email_sender = AuthEmailSender()
+    return _auth_email_sender

autogpt_platform/backend/backend/server/auth/routes.py

@@ -0,0 +1,505 @@
+"""
+Authentication API routes.
+
+Provides endpoints for:
+- User registration and login
+- Token refresh and logout
+- Password reset
+- Email verification
+- Google OAuth
+"""
+
+import logging
+import secrets
+import time
+from typing import Optional
+
+from fastapi import APIRouter, BackgroundTasks, HTTPException, Request
+from pydantic import BaseModel, EmailStr, Field
+
+from backend.util.settings import Settings
+
+from .email import get_auth_email_sender
+from .service import AuthService
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/auth", tags=["auth"])
+
+# Singleton auth service instance
+_auth_service: Optional[AuthService] = None
+
+# In-memory state storage for OAuth CSRF protection
+# Format: {state_token: {"created_at": timestamp, "redirect_uri": optional_uri}}
+# In production, use Redis for distributed state management
+_oauth_states: dict[str, dict] = {}
+_STATE_TTL_SECONDS = 600  # 10 minutes
+
+
+def _cleanup_expired_states() -> None:
+    """Remove expired OAuth states."""
+    now = time.time()
+    expired = [
+        k
+        for k, v in _oauth_states.items()
+        if now - v["created_at"] > _STATE_TTL_SECONDS
+    ]
+    for k in expired:
+        del _oauth_states[k]
+
+
+def _generate_state() -> str:
+    """Generate a cryptographically secure state token."""
+    _cleanup_expired_states()
+    state = secrets.token_urlsafe(32)
+    _oauth_states[state] = {"created_at": time.time()}
+    return state
+
+
+def _validate_state(state: str) -> bool:
+    """Validate and consume a state token."""
+    if state not in _oauth_states:
+        return False
+    state_data = _oauth_states.pop(state)
+    if time.time() - state_data["created_at"] > _STATE_TTL_SECONDS:
+        return False
+    return True
+
+
+def get_auth_service() -> AuthService:
+    """Get or create the auth service singleton."""
+    global _auth_service
+    if _auth_service is None:
+        _auth_service = AuthService()
+    return _auth_service
+
+
+# ============= Request/Response Models =============
+
+
+class RegisterRequest(BaseModel):
+    """Request model for user registration."""
+
+    email: EmailStr
+    password: str = Field(..., min_length=8)
+    name: Optional[str] = None
+
+
+class LoginRequest(BaseModel):
+    """Request model for user login."""
+
+    email: EmailStr
+    password: str
+
+
+class TokenResponse(BaseModel):
+    """Response model for authentication tokens."""
+
+    access_token: str
+    refresh_token: str
+    token_type: str = "bearer"
+    expires_in: int
+
+
+class RefreshRequest(BaseModel):
+    """Request model for token refresh."""
+
+    refresh_token: str
+
+
+class LogoutRequest(BaseModel):
+    """Request model for logout."""
+
+    refresh_token: str
+
+
+class PasswordResetRequest(BaseModel):
+    """Request model for password reset request."""
+
+    email: EmailStr
+
+
+class PasswordResetConfirm(BaseModel):
+    """Request model for password reset confirmation."""
+
+    token: str
+    new_password: str = Field(..., min_length=8)
+
+
+class MessageResponse(BaseModel):
+    """Generic message response."""
+
+    message: str
+
+
+class UserResponse(BaseModel):
+    """Response model for user info."""
+
+    id: str
+    email: str
+    name: Optional[str]
+    email_verified: bool
+    role: str
+
+
+# ============= Auth Endpoints =============
+
+
+@router.post("/register", response_model=TokenResponse)
+async def register(request: RegisterRequest, background_tasks: BackgroundTasks):
+    """
+    Register a new user with email and password.
+
+    Returns access and refresh tokens on successful registration.
+    Sends a verification email in the background.
+    """
+    auth_service = get_auth_service()
+
+    try:
+        user = await auth_service.register_user(
+            email=request.email,
+            password=request.password,
+            name=request.name,
+        )
+
+        # Create verification token and send email in background
+        # This is non-critical - don't fail registration if email fails
+        try:
+            verification_token = await auth_service.create_email_verification_token(
+                user.id
+            )
+            email_sender = get_auth_email_sender()
+            background_tasks.add_task(
+                email_sender.send_email_verification,
+                to_email=user.email,
+                verification_token=verification_token,
+                user_name=user.name,
+            )
+        except Exception as e:
+            logger.warning(f"Failed to queue verification email for {user.email}: {e}")
+
+        tokens = await auth_service.create_tokens(user)
+        return TokenResponse(**tokens)
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+
+@router.post("/login", response_model=TokenResponse)
+async def login(request: LoginRequest):
+    """
+    Login with email and password.
+
+    Returns access and refresh tokens on successful authentication.
+    """
+    auth_service = get_auth_service()
+
+    user = await auth_service.authenticate_user(request.email, request.password)
+    if not user:
+        raise HTTPException(status_code=401, detail="Invalid email or password")
+
+    tokens = await auth_service.create_tokens(user)
+    return TokenResponse(**tokens)
+
+
+@router.post("/logout", response_model=MessageResponse)
+async def logout(request: LogoutRequest):
+    """
+    Logout by revoking the refresh token.
+
+    This invalidates the refresh token so it cannot be used to get new access tokens.
+    """
+    auth_service = get_auth_service()
+
+    revoked = await auth_service.revoke_refresh_token(request.refresh_token)
+    if not revoked:
+        raise HTTPException(status_code=400, detail="Invalid refresh token")
+
+    return MessageResponse(message="Successfully logged out")
+
+
+@router.post("/refresh", response_model=TokenResponse)
+async def refresh_tokens(request: RefreshRequest):
+    """
+    Refresh access token using a refresh token.
+
+    The old refresh token is invalidated and a new one is returned (token rotation).
+    """
+    auth_service = get_auth_service()
+
+    tokens = await auth_service.refresh_access_token(request.refresh_token)
+    if not tokens:
+        raise HTTPException(status_code=401, detail="Invalid or expired refresh token")
+
+    return TokenResponse(**tokens)
+
+
+@router.post("/password-reset/request", response_model=MessageResponse)
+async def request_password_reset(
+    request: PasswordResetRequest, background_tasks: BackgroundTasks
+):
+    """
+    Request a password reset email.
+
+    Always returns success to prevent email enumeration attacks.
+    If the email exists, a password reset email will be sent.
+    """
+    auth_service = get_auth_service()
+
+    user = await auth_service.get_user_by_email(request.email)
+    if user:
+        token = await auth_service.create_password_reset_token(user.id)
+        email_sender = get_auth_email_sender()
+        background_tasks.add_task(
+            email_sender.send_password_reset_email,
+            to_email=user.email,
+            reset_token=token,
+            user_name=user.name,
+        )
+        logger.info(f"Password reset email queued for user {user.id}")
+
+    # Always return success to prevent email enumeration
+    return MessageResponse(
+        message="If the email exists, a password reset link has been sent"
+    )
+
+
+@router.post("/password-reset/confirm", response_model=MessageResponse)
+async def confirm_password_reset(request: PasswordResetConfirm):
+    """
+    Reset password using a password reset token.
+
+    All existing sessions (refresh tokens) will be invalidated.
+    """
+    auth_service = get_auth_service()
+
+    success = await auth_service.reset_password(request.token, request.new_password)
+    if not success:
