fix(backend): add missing metadata attribute to mock nodes in SmartDecisionMaker tests (#11750 )

This PR fixes failing SmartDecisionMaker tests by adding missing `metadata` attribute to mock nodes. ### Changes 🏗️ Mock nodes in SmartDecisionMaker tests were missing the `metadata = {}` attribute, which was introduced in commit 4a52b7eca for the customized_name feature. This caused tests to fail with: ``` TypeError: expected string or bytes-like object, got 'Mock' ``` **Files fixed**: - `backend/blocks/test/test_smart_decision_maker_dict.py`: Added `metadata = {}` to mock nodes in all 3 tests - `backend/blocks/test/test_smart_decision_maker_dynamic_fields.py`: Added `metadata = {}` to mock nodes in all 8 tests **Root cause**: The `_create_block_function_signature` method calls `sink_node.metadata.get("customized_name")`, but mock nodes in tests didn't have the metadata attribute initialized. ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Run `poetry run pytest backend/blocks/test/test_smart_decision_maker_dict.py -xvs` - 3 passed - [x] Run `poetry run pytest backend/blocks/test/test_smart_decision_maker_dynamic_fields.py -xvs` - 8 passed - [x] All tests pass successfully  ## Summary by CodeRabbit ## Release Notes * **Tests** * Updated test infrastructure to enhance mock object configuration for improved test reliability and consistency across test suites. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub>
Merge branch 'master' of github.com:Significant-Gravitas/AutoGPT into dev
2026-01-12 00:28:31 -05:00 · 2026-01-11 17:00:36 -06:00 · 2026-01-11 13:09:23 -06:00 · 2026-01-12 02:08:12 +07:00 · 2026-01-09 16:51:39 -07:00 · 2026-01-09 21:14:37 +00:00
620 changed files with 32417 additions and 16854 deletions
--- a/.branchlet.json
+++ b/.branchlet.json
@@ -0,0 +1,37 @@
+{
+  "worktreeCopyPatterns": [
+    ".env*",
+    ".vscode/**",
+    ".auth/**",
+    ".claude/**",
+    "autogpt_platform/.env*",
+    "autogpt_platform/backend/.env*",
+    "autogpt_platform/frontend/.env*",
+    "autogpt_platform/frontend/.auth/**",
+    "autogpt_platform/db/docker/.env*"
+  ],
+  "worktreeCopyIgnores": [
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/.git/**",
+    "**/Thumbs.db",
+    "**/.DS_Store",
+    "**/.next/**",
+    "**/__pycache__/**",
+    "**/.ruff_cache/**",
+    "**/.pytest_cache/**",
+    "**/*.pyc",
+    "**/playwright-report/**",
+    "**/logs/**",
+    "**/site/**"
+  ],
+  "worktreePathTemplate": "$BASE_PATH.worktree",
+  "postCreateCmd": [
+    "cd autogpt_platform/autogpt_libs && poetry install",
+    "cd autogpt_platform/backend && poetry install && poetry run prisma generate",
+    "cd autogpt_platform/frontend && pnpm install",
+    "cd docs && pip install -r requirements.txt"
+  ],
+  "terminalCommand": "code .",
+  "deleteBranchWithWorktree": false
+}
--- a/.dockerignore
+++ b/.dockerignore
@@ -16,6 +16,7 @@
 !autogpt_platform/backend/poetry.lock
 !autogpt_platform/backend/README.md
 !autogpt_platform/backend/.env
+!autogpt_platform/backend/gen_prisma_types_stub.py

 # Platform - Market
 !autogpt_platform/market/market/
--- a/.github/workflows/claude-dependabot.yml
+++ b/.github/workflows/claude-dependabot.yml
@@ -74,7 +74,7 @@ jobs:

      - name: Generate Prisma Client
        working-directory: autogpt_platform/backend
-        run: poetry run prisma generate
+        run: poetry run prisma generate && poetry run gen-prisma-stub

      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
      - name: Set up Node.js
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -90,7 +90,7 @@ jobs:

      - name: Generate Prisma Client
        working-directory: autogpt_platform/backend
-        run: poetry run prisma generate
+        run: poetry run prisma generate && poetry run gen-prisma-stub

      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
      - name: Set up Node.js
--- a/.github/workflows/copilot-setup-steps.yml
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -72,7 +72,7 @@ jobs:

      - name: Generate Prisma Client
        working-directory: autogpt_platform/backend
-        run: poetry run prisma generate
+        run: poetry run prisma generate && poetry run gen-prisma-stub

      # Frontend Node.js/pnpm setup (mirrors platform-frontend-ci.yml)
      - name: Set up Node.js
@@ -108,6 +108,16 @@ jobs:
      #   run: pnpm playwright install --with-deps chromium

      # Docker setup for development environment
+      - name: Free up disk space
+        run: |
+          # Remove large unused tools to free disk space for Docker builds
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/lib/android
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /opt/hostedtoolcache/CodeQL
+          sudo docker system prune -af
+          df -h
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

--- a/.github/workflows/platform-backend-ci.yml
+++ b/.github/workflows/platform-backend-ci.yml
@@ -32,9 +32,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        # Use Python 3.13 to match Docker image (see backend/Dockerfile)
-        # ClamAV tests moved to platform-backend-security-ci.yml (runs on merge to master)
-        python-version: ["3.13"]
+        python-version: ["3.11", "3.12", "3.13"]
    runs-on: ubuntu-latest

    services:
@@ -50,6 +48,23 @@ jobs:
        env:
          RABBITMQ_DEFAULT_USER: ${{ env.RABBITMQ_DEFAULT_USER }}
          RABBITMQ_DEFAULT_PASS: ${{ env.RABBITMQ_DEFAULT_PASS }}
+      clamav:
+        image: clamav/clamav-debian:latest
+        ports:
+          - 3310:3310
+        env:
+          CLAMAV_NO_FRESHCLAMD: false
+          CLAMD_CONF_StreamMaxLength: 50M
+          CLAMD_CONF_MaxFileSize: 100M
+          CLAMD_CONF_MaxScanSize: 100M
+          CLAMD_CONF_MaxThreads: 4
+          CLAMD_CONF_ReadTimeout: 300
+        options: >-
+          --health-cmd "clamdscan --version || exit 1"
+          --health-interval 30s
+          --health-timeout 10s
+          --health-retries 5
+          --health-start-period 180s

    steps:
      - name: Checkout repository
@@ -119,7 +134,7 @@ jobs:
        run: poetry install

      - name: Generate Prisma Client
-        run: poetry run prisma generate
+        run: poetry run prisma generate && poetry run gen-prisma-stub

      - id: supabase
        name: Start Supabase
@@ -131,6 +146,35 @@ jobs:
        # outputs:
        # DB_URL, API_URL, GRAPHQL_URL, ANON_KEY, SERVICE_ROLE_KEY, JWT_SECRET

+      - name: Wait for ClamAV to be ready
+        run: |
+          echo "Waiting for ClamAV daemon to start..."
+          max_attempts=60
+          attempt=0
+          
+          until nc -z localhost 3310 || [ $attempt -eq $max_attempts ]; do
+            echo "ClamAV is unavailable - sleeping (attempt $((attempt+1))/$max_attempts)"
+            sleep 5
+            attempt=$((attempt+1))
+          done
+          
+          if [ $attempt -eq $max_attempts ]; then
+            echo "ClamAV failed to start after $((max_attempts*5)) seconds"
+            echo "Checking ClamAV service logs..."
+            docker logs $(docker ps -q --filter "ancestor=clamav/clamav-debian:latest") 2>&1 | tail -50 || echo "No ClamAV container found"
+            exit 1
+          fi
+          
+          echo "ClamAV is ready!"
+          
+          # Verify ClamAV is responsive
+          echo "Testing ClamAV connection..."
+          timeout 10 bash -c 'echo "PING" | nc localhost 3310' || {
+            echo "ClamAV is not responding to PING"
+            docker logs $(docker ps -q --filter "ancestor=clamav/clamav-debian:latest") 2>&1 | tail -50 || echo "No ClamAV container found"
+            exit 1
+          }
+
      - name: Run Database Migrations
        run: poetry run prisma migrate dev --name updates
        env:
--- a/.github/workflows/platform-backend-security-ci.yml
+++ b/.github/workflows/platform-backend-security-ci.yml
@@ -1,145 +0,0 @@
-name: AutoGPT Platform - Backend Security CI
-
-# This workflow runs ClamAV-dependent security tests.
-# It only runs on merge to master to avoid the 3-5 minute ClamAV startup time on every PR.
-
-on:
-  push:
-    branches: [master]
-    paths:
-      - "autogpt_platform/backend/**/file*.py"
-      - "autogpt_platform/backend/**/scan*.py"
-      - "autogpt_platform/backend/**/virus*.py"
-      - "autogpt_platform/backend/**/media*.py"
-      - ".github/workflows/platform-backend-security-ci.yml"
-
-concurrency:
-  group: ${{ format('backend-security-ci-{0}', github.sha) }}
-  cancel-in-progress: false
-
-defaults:
-  run:
-    shell: bash
-    working-directory: autogpt_platform/backend
-
-jobs:
-  security-tests:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-
-    services:
-      redis:
-        image: redis:latest
-        ports:
-          - 6379:6379
-      clamav:
-        image: clamav/clamav-debian:latest
-        ports:
-          - 3310:3310
-        env:
-          CLAMAV_NO_FRESHCLAMD: false
-          CLAMD_CONF_StreamMaxLength: 50M
-          CLAMD_CONF_MaxFileSize: 100M
-          CLAMD_CONF_MaxScanSize: 100M
-          CLAMD_CONF_MaxThreads: 4
-          CLAMD_CONF_ReadTimeout: 300
-        options: >-
-          --health-cmd "clamdscan --version || exit 1"
-          --health-interval 30s
-          --health-timeout 10s
-          --health-retries 5
-          --health-start-period 180s
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: true
-
-      - name: Set up Python 3.13
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.13"
-
-      - name: Setup Supabase
-        uses: supabase/setup-cli@v1
-        with:
-          version: 1.178.1
-
-      - name: Set up Python dependency cache
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/pypoetry
-          key: poetry-${{ runner.os }}-${{ hashFiles('autogpt_platform/backend/poetry.lock') }}
-
-      - name: Install Poetry
-        run: |
-          HEAD_POETRY_VERSION=$(python ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry)
-          echo "Using Poetry version ${HEAD_POETRY_VERSION}"
-          curl -sSL https://install.python-poetry.org | POETRY_VERSION=$HEAD_POETRY_VERSION python3 -
-
-      - name: Install Python dependencies
-        run: poetry install
-
-      - name: Generate Prisma Client
-        run: poetry run prisma generate
-
-      - id: supabase
-        name: Start Supabase
-        working-directory: .
-        run: |
-          supabase init
-          supabase start --exclude postgres-meta,realtime,storage-api,imgproxy,inbucket,studio,edge-runtime,logflare,vector,supavisor
-          supabase status -o env | sed 's/="/=/; s/"$//' >> $GITHUB_OUTPUT
-
-      - name: Wait for ClamAV to be ready
-        run: |
-          echo "Waiting for ClamAV daemon to start..."
-          max_attempts=60
-          attempt=0
-
-          until nc -z localhost 3310 || [ $attempt -eq $max_attempts ]; do
-            echo "ClamAV is unavailable - sleeping (attempt $((attempt+1))/$max_attempts)"
-            sleep 5
-            attempt=$((attempt+1))
-          done
-
-          if [ $attempt -eq $max_attempts ]; then
-            echo "ClamAV failed to start after $((max_attempts*5)) seconds"
-            exit 1
-          fi
-
-          echo "ClamAV is ready!"
-
-      - name: Run Database Migrations
-        run: poetry run prisma migrate dev --name updates
-        env:
-          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
-          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
-
-      - name: Run security-related tests
-        run: |
-          poetry run pytest -v \
-            backend/util/virus_scanner_test.py \
-            backend/util/file_test.py \
-            backend/server/v2/store/media_test.py \
-            -x
-        env:
-          DATABASE_URL: ${{ steps.supabase.outputs.DB_URL }}
-          DIRECT_URL: ${{ steps.supabase.outputs.DB_URL }}
-          SUPABASE_URL: ${{ steps.supabase.outputs.API_URL }}
-          SUPABASE_SERVICE_ROLE_KEY: ${{ steps.supabase.outputs.SERVICE_ROLE_KEY }}
-          JWT_VERIFY_KEY: ${{ steps.supabase.outputs.JWT_SECRET }}
-          REDIS_HOST: "localhost"
-          REDIS_PORT: "6379"
-          ENCRYPTION_KEY: "dvziYgz0KSK8FENhju0ZYi8-fRTfAdlz6YLhdB_jhNw="
-          CLAMAV_SERVICE_HOST: "localhost"
-          CLAMAV_SERVICE_PORT: "3310"
-          CLAMAV_SERVICE_ENABLED: "true"
-
-    env:
-      CI: true
-      PLAIN_OUTPUT: True
-      RUN_ENV: local
-      PORT: 8080
--- a/.github/workflows/platform-frontend-ci.yml
+++ b/.github/workflows/platform-frontend-ci.yml
@@ -154,78 +154,35 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