+        raise HTTPException(status_code=400, detail="Invalid or expired reset token")
+
+    return MessageResponse(message="Password has been reset successfully")
+
+
+# ============= Email Verification Endpoints =============
+
+
+class EmailVerificationRequest(BaseModel):
+    """Request model for email verification."""
+
+    token: str
+
+
+class ResendVerificationRequest(BaseModel):
+    """Request model for resending verification email."""
+
+    email: EmailStr
+
+
+@router.post("/email/verify", response_model=MessageResponse)
+async def verify_email(request: EmailVerificationRequest):
+    """
+    Verify email address using a verification token.
+
+    Marks the user's email as verified if the token is valid.
+    """
+    auth_service = get_auth_service()
+
+    success = await auth_service.verify_email_token(request.token)
+    if not success:
+        raise HTTPException(
+            status_code=400, detail="Invalid or expired verification token"
+        )
+
+    return MessageResponse(message="Email verified successfully")
+
+
+@router.post("/email/resend-verification", response_model=MessageResponse)
+async def resend_verification_email(
+    request: ResendVerificationRequest, background_tasks: BackgroundTasks
+):
+    """
+    Resend email verification email.
+
+    Always returns success to prevent email enumeration attacks.
+    If the email exists and is not verified, a new verification email will be sent.
+    """
+    auth_service = get_auth_service()
+
+    user = await auth_service.get_user_by_email(request.email)
+    if user and not user.emailVerified:
+        token = await auth_service.create_email_verification_token(user.id)
+        email_sender = get_auth_email_sender()
+        background_tasks.add_task(
+            email_sender.send_email_verification,
+            to_email=user.email,
+            verification_token=token,
+            user_name=user.name,
+        )
+        logger.info(f"Verification email queued for user {user.id}")
+
+    # Always return success to prevent email enumeration
+    return MessageResponse(
+        message="If the email exists and is not verified, a verification link has been sent"
+    )
+
+
+# ============= Google OAuth Endpoints =============
+
+# Google userinfo endpoint for fetching user profile
+GOOGLE_USERINFO_ENDPOINT = "https://www.googleapis.com/oauth2/v2/userinfo"
+
+
+class GoogleLoginResponse(BaseModel):
+    """Response model for Google OAuth login initiation."""
+
+    url: str
+
+
+def _get_google_oauth_handler():
+    """Get a configured GoogleOAuthHandler instance."""
+    # Lazy import to avoid circular imports
+    from backend.integrations.oauth.google import GoogleOAuthHandler
+
+    settings = Settings()
+
+    client_id = settings.secrets.google_client_id
+    client_secret = settings.secrets.google_client_secret
+
+    if not client_id or not client_secret:
+        raise HTTPException(
+            status_code=500,
+            detail="Google OAuth is not configured. Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET.",
+        )
+
+    # Construct the redirect URI - this should point to the frontend's callback
+    # which will then call our /auth/google/callback endpoint
+    frontend_base_url = settings.config.frontend_base_url or "http://localhost:3000"
+    redirect_uri = f"{frontend_base_url}/auth/callback"
+
+    return GoogleOAuthHandler(
+        client_id=client_id,
+        client_secret=client_secret,
+        redirect_uri=redirect_uri,
+    )
+
+
+@router.get("/google/login", response_model=GoogleLoginResponse)
+async def google_login(request: Request):
+    """
+    Initiate Google OAuth flow.
+
+    Returns the Google OAuth authorization URL to redirect the user to.
+    """
+    try:
+        handler = _get_google_oauth_handler()
+        state = _generate_state()
+
+        # Get the authorization URL with default scopes (email, profile, openid)
+        auth_url = handler.get_login_url(
+            scopes=[],  # Will use DEFAULT_SCOPES from handler
+            state=state,
+            code_challenge=None,  # Not using PKCE for server-side flow
+        )
+
+        logger.info(f"Generated Google OAuth URL for state: {state[:8]}...")
+        return GoogleLoginResponse(url=auth_url)
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Failed to initiate Google OAuth: {e}")
+        raise HTTPException(status_code=500, detail="Failed to initiate Google OAuth")
+
+
+@router.get("/google/callback", response_model=TokenResponse)
+async def google_callback(request: Request, code: str, state: Optional[str] = None):
+    """
+    Handle Google OAuth callback.
+
+    Exchanges the authorization code for user info and creates/updates the user.
+    Returns access and refresh tokens.
+    """
+    # Validate state to prevent CSRF attacks
+    if not state or not _validate_state(state):
+        logger.warning(
+            f"Invalid or missing OAuth state: {state[:8] if state else 'None'}..."
+        )
+        raise HTTPException(status_code=400, detail="Invalid or expired OAuth state")
+
+    try:
+        handler = _get_google_oauth_handler()
+
+        # Exchange the authorization code for Google credentials
+        logger.info("Exchanging authorization code for tokens...")
+        google_creds = await handler.exchange_code_for_tokens(
+            code=code,
+            scopes=[],  # Will use the scopes from the initial request
+            code_verifier=None,
+        )
+
+        # The handler returns OAuth2Credentials with email in username field
+        email = google_creds.username
+        if not email:
+            raise HTTPException(
+                status_code=400, detail="Failed to retrieve email from Google"
+            )
+
+        # Fetch full user info to get Google user ID and name
+        # Lazy import to avoid circular imports
+        from google.auth.transport.requests import AuthorizedSession
+        from google.oauth2.credentials import Credentials
+
+        # We need to create Google Credentials object to use with AuthorizedSession
+        creds = Credentials(
+            token=google_creds.access_token.get_secret_value(),
+            refresh_token=(
+                google_creds.refresh_token.get_secret_value()
+                if google_creds.refresh_token
+                else None
+            ),
+            token_uri="https://oauth2.googleapis.com/token",
+            client_id=handler.client_id,
+            client_secret=handler.client_secret,
+        )
+
+        session = AuthorizedSession(creds)
+        userinfo_response = session.get(GOOGLE_USERINFO_ENDPOINT)
+
+        if not userinfo_response.ok:
+            logger.error(
+                f"Failed to fetch Google userinfo: {userinfo_response.status_code}"
+            )
+            raise HTTPException(
+                status_code=400, detail="Failed to fetch user info from Google"
+            )
+
+        userinfo = userinfo_response.json()
+        google_id = userinfo.get("id")
+        name = userinfo.get("name")
+        email_verified = userinfo.get("verified_email", False)
+
+        if not google_id:
+            raise HTTPException(
+                status_code=400, detail="Failed to retrieve Google user ID"
+            )
+
+        logger.info(f"Google OAuth successful for user: {email}")
+
+        # Create or update the user in our database
+        auth_service = get_auth_service()
+        user = await auth_service.create_or_update_google_user(
+            google_id=google_id,
+            email=email,
+            name=name,
+            email_verified=email_verified,
+        )
+
+        # Generate our JWT tokens
+        tokens = await auth_service.create_tokens(user)
+
+        return TokenResponse(**tokens)
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Google OAuth callback failed: {e}")
+        raise HTTPException(status_code=500, detail="Failed to complete Google OAuth")