-      # Docker image tar caching - loads images from cache in parallel for faster startup
-      - name: Set up Docker image cache
-        id: docker-cache
+      - name: Cache Docker layers
        uses: actions/cache@v4
        with:
-          path: ~/docker-cache
-          key: docker-images-frontend-${{ runner.os }}-${{ hashFiles('autogpt_platform/docker-compose.yml') }}
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-frontend-test-${{ hashFiles('autogpt_platform/docker-compose.yml', 'autogpt_platform/backend/Dockerfile', 'autogpt_platform/backend/pyproject.toml', 'autogpt_platform/backend/poetry.lock') }}
          restore-keys: |
-            docker-images-frontend-${{ runner.os }}-
-
-      - name: Load or pull Docker images
-        working-directory: autogpt_platform
-        run: |
-          mkdir -p ~/docker-cache
-
-          # Define image list for easy maintenance
-          IMAGES=(
-            "redis:latest"
-            "rabbitmq:management"
-            "kong:2.8.1"
-            "supabase/gotrue:v2.170.0"
-            "supabase/postgres:15.8.1.049"
-          )
-
-          # Check if any cached tar files exist
-          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
-            echo "Docker cache found, loading images in parallel..."
-            for image in "${IMAGES[@]}"; do
-              filename=$(echo "$image" | tr ':/' '--')
-              if [ -f ~/docker-cache/${filename}.tar ]; then
-                echo "Loading $image..."
-                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
-              fi
-            done
-            wait
-            echo "All cached images loaded"
-          else
-            echo "No Docker cache found, pulling images in parallel..."
-            for image in "${IMAGES[@]}"; do
-              docker pull "$image" &
-            done
-            wait
-
-            # Only save cache on main branches (not PRs) to avoid cache pollution
-            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
-              echo "Saving Docker images to cache in parallel..."
-              for image in "${IMAGES[@]}"; do
-                filename=$(echo "$image" | tr ':/' '--')
-                echo "Saving $image..."
-                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
-              done
-              wait
-              echo "Docker image cache saved"
-            else
-              echo "Skipping cache save for PR/feature branch"
-            fi
-          fi
-
-          echo "Docker images ready for use"
+            ${{ runner.os }}-buildx-frontend-test-

      - name: Run docker compose
        run: |
          NEXT_PUBLIC_PW_TEST=true docker compose -f ../docker-compose.yml up -d
        env:
          DOCKER_BUILDKIT: 1
+          BUILDX_CACHE_FROM: type=local,src=/tmp/.buildx-cache
+          BUILDX_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          if [ -d "/tmp/.buildx-cache-new" ]; then
+            mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          fi

      - name: Wait for services to be ready
        run: |
          echo "Waiting for rest_server to be ready..."
-          timeout 30 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
+          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
          echo "Waiting for database to be ready..."
-          timeout 30 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
+          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."

      - name: Create E2E test data
        run: |
@@ -264,27 +221,9 @@ jobs:
      - name: Install dependencies
        run: pnpm install --frozen-lockfile

-      # Playwright browser caching - saves 30-60s when cache hits
-      - name: Get Playwright version
-        id: playwright-version
-        run: |
-          echo "version=$(pnpm list @playwright/test --json | jq -r '.[0].dependencies["@playwright/test"].version')" >> $GITHUB_OUTPUT
-
-      - name: Cache Playwright browsers
-        uses: actions/cache@v4
-        id: playwright-cache
-        with:
-          path: ~/.cache/ms-playwright
-          key: playwright-${{ runner.os }}-${{ steps.playwright-version.outputs.version }}
-
-      - name: Install Playwright browsers
-        if: steps.playwright-cache.outputs.cache-hit != 'true'
+      - name: Install Browser 'chromium'
        run: pnpm playwright install --with-deps chromium

-      - name: Install Playwright deps only (when cache hit)
-        if: steps.playwright-cache.outputs.cache-hit == 'true'
-        run: pnpm playwright install-deps chromium
-
      - name: Run Playwright tests
        run: pnpm test:no-build

--- a/.github/workflows/platform-fullstack-ci.yml
+++ b/.github/workflows/platform-fullstack-ci.yml
@@ -83,66 +83,6 @@ jobs:
        run: |
          cp ../backend/.env.default ../backend/.env

-      # Docker image tar caching - loads images from cache in parallel for faster startup
-      - name: Set up Docker image cache
-        id: docker-cache
-        uses: actions/cache@v4
-        with:
-          path: ~/docker-cache
-          key: docker-images-fullstack-${{ runner.os }}-${{ hashFiles('autogpt_platform/docker-compose.yml') }}
-          restore-keys: |
-            docker-images-fullstack-${{ runner.os }}-
-
-      - name: Load or pull Docker images
-        working-directory: autogpt_platform
-        run: |
-          mkdir -p ~/docker-cache
-
-          # Define image list for easy maintenance
-          IMAGES=(
-            "redis:latest"
-            "rabbitmq:management"
-            "kong:2.8.1"
-            "supabase/gotrue:v2.170.0"
-            "supabase/postgres:15.8.1.049"
-          )
-
-          # Check if any cached tar files exist
-          if ls ~/docker-cache/*.tar 1> /dev/null 2>&1; then
-            echo "Docker cache found, loading images in parallel..."
-            for image in "${IMAGES[@]}"; do
-              filename=$(echo "$image" | tr ':/' '--')
-              if [ -f ~/docker-cache/${filename}.tar ]; then
-                echo "Loading $image..."
-                docker load -i ~/docker-cache/${filename}.tar || echo "Warning: Failed to load $image from cache" &
-              fi
-            done
-            wait
-            echo "All cached images loaded"
-          else
-            echo "No Docker cache found, pulling images in parallel..."
-            for image in "${IMAGES[@]}"; do
-              docker pull "$image" &
-            done
-            wait
-
-            # Only save cache on main branches (not PRs) to avoid cache pollution
-            if [[ "${{ github.ref }}" == "refs/heads/master" ]] || [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
-              echo "Saving Docker images to cache in parallel..."
-              for image in "${IMAGES[@]}"; do
-                filename=$(echo "$image" | tr ':/' '--')
-                echo "Saving $image..."
-                docker save -o ~/docker-cache/${filename}.tar "$image" || echo "Warning: Failed to save $image" &
-              done
-              wait
-              echo "Docker image cache saved"
-            else
-              echo "Skipping cache save for PR/feature branch"
-            fi
-          fi
-
-          echo "Docker images ready for use"
-
      - name: Run docker compose
        run: |
          docker compose -f ../docker-compose.yml --profile local --profile deps_backend up -d
@@ -164,9 +104,9 @@ jobs:
      - name: Wait for services to be ready
        run: |
          echo "Waiting for rest_server to be ready..."
-          timeout 30 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
+          timeout 60 sh -c 'until curl -f http://localhost:8006/health 2>/dev/null; do sleep 2; done' || echo "Rest server health check timeout, continuing..."
          echo "Waiting for database to be ready..."
-          timeout 30 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."
+          timeout 60 sh -c 'until docker compose -f ../docker-compose.yml exec -T db pg_isready -U postgres 2>/dev/null; do sleep 2; done' || echo "Database ready check timeout, continuing..."

      - name: Generate API queries
        run: pnpm generate:api:force
--- a/autogpt_platform/Makefile
+++ b/autogpt_platform/Makefile
@@ -12,6 +12,7 @@ reset-db:
 	rm -rf db/docker/volumes/db/data
 	cd backend && poetry run prisma migrate deploy
 	cd backend && poetry run prisma generate
+	cd backend && poetry run gen-prisma-stub
 	
 # View logs for core services
 logs-core:
@@ -33,6 +34,7 @@ init-env:
 migrate:
 	cd backend && poetry run prisma migrate deploy
 	cd backend && poetry run prisma generate
+	cd backend && poetry run gen-prisma-stub

 run-backend:
 	cd backend && poetry run app
--- a/autogpt_platform/autogpt_libs/autogpt_libs/api_key/keysmith.py
+++ b/autogpt_platform/autogpt_libs/autogpt_libs/api_key/keysmith.py
@@ -57,6 +57,9 @@ class APIKeySmith:

    def hash_key(self, raw_key: str) -> tuple[str, str]:
        """Migrate a legacy hash to secure hash format."""
+        if not raw_key.startswith(self.PREFIX):
+            raise ValueError("Key without 'agpt_' prefix would fail validation")
+
        salt = self._generate_salt()
        hash = self._hash_key_with_salt(raw_key, salt)
        return hash, salt.hex()
--- a/autogpt_platform/autogpt_libs/autogpt_libs/auth/helpers.py
+++ b/autogpt_platform/autogpt_libs/autogpt_libs/auth/helpers.py
@@ -1,29 +1,25 @@
 from fastapi import FastAPI
-from fastapi.openapi.utils import get_openapi

 from .jwt_utils import bearer_jwt_auth


 def add_auth_responses_to_openapi(app: FastAPI) -> None:
    """
-    Set up custom OpenAPI schema generation that adds 401 responses
+    Patch a FastAPI instance's `openapi()` method to add 401 responses
    to all authenticated endpoints.

    This is needed when using HTTPBearer with auto_error=False to get proper
    401 responses instead of 403, but FastAPI only automatically adds security
    responses when auto_error=True.
    """
+    # Wrap current method to allow stacking OpenAPI schema modifiers like this
+    wrapped_openapi = app.openapi

    def custom_openapi():
        if app.openapi_schema:
            return app.openapi_schema

-        openapi_schema = get_openapi(
-            title=app.title,
-            version=app.version,
-            description=app.description,
-            routes=app.routes,
-        )
+        openapi_schema = wrapped_openapi()

        # Add 401 response to all endpoints that have security requirements
        for path, methods in openapi_schema["paths"].items():
--- a/autogpt_platform/backend/Dockerfile
+++ b/autogpt_platform/backend/Dockerfile
@@ -48,7 +48,8 @@ RUN poetry install --no-ansi --no-root
 # Generate Prisma client
 COPY autogpt_platform/backend/schema.prisma ./
 COPY autogpt_platform/backend/backend/data/partial_types.py ./backend/data/partial_types.py
-RUN poetry run prisma generate
+COPY autogpt_platform/backend/gen_prisma_types_stub.py ./
+RUN poetry run prisma generate && poetry run gen-prisma-stub

 FROM debian:13-slim AS server_dependencies

--- a/autogpt_platform/backend/TESTING.md
+++ b/autogpt_platform/backend/TESTING.md
@@ -108,7 +108,7 @@ import fastapi.testclient
 import pytest
 from pytest_snapshot.plugin import Snapshot

-from backend.server.v2.myroute import router
+from backend.api.features.myroute import router

 app = fastapi.FastAPI()
 app.include_router(router)
@@ -149,7 +149,7 @@ These provide the easiest way to set up authentication mocking in test modules:
 import fastapi
 import fastapi.testclient
 import pytest
-from backend.server.v2.myroute import router
+from backend.api.features.myroute import router

 app = fastapi.FastAPI()
 app.include_router(router)
--- a/autogpt_platform/backend/backend/server/init.py
+++ b/autogpt_platform/backend/backend/server/init.py
--- a/autogpt_platform/backend/backend/server/conftest.py
+++ b/autogpt_platform/backend/backend/server/conftest.py
--- a/autogpt_platform/backend/backend/server/conn_manager.py
+++ b/autogpt_platform/backend/backend/server/conn_manager.py
@@ -3,12 +3,12 @@ from typing import Dict, Set

 from fastapi import WebSocket

+from backend.api.model import NotificationPayload, WSMessage, WSMethod
 from backend.data.execution import (
    ExecutionEventType,
    GraphExecutionEvent,
    NodeExecutionEvent,
 )
-from backend.server.model import NotificationPayload, WSMessage, WSMethod

 _EVENT_TYPE_TO_METHOD_MAP: dict[ExecutionEventType, WSMethod] = {
    ExecutionEventType.GRAPH_EXEC_UPDATE: WSMethod.GRAPH_EXECUTION_EVENT,
--- a/autogpt_platform/backend/backend/server/conn_manager_test.py
+++ b/autogpt_platform/backend/backend/server/conn_manager_test.py
@@ -4,13 +4,13 @@ from unittest.mock import AsyncMock
 import pytest
 from fastapi import WebSocket

+from backend.api.conn_manager import ConnectionManager
+from backend.api.model import NotificationPayload, WSMessage, WSMethod
 from backend.data.execution import (
    ExecutionStatus,
    GraphExecutionEvent,
    NodeExecutionEvent,
 )
-from backend.server.conn_manager import ConnectionManager
-from backend.server.model import NotificationPayload, WSMessage, WSMethod


@pytest.fixture
--- a/autogpt_platform/backend/backend/api/external/fastapi_app.py
+++ b/autogpt_platform/backend/backend/api/external/fastapi_app.py
@@ -0,0 +1,25 @@
+from fastapi import FastAPI
+
+from backend.api.middleware.security import SecurityHeadersMiddleware
+from backend.monitoring.instrumentation import instrument_fastapi
+
+from .v1.routes import v1_router
+
+external_api = FastAPI(
+    title="AutoGPT External API",
+    description="External API for AutoGPT integrations",
+    docs_url="/docs",
+    version="1.0",
+)
+
+external_api.add_middleware(SecurityHeadersMiddleware)
+external_api.include_router(v1_router, prefix="/v1")
+
+# Add Prometheus instrumentation
+instrument_fastapi(
+    external_api,
+    service_name="external-api",
+    expose_endpoint=True,
+    endpoint="/metrics",
+    include_in_schema=True,
+)
--- a/autogpt_platform/backend/backend/api/external/middleware.py
+++ b/autogpt_platform/backend/backend/api/external/middleware.py
@@ -0,0 +1,107 @@
+from fastapi import HTTPException, Security, status
+from fastapi.security import APIKeyHeader, HTTPAuthorizationCredentials, HTTPBearer
+from prisma.enums import APIKeyPermission
+
+from backend.data.auth.api_key import APIKeyInfo, validate_api_key
+from backend.data.auth.base import APIAuthorizationInfo
+from backend.data.auth.oauth import (
+    InvalidClientError,
+    InvalidTokenError,
+    OAuthAccessTokenInfo,
+    validate_access_token,
+)
+
+api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
+bearer_auth = HTTPBearer(auto_error=False)
+
+
+async def require_api_key(api_key: str | None = Security(api_key_header)) -> APIKeyInfo:
+    """Middleware for API key authentication only"""
+    if api_key is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Missing API key"
+        )
+
+    api_key_obj = await validate_api_key(api_key)
+
+    if not api_key_obj:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API key"
+        )
+
+    return api_key_obj
+
+
+async def require_access_token(
+    bearer: HTTPAuthorizationCredentials | None = Security(bearer_auth),
+) -> OAuthAccessTokenInfo:
+    """Middleware for OAuth access token authentication only"""
+    if bearer is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Missing Authorization header",
+        )
+
+    try:
+        token_info, _ = await validate_access_token(bearer.credentials)
+    except (InvalidClientError, InvalidTokenError) as e:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e))
+
+    return token_info
+
+
+async def require_auth(
+    api_key: str | None = Security(api_key_header),
+    bearer: HTTPAuthorizationCredentials | None = Security(bearer_auth),
+) -> APIAuthorizationInfo:
+    """
+    Unified authentication middleware supporting both API keys and OAuth tokens.
+
+    Supports two authentication methods, which are checked in order:
+    1. X-API-Key header (existing API key authentication)
+    2. Authorization: Bearer <token> header (OAuth access token)
+
+    Returns:
+        APIAuthorizationInfo: base class of both APIKeyInfo and OAuthAccessTokenInfo.
+    """
+    # Try API key first
+    if api_key is not None:
+        api_key_info = await validate_api_key(api_key)
+        if api_key_info:
+            return api_key_info
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API key"
+        )
+
+    # Try OAuth bearer token
+    if bearer is not None:
+        try:
+            token_info, _ = await validate_access_token(bearer.credentials)
+            return token_info
+        except (InvalidClientError, InvalidTokenError) as e:
+            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e))
+
+    # No credentials provided
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Missing authentication. Provide API key or access token.",
+    )
+
+
+def require_permission(permission: APIKeyPermission):
+    """
+    Dependency function for checking specific permissions
+    (works with API keys and OAuth tokens)
+    """
+
+    async def check_permission(
+        auth: APIAuthorizationInfo = Security(require_auth),
+    ) -> APIAuthorizationInfo:
+        if permission not in auth.scopes:
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=f"Missing required permission: {permission.value}",
+            )
+        return auth
+
+    return check_permission
--- a/autogpt_platform/backend/backend/server/external/routes/init.py
+++ b/autogpt_platform/backend/backend/server/external/routes/init.py
--- a/autogpt_platform/backend/backend/server/external/routes/integrations.py
+++ b/autogpt_platform/backend/backend/server/external/routes/integrations.py
@@ -16,7 +16,9 @@ from fastapi import APIRouter, Body, HTTPException, Path, Security, status
 from prisma.enums import APIKeyPermission
 from pydantic import BaseModel, Field, SecretStr

-from backend.data.api_key import APIKeyInfo
+from backend.api.external.middleware import require_permission
+from backend.api.features.integrations.models import get_all_provider_names
+from backend.data.auth.base import APIAuthorizationInfo
 from backend.data.model import (
    APIKeyCredentials,
    Credentials,
@@ -28,8 +30,6 @@ from backend.data.model import (
 from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.oauth import CREDENTIALS_BY_PROVIDER, HANDLERS_BY_NAME
 from backend.integrations.providers import ProviderName
-from backend.server.external.middleware import require_permission
-from backend.server.integrations.models import get_all_provider_names
 from backend.util.settings import Settings

 if TYPE_CHECKING:
@@ -255,7 +255,7 @@ def _get_oauth_handler_for_external(

@integrations_router.get("/providers", response_model=list[ProviderInfo])
 async def list_providers(
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
        require_permission(APIKeyPermission.READ_INTEGRATIONS)
    ),
 ) -> list[ProviderInfo]:
@@ -319,7 +319,7 @@ async def list_providers(
 async def initiate_oauth(
    provider: Annotated[str, Path(title="The OAuth provider")],
    request: OAuthInitiateRequest,
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
        require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
    ),
 ) -> OAuthInitiateResponse:
@@ -337,7 +337,10 @@ async def initiate_oauth(
    if not validate_callback_url(request.callback_url):
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
-            detail=f"Callback URL origin is not allowed. Allowed origins: {settings.config.external_oauth_callback_origins}",
+            detail=(
+                f"Callback URL origin is not allowed. "
+                f"Allowed origins: {settings.config.external_oauth_callback_origins}",
+            ),
        )

    # Validate provider
@@ -359,13 +362,15 @@ async def initiate_oauth(
    )

    # Store state token with external flow metadata
+    # Note: initiated_by_api_key_id is only available for API key auth, not OAuth
+    api_key_id = getattr(auth, "id", None) if auth.type == "api_key" else None
    state_token, code_challenge = await creds_manager.store.store_state_token(
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
        provider=provider if isinstance(provider_name, str) else provider_name.value,
        scopes=request.scopes,
        callback_url=request.callback_url,
        state_metadata=request.state_metadata,
-        initiated_by_api_key_id=api_key.id,
+        initiated_by_api_key_id=api_key_id,
    )

    # Build login URL
@@ -393,7 +398,7 @@ async def initiate_oauth(
 async def complete_oauth(
    provider: Annotated[str, Path(title="The OAuth provider")],
    request: OAuthCompleteRequest,
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
        require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
    ),
 ) -> OAuthCompleteResponse:
@@ -406,7 +411,7 @@ async def complete_oauth(
    """
    # Verify state token
    valid_state = await creds_manager.store.verify_state_token(
-        api_key.user_id, request.state_token, provider
+        auth.user_id, request.state_token, provider
    )

    if not valid_state:
@@ -453,7 +458,7 @@ async def complete_oauth(
        )

    # Store credentials
-    await creds_manager.create(api_key.user_id, credentials)
+    await creds_manager.create(auth.user_id, credentials)

    logger.info(f"Successfully completed external OAuth for provider {provider}")

@@ -470,7 +475,7 @@ async def complete_oauth(

@integrations_router.get("/credentials", response_model=list[CredentialSummary])
 async def list_credentials(
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
        require_permission(APIKeyPermission.READ_INTEGRATIONS)
    ),
 ) -> list[CredentialSummary]:
@@ -479,7 +484,7 @@ async def list_credentials(

    Returns metadata about each credential without exposing sensitive tokens.
    """
-    credentials = await creds_manager.store.get_all_creds(api_key.user_id)
+    credentials = await creds_manager.store.get_all_creds(auth.user_id)
    return [
        CredentialSummary(
            id=cred.id,
@@ -499,7 +504,7 @@ async def list_credentials(
 )
 async def list_credentials_by_provider(
    provider: Annotated[str, Path(title="The provider to list credentials for")],
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
        require_permission(APIKeyPermission.READ_INTEGRATIONS)
    ),
 ) -> list[CredentialSummary]:
@@ -507,7 +512,7 @@ async def list_credentials_by_provider(
    List credentials for a specific provider.
    """
    credentials = await creds_manager.store.get_creds_by_provider(
-        api_key.user_id, provider
+        auth.user_id, provider
    )
    return [
        CredentialSummary(
@@ -536,7 +541,7 @@ async def create_credential(
        CreateUserPasswordCredentialRequest,
        CreateHostScopedCredentialRequest,
    ] = Body(..., discriminator="type"),
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
        require_permission(APIKeyPermission.MANAGE_INTEGRATIONS)
    ),
 ) -> CreateCredentialResponse:
@@ -591,7 +596,7 @@ async def create_credential(

    # Store credentials
    try:
-        await creds_manager.create(api_key.user_id, credentials)
+        await creds_manager.create(auth.user_id, credentials)
    except Exception as e:
        logger.error(f"Failed to store credentials: {e}")
        raise HTTPException(
@@ -623,7 +628,7 @@ class DeleteCredentialResponse(BaseModel):
 async def delete_credential(
    provider: Annotated[str, Path(title="The provider")],
    cred_id: Annotated[str, Path(title="The credential ID to delete")],
-    api_key: APIKeyInfo = Security(
+    auth: APIAuthorizationInfo = Security(
        require_permission(APIKeyPermission.DELETE_INTEGRATIONS)
    ),
 ) -> DeleteCredentialResponse:
@@ -634,7 +639,7 @@ async def delete_credential(
    use the main API's delete endpoint which handles webhook cleanup and
    token revocation.
    """
-    creds = await creds_manager.store.get_creds_by_id(api_key.user_id, cred_id)
+    creds = await creds_manager.store.get_creds_by_id(auth.user_id, cred_id)
    if not creds:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND, detail="Credentials not found"
@@ -645,6 +650,6 @@ async def delete_credential(
            detail="Credentials do not match the specified provider",
        )

-    await creds_manager.delete(api_key.user_id, cred_id)
+    await creds_manager.delete(auth.user_id, cred_id)

    return DeleteCredentialResponse(deleted=True, credentials_id=cred_id)
--- a/autogpt_platform/backend/backend/server/external/routes/v1.py
+++ b/autogpt_platform/backend/backend/server/external/routes/v1.py
@@ -5,46 +5,60 @@ from typing import Annotated, Any, Literal, Optional, Sequence

 from fastapi import APIRouter, Body, HTTPException, Security
 from prisma.enums import AgentExecutionStatus, APIKeyPermission
+from pydantic import BaseModel, Field
 from typing_extensions import TypedDict

+import backend.api.features.store.cache as store_cache
+import backend.api.features.store.model as store_model
 import backend.data.block
-import backend.server.v2.store.cache as store_cache
-import backend.server.v2.store.model as store_model
+from backend.api.external.middleware import require_permission
 from backend.data import execution as execution_db
 from backend.data import graph as graph_db
-from backend.data.api_key import APIKeyInfo
+from backend.data import user as user_db
+from backend.data.auth.base import APIAuthorizationInfo
 from backend.data.block import BlockInput, CompletedBlockOutput
 from backend.executor.utils import add_graph_execution
-from backend.server.external.middleware import require_permission
 from backend.util.settings import Settings

+from .integrations import integrations_router
+from .tools import tools_router
+
 settings = Settings()
 logger = logging.getLogger(__name__)

 v1_router = APIRouter()