autogpt_platform/backend/backend/server/auth/service.py

@@ -0,0 +1,499 @@
+"""
+Core authentication service for password verification and token management.
+"""
+
+import logging
+import re
+from datetime import datetime, timedelta, timezone
+from typing import Optional, cast
+
+import bcrypt
+from autogpt_libs.auth.config import get_settings
+from autogpt_libs.auth.jwt_utils import (
+    create_access_token,
+    create_refresh_token,
+    hash_token,
+)
+from prisma.models import User as PrismaUser
+from prisma.types import (
+    EmailVerificationTokenCreateInput,
+    PasswordResetTokenCreateInput,
+    ProfileCreateInput,
+    RefreshTokenCreateInput,
+    UserCreateInput,
+)
+
+from backend.data.db import prisma
+
+logger = logging.getLogger(__name__)
+
+
+class AuthService:
+    """Handles authentication operations including password verification and token management."""
+
+    def __init__(self):
+        self.settings = get_settings()
+
+    def hash_password(self, password: str) -> str:
+        """Hash a password using bcrypt."""
+        return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+
+    def verify_password(self, password: str, hashed: str) -> bool:
+        """Verify a password against a bcrypt hash."""
+        try:
+            return bcrypt.checkpw(password.encode(), hashed.encode())
+        except Exception as e:
+            logger.warning(f"Password verification failed: {e}")
+            return False
+
+    async def register_user(
+        self,
+        email: str,
+        password: str,
+        name: Optional[str] = None,
+    ) -> PrismaUser:
+        """
+        Register a new user with email and password.
+
+        Creates both a User record and a Profile record.
+
+        :param email: User's email address
+        :param password: User's password (will be hashed)
+        :param name: Optional display name
+        :return: Created user record
+        :raises ValueError: If email is already registered
+        """
+        # Check if user already exists
+        existing = await prisma.user.find_unique(where={"email": email})
+        if existing:
+            raise ValueError("Email already registered")
+
+        password_hash = self.hash_password(password)
+
+        # Generate a unique username from email
+        base_username = email.split("@")[0].lower()
+        # Remove any characters that aren't alphanumeric or underscore
+        base_username = re.sub(r"[^a-z0-9_]", "", base_username)
+        if not base_username:
+            base_username = "user"
+
+        # Check if username is unique, if not add a number suffix
+        username = base_username
+        counter = 1
+        while await prisma.profile.find_unique(where={"username": username}):
+            username = f"{base_username}{counter}"
+            counter += 1
+
+        user = await prisma.user.create(
+            data=cast(
+                UserCreateInput,
+                {
+                    "email": email,
+                    "passwordHash": password_hash,
+                    "name": name,
+                    "emailVerified": False,
+                    "role": "authenticated",
+                },
+            )
+        )
+
+        # Create profile for the user
+        display_name = name or base_username
+        await prisma.profile.create(
+            data=cast(
+                ProfileCreateInput,
+                {
+                    "userId": user.id,
+                    "name": display_name,
+                    "username": username,
+                    "description": "",
+                    "links": [],
+                },
+            )
+        )
+
+        logger.info(f"Registered new user: {user.id} with profile username: {username}")
+        return user
+
+    async def authenticate_user(
+        self, email: str, password: str
+    ) -> Optional[PrismaUser]:
+        """
+        Authenticate a user with email and password.
+
+        :param email: User's email address
+        :param password: User's password
+        :return: User record if authentication successful, None otherwise
+        """
+        user = await prisma.user.find_unique(where={"email": email})
+
+        if not user:
+            logger.debug(f"Authentication failed: user not found for email {email}")
+            return None
+
+        if not user.passwordHash:
+            logger.debug(
+                f"Authentication failed: no password set for user {user.id} "
+                "(likely OAuth-only user)"
+            )
+            return None
+
+        if self.verify_password(password, user.passwordHash):
+            logger.debug(f"Authentication successful for user {user.id}")
+            return user
+
+        logger.debug(f"Authentication failed: invalid password for user {user.id}")
+        return None
+
+    async def create_tokens(self, user: PrismaUser) -> dict:
+        """
+        Create access and refresh tokens for a user.
+
+        :param user: The user to create tokens for
+        :return: Dictionary with access_token, refresh_token, token_type, and expires_in
+        """
+        # Create access token
+        access_token = create_access_token(
+            user_id=user.id,
+            email=user.email,
+            role=user.role or "authenticated",
+            email_verified=user.emailVerified,
+        )
+
+        # Create and store refresh token
+        raw_refresh_token, hashed_refresh_token = create_refresh_token()
+        expires_at = datetime.now(timezone.utc) + timedelta(
+            days=self.settings.REFRESH_TOKEN_EXPIRE_DAYS
+        )
+
+        await prisma.refreshtoken.create(
+            data=cast(
+                RefreshTokenCreateInput,
+                {
+                    "token": hashed_refresh_token,
+                    "userId": user.id,
+                    "expiresAt": expires_at,
+                },
+            )
+        )
+
+        logger.debug(f"Created tokens for user {user.id}")
+
+        return {
+            "access_token": access_token,
+            "refresh_token": raw_refresh_token,
+            "token_type": "bearer",
+            "expires_in": self.settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60,
+        }
+
+    async def refresh_access_token(self, refresh_token: str) -> Optional[dict]:
+        """
+        Refresh an access token using a refresh token.
+
+        Implements token rotation: the old refresh token is revoked and a new one is issued.
+
+        :param refresh_token: The refresh token
+        :return: New tokens if successful, None if refresh token is invalid/expired
+        """
+        hashed_token = hash_token(refresh_token)
+
+        # Find the refresh token
+        stored_token = await prisma.refreshtoken.find_first(
+            where={
+                "token": hashed_token,
+                "revokedAt": None,
+                "expiresAt": {"gt": datetime.now(timezone.utc)},
+            },
+            include={"User": True},
+        )
+
+        if not stored_token or not stored_token.User:
+            logger.debug("Refresh token not found or expired")
+            return None
+
+        # Revoke the old token (token rotation)
+        await prisma.refreshtoken.update(
+            where={"id": stored_token.id},
+            data={"revokedAt": datetime.now(timezone.utc)},
+        )
+
+        logger.debug(f"Refreshed tokens for user {stored_token.User.id}")
+
+        # Create new tokens
+        return await self.create_tokens(stored_token.User)
+
+    async def revoke_refresh_token(self, refresh_token: str) -> bool:
+        """
+        Revoke a refresh token (logout).
+
+        :param refresh_token: The refresh token to revoke
+        :return: True if token was found and revoked, False otherwise
+        """
+        hashed_token = hash_token(refresh_token)
+
+        result = await prisma.refreshtoken.update_many(
+            where={"token": hashed_token, "revokedAt": None},
+            data={"revokedAt": datetime.now(timezone.utc)},
+        )
+
+        if result > 0:
+            logger.debug("Refresh token revoked")
+            return True
+
+        logger.debug("Refresh token not found or already revoked")
+        return False
+
+    async def revoke_all_user_tokens(self, user_id: str) -> int:
+        """
+        Revoke all refresh tokens for a user (logout from all devices).
+