-
-class NodeOutput(TypedDict):
-    key: str
-    value: Any
+v1_router.include_router(integrations_router)
+v1_router.include_router(tools_router)


-class ExecutionNode(TypedDict):
-    node_id: str
-    input: Any
-    output: dict[str, Any]
+class UserInfoResponse(BaseModel):
+    id: str
+    name: Optional[str]
+    email: str
+    timezone: str = Field(
+        description="The user's last known timezone (e.g. 'Europe/Amsterdam'), "
+        "or 'not-set' if not set"
+    )


-class ExecutionNodeOutput(TypedDict):
-    node_id: str
-    outputs: list[NodeOutput]
+@v1_router.get(
+    path="/me",
+    tags=["user", "meta"],
+)
+async def get_user_info(
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.IDENTITY)
+    ),
+) -> UserInfoResponse:
+    user = await user_db.get_user_by_id(auth.user_id)

-
-class GraphExecutionResult(TypedDict):
-    execution_id: str
-    status: str
-    nodes: list[ExecutionNode]
-    output: Optional[list[dict[str, str]]]
+    return UserInfoResponse(
+        id=user.id,
+        name=user.name,
+        email=user.email,
+        timezone=user.timezone,
+    )


@v1_router.get(
@@ -65,7 +79,9 @@ async def get_graph_blocks() -> Sequence[dict[Any, Any]]:
 async def execute_graph_block(
    block_id: str,
    data: BlockInput,
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.EXECUTE_BLOCK)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.EXECUTE_BLOCK)
+    ),
 ) -> CompletedBlockOutput:
    obj = backend.data.block.get_block(block_id)
    if not obj:
@@ -85,12 +101,14 @@ async def execute_graph(
    graph_id: str,
    graph_version: int,
    node_input: Annotated[dict[str, Any], Body(..., embed=True, default_factory=dict)],
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.EXECUTE_GRAPH)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.EXECUTE_GRAPH)
+    ),
 ) -> dict[str, Any]:
    try:
        graph_exec = await add_graph_execution(
            graph_id=graph_id,
-            user_id=api_key.user_id,
+            user_id=auth.user_id,
            inputs=node_input,
            graph_version=graph_version,
        )
@@ -100,6 +118,19 @@ async def execute_graph(
        raise HTTPException(status_code=400, detail=msg)


+class ExecutionNode(TypedDict):
+    node_id: str
+    input: Any
+    output: dict[str, Any]
+
+
+class GraphExecutionResult(TypedDict):
+    execution_id: str
+    status: str
+    nodes: list[ExecutionNode]
+    output: Optional[list[dict[str, str]]]
+
+
@v1_router.get(
    path="/graphs/{graph_id}/executions/{graph_exec_id}/results",
    tags=["graphs"],
@@ -107,10 +138,12 @@ async def execute_graph(
 async def get_graph_execution_results(
    graph_id: str,
    graph_exec_id: str,
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.READ_GRAPH)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.READ_GRAPH)
+    ),
 ) -> GraphExecutionResult:
    graph_exec = await execution_db.get_graph_execution(
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
        execution_id=graph_exec_id,
        include_node_executions=True,
    )
@@ -122,7 +155,7 @@ async def get_graph_execution_results(
    if not await graph_db.get_graph(
        graph_id=graph_exec.graph_id,
        version=graph_exec.graph_version,
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
    ):
        raise HTTPException(status_code=404, detail=f"Graph #{graph_id} not found.")

--- a/autogpt_platform/backend/backend/server/external/routes/tools.py
+++ b/autogpt_platform/backend/backend/server/external/routes/tools.py
@@ -14,19 +14,19 @@ from fastapi import APIRouter, Security
 from prisma.enums import APIKeyPermission
 from pydantic import BaseModel, Field

-from backend.data.api_key import APIKeyInfo
-from backend.server.external.middleware import require_permission
-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.chat.tools import find_agent_tool, run_agent_tool
-from backend.server.v2.chat.tools.models import ToolResponseBase
+from backend.api.external.middleware import require_permission
+from backend.api.features.chat.model import ChatSession
+from backend.api.features.chat.tools import find_agent_tool, run_agent_tool
+from backend.api.features.chat.tools.models import ToolResponseBase
+from backend.data.auth.base import APIAuthorizationInfo

 logger = logging.getLogger(__name__)

 tools_router = APIRouter(prefix="/tools", tags=["tools"])

-# Note: We use Security() as a function parameter dependency (api_key: APIKeyInfo = Security(...))
+# Note: We use Security() as a function parameter dependency (auth: APIAuthorizationInfo = Security(...))
 # rather than in the decorator's dependencies= list. This avoids duplicate permission checks
-# while still enforcing auth AND giving us access to the api_key for extracting user_id.
+# while still enforcing auth AND giving us access to auth for extracting user_id.


 # Request models
@@ -80,7 +80,9 @@ def _create_ephemeral_session(user_id: str | None) -> ChatSession:
 )
 async def find_agent(
    request: FindAgentRequest,
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.USE_TOOLS)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.USE_TOOLS)
+    ),
 ) -> dict[str, Any]:
    """
    Search for agents in the marketplace based on capabilities and user needs.
@@ -91,9 +93,9 @@ async def find_agent(
    Returns:
        List of matching agents or no results response
    """
-    session = _create_ephemeral_session(api_key.user_id)
+    session = _create_ephemeral_session(auth.user_id)
    result = await find_agent_tool._execute(
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
        session=session,
        query=request.query,
    )
@@ -105,7 +107,9 @@ async def find_agent(
 )
 async def run_agent(
    request: RunAgentRequest,
-    api_key: APIKeyInfo = Security(require_permission(APIKeyPermission.USE_TOOLS)),
+    auth: APIAuthorizationInfo = Security(
+        require_permission(APIKeyPermission.USE_TOOLS)
+    ),
 ) -> dict[str, Any]:
    """
    Run or schedule an agent from the marketplace.
@@ -129,9 +133,9 @@ async def run_agent(
        - execution_started: If agent was run or scheduled successfully
        - error: If something went wrong
    """
-    session = _create_ephemeral_session(api_key.user_id)
+    session = _create_ephemeral_session(auth.user_id)
    result = await run_agent_tool._execute(
-        user_id=api_key.user_id,
+        user_id=auth.user_id,
        session=session,
        username_agent_slug=request.username_agent_slug,
        inputs=request.inputs,
--- a/autogpt_platform/backend/backend/server/routers/postmark/init.py
+++ b/autogpt_platform/backend/backend/server/routers/postmark/init.py
--- a/autogpt_platform/backend/backend/api/features/admin/init.py
+++ b/autogpt_platform/backend/backend/api/features/admin/init.py
--- a/autogpt_platform/backend/backend/api/features/admin/credit_admin_routes.py
+++ b/autogpt_platform/backend/backend/api/features/admin/credit_admin_routes.py
@@ -6,9 +6,10 @@ from fastapi import APIRouter, Body, Security
 from prisma.enums import CreditTransactionType

 from backend.data.credit import admin_get_user_history, get_user_credit_model
-from backend.server.v2.admin.model import AddUserCreditsResponse, UserHistoryResponse
 from backend.util.json import SafeJson

+from .model import AddUserCreditsResponse, UserHistoryResponse
+
 logger = logging.getLogger(__name__)


--- a/autogpt_platform/backend/backend/api/features/admin/credit_admin_routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/admin/credit_admin_routes_test.py
@@ -9,14 +9,15 @@ import pytest_mock
 from autogpt_libs.auth.jwt_utils import get_jwt_payload
 from pytest_snapshot.plugin import Snapshot

-import backend.server.v2.admin.credit_admin_routes as credit_admin_routes
-import backend.server.v2.admin.model as admin_model
 from backend.data.model import UserTransaction
 from backend.util.json import SafeJson
 from backend.util.models import Pagination

+from .credit_admin_routes import router as credit_admin_router
+from .model import UserHistoryResponse
+
 app = fastapi.FastAPI()
-app.include_router(credit_admin_routes.router)
+app.include_router(credit_admin_router)

 client = fastapi.testclient.TestClient(app)

@@ -30,7 +31,7 @@ def setup_app_admin_auth(mock_jwt_admin):


 def test_add_user_credits_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    configured_snapshot: Snapshot,
    admin_user_id: str,
    target_user_id: str,
@@ -42,7 +43,7 @@ def test_add_user_credits_success(
        return_value=(1500, "transaction-123-uuid")
    )
    mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.get_user_credit_model",
+        "backend.api.features.admin.credit_admin_routes.get_user_credit_model",
        return_value=mock_credit_model,
    )

@@ -84,7 +85,7 @@ def test_add_user_credits_success(


 def test_add_user_credits_negative_amount(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    snapshot: Snapshot,
 ) -> None:
    """Test credit deduction by admin (negative amount)"""
@@ -94,7 +95,7 @@ def test_add_user_credits_negative_amount(
        return_value=(200, "transaction-456-uuid")
    )
    mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.get_user_credit_model",
+        "backend.api.features.admin.credit_admin_routes.get_user_credit_model",
        return_value=mock_credit_model,
    )

@@ -119,12 +120,12 @@ def test_add_user_credits_negative_amount(


 def test_get_user_history_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    snapshot: Snapshot,
 ) -> None:
    """Test successful retrieval of user credit history"""
    # Mock the admin_get_user_history function
-    mock_history_response = admin_model.UserHistoryResponse(
+    mock_history_response = UserHistoryResponse(
        history=[
            UserTransaction(
                user_id="user-1",
@@ -150,7 +151,7 @@ def test_get_user_history_success(
    )

    mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.admin_get_user_history",
+        "backend.api.features.admin.credit_admin_routes.admin_get_user_history",
        return_value=mock_history_response,
    )

@@ -170,12 +171,12 @@ def test_get_user_history_success(


 def test_get_user_history_with_filters(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    snapshot: Snapshot,
 ) -> None:
    """Test user credit history with search and filter parameters"""
    # Mock the admin_get_user_history function
-    mock_history_response = admin_model.UserHistoryResponse(
+    mock_history_response = UserHistoryResponse(
        history=[
            UserTransaction(
                user_id="user-3",
@@ -194,7 +195,7 @@ def test_get_user_history_with_filters(
    )

    mock_get_history = mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.admin_get_user_history",
+        "backend.api.features.admin.credit_admin_routes.admin_get_user_history",
        return_value=mock_history_response,
    )

@@ -230,12 +231,12 @@ def test_get_user_history_with_filters(


 def test_get_user_history_empty_results(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    snapshot: Snapshot,
 ) -> None:
    """Test user credit history with no results"""
    # Mock empty history response
-    mock_history_response = admin_model.UserHistoryResponse(
+    mock_history_response = UserHistoryResponse(
        history=[],
        pagination=Pagination(
            total_items=0,
@@ -246,7 +247,7 @@ def test_get_user_history_empty_results(
    )

    mocker.patch(
-        "backend.server.v2.admin.credit_admin_routes.admin_get_user_history",
+        "backend.api.features.admin.credit_admin_routes.admin_get_user_history",
        return_value=mock_history_response,
    )

--- a/autogpt_platform/backend/backend/api/features/admin/execution_analytics_routes.py
+++ b/autogpt_platform/backend/backend/api/features/admin/execution_analytics_routes.py
--- a/autogpt_platform/backend/backend/api/features/admin/model.py
+++ b/autogpt_platform/backend/backend/api/features/admin/model.py
--- a/autogpt_platform/backend/backend/api/features/admin/store_admin_routes.py
+++ b/autogpt_platform/backend/backend/api/features/admin/store_admin_routes.py
@@ -7,9 +7,9 @@ import fastapi
 import fastapi.responses
 import prisma.enums

-import backend.server.v2.store.cache as store_cache
-import backend.server.v2.store.db
-import backend.server.v2.store.model
+import backend.api.features.store.cache as store_cache
+import backend.api.features.store.db as store_db
+import backend.api.features.store.model as store_model
 import backend.util.json

 logger = logging.getLogger(__name__)
@@ -24,7 +24,7 @@ router = fastapi.APIRouter(
@router.get(
    "/listings",
    summary="Get Admin Listings History",
-    response_model=backend.server.v2.store.model.StoreListingsWithVersionsResponse,
+    response_model=store_model.StoreListingsWithVersionsResponse,
 )
 async def get_admin_listings_with_versions(
    status: typing.Optional[prisma.enums.SubmissionStatus] = None,
@@ -48,7 +48,7 @@ async def get_admin_listings_with_versions(
        StoreListingsWithVersionsResponse with listings and their versions
    """
    try:
-        listings = await backend.server.v2.store.db.get_admin_listings_with_versions(
+        listings = await store_db.get_admin_listings_with_versions(
            status=status,
            search_query=search,
            page=page,
@@ -68,11 +68,11 @@ async def get_admin_listings_with_versions(
@router.post(
    "/submissions/{store_listing_version_id}/review",
    summary="Review Store Submission",
-    response_model=backend.server.v2.store.model.StoreSubmission,
+    response_model=store_model.StoreSubmission,
 )
 async def review_submission(
    store_listing_version_id: str,
-    request: backend.server.v2.store.model.ReviewSubmissionRequest,
+    request: store_model.ReviewSubmissionRequest,
    user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
 ):
    """
@@ -87,12 +87,10 @@ async def review_submission(
        StoreSubmission with updated review information
    """
    try:
-        already_approved = (
-            await backend.server.v2.store.db.check_submission_already_approved(
-                store_listing_version_id=store_listing_version_id,
-            )
+        already_approved = await store_db.check_submission_already_approved(
+            store_listing_version_id=store_listing_version_id,
        )
-        submission = await backend.server.v2.store.db.review_store_submission(
+        submission = await store_db.review_store_submission(
            store_listing_version_id=store_listing_version_id,
            is_approved=request.is_approved,
            external_comments=request.comments,
@@ -136,7 +134,7 @@ async def admin_download_agent_file(
    Raises:
        HTTPException: If the agent is not found or an unexpected error occurs.
    """
-    graph_data = await backend.server.v2.store.db.get_agent_as_admin(
+    graph_data = await store_db.get_agent_as_admin(
        user_id=user_id,
        store_listing_version_id=store_listing_version_id,
    )
--- a/autogpt_platform/backend/backend/server/routers/analytics.py
+++ b/autogpt_platform/backend/backend/server/routers/analytics.py
@@ -6,10 +6,11 @@ from typing import Annotated
 import fastapi
 import pydantic
 from autogpt_libs.auth import get_user_id
+from autogpt_libs.auth.dependencies import requires_user

 import backend.data.analytics

-router = fastapi.APIRouter()
+router = fastapi.APIRouter(dependencies=[fastapi.Security(requires_user)])
 logger = logging.getLogger(__name__)


--- a/autogpt_platform/backend/backend/api/features/analytics_test.py
+++ b/autogpt_platform/backend/backend/api/features/analytics_test.py
@@ -0,0 +1,340 @@
+"""Tests for analytics API endpoints."""
+
+import json
+from unittest.mock import AsyncMock, Mock
+
+import fastapi
+import fastapi.testclient
+import pytest
+import pytest_mock
+from pytest_snapshot.plugin import Snapshot
+
+from .analytics import router as analytics_router
+
+app = fastapi.FastAPI()
+app.include_router(analytics_router)
+
+client = fastapi.testclient.TestClient(app)
+
+
+@pytest.fixture(autouse=True)
+def setup_app_auth(mock_jwt_user):
+    """Setup auth overrides for all tests in this module."""
+    from autogpt_libs.auth.jwt_utils import get_jwt_payload
+
+    app.dependency_overrides[get_jwt_payload] = mock_jwt_user["get_jwt_payload"]
+    yield
+    app.dependency_overrides.clear()
+
+
+# =============================================================================
+# /log_raw_metric endpoint tests
+# =============================================================================
+
+
+def test_log_raw_metric_success(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    test_user_id: str,
+) -> None:
+    """Test successful raw metric logging."""
+    mock_result = Mock(id="metric-123-uuid")
+    mock_log_metric = mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "metric_name": "page_load_time",
+        "metric_value": 2.5,
+        "data_string": "/dashboard",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    assert response.status_code == 200, f"Unexpected response: {response.text}"
+    assert response.json() == "metric-123-uuid"
+
+    mock_log_metric.assert_called_once_with(
+        user_id=test_user_id,
+        metric_name="page_load_time",
+        metric_value=2.5,
+        data_string="/dashboard",
+    )
+
+    configured_snapshot.assert_match(
+        json.dumps({"metric_id": response.json()}, indent=2, sort_keys=True),
+        "analytics_log_metric_success",
+    )
+
+
+@pytest.mark.parametrize(
+    "metric_value,metric_name,data_string,test_id",
+    [
+        (100, "api_calls_count", "external_api", "integer_value"),
+        (0, "error_count", "no_errors", "zero_value"),
+        (-5.2, "temperature_delta", "cooling", "negative_value"),
+        (1.23456789, "precision_test", "float_precision", "float_precision"),
+        (999999999, "large_number", "max_value", "large_number"),
+        (0.0000001, "tiny_number", "min_value", "tiny_number"),
+    ],
+)
+def test_log_raw_metric_various_values(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    metric_value: float,
+    metric_name: str,
+    data_string: str,
+    test_id: str,
+) -> None:
+    """Test raw metric logging with various metric values."""
+    mock_result = Mock(id=f"metric-{test_id}-uuid")
+    mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "metric_name": metric_name,
+        "metric_value": metric_value,
+        "data_string": data_string,
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    assert response.status_code == 200, f"Failed for {test_id}: {response.text}"
+
+    configured_snapshot.assert_match(
+        json.dumps(
+            {"metric_id": response.json(), "test_case": test_id},
+            indent=2,
+            sort_keys=True,
+        ),
+        f"analytics_metric_{test_id}",
+    )
+
+
+@pytest.mark.parametrize(
+    "invalid_data,expected_error",
+    [
+        ({}, "Field required"),
+        ({"metric_name": "test"}, "Field required"),
+        (
+            {"metric_name": "test", "metric_value": "not_a_number", "data_string": "x"},
+            "Input should be a valid number",
+        ),
+        (
+            {"metric_name": "", "metric_value": 1.0, "data_string": "test"},
+            "String should have at least 1 character",
+        ),
+        (
+            {"metric_name": "test", "metric_value": 1.0, "data_string": ""},
+            "String should have at least 1 character",
+        ),
+    ],
+    ids=[
+        "empty_request",
+        "missing_metric_value_and_data_string",
+        "invalid_metric_value_type",
+        "empty_metric_name",
+        "empty_data_string",
+    ],
+)
+def test_log_raw_metric_validation_errors(
+    invalid_data: dict,
+    expected_error: str,
+) -> None:
+    """Test validation errors for invalid metric requests."""
+    response = client.post("/log_raw_metric", json=invalid_data)
+
+    assert response.status_code == 422
+    error_detail = response.json()
+    assert "detail" in error_detail, f"Missing 'detail' in error: {error_detail}"
+
+    error_text = json.dumps(error_detail)
+    assert (
+        expected_error in error_text
+    ), f"Expected '{expected_error}' in error response: {error_text}"
+
+
+def test_log_raw_metric_service_error(
+    mocker: pytest_mock.MockFixture,
+    test_user_id: str,
+) -> None:
+    """Test error handling when analytics service fails."""
+    mocker.patch(
+        "backend.data.analytics.log_raw_metric",
+        new_callable=AsyncMock,
+        side_effect=Exception("Database connection failed"),
+    )
+
+    request_data = {
+        "metric_name": "test_metric",
+        "metric_value": 1.0,
+        "data_string": "test",
+    }
+
+    response = client.post("/log_raw_metric", json=request_data)
+
+    assert response.status_code == 500
+    error_detail = response.json()["detail"]
+    assert "Database connection failed" in error_detail["message"]
+    assert "hint" in error_detail
+
+
+# =============================================================================
+# /log_raw_analytics endpoint tests
+# =============================================================================
+
+
+def test_log_raw_analytics_success(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+    test_user_id: str,
+) -> None:
+    """Test successful raw analytics logging."""
+    mock_result = Mock(id="analytics-789-uuid")
+    mock_log_analytics = mocker.patch(
+        "backend.data.analytics.log_raw_analytics",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "type": "user_action",
+        "data": {
+            "action": "button_click",
+            "button_id": "submit_form",
+            "timestamp": "2023-01-01T00:00:00Z",
+            "metadata": {"form_type": "registration", "fields_filled": 5},
+        },
+        "data_index": "button_click_submit_form",
+    }
+
+    response = client.post("/log_raw_analytics", json=request_data)
+
+    assert response.status_code == 200, f"Unexpected response: {response.text}"
+    assert response.json() == "analytics-789-uuid"
+
+    mock_log_analytics.assert_called_once_with(
+        test_user_id,
+        "user_action",
+        request_data["data"],
+        "button_click_submit_form",
+    )
+
+    configured_snapshot.assert_match(
+        json.dumps({"analytics_id": response.json()}, indent=2, sort_keys=True),
+        "analytics_log_analytics_success",
+    )
+
+
+def test_log_raw_analytics_complex_data(
+    mocker: pytest_mock.MockFixture,
+    configured_snapshot: Snapshot,
+) -> None:
+    """Test raw analytics logging with complex nested data structures."""
+    mock_result = Mock(id="analytics-complex-uuid")
+    mocker.patch(
+        "backend.data.analytics.log_raw_analytics",
+        new_callable=AsyncMock,
+        return_value=mock_result,
+    )
+
+    request_data = {
+        "type": "agent_execution",
+        "data": {
+            "agent_id": "agent_123",
+            "execution_id": "exec_456",
+            "status": "completed",
+            "duration_ms": 3500,
+            "nodes_executed": 15,
+            "blocks_used": [
+                {"block_id": "llm_block", "count": 3},
+                {"block_id": "http_block", "count": 5},
+                {"block_id": "code_block", "count": 2},
+            ],
+            "errors": [],
+            "metadata": {
+                "trigger": "manual",
+                "user_tier": "premium",
+                "environment": "production",
+            },
+        },
+        "data_index": "agent_123_exec_456",
+    }
+
+    response = client.post("/log_raw_analytics", json=request_data)
+
+    assert response.status_code == 200
+
+    configured_snapshot.assert_match(
+        json.dumps(
+            {"analytics_id": response.json(), "logged_data": request_data["data"]},
+            indent=2,
+            sort_keys=True,
+        ),
+        "analytics_log_analytics_complex_data",
+    )
+
+
+@pytest.mark.parametrize(
+    "invalid_data,expected_error",
+    [
+        ({}, "Field required"),
+        ({"type": "test"}, "Field required"),
+        (
+            {"type": "test", "data": "not_a_dict", "data_index": "test"},
+            "Input should be a valid dictionary",
+        ),
+        ({"type": "test", "data": {"key": "value"}}, "Field required"),
+    ],
+    ids=[
+        "empty_request",
+        "missing_data_and_data_index",
+        "invalid_data_type",
+        "missing_data_index",
+    ],
+)
+def test_log_raw_analytics_validation_errors(
+    invalid_data: dict,
+    expected_error: str,
+) -> None:
+    """Test validation errors for invalid analytics requests."""
+    response = client.post("/log_raw_analytics", json=invalid_data)
+
+    assert response.status_code == 422
+    error_detail = response.json()
+    assert "detail" in error_detail, f"Missing 'detail' in error: {error_detail}"
+
+    error_text = json.dumps(error_detail)
+    assert (
+        expected_error in error_text
+    ), f"Expected '{expected_error}' in error response: {error_text}"
+
+
+def test_log_raw_analytics_service_error(
+    mocker: pytest_mock.MockFixture,
+    test_user_id: str,
+) -> None:
+    """Test error handling when analytics service fails."""
+    mocker.patch(
+        "backend.data.analytics.log_raw_analytics",
+        new_callable=AsyncMock,
+        side_effect=Exception("Analytics DB unreachable"),
+    )
+
+    request_data = {
+        "type": "test_event",
+        "data": {"key": "value"},
+        "data_index": "test_index",
+    }
+
+    response = client.post("/log_raw_analytics", json=request_data)
+
+    assert response.status_code == 500
+    error_detail = response.json()["detail"]
+    assert "Analytics DB unreachable" in error_detail["message"]
+    assert "hint" in error_detail
--- a/autogpt_platform/backend/backend/api/features/builder/init.py
+++ b/autogpt_platform/backend/backend/api/features/builder/init.py
--- a/autogpt_platform/backend/backend/api/features/builder/db.py
+++ b/autogpt_platform/backend/backend/api/features/builder/db.py
@@ -6,17 +6,20 @@ from typing import Sequence

 import prisma

+import backend.api.features.library.db as library_db
+import backend.api.features.library.model as library_model
+import backend.api.features.store.db as store_db
+import backend.api.features.store.model as store_model
 import backend.data.block
-import backend.server.v2.library.db as library_db
-import backend.server.v2.library.model as library_model
-import backend.server.v2.store.db as store_db
-import backend.server.v2.store.model as store_model
 from backend.blocks import load_all_blocks
 from backend.blocks.llm import LlmModel
 from backend.data.block import AnyBlockSchema, BlockCategory, BlockInfo, BlockSchema
 from backend.data.db import query_raw_with_schema
 from backend.integrations.providers import ProviderName
-from backend.server.v2.builder.model import (
+from backend.util.cache import cached
+from backend.util.models import Pagination
+
+from .model import (
    BlockCategoryResponse,
    BlockResponse,
    BlockType,
@@ -26,8 +29,6 @@ from backend.server.v2.builder.model import (
    ProviderResponse,
    SearchEntry,
 )
-from backend.util.cache import cached
-from backend.util.models import Pagination

 logger = logging.getLogger(__name__)
 llm_models = [name.name.lower().replace("_", " ") for name in LlmModel]
--- a/autogpt_platform/backend/backend/api/features/builder/model.py
+++ b/autogpt_platform/backend/backend/api/features/builder/model.py
@@ -2,8 +2,8 @@ from typing import Literal

 from pydantic import BaseModel

-import backend.server.v2.library.model as library_model
-import backend.server.v2.store.model as store_model
+import backend.api.features.library.model as library_model
+import backend.api.features.store.model as store_model
 from backend.data.block import BlockInfo
 from backend.integrations.providers import ProviderName
 from backend.util.models import Pagination
--- a/autogpt_platform/backend/backend/api/features/builder/routes.py
+++ b/autogpt_platform/backend/backend/api/features/builder/routes.py
@@ -4,11 +4,12 @@ from typing import Annotated, Sequence
 import fastapi
 from autogpt_libs.auth.dependencies import get_user_id, requires_user