+        :param user_id: The user's ID
+        :return: Number of tokens revoked
+        """
+        result = await prisma.refreshtoken.update_many(
+            where={"userId": user_id, "revokedAt": None},
+            data={"revokedAt": datetime.now(timezone.utc)},
+        )
+
+        logger.debug(f"Revoked {result} tokens for user {user_id}")
+        return result
+
+    async def get_user_by_google_id(self, google_id: str) -> Optional[PrismaUser]:
+        """Get a user by their Google OAuth ID."""
+        return await prisma.user.find_unique(where={"googleId": google_id})
+
+    async def get_user_by_email(self, email: str) -> Optional[PrismaUser]:
+        """Get a user by their email address."""
+        return await prisma.user.find_unique(where={"email": email})
+
+    async def create_or_update_google_user(
+        self,
+        google_id: str,
+        email: str,
+        name: Optional[str] = None,
+        email_verified: bool = False,
+    ) -> PrismaUser:
+        """
+        Create or update a user from Google OAuth.
+
+        If a user with the Google ID exists, return them.
+        If a user with the email exists but no Google ID, link the account.
+        Otherwise, create a new user.
+
+        :param google_id: Google's unique user ID
+        :param email: User's email from Google
+        :param name: User's name from Google
+        :param email_verified: Whether Google has verified the email
+        :return: The user record
+        """
+        # Check if user exists with this Google ID
+        user = await self.get_user_by_google_id(google_id)
+        if user:
+            return user
+
+        # Check if user exists with this email
+        user = await self.get_user_by_email(email)
+        if user:
+            # Link Google account to existing user
+            updated_user = await prisma.user.update(
+                where={"id": user.id},
+                data={
+                    "googleId": google_id,
+                    "emailVerified": email_verified or user.emailVerified,
+                },
+            )
+            if updated_user:
+                logger.info(f"Linked Google account to existing user {updated_user.id}")
+                return updated_user
+            return user
+
+        # Create new user with profile
+        # Generate a unique username from email
+        base_username = email.split("@")[0].lower()
+        base_username = re.sub(r"[^a-z0-9_]", "", base_username)
+        if not base_username:
+            base_username = "user"
+
+        username = base_username
+        counter = 1
+        while await prisma.profile.find_unique(where={"username": username}):
+            username = f"{base_username}{counter}"
+            counter += 1
+
+        user = await prisma.user.create(
+            data=cast(
+                UserCreateInput,
+                {
+                    "email": email,
+                    "googleId": google_id,
+                    "name": name,
+                    "emailVerified": email_verified,
+                    "role": "authenticated",
+                },
+            )
+        )
+
+        # Create profile for the user
+        display_name = name or base_username
+        await prisma.profile.create(
+            data=cast(
+                ProfileCreateInput,
+                {
+                    "userId": user.id,
+                    "name": display_name,
+                    "username": username,
+                    "description": "",
+                    "links": [],
+                },
+            )
+        )
+
+        logger.info(
+            f"Created new user from Google OAuth: {user.id} with profile: {username}"
+        )
+        return user
+
+    async def create_password_reset_token(self, user_id: str) -> str:
+        """
+        Create a password reset token for a user.
+
+        :param user_id: The user's ID
+        :return: The raw token to send to the user
+        """
+        raw_token, hashed_token = create_refresh_token()  # Reuse token generation
+        expires_at = datetime.now(timezone.utc) + timedelta(hours=1)
+
+        await prisma.passwordresettoken.create(
+            data=cast(
+                PasswordResetTokenCreateInput,
+                {
+                    "token": hashed_token,
+                    "userId": user_id,
+                    "expiresAt": expires_at,
+                },
+            )
+        )
+
+        return raw_token
+
+    async def create_email_verification_token(self, user_id: str) -> str:
+        """
+        Create an email verification token for a user.
+
+        :param user_id: The user's ID
+        :return: The raw token to send to the user
+        """
+        raw_token, hashed_token = create_refresh_token()  # Reuse token generation
+        expires_at = datetime.now(timezone.utc) + timedelta(hours=24)
+
+        await prisma.emailverificationtoken.create(
+            data=cast(
+                EmailVerificationTokenCreateInput,
+                {
+                    "token": hashed_token,
+                    "userId": user_id,
+                    "expiresAt": expires_at,
+                },
+            )
+        )
+
+        return raw_token
+
+    async def verify_email_token(self, token: str) -> bool:
+        """
+        Verify an email verification token and mark the user's email as verified.
+
+        :param token: The raw token from the user
+        :return: True if successful, False if token is invalid
+        """
+        hashed_token = hash_token(token)
+
+        # Find and validate token
+        stored_token = await prisma.emailverificationtoken.find_first(
+            where={
+                "token": hashed_token,
+                "usedAt": None,
+                "expiresAt": {"gt": datetime.now(timezone.utc)},
+            }
+        )
+
+        if not stored_token:
+            return False
+
+        # Mark email as verified
+        await prisma.user.update(
+            where={"id": stored_token.userId},
+            data={"emailVerified": True},
+        )
+
+        # Mark token as used
+        await prisma.emailverificationtoken.update(
+            where={"id": stored_token.id},
+            data={"usedAt": datetime.now(timezone.utc)},
+        )
+
+        logger.info(f"Email verified for user {stored_token.userId}")
+        return True
+
+    async def verify_password_reset_token(self, token: str) -> Optional[str]:
+        """
+        Verify a password reset token and return the user ID.
+
+        :param token: The raw token from the user
+        :return: User ID if valid, None otherwise
+        """
+        hashed_token = hash_token(token)
+
+        stored_token = await prisma.passwordresettoken.find_first(
+            where={
+                "token": hashed_token,
+                "usedAt": None,
+                "expiresAt": {"gt": datetime.now(timezone.utc)},
+            }
+        )
+
+        if not stored_token:
+            return None
+
+        return stored_token.userId
+
+    async def reset_password(self, token: str, new_password: str) -> bool:
+        """
+        Reset a user's password using a password reset token.
+
+        :param token: The password reset token
+        :param new_password: The new password
+        :return: True if successful, False if token is invalid
+        """
+        hashed_token = hash_token(token)
+
+        # Find and validate token
+        stored_token = await prisma.passwordresettoken.find_first(
+            where={
+                "token": hashed_token,
+                "usedAt": None,
+                "expiresAt": {"gt": datetime.now(timezone.utc)},
+            }
+        )
+
+        if not stored_token:
+            return False
+
+        # Update password
+        password_hash = self.hash_password(new_password)
+        await prisma.user.update(
+            where={"id": stored_token.userId},
+            data={"passwordHash": password_hash},
+        )
+
+        # Mark token as used
+        await prisma.passwordresettoken.update(
+            where={"id": stored_token.id},
+            data={"usedAt": datetime.now(timezone.utc)},
+        )
+
+        # Revoke all refresh tokens for security
+        await self.revoke_all_user_tokens(stored_token.userId)
+
+        logger.info(f"Password reset for user {stored_token.userId}")
+        return True