-import backend.server.v2.builder.db as builder_db
-import backend.server.v2.builder.model as builder_model
 from backend.integrations.providers import ProviderName
 from backend.util.models import Pagination

+from . import db as builder_db
+from . import model as builder_model
+
 logger = logging.getLogger(__name__)

 router = fastapi.APIRouter(
--- a/autogpt_platform/backend/backend/api/features/chat/init.py
+++ b/autogpt_platform/backend/backend/api/features/chat/init.py
--- a/autogpt_platform/backend/backend/api/features/chat/config.py
+++ b/autogpt_platform/backend/backend/api/features/chat/config.py
--- a/autogpt_platform/backend/backend/api/features/chat/model.py
+++ b/autogpt_platform/backend/backend/api/features/chat/model.py
@@ -19,9 +19,10 @@ from openai.types.chat.chat_completion_message_tool_call_param import (
 from pydantic import BaseModel

 from backend.data.redis_client import get_redis_async
-from backend.server.v2.chat.config import ChatConfig
 from backend.util.exceptions import RedisError

+from .config import ChatConfig
+
 logger = logging.getLogger(__name__)
 config = ChatConfig()

--- a/autogpt_platform/backend/backend/api/features/chat/model_test.py
+++ b/autogpt_platform/backend/backend/api/features/chat/model_test.py
@@ -1,6 +1,6 @@
 import pytest

-from backend.server.v2.chat.model import (
+from .model import (
    ChatMessage,
    ChatSession,
    Usage,
--- a/autogpt_platform/backend/backend/api/features/chat/prompts/chat_system.md
+++ b/autogpt_platform/backend/backend/api/features/chat/prompts/chat_system.md
--- a/autogpt_platform/backend/backend/api/features/chat/response_model.py
+++ b/autogpt_platform/backend/backend/api/features/chat/response_model.py
--- a/autogpt_platform/backend/backend/api/features/chat/routes.py
+++ b/autogpt_platform/backend/backend/api/features/chat/routes.py
@@ -9,10 +9,11 @@ from fastapi import APIRouter, Depends, Query, Security
 from fastapi.responses import StreamingResponse
 from pydantic import BaseModel

-import backend.server.v2.chat.service as chat_service
-from backend.server.v2.chat.config import ChatConfig
 from backend.util.exceptions import NotFoundError

+from . import service as chat_service
+from .config import ChatConfig
+
 config = ChatConfig()


--- a/autogpt_platform/backend/backend/api/features/chat/service.py
+++ b/autogpt_platform/backend/backend/api/features/chat/service.py
@@ -1,4 +1,3 @@
-import functools
 import logging
 from collections.abc import AsyncGenerator
 from datetime import UTC, datetime
@@ -8,15 +7,17 @@ import orjson
 from openai import AsyncOpenAI
 from openai.types.chat import ChatCompletionChunk, ChatCompletionToolParam

-import backend.server.v2.chat.config
-from backend.server.v2.chat.model import (
+from backend.util.exceptions import NotFoundError
+
+from .config import ChatConfig
+from .model import (
    ChatMessage,
    ChatSession,
    Usage,
    get_chat_session,
    upsert_chat_session,
 )
-from backend.server.v2.chat.response_model import (
+from .response_model import (
    StreamBaseResponse,
    StreamEnd,
    StreamError,
@@ -27,18 +28,12 @@ from backend.server.v2.chat.response_model import (
    StreamToolExecutionResult,
    StreamUsage,
 )
-from backend.server.v2.chat.tools import execute_tool, tools
-from backend.util.exceptions import NotFoundError
+from .tools import execute_tool, tools

 logger = logging.getLogger(__name__)

-config = backend.server.v2.chat.config.ChatConfig()
-
-
-@functools.cache
-def get_openai_client() -> AsyncOpenAI:
-    """Lazily create the OpenAI client singleton."""
-    return AsyncOpenAI(api_key=config.api_key, base_url=config.base_url)
+config = ChatConfig()
+client = AsyncOpenAI(api_key=config.api_key, base_url=config.base_url)


 async def create_chat_session(
@@ -361,7 +356,7 @@ async def _stream_chat_chunks(
            logger.info("Creating OpenAI chat completion stream...")

            # Create the stream with proper types
-            stream = await get_openai_client().chat.completions.create(
+            stream = await client.chat.completions.create(
                model=model,
                messages=session.to_openai_messages(),
                tools=tools,
--- a/autogpt_platform/backend/backend/api/features/chat/service_test.py
+++ b/autogpt_platform/backend/backend/api/features/chat/service_test.py
@@ -3,8 +3,8 @@ from os import getenv

 import pytest

-import backend.server.v2.chat.service as chat_service
-from backend.server.v2.chat.response_model import (
+from . import service as chat_service
+from .response_model import (
    StreamEnd,
    StreamError,
    StreamTextChunk,
--- a/autogpt_platform/backend/backend/api/features/chat/tools/init.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/init.py
@@ -2,14 +2,14 @@ from typing import TYPE_CHECKING, Any

 from openai.types.chat import ChatCompletionToolParam

-from backend.server.v2.chat.model import ChatSession
+from backend.api.features.chat.model import ChatSession

 from .base import BaseTool
 from .find_agent import FindAgentTool
 from .run_agent import RunAgentTool

 if TYPE_CHECKING:
-    from backend.server.v2.chat.response_model import StreamToolExecutionResult
+    from backend.api.features.chat.response_model import StreamToolExecutionResult

 # Initialize tool instances
 find_agent_tool = FindAgentTool()
--- a/autogpt_platform/backend/backend/api/features/chat/tools/_test_data.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/_test_data.py
@@ -5,6 +5,8 @@ from os import getenv
 import pytest
 from pydantic import SecretStr

+from backend.api.features.chat.model import ChatSession
+from backend.api.features.store import db as store_db
 from backend.blocks.firecrawl.scrape import FirecrawlScrapeBlock
 from backend.blocks.io import AgentInputBlock, AgentOutputBlock
 from backend.blocks.llm import AITextGeneratorBlock
@@ -13,8 +15,6 @@ from backend.data.graph import Graph, Link, Node, create_graph
 from backend.data.model import APIKeyCredentials
 from backend.data.user import get_or_create_user
 from backend.integrations.credentials_store import IntegrationCredentialsStore
-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.store import db as store_db


 def make_session(user_id: str | None = None):
--- a/autogpt_platform/backend/backend/api/features/chat/tools/base.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/base.py
@@ -5,8 +5,8 @@ from typing import Any

 from openai.types.chat import ChatCompletionToolParam

-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.chat.response_model import StreamToolExecutionResult
+from backend.api.features.chat.model import ChatSession
+from backend.api.features.chat.response_model import StreamToolExecutionResult

 from .models import ErrorResponse, NeedLoginResponse, ToolResponseBase

--- a/autogpt_platform/backend/backend/api/features/chat/tools/find_agent.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/find_agent.py
@@ -3,17 +3,18 @@
 import logging
 from typing import Any

-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.chat.tools.base import BaseTool
-from backend.server.v2.chat.tools.models import (
+from backend.api.features.chat.model import ChatSession
+from backend.api.features.store import db as store_db
+from backend.util.exceptions import DatabaseError, NotFoundError
+
+from .base import BaseTool
+from .models import (
    AgentCarouselResponse,
    AgentInfo,
    ErrorResponse,
    NoResultsResponse,
    ToolResponseBase,
 )
-from backend.server.v2.store import db as store_db
-from backend.util.exceptions import DatabaseError, NotFoundError

 logger = logging.getLogger(__name__)

--- a/autogpt_platform/backend/backend/api/features/chat/tools/models.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/models.py
--- a/autogpt_platform/backend/backend/api/features/chat/tools/run_agent.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/run_agent.py
@@ -5,14 +5,21 @@ from typing import Any

 from pydantic import BaseModel, Field, field_validator

+from backend.api.features.chat.config import ChatConfig
+from backend.api.features.chat.model import ChatSession
 from backend.data.graph import GraphModel
 from backend.data.model import CredentialsMetaInput
 from backend.data.user import get_user_by_id
 from backend.executor import utils as execution_utils
-from backend.server.v2.chat.config import ChatConfig
-from backend.server.v2.chat.model import ChatSession
-from backend.server.v2.chat.tools.base import BaseTool
-from backend.server.v2.chat.tools.models import (
+from backend.util.clients import get_scheduler_client
+from backend.util.exceptions import DatabaseError, NotFoundError
+from backend.util.timezone_utils import (
+    convert_utc_time_to_user_timezone,
+    get_user_timezone_or_utc,
+)
+
+from .base import BaseTool
+from .models import (
    AgentDetails,
    AgentDetailsResponse,
    ErrorResponse,
@@ -23,19 +30,13 @@ from backend.server.v2.chat.tools.models import (
    ToolResponseBase,
    UserReadiness,
 )
-from backend.server.v2.chat.tools.utils import (
+from .utils import (
    check_user_has_required_credentials,
    extract_credentials_from_schema,
    fetch_graph_from_store_slug,
    get_or_create_library_agent,
    match_user_credentials_to_graph,
 )
-from backend.util.clients import get_scheduler_client
-from backend.util.exceptions import DatabaseError, NotFoundError
-from backend.util.timezone_utils import (
-    convert_utc_time_to_user_timezone,
-    get_user_timezone_or_utc,
-)

 logger = logging.getLogger(__name__)
 config = ChatConfig()
--- a/autogpt_platform/backend/backend/api/features/chat/tools/run_agent_test.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/run_agent_test.py
@@ -3,13 +3,13 @@ import uuid
 import orjson
 import pytest

-from backend.server.v2.chat.tools._test_data import (
+from ._test_data import (
    make_session,
    setup_firecrawl_test_data,
    setup_llm_test_data,
    setup_test_data,
 )
-from backend.server.v2.chat.tools.run_agent import RunAgentTool
+from .run_agent import RunAgentTool

 # This is so the formatter doesn't remove the fixture imports
 setup_llm_test_data = setup_llm_test_data
--- a/autogpt_platform/backend/backend/api/features/chat/tools/utils.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/utils.py
@@ -3,13 +3,13 @@
 import logging
 from typing import Any

+from backend.api.features.library import db as library_db
+from backend.api.features.library import model as library_model
+from backend.api.features.store import db as store_db
 from backend.data import graph as graph_db
 from backend.data.graph import GraphModel
 from backend.data.model import CredentialsMetaInput
 from backend.integrations.creds_manager import IntegrationCredentialsManager
-from backend.server.v2.library import db as library_db
-from backend.server.v2.library import model as library_model
-from backend.server.v2.store import db as store_db
 from backend.util.exceptions import NotFoundError

 logger = logging.getLogger(__name__)
--- a/autogpt_platform/backend/backend/api/features/executions/init.py
+++ b/autogpt_platform/backend/backend/api/features/executions/init.py
--- a/autogpt_platform/backend/backend/api/features/executions/review/init.py
+++ b/autogpt_platform/backend/backend/api/features/executions/review/init.py
--- a/autogpt_platform/backend/backend/api/features/executions/review/model.py
+++ b/autogpt_platform/backend/backend/api/features/executions/review/model.py
--- a/autogpt_platform/backend/backend/api/features/executions/review/review_routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/executions/review/review_routes_test.py
@@ -7,9 +7,10 @@ import pytest_mock
 from prisma.enums import ReviewStatus
 from pytest_snapshot.plugin import Snapshot