autogpt_platform/backend/backend/server/auth/templates/base.html.jinja2

@@ -0,0 +1,302 @@
+{# Base Template for Auth Emails #}
+{# Template variables:
+    data.message: the message to display in the email
+    data.title: the title of the email
+    data.unsubscribe_link: the link to unsubscribe from the email (optional for auth emails)
+#}
+<!doctype html>
+<html lang="ltr" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
+
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
+  <meta name="format-detection" content="telephone=no, date=no, address=no, email=no, url=no">
+  <meta name="x-apple-disable-message-reformatting">
+  <!--[if !mso]>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <![endif]-->
+  <!--[if mso]>
+    <style>
+        * { font-family: sans-serif !important; }
+    </style>
+    <noscript>
+        <xml>
+            <o:OfficeDocumentSettings>
+                <o:PixelsPerInch>96</o:PixelsPerInch>
+            </o:OfficeDocumentSettings>
+        </xml>
+    </noscript>
+    <![endif]-->
+  <style type="text/css">
+    /* RESET STYLES */
+    html,
+    body {
+      margin: 0 !important;
+      padding: 0 !important;
+      width: 100% !important;
+      height: 100% !important;
+    }
+
+    body {
+      -webkit-font-smoothing: antialiased;
+      -moz-osx-font-smoothing: grayscale;
+      text-rendering: optimizeLegibility;
+    }
+
+    .document {
+      margin: 0 !important;
+      padding: 0 !important;
+      width: 100% !important;
+    }
+
+    img {
+      border: 0;
+      outline: none;
+      text-decoration: none;
+      -ms-interpolation-mode: bicubic;
+    }
+
+    table {
+      border-collapse: collapse;
+    }
+
+    table,
+    td {
+      mso-table-lspace: 0pt;
+      mso-table-rspace: 0pt;
+    }
+
+    body,
+    table,
+    td,
+    a {
+      -webkit-text-size-adjust: 100%;
+      -ms-text-size-adjust: 100%;
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    p {
+      margin: 0;
+      word-break: break-word;
+    }
+
+    /* iOS BLUE LINKS */
+    a[x-apple-data-detectors] {
+      color: inherit !important;
+      text-decoration: none !important;
+      font-size: inherit !important;
+      font-family: inherit !important;
+      font-weight: inherit !important;
+      line-height: inherit !important;
+    }
+
+    /* ANDROID CENTER FIX */
+    div[style*="margin: 16px 0;"] {
+      margin: 0 !important;
+    }
+
+    /* MEDIA QUERIES */
+    @media all and (max-width:639px) {
+      .wrapper {
+        width: 100% !important;
+      }
+
+      .container {
+        width: 100% !important;
+        min-width: 100% !important;
+        padding: 0 !important;
+      }
+
+      .row {
+        padding-left: 20px !important;
+        padding-right: 20px !important;
+      }
+
+      .col-mobile {
+        width: 20px !important;
+      }
+
+      .col {
+        display: block !important;
+        width: 100% !important;
+      }
+
+      .mobile-center {
+        text-align: center !important;
+        float: none !important;
+      }
+
+      .mobile-mx-auto {
+        margin: 0 auto !important;
+        float: none !important;
+      }
+
+      .mobile-left {
+        text-align: center !important;
+        float: left !important;
+      }
+
+      .mobile-hide {
+        display: none !important;
+      }
+
+      .img {
+        width: 100% !important;
+        height: auto !important;
+      }
+
+      .ml-btn {
+        width: 100% !important;
+        max-width: 100% !important;
+      }
+
+      .ml-btn-container {
+        width: 100% !important;
+        max-width: 100% !important;
+      }
+    }
+  </style>
+  <style type="text/css">
+    @import url("https://assets.mlcdn.com/fonts-v2.css?version=1729862");
+  </style>
+  <style type="text/css">
+    @media screen {
+      body {
+        font-family: 'Poppins', sans-serif;
+      }
+    }
+  </style>
+  <title>{{data.title}}</title>
+</head>
+
+<body style="margin: 0 !important; padding: 0 !important; background-color:#070629;">
+  <div class="document" role="article" aria-roledescription="email" aria-label lang dir="ltr"
+    style="background-color:#070629; line-height: 100%; font-size:medium; font-size:max(16px, 1rem);">
+    <!-- Main Content -->
+    <table width="100%" align="center" cellspacing="0" cellpadding="0" border="0">
+      <tr>
+        <td class="background" bgcolor="#070629" align="center" valign="top" style="padding: 0 8px;">
+          <!-- Email Content -->
+          <table class="container" align="center" width="640" cellpadding="0" cellspacing="0" border="0"
+            style="max-width: 640px;">
+            <tr>
+              <td align="center">
+                <!-- Logo Section -->
+                <table class="container ml-4 ml-default-border" width="640" bgcolor="#E2ECFD" align="center" border="0"
+                  cellspacing="0" cellpadding="0" style="width: 640px; min-width: 640px;">
+                  <tr>
+                    <td class="ml-default-border container" height="40" style="line-height: 40px; min-width: 640px;">
+                    </td>
+                  </tr>
+                  <tr>
+                    <td>
+                      <table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">
+                        <tr>
+                          <td class="row" align="center" style="padding: 0 50px;">
+                            <img
+                              src="https://storage.mlcdn.com/account_image/597379/8QJ8kOjXakVvfe1kJLY2wWCObU1mp5EiDLfBlbQa.png"
+                              border="0" alt="" width="120" class="logo"
+                              style="max-width: 120px; display: inline-block;">
+                          </td>
+                        </tr>
+                      </table>
+                    </td>
+                  </tr>
+                </table>
+
+                <!-- Main Content Section -->
+                <table class="container ml-6 ml-default-border" width="640" bgcolor="#E2ECFD" align="center" border="0"
+                  cellspacing="0" cellpadding="0" style="color: #070629; width: 640px; min-width: 640px;">
+                  <tr>
+                    <td class="row" style="padding: 0 50px;">
+                      {{data.message|safe}}
+                    </td>
+                  </tr>
+                </table>
+
+                <!-- Footer Section -->
+                <table class="container ml-10 ml-default-border" width="640" bgcolor="#ffffff" align="center" border="0"
+                  cellspacing="0" cellpadding="0" style="width: 640px; min-width: 640px;">
+                  <tr>
+                    <td class="row" style="padding: 0 50px;">
+                      <table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">
+                        <tr>
+                          <td height="20" style="line-height: 20px;"></td>
+                        </tr>
+                        <tr>
+                          <td>
+                            <!-- Footer Content -->
+                            <table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">
+                              <tr>
+                                <td class="col" align="left" valign="middle" width="120">
+                                  <img
+                                    src="https://storage.mlcdn.com/account_image/597379/8QJ8kOjXakVvfe1kJLY2wWCObU1mp5EiDLfBlbQa.png"
+                                    border="0" alt="" width="120" class="logo"
+                                    style="max-width: 120px; display: inline-block;">
+                                </td>
+                                <td class="col" width="40" height="30" style="line-height: 30px;"></td>
+                                <td class="col mobile-left" align="right" valign="middle" width="250">
+                                  <table role="presentation" cellpadding="0" cellspacing="0" border="0">
+                                    <tr>
+                                      <td align="center" valign="middle" width="18" style="padding: 0 5px 0 0;">
+                                        <a href="https://x.com/auto_gpt" target="blank" style="text-decoration: none;">
+                                          <img
+                                            src="https://assets.mlcdn.com/ml/images/icons/default/rounded_corners/black/x.png"
+                                            width="18" alt="x">
+                                        </a>
+                                      </td>
+                                      <td align="center" valign="middle" width="18" style="padding: 0 5px;">
+                                        <a href="https://discord.gg/autogpt" target="blank"
+                                          style="text-decoration: none;">
+                                          <img
+                                            src="https://assets.mlcdn.com/ml/images/icons/default/rounded_corners/black/discord.png"
+                                            width="18" alt="discord">
+                                        </a>
+                                      </td>
+                                      <td align="center" valign="middle" width="18" style="padding: 0 0 0 5px;">
+                                        <a href="https://agpt.co/" target="blank" style="text-decoration: none;">
+                                          <img
+                                            src="https://assets.mlcdn.com/ml/images/icons/default/rounded_corners/black/website.png"
+                                            width="18" alt="website">
+                                        </a>
+                                      </td>
+                                    </tr>
+                                  </table>
+                                </td>
+                              </tr>
+                            </table>
+                          </td>
+                        </tr>
+                        <tr>
+                          <td height="15" style="line-height: 15px;"></td>
+                        </tr>
+                        <tr>
+                          <td align="center" style="text-align: left!important;">
+                            <p
+                              style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 12px; line-height: 150%; display: inline-block; margin-bottom: 0;">
+                              This is an automated security email from AutoGPT. If you did not request this action, please ignore this email or contact support if you have concerns.
+                            </p>
+                          </td>
+                        </tr>
+                        <tr>
+                          <td height="20" style="line-height: 20px;"></td>
+                        </tr>
+                      </table>
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+  </div>
+</body>
+
+</html>

autogpt_platform/backend/backend/server/auth/templates/email_verification.html.jinja2

@@ -0,0 +1,65 @@
+{# Email Verification Template #}
+{# Variables:
+    verification_link: URL for email verification
+    user_name: Optional user name for personalization
+    frontend_url: Base frontend URL
+#}
+<table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">
+  <tr>
+    <td height="30" style="line-height: 30px;"></td>
+  </tr>
+  <tr>
+    <td align="center">
+      <h1 style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 28px; line-height: 125%; font-weight: bold; margin-bottom: 20px;">
+        Verify Your Email
+      </h1>
+    </td>
+  </tr>
+  <tr>
+    <td align="left">
+      <p style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 16px; line-height: 165%; margin-bottom: 20px;">
+        {% if user_name %}Hi {{ user_name }},{% else %}Hi,{% endif %}
+      </p>
+      <p style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 16px; line-height: 165%; margin-bottom: 20px;">
+        Welcome to AutoGPT! Please verify your email address by clicking the button below:
+      </p>
+    </td>
+  </tr>
+  <tr>
+    <td align="center" style="padding: 20px 0;">
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr>
+          <td align="center" bgcolor="#4285F4" style="border-radius: 8px;">
+            <a href="{{ verification_link }}" target="_blank"
+              style="display: inline-block; padding: 16px 36px; font-family: 'Poppins', sans-serif; font-size: 16px; font-weight: 600; color: #ffffff; text-decoration: none; border-radius: 8px;">
+              Verify Email
+            </a>
+          </td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr>
+    <td align="left">
+      <p style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 16px; line-height: 165%; margin-bottom: 20px;">
+        This link will expire in <strong>24 hours</strong>.
+      </p>
+      <p style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 16px; line-height: 165%; margin-bottom: 20px;">
+        If you didn't create an account with AutoGPT, you can safely ignore this email.
+      </p>
+    </td>
+  </tr>
+  <tr>
+    <td align="left">
+      <p style="font-family: 'Poppins', sans-serif; color: #888888; font-size: 14px; line-height: 165%; margin-bottom: 10px;">
+        If the button doesn't work, copy and paste this link into your browser:
+      </p>
+      <p style="font-family: 'Poppins', sans-serif; color: #4285F4; font-size: 14px; line-height: 165%; word-break: break-all;">
+        <a href="{{ verification_link }}" style="color: #4285F4; text-decoration: underline;">{{ verification_link }}</a>
+      </p>
+    </td>
+  </tr>
+  <tr>
+    <td height="30" style="line-height: 30px;"></td>
+  </tr>
+</table>

autogpt_platform/backend/backend/server/auth/templates/password_reset.html.jinja2

@@ -0,0 +1,65 @@
+{# Password Reset Email Template #}
+{# Variables:
+    reset_link: URL for password reset
+    user_name: Optional user name for personalization
+    frontend_url: Base frontend URL
+#}
+<table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">
+  <tr>
+    <td height="30" style="line-height: 30px;"></td>
+  </tr>
+  <tr>
+    <td align="center">
+      <h1 style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 28px; line-height: 125%; font-weight: bold; margin-bottom: 20px;">
+        Reset Your Password
+      </h1>
+    </td>
+  </tr>
+  <tr>
+    <td align="left">
+      <p style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 16px; line-height: 165%; margin-bottom: 20px;">
+        {% if user_name %}Hi {{ user_name }},{% else %}Hi,{% endif %}
+      </p>
+      <p style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 16px; line-height: 165%; margin-bottom: 20px;">
+        We received a request to reset your password for your AutoGPT account. Click the button below to create a new password:
+      </p>
+    </td>
+  </tr>
+  <tr>
+    <td align="center" style="padding: 20px 0;">
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr>
+          <td align="center" bgcolor="#4285F4" style="border-radius: 8px;">
+            <a href="{{ reset_link }}" target="_blank"
+              style="display: inline-block; padding: 16px 36px; font-family: 'Poppins', sans-serif; font-size: 16px; font-weight: 600; color: #ffffff; text-decoration: none; border-radius: 8px;">
+              Reset Password
+            </a>
+          </td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr>
+    <td align="left">
+      <p style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 16px; line-height: 165%; margin-bottom: 20px;">
+        This link will expire in <strong>1 hour</strong> for security reasons.
+      </p>
+      <p style="font-family: 'Poppins', sans-serif; color: #070629; font-size: 16px; line-height: 165%; margin-bottom: 20px;">
+        If you didn't request a password reset, you can safely ignore this email. Your password will remain unchanged.
+      </p>
+    </td>
+  </tr>
+  <tr>
+    <td align="left">
+      <p style="font-family: 'Poppins', sans-serif; color: #888888; font-size: 14px; line-height: 165%; margin-bottom: 10px;">
+        If the button doesn't work, copy and paste this link into your browser:
+      </p>
+      <p style="font-family: 'Poppins', sans-serif; color: #4285F4; font-size: 14px; line-height: 165%; word-break: break-all;">
+        <a href="{{ reset_link }}" style="color: #4285F4; text-decoration: underline;">{{ reset_link }}</a>
+      </p>
+    </td>
+  </tr>
+  <tr>
+    <td height="30" style="line-height: 30px;"></td>
+  </tr>
+</table>

autogpt_platform/backend/backend/server/external/middleware.py

@@ -1,36 +1,107 @@
-from fastapi import HTTPException, Security
-from fastapi.security import APIKeyHeader
+from fastapi import HTTPException, Security, status
+from fastapi.security import APIKeyHeader, HTTPAuthorizationCredentials, HTTPBearer
 from prisma.enums import APIKeyPermission
 
-from backend.data.api_key import APIKeyInfo, has_permission, validate_api_key
+from backend.data.auth.api_key import APIKeyInfo, validate_api_key
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.auth.oauth import (
+    InvalidClientError,
+    InvalidTokenError,
+    OAuthAccessTokenInfo,
+    validate_access_token,
+)
 
 api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
+bearer_auth = HTTPBearer(auto_error=False)
 
 
 async def require_api_key(api_key: str | None = Security(api_key_header)) -> APIKeyInfo:
-    """Base middleware for API key authentication"""
+    """Middleware for API key authentication only"""
     if api_key is None:
-        raise HTTPException(status_code=401, detail="Missing API key")
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Missing API key"
+        )
 
     api_key_obj = await validate_api_key(api_key)
 
     if not api_key_obj:
-        raise HTTPException(status_code=401, detail="Invalid API key")
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API key"
+        )
 
     return api_key_obj
 
 
+async def require_access_token(
+    bearer: HTTPAuthorizationCredentials | None = Security(bearer_auth),
+) -> OAuthAccessTokenInfo:
+    """Middleware for OAuth access token authentication only"""
+    if bearer is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Missing Authorization header",
+        )
+
+    try:
+        token_info, _ = await validate_access_token(bearer.credentials)
+    except (InvalidClientError, InvalidTokenError) as e:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e))
+
+    return token_info
+
+
+async def require_auth(
+    api_key: str | None = Security(api_key_header),
+    bearer: HTTPAuthorizationCredentials | None = Security(bearer_auth),
+) -> APIAuthorizationInfo:
+    """
+    Unified authentication middleware supporting both API keys and OAuth tokens.
+
+    Supports two authentication methods, which are checked in order:
+    1. X-API-Key header (existing API key authentication)
+    2. Authorization: Bearer <token> header (OAuth access token)
+
+    Returns:
+        APIAuthorizationInfo: base class of both APIKeyInfo and OAuthAccessTokenInfo.
+    """
+    # Try API key first
+    if api_key is not None:
+        api_key_info = await validate_api_key(api_key)
+        if api_key_info:
+            return api_key_info
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API key"
+        )
+
+    # Try OAuth bearer token
+    if bearer is not None:
+        try:
+            token_info, _ = await validate_access_token(bearer.credentials)
+            return token_info
+        except (InvalidClientError, InvalidTokenError) as e:
+            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e))
+
+    # No credentials provided
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Missing authentication. Provide API key or access token.",
+    )
+
+
 def require_permission(permission: APIKeyPermission):
-    """Dependency function for checking specific permissions"""
+    """
+    Dependency function for checking specific permissions
+    (works with API keys and OAuth tokens)
+    """
 
     async def check_permission(
-        api_key: APIKeyInfo = Security(require_api_key),
-    ) -> APIKeyInfo:
-        if not has_permission(api_key, permission):
+        auth: APIAuthorizationInfo = Security(require_auth),
+    ) -> APIAuthorizationInfo:
+        if permission not in auth.scopes:
             raise HTTPException(
-                status_code=403,
-                detail=f"API key lacks the required permission '{permission}'",
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=f"Missing required permission: {permission.value}",
             )
-        return api_key
+        return auth
 
     return check_permission

autogpt_platform/backend/backend/server/external/routes/integrations.py

@@ -16,7 +16,7 @@ from fastapi import APIRouter, Body, HTTPException, Path, Security, status
 from prisma.enums import APIKeyPermission
 from pydantic import BaseModel, Field, SecretStr
 