-from backend.server.rest_api import handle_internal_http_error
-from backend.server.v2.executions.review.model import PendingHumanReviewModel
-from backend.server.v2.executions.review.routes import router
+from backend.api.rest_api import handle_internal_http_error
+
+from .model import PendingHumanReviewModel
+from .routes import router

 # Using a fixed timestamp for reproducible tests
 FIXED_NOW = datetime.datetime(2023, 1, 1, 0, 0, 0, tzinfo=datetime.timezone.utc)
@@ -54,13 +55,13 @@ def sample_pending_review(test_user_id: str) -> PendingHumanReviewModel:


 def test_get_pending_reviews_empty(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    snapshot: Snapshot,
    test_user_id: str,
 ) -> None:
    """Test getting pending reviews when none exist"""
    mock_get_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_user"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_user"
    )
    mock_get_reviews.return_value = []

@@ -72,14 +73,14 @@ def test_get_pending_reviews_empty(


 def test_get_pending_reviews_with_data(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    sample_pending_review: PendingHumanReviewModel,
    snapshot: Snapshot,
    test_user_id: str,
 ) -> None:
    """Test getting pending reviews with data"""
    mock_get_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_user"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_user"
    )
    mock_get_reviews.return_value = [sample_pending_review]

@@ -94,14 +95,14 @@ def test_get_pending_reviews_with_data(


 def test_get_pending_reviews_for_execution_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    sample_pending_review: PendingHumanReviewModel,
    snapshot: Snapshot,
    test_user_id: str,
 ) -> None:
    """Test getting pending reviews for specific execution"""
    mock_get_graph_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_graph_execution_meta"
+        "backend.api.features.executions.review.routes.get_graph_execution_meta"
    )
    mock_get_graph_execution.return_value = {
        "id": "test_graph_exec_456",
@@ -109,7 +110,7 @@ def test_get_pending_reviews_for_execution_success(
    }

    mock_get_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
    )
    mock_get_reviews.return_value = [sample_pending_review]

@@ -121,24 +122,23 @@ def test_get_pending_reviews_for_execution_success(
    assert data[0]["graph_exec_id"] == "test_graph_exec_456"


-def test_get_pending_reviews_for_execution_access_denied(
-    mocker: pytest_mock.MockFixture,
-    test_user_id: str,
+def test_get_pending_reviews_for_execution_not_available(
+    mocker: pytest_mock.MockerFixture,
 ) -> None:
    """Test access denied when user doesn't own the execution"""
    mock_get_graph_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_graph_execution_meta"
+        "backend.api.features.executions.review.routes.get_graph_execution_meta"
    )
    mock_get_graph_execution.return_value = None

    response = client.get("/api/review/execution/test_graph_exec_456")

-    assert response.status_code == 403
-    assert "Access denied" in response.json()["detail"]
+    assert response.status_code == 404
+    assert "not found" in response.json()["detail"]


 def test_process_review_action_approve_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    sample_pending_review: PendingHumanReviewModel,
    test_user_id: str,
 ) -> None:
@@ -146,12 +146,12 @@ def test_process_review_action_approve_success(
    # Mock the route functions

    mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
    )
    mock_get_reviews_for_execution.return_value = [sample_pending_review]

    mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
    )
    # Create approved review for return
    approved_review = PendingHumanReviewModel(
@@ -174,11 +174,11 @@ def test_process_review_action_approve_success(
    mock_process_all_reviews.return_value = {"test_node_123": approved_review}

    mock_has_pending = mocker.patch(
-        "backend.server.v2.executions.review.routes.has_pending_reviews_for_graph_exec"
+        "backend.api.features.executions.review.routes.has_pending_reviews_for_graph_exec"
    )
    mock_has_pending.return_value = False

-    mocker.patch("backend.server.v2.executions.review.routes.add_graph_execution")
+    mocker.patch("backend.api.features.executions.review.routes.add_graph_execution")

    request_data = {
        "reviews": [
@@ -202,7 +202,7 @@ def test_process_review_action_approve_success(


 def test_process_review_action_reject_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    sample_pending_review: PendingHumanReviewModel,
    test_user_id: str,
 ) -> None:
@@ -210,12 +210,12 @@ def test_process_review_action_reject_success(
    # Mock the route functions

    mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
    )
    mock_get_reviews_for_execution.return_value = [sample_pending_review]

    mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
    )
    rejected_review = PendingHumanReviewModel(
        node_exec_id="test_node_123",
@@ -237,7 +237,7 @@ def test_process_review_action_reject_success(
    mock_process_all_reviews.return_value = {"test_node_123": rejected_review}

    mock_has_pending = mocker.patch(
-        "backend.server.v2.executions.review.routes.has_pending_reviews_for_graph_exec"
+        "backend.api.features.executions.review.routes.has_pending_reviews_for_graph_exec"
    )
    mock_has_pending.return_value = False

@@ -262,7 +262,7 @@ def test_process_review_action_reject_success(


 def test_process_review_action_mixed_success(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    sample_pending_review: PendingHumanReviewModel,
    test_user_id: str,
 ) -> None:
@@ -289,12 +289,12 @@ def test_process_review_action_mixed_success(
    # Mock the route functions

    mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
    )
    mock_get_reviews_for_execution.return_value = [sample_pending_review, second_review]

    mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
    )
    # Create approved version of first review
    approved_review = PendingHumanReviewModel(
@@ -338,7 +338,7 @@ def test_process_review_action_mixed_success(
    }

    mock_has_pending = mocker.patch(
-        "backend.server.v2.executions.review.routes.has_pending_reviews_for_graph_exec"
+        "backend.api.features.executions.review.routes.has_pending_reviews_for_graph_exec"
    )
    mock_has_pending.return_value = False

@@ -369,7 +369,7 @@ def test_process_review_action_mixed_success(


 def test_process_review_action_empty_request(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    test_user_id: str,
 ) -> None:
    """Test error when no reviews provided"""
@@ -386,19 +386,19 @@ def test_process_review_action_empty_request(


 def test_process_review_action_review_not_found(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    test_user_id: str,
 ) -> None:
    """Test error when review is not found"""
    # Mock the functions that extract graph execution ID from the request
    mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
    )
    mock_get_reviews_for_execution.return_value = []  # No reviews found

    # Mock process_all_reviews to simulate not finding reviews
    mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
    )
    # This should raise a ValueError with "Reviews not found" message based on the data/human_review.py logic
    mock_process_all_reviews.side_effect = ValueError(
@@ -422,20 +422,20 @@ def test_process_review_action_review_not_found(


 def test_process_review_action_partial_failure(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    sample_pending_review: PendingHumanReviewModel,
    test_user_id: str,
 ) -> None:
    """Test handling of partial failures in review processing"""
    # Mock the route functions
    mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
    )
    mock_get_reviews_for_execution.return_value = [sample_pending_review]

    # Mock partial failure in processing
    mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
    )
    mock_process_all_reviews.side_effect = ValueError("Some reviews failed validation")

@@ -456,20 +456,20 @@ def test_process_review_action_partial_failure(


 def test_process_review_action_invalid_node_exec_id(
-    mocker: pytest_mock.MockFixture,
+    mocker: pytest_mock.MockerFixture,
    sample_pending_review: PendingHumanReviewModel,
    test_user_id: str,
 ) -> None:
    """Test failure when trying to process review with invalid node execution ID"""
    # Mock the route functions
    mock_get_reviews_for_execution = mocker.patch(
-        "backend.server.v2.executions.review.routes.get_pending_reviews_for_execution"
+        "backend.api.features.executions.review.routes.get_pending_reviews_for_execution"
    )
    mock_get_reviews_for_execution.return_value = [sample_pending_review]

    # Mock validation failure - this should return 400, not 500
    mock_process_all_reviews = mocker.patch(
-        "backend.server.v2.executions.review.routes.process_all_reviews_for_execution"
+        "backend.api.features.executions.review.routes.process_all_reviews_for_execution"
    )
    mock_process_all_reviews.side_effect = ValueError(
        "Invalid node execution ID format"
--- a/autogpt_platform/backend/backend/api/features/executions/review/routes.py
+++ b/autogpt_platform/backend/backend/api/features/executions/review/routes.py
@@ -13,11 +13,8 @@ from backend.data.human_review import (
    process_all_reviews_for_execution,
 )
 from backend.executor.utils import add_graph_execution
-from backend.server.v2.executions.review.model import (
-    PendingHumanReviewModel,
-    ReviewRequest,
-    ReviewResponse,
-)
+
+from .model import PendingHumanReviewModel, ReviewRequest, ReviewResponse

 logger = logging.getLogger(__name__)

@@ -70,8 +67,7 @@ async def list_pending_reviews(
    response_model=List[PendingHumanReviewModel],
    responses={
        200: {"description": "List of pending reviews for the execution"},
-        400: {"description": "Invalid graph execution ID"},
-        403: {"description": "Access denied to graph execution"},
+        404: {"description": "Graph execution not found"},
        500: {"description": "Server error", "content": {"application/json": {}}},
    },
 )
@@ -94,7 +90,7 @@ async def list_pending_reviews_for_execution(

    Raises:
        HTTPException:
-            - 403: If user doesn't own the graph execution
+            - 404: If the graph execution doesn't exist or isn't owned by this user
            - 500: If authentication fails or database error occurs

    Note:
@@ -108,8 +104,8 @@ async def list_pending_reviews_for_execution(
    )
    if not graph_exec:
        raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Access denied to graph execution",
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Graph execution #{graph_exec_id} not found",
        )

    return await get_pending_reviews_for_execution(graph_exec_id, user_id)
--- a/autogpt_platform/backend/backend/api/features/integrations/init.py
+++ b/autogpt_platform/backend/backend/api/features/integrations/init.py
--- a/autogpt_platform/backend/backend/api/features/integrations/models.py
+++ b/autogpt_platform/backend/backend/api/features/integrations/models.py
--- a/autogpt_platform/backend/backend/api/features/integrations/router.py
+++ b/autogpt_platform/backend/backend/api/features/integrations/router.py
@@ -17,6 +17,8 @@ from fastapi import (
 from pydantic import BaseModel, Field, SecretStr
 from starlette.status import HTTP_500_INTERNAL_SERVER_ERROR, HTTP_502_BAD_GATEWAY

+from backend.api.features.library.db import set_preset_webhook, update_preset
+from backend.api.features.library.model import LibraryAgentPreset
 from backend.data.graph import NodeModel, get_graph, set_node_webhook
 from backend.data.integrations import (
    WebhookEvent,
@@ -45,13 +47,6 @@ from backend.integrations.creds_manager import IntegrationCredentialsManager
 from backend.integrations.oauth import CREDENTIALS_BY_PROVIDER, HANDLERS_BY_NAME
 from backend.integrations.providers import ProviderName
 from backend.integrations.webhooks import get_webhook_manager
-from backend.server.integrations.models import (
-    ProviderConstants,
-    ProviderNamesResponse,
-    get_all_provider_names,
-)
-from backend.server.v2.library.db import set_preset_webhook, update_preset
-from backend.server.v2.library.model import LibraryAgentPreset
 from backend.util.exceptions import (
    GraphNotInLibraryError,
    MissingConfigError,
@@ -60,6 +55,8 @@ from backend.util.exceptions import (
 )
 from backend.util.settings import Settings

+from .models import ProviderConstants, ProviderNamesResponse, get_all_provider_names
+
 if TYPE_CHECKING:
    from backend.integrations.oauth import BaseOAuthHandler

--- a/autogpt_platform/backend/backend/api/features/library/init.py
+++ b/autogpt_platform/backend/backend/api/features/library/init.py
--- a/autogpt_platform/backend/backend/api/features/library/db.py
+++ b/autogpt_platform/backend/backend/api/features/library/db.py
@@ -4,16 +4,14 @@ from typing import Literal, Optional

 import fastapi
 import prisma.errors
-import prisma.fields
 import prisma.models
 import prisma.types

+import backend.api.features.store.exceptions as store_exceptions
+import backend.api.features.store.image_gen as store_image_gen
+import backend.api.features.store.media as store_media
 import backend.data.graph as graph_db
 import backend.data.integrations as integrations_db
-import backend.server.v2.library.model as library_model
-import backend.server.v2.store.exceptions as store_exceptions
-import backend.server.v2.store.image_gen as store_image_gen
-import backend.server.v2.store.media as store_media
 from backend.data.block import BlockInput
 from backend.data.db import transaction
 from backend.data.execution import get_graph_execution
@@ -28,6 +26,8 @@ from backend.util.json import SafeJson
 from backend.util.models import Pagination
 from backend.util.settings import Config

+from . import model as library_model
+
 logger = logging.getLogger(__name__)
 config = Config()
 integration_creds_manager = IntegrationCredentialsManager()
@@ -489,7 +489,7 @@ async def update_agent_version_in_library(
    agent_graph_version: int,
 ) -> library_model.LibraryAgent:
    """
-    Updates the agent version in the library if useGraphIsActiveVersion is True.
+    Updates the agent version in the library for any agent owned by the user.