-from backend.data.api_key import APIKeyInfo
+from backend.data.auth.base import APIAuthorizationInfo
 from backend.data.model import (
     APIKeyCredentials,
     Credentials,
@@ -255,7 +255,7 @@ def _get_oauth_handler_for_external(
 
 @integrations_router.get("/providers", response_model=list[ProviderInfo])
 async def list_providers(
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
         require_permission(APIKeyPermission.READ_INTEGRATIONS)
     ),
 ) -> list[ProviderInfo]:
@@ -273,6 +273,8 @@ async def list_providers(
     except Exception as e:
         logger.warning(f"Failed to load blocks: {e}")
 
+    from backend.sdk.registry import AutoRegistry
+
     providers = []
     for name in get_all_provider_names():
         supports_oauth = name in HANDLERS_BY_NAME
@@ -281,13 +283,27 @@ async def list_providers(
             getattr(handler_class, "DEFAULT_SCOPES", []) if handler_class else []
         )
 
+        # Check if provider has specific auth types from SDK registration
+        sdk_provider = AutoRegistry.get_provider(name)
+        if sdk_provider and sdk_provider.supported_auth_types:
+            supports_api_key = "api_key" in sdk_provider.supported_auth_types
+            supports_user_password = (
+                "user_password" in sdk_provider.supported_auth_types
+            )
+            supports_host_scoped = "host_scoped" in sdk_provider.supported_auth_types
+        else:
+            # Fallback for legacy providers
+            supports_api_key = True  # All providers can accept API keys
+            supports_user_password = name in ("smtp",)
+            supports_host_scoped = name == "http"
+
         providers.append(
             ProviderInfo(
                 name=name,
                 supports_oauth=supports_oauth,
-                supports_api_key=True,  # All providers can accept API keys
-                supports_user_password=name in ("smtp",),  # SMTP uses user/password
-                supports_host_scoped=name == "http",  # HTTP block uses host-scoped
+                supports_api_key=supports_api_key,
+                supports_user_password=supports_user_password,
+                supports_host_scoped=supports_host_scoped,
                 default_scopes=default_scopes,
             )
         )
@@ -303,7 +319,7 @@ async def list_providers(
 async def initiate_oauth(
     provider: Annotated[str, Path(title="The OAuth provider")],
     request: OAuthInitiateRequest,
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
         require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
     ),
 ) -> OAuthInitiateResponse:
@@ -321,7 +337,10 @@ async def initiate_oauth(
     if not validate_callback_url(request.callback_url):
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
-            detail=f"Callback URL origin is not allowed. Allowed origins: {settings.config.external_oauth_callback_origins}",
+            detail=(
+                f"Callback URL origin is not allowed. "
+                f"Allowed origins: {settings.config.external_oauth_callback_origins}",
+            ),
         )
 
     # Validate provider
@@ -343,13 +362,15 @@ async def initiate_oauth(
     )
 
     # Store state token with external flow metadata
+    # Note: initiated_by_api_key_id is only available for API key auth, not OAuth
+    api_key_id = getattr(auth, "id", None) if auth.type == "api_key" else None
     state_token, code_challenge = await creds_manager.store.store_state_token(
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
         provider=provider if isinstance(provider_name, str) else provider_name.value,
         scopes=request.scopes,
         callback_url=request.callback_url,
         state_metadata=request.state_metadata,
-        initiated_by_api_key_id=api_key.id,
+        initiated_by_api_key_id=api_key_id,
     )
 
     # Build login URL
@@ -377,7 +398,7 @@ async def initiate_oauth(
 async def complete_oauth(
     provider: Annotated[str, Path(title="The OAuth provider")],
     request: OAuthCompleteRequest,
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
         require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
     ),
 ) -> OAuthCompleteResponse:
@@ -390,7 +411,7 @@ async def complete_oauth(
     """
     # Verify state token
     valid_state = await creds_manager.store.verify_state_token(
-        api_key.user_id, request.state_token, provider
+        auth.user_id, request.state_token, provider
     )
 
     if not valid_state:
@@ -437,7 +458,7 @@ async def complete_oauth(
         )
 
     # Store credentials
-    await creds_manager.create(api_key.user_id, credentials)
+    await creds_manager.create(auth.user_id, credentials)
 
     logger.info(f"Successfully completed external OAuth for provider {provider}")
 
@@ -454,7 +475,7 @@ async def complete_oauth(
 
 @integrations_router.get("/credentials", response_model=list[CredentialSummary])
 async def list_credentials(
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
         require_permission(APIKeyPermission.READ_INTEGRATIONS)
     ),
 ) -> list[CredentialSummary]:
@@ -463,7 +484,7 @@ async def list_credentials(
 
     Returns metadata about each credential without exposing sensitive tokens.
     """
-    credentials = await creds_manager.store.get_all_creds(api_key.user_id)
+    credentials = await creds_manager.store.get_all_creds(auth.user_id)
     return [
         CredentialSummary(
             id=cred.id,
@@ -483,7 +504,7 @@ async def list_credentials(
 )
 async def list_credentials_by_provider(
     provider: Annotated[str, Path(title="The provider to list credentials for")],
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
         require_permission(APIKeyPermission.READ_INTEGRATIONS)
     ),
 ) -> list[CredentialSummary]:
@@ -491,7 +512,7 @@ async def list_credentials_by_provider(
     List credentials for a specific provider.
     """
     credentials = await creds_manager.store.get_creds_by_provider(
-        api_key.user_id, provider
+        auth.user_id, provider
     )
     return [
         CredentialSummary(
@@ -520,7 +541,7 @@ async def create_credential(
         CreateUserPasswordCredentialRequest,
         CreateHostScopedCredentialRequest,
     ] = Body(..., discriminator="type"),
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
         require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
     ),
 ) -> CreateCredentialResponse:
@@ -575,7 +596,7 @@ async def create_credential(
 
     # Store credentials
     try:
-        await creds_manager.create(api_key.user_id, credentials)
+        await creds_manager.create(auth.user_id, credentials)
     except Exception as e:
         logger.error(f"Failed to store credentials: {e}")
         raise HTTPException(
@@ -607,7 +628,7 @@ class DeleteCredentialResponse(BaseModel):
 async def delete_credential(
     provider: Annotated[str, Path(title="The provider")],
     cred_id: Annotated[str, Path(title="The credential ID to delete")],
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
         require_permission(APIKeyPermission.DELETE_INTEGRATIONS)
     ),
 ) -> DeleteCredentialResponse:
@@ -618,7 +639,7 @@ async def delete_credential(
     use the main API's delete endpoint which handles webhook cleanup and
     token revocation.
     """
-    creds = await creds_manager.store.get_creds_by_id(api_key.user_id, cred_id)
+    creds = await creds_manager.store.get_creds_by_id(auth.user_id, cred_id)
     if not creds:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="Credentials not found"
@@ -629,6 +650,6 @@ async def delete_credential(
             detail="Credentials do not match the specified provider",
         )
 
-    await creds_manager.delete(api_key.user_id, cred_id)
+    await creds_manager.delete(auth.user_id, cred_id)
 
     return DeleteCredentialResponse(deleted=True, credentials_id=cred_id)

autogpt_platform/backend/backend/server/external/routes/tools.py

@@ -14,7 +14,7 @@ from fastapi import APIRouter, Security
 from prisma.enums import APIKeyPermission
 from pydantic import BaseModel, Field
 
-from backend.data.api_key import APIKeyInfo
+from backend.data.auth.base import APIAuthorizationInfo
 from backend.server.external.middleware import require_permission
 from backend.server.v2.chat.model import ChatSession
 from backend.server.v2.chat.tools import find_agent_tool, run_agent_tool
@@ -24,9 +24,9 @@ logger = logging.getLogger(__name__)
 
 tools_router = APIRouter(prefix="/tools", tags=["tools"])
 
-# Note: We use Security() as a function parameter dependency (api_key: APIKeyInfo = Security(...))
+# Note: We use Security() as a function parameter dependency (auth: APIAuthorizationInfo = Security(...))
 # rather than in the decorator's dependencies= list. This avoids duplicate permission checks
-# while still enforcing auth AND giving us access to the api_key for extracting user_id.
+# while still enforcing auth AND giving us access to auth for extracting user_id.
 
 
 # Request models
@@ -80,7 +80,9 @@ def _create_ephemeral_session(user_id: str | None) -> ChatSession:
 )
 async def find_agent(
     request: FindAgentRequest,
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.USE_TOOLS)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.USE_TOOLS)
+    ),
 ) -> dict[str, Any]:
     """
     Search for agents in the marketplace based on capabilities and user needs.
@@ -91,9 +93,9 @@ async def find_agent(
     Returns:
         List of matching agents or no results response
     """
-    session = _create_ephemeral_session(api_key.user_id)
+    session = _create_ephemeral_session(auth.user_id)
     result = await find_agent_tool._execute(
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
         session=session,
         query=request.query,
     )
@@ -105,7 +107,9 @@ async def find_agent(
 )
 async def run_agent(
     request: RunAgentRequest,
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.USE_TOOLS)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.USE_TOOLS)
+    ),
 ) -> dict[str, Any]:
     """
     Run or schedule an agent from the marketplace.
@@ -129,9 +133,9 @@ async def run_agent(
         - execution_started: If agent was run or scheduled successfully
         - error: If something went wrong
     """
-    session = _create_ephemeral_session(api_key.user_id)
+    session = _create_ephemeral_session(auth.user_id)
     result = await run_agent_tool._execute(
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
         session=session,
         username_agent_slug=request.username_agent_slug,
         inputs=request.inputs,

autogpt_platform/backend/backend/server/external/routes/v1.py

@@ -5,6 +5,7 @@ from typing import Annotated, Any, Literal, Optional, Sequence
 
 from fastapi import APIRouter, Body, HTTPException, Security
 from prisma.enums import AgentExecutionStatus, APIKeyPermission
+from pydantic import BaseModel, Field
 from typing_extensions import TypedDict
 
 import backend.data.block
@@ -12,7 +13,8 @@ import backend.server.v2.store.cache as store_cache
 import backend.server.v2.store.model as store_model
 from backend.data import execution as execution_db
 from backend.data import graph as graph_db
-from backend.data.api_key import APIKeyInfo
+from backend.data import user as user_db
+from backend.data.auth.base import APIAuthorizationInfo
 from backend.data.block import BlockInput, CompletedBlockOutput
 from backend.executor.utils import add_graph_execution
 from backend.server.external.middleware import require_permission
@@ -24,27 +26,33 @@ logger = logging.getLogger(__name__)
 v1_router = APIRouter()
 
 
-class NodeOutput(TypedDict):
-    key: str
-    value: Any
+class UserInfoResponse(BaseModel):
+    id: str
+    name: Optional[str]
+    email: str
+    timezone: str = Field(
+        description="The user's last known timezone (e.g. 'Europe/Amsterdam'), "
+        "or 'not-set' if not set"
+    )
 
 
-class ExecutionNode(TypedDict):
-    node_id: str
-    input: Any
-    output: dict[str, Any]
+@v1_router.get(
+    path="/me",
+    tags=["user", "meta"],
+)
+async def get_user_info(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.IDENTITY)
+    ),
+) -> UserInfoResponse:
+    user = await user_db.get_user_by_id(auth.user_id)
 
-
-class ExecutionNodeOutput(TypedDict):
-    node_id: str
-    outputs: list[NodeOutput]
-
-
-class GraphExecutionResult(TypedDict):
-    execution_id: str
-    status: str
-    nodes: list[ExecutionNode]
-    output: Optional[list[dict[str, str]]]
+    return UserInfoResponse(
+        id=user.id,
+        name=user.name,
+        email=user.email,
+        timezone=user.timezone,
+    )
 
 
 @v1_router.get(
@@ -65,7 +73,9 @@ async def get_graph_blocks() -> Sequence[dict[Any, Any]]:
 async def execute_graph_block(
     block_id: str,
     data: BlockInput,
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.EXECUTE_BLOCK)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.EXECUTE_BLOCK)
+    ),
 ) -> CompletedBlockOutput:
     obj = backend.data.block.get_block(block_id)
     if not obj:
@@ -85,12 +95,14 @@ async def execute_graph(
     graph_id: str,
     graph_version: int,
     node_input: Annotated[dict[str, Any], Body(..., embed=True, default_factory=dict)],
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.EXECUTE_GRAPH)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.EXECUTE_GRAPH)
+    ),
 ) -> dict[str, Any]:
     try:
         graph_exec = await add_graph_execution(
             graph_id=graph_id,
-            user_id=api_key.user_id,
+            user_id=auth.user_id,
             inputs=node_input,
             graph_version=graph_version,
         )
@@ -100,6 +112,19 @@ async def execute_graph(
         raise HTTPException(status_code=400, detail=msg)
 
 
+class ExecutionNode(TypedDict):
+    node_id: str
+    input: Any
+    output: dict[str, Any]
+
+
+class GraphExecutionResult(TypedDict):
+    execution_id: str
+    status: str
+    nodes: list[ExecutionNode]
+    output: Optional[list[dict[str, str]]]
+
+
 @v1_router.get(
     path="/graphs/{graph_id}/executions/{graph_exec_id}/results",
     tags=["graphs"],
@@ -107,10 +132,12 @@ async def execute_graph(
 async def get_graph_execution_results(
     graph_id: str,
     graph_exec_id: str,
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.READ_GRAPH)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_GRAPH)
+    ),
 ) -> GraphExecutionResult:
     graph_exec = await execution_db.get_graph_execution(
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
         execution_id=graph_exec_id,
         include_node_executions=True,
     )
@@ -122,7 +149,7 @@ async def get_graph_execution_results(
     if not await graph_db.get_graph(
         graph_id=graph_exec.graph_id,
         version=graph_exec.graph_version,
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
     ):
         raise HTTPException(status_code=404, detail=f"Graph #{graph_id} not found.")
 

autogpt_platform/backend/backend/server/integrations/router.py

@@ -33,7 +33,11 @@ from backend.data.model import (
     OAuth2Credentials,
     UserIntegrations,
 )
-from backend.data.onboarding import OnboardingStep, complete_onboarding_step
+from backend.data.onboarding import (
+    OnboardingStep,
+    complete_onboarding_step,
+    increment_runs,
+)
 from backend.data.user import get_user_integrations
 from backend.executor.utils import add_graph_execution
 from backend.integrations.ayrshare import AyrshareClient, SocialPlatform
@@ -377,6 +381,7 @@ async def webhook_ingress_generic(
         return
 
     await complete_onboarding_step(user_id, OnboardingStep.TRIGGER_WEBHOOK)
+    await increment_runs(user_id)
 
     # Execute all triggers concurrently for better performance
     tasks = []