    Args:
        user_id: Owner of the LibraryAgent.
@@ -498,20 +498,31 @@ async def update_agent_version_in_library(

    Raises:
        DatabaseError: If there's an error with the update.
+        NotFoundError: If no library agent is found for this user and agent.
    """
    logger.debug(
        f"Updating agent version in library for user #{user_id}, "
        f"agent #{agent_graph_id} v{agent_graph_version}"
    )
-    try:
-        library_agent = await prisma.models.LibraryAgent.prisma().find_first_or_raise(
+    async with transaction() as tx:
+        library_agent = await prisma.models.LibraryAgent.prisma(tx).find_first_or_raise(
            where={
                "userId": user_id,
                "agentGraphId": agent_graph_id,
-                "useGraphIsActiveVersion": True,
            },
        )
-        lib = await prisma.models.LibraryAgent.prisma().update(
+
+        # Delete any conflicting LibraryAgent for the target version
+        await prisma.models.LibraryAgent.prisma(tx).delete_many(
+            where={
+                "userId": user_id,
+                "agentGraphId": agent_graph_id,
+                "agentGraphVersion": agent_graph_version,
+                "id": {"not": library_agent.id},
+            }
+        )
+
+        lib = await prisma.models.LibraryAgent.prisma(tx).update(
            where={"id": library_agent.id},
            data={
                "AgentGraph": {
@@ -525,19 +536,20 @@ async def update_agent_version_in_library(
            },
            include={"AgentGraph": True},
        )
-        if lib is None:
-            raise NotFoundError(f"Library agent {library_agent.id} not found")

-        return library_model.LibraryAgent.from_db(lib)
-    except prisma.errors.PrismaError as e:
-        logger.error(f"Database error updating agent version in library: {e}")
-        raise DatabaseError("Failed to update agent version in library") from e
+    if lib is None:
+        raise NotFoundError(
+            f"Failed to update library agent for {agent_graph_id} v{agent_graph_version}"
+        )
+
+    return library_model.LibraryAgent.from_db(lib)


 async def update_library_agent(
    library_agent_id: str,
    user_id: str,
    auto_update_version: Optional[bool] = None,
+    graph_version: Optional[int] = None,
    is_favorite: Optional[bool] = None,
    is_archived: Optional[bool] = None,
    is_deleted: Optional[Literal[False]] = None,
@@ -550,6 +562,7 @@ async def update_library_agent(
        library_agent_id: The ID of the LibraryAgent to update.
        user_id: The owner of this LibraryAgent.
        auto_update_version: Whether the agent should auto-update to active version.
+        graph_version: Specific graph version to update to.
        is_favorite: Whether this agent is marked as a favorite.
        is_archived: Whether this agent is archived.
        settings: User-specific settings for this library agent.
@@ -563,8 +576,8 @@ async def update_library_agent(
    """
    logger.debug(
        f"Updating library agent {library_agent_id} for user {user_id} with "
-        f"auto_update_version={auto_update_version}, is_favorite={is_favorite}, "
-        f"is_archived={is_archived}, settings={settings}"
+        f"auto_update_version={auto_update_version}, graph_version={graph_version}, "
+        f"is_favorite={is_favorite}, is_archived={is_archived}, settings={settings}"
    )
    update_fields: prisma.types.LibraryAgentUpdateManyMutationInput = {}
    if auto_update_version is not None:
@@ -581,10 +594,23 @@ async def update_library_agent(
        update_fields["isDeleted"] = is_deleted
    if settings is not None:
        update_fields["settings"] = SafeJson(settings.model_dump())
-    if not update_fields:
-        raise ValueError("No values were passed to update")

    try:
+        # If graph_version is provided, update to that specific version
+        if graph_version is not None:
+            # Get the current agent to find its graph_id
+            agent = await get_library_agent(id=library_agent_id, user_id=user_id)
+            # Update to the specified version using existing function
+            return await update_agent_version_in_library(
+                user_id=user_id,
+                agent_graph_id=agent.graph_id,
+                agent_graph_version=graph_version,
+            )
+
+        # Otherwise, just update the simple fields
+        if not update_fields:
+            raise ValueError("No values were passed to update")
+
        n_updated = await prisma.models.LibraryAgent.prisma().update_many(
            where={"id": library_agent_id, "userId": user_id},
            data=update_fields,
@@ -810,6 +836,7 @@ async def add_store_agent_to_library(
                    }
                },
                "isCreatedByUser": False,
+                "useGraphIsActiveVersion": False,
                "settings": SafeJson(
                    _initialize_graph_settings(graph_model).model_dump()
                ),
--- a/autogpt_platform/backend/backend/api/features/library/db_test.py
+++ b/autogpt_platform/backend/backend/api/features/library/db_test.py
@@ -1,16 +1,15 @@
 from datetime import datetime

 import prisma.enums
-import prisma.errors
 import prisma.models
-import prisma.types
 import pytest

-import backend.server.v2.library.db as db
-import backend.server.v2.store.exceptions
+import backend.api.features.store.exceptions
 from backend.data.db import connect
 from backend.data.includes import library_agent_include

+from . import db
+

@pytest.mark.asyncio
 async def test_get_library_agents(mocker):
@@ -88,7 +87,7 @@ async def test_add_agent_to_library(mocker):
    await connect()

    # Mock the transaction context
-    mock_transaction = mocker.patch("backend.server.v2.library.db.transaction")
+    mock_transaction = mocker.patch("backend.api.features.library.db.transaction")
    mock_transaction.return_value.__aenter__ = mocker.AsyncMock(return_value=None)
    mock_transaction.return_value.__aexit__ = mocker.AsyncMock(return_value=None)
    # Mock data
@@ -151,7 +150,7 @@ async def test_add_agent_to_library(mocker):
    )

    # Mock graph_db.get_graph function that's called to check for HITL blocks
-    mock_graph_db = mocker.patch("backend.server.v2.library.db.graph_db")
+    mock_graph_db = mocker.patch("backend.api.features.library.db.graph_db")
    mock_graph_model = mocker.Mock()
    mock_graph_model.nodes = (
        []
@@ -159,7 +158,9 @@ async def test_add_agent_to_library(mocker):
    mock_graph_db.get_graph = mocker.AsyncMock(return_value=mock_graph_model)

    # Mock the model conversion
-    mock_from_db = mocker.patch("backend.server.v2.library.model.LibraryAgent.from_db")
+    mock_from_db = mocker.patch(
+        "backend.api.features.library.model.LibraryAgent.from_db"
+    )
    mock_from_db.return_value = mocker.Mock()

    # Call function
@@ -217,7 +218,7 @@ async def test_add_agent_to_library_not_found(mocker):
    )

    # Call function and verify exception
-    with pytest.raises(backend.server.v2.store.exceptions.AgentNotFoundError):
+    with pytest.raises(backend.api.features.store.exceptions.AgentNotFoundError):
        await db.add_store_agent_to_library("version123", "test-user")

    # Verify mock called correctly
--- a/autogpt_platform/backend/backend/api/features/library/model.py
+++ b/autogpt_platform/backend/backend/api/features/library/model.py
@@ -48,6 +48,7 @@ class LibraryAgent(pydantic.BaseModel):
    id: str
    graph_id: str
    graph_version: int
+    owner_user_id: str  # ID of user who owns/created this agent graph

    image_url: str | None

@@ -163,6 +164,7 @@ class LibraryAgent(pydantic.BaseModel):
            id=agent.id,
            graph_id=agent.agentGraphId,
            graph_version=agent.agentGraphVersion,
+            owner_user_id=agent.userId,
            image_url=agent.imageUrl,
            creator_name=creator_name,
            creator_image_url=creator_image_url,
@@ -385,6 +387,9 @@ class LibraryAgentUpdateRequest(pydantic.BaseModel):
    auto_update_version: Optional[bool] = pydantic.Field(
        default=None, description="Auto-update the agent version"
    )
+    graph_version: Optional[int] = pydantic.Field(
+        default=None, description="Specific graph version to update to"
+    )
    is_favorite: Optional[bool] = pydantic.Field(
        default=None, description="Mark the agent as a favorite"
    )
--- a/autogpt_platform/backend/backend/api/features/library/model_test.py
+++ b/autogpt_platform/backend/backend/api/features/library/model_test.py
@@ -3,7 +3,7 @@ import datetime
 import prisma.models
 import pytest

-import backend.server.v2.library.model as library_model
+from . import model as library_model


@pytest.mark.asyncio
--- a/autogpt_platform/backend/backend/api/features/library/routes/init.py
+++ b/autogpt_platform/backend/backend/api/features/library/routes/init.py
--- a/autogpt_platform/backend/backend/api/features/library/routes/agents.py
+++ b/autogpt_platform/backend/backend/api/features/library/routes/agents.py
@@ -6,12 +6,13 @@ from fastapi import APIRouter, Body, HTTPException, Query, Security, status
 from fastapi.responses import Response
 from prisma.enums import OnboardingStep

-import backend.server.v2.library.db as library_db
-import backend.server.v2.library.model as library_model
-import backend.server.v2.store.exceptions as store_exceptions
+import backend.api.features.store.exceptions as store_exceptions
 from backend.data.onboarding import complete_onboarding_step
 from backend.util.exceptions import DatabaseError, NotFoundError

+from .. import db as library_db
+from .. import model as library_model
+
 logger = logging.getLogger(__name__)

 router = APIRouter(
@@ -284,6 +285,7 @@ async def update_library_agent(
            library_agent_id=library_agent_id,
            user_id=user_id,
            auto_update_version=payload.auto_update_version,
+            graph_version=payload.graph_version,
            is_favorite=payload.is_favorite,
            is_archived=payload.is_archived,
            settings=payload.settings,
--- a/autogpt_platform/backend/backend/api/features/library/routes/presets.py
+++ b/autogpt_platform/backend/backend/api/features/library/routes/presets.py
@@ -4,8 +4,6 @@ from typing import Any, Optional
 import autogpt_libs.auth as autogpt_auth_lib
 from fastapi import APIRouter, Body, HTTPException, Query, Security, status

-import backend.server.v2.library.db as db
-import backend.server.v2.library.model as models
 from backend.data.execution import GraphExecutionMeta
 from backend.data.graph import get_graph
 from backend.data.integrations import get_webhook
@@ -17,6 +15,9 @@ from backend.integrations.webhooks import get_webhook_manager
 from backend.integrations.webhooks.utils import setup_webhook_for_block
 from backend.util.exceptions import NotFoundError

+from .. import db
+from .. import model as models
+
 logger = logging.getLogger(__name__)

 credentials_manager = IntegrationCredentialsManager()
--- a/autogpt_platform/backend/backend/api/features/library/routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/library/routes_test.py
@@ -7,10 +7,11 @@ import pytest
 import pytest_mock
 from pytest_snapshot.plugin import Snapshot

-import backend.server.v2.library.model as library_model
-from backend.server.v2.library.routes import router as library_router
 from backend.util.models import Pagination

+from . import model as library_model
+from .routes import router as library_router
+
 app = fastapi.FastAPI()
 app.include_router(library_router)

@@ -41,6 +42,7 @@ async def test_get_library_agents_success(
                id="test-agent-1",
                graph_id="test-agent-1",
                graph_version=1,
+                owner_user_id=test_user_id,
                name="Test Agent 1",
                description="Test Description 1",
                image_url=None,
@@ -63,6 +65,7 @@ async def test_get_library_agents_success(
                id="test-agent-2",
                graph_id="test-agent-2",
                graph_version=1,
+                owner_user_id=test_user_id,
                name="Test Agent 2",
                description="Test Description 2",
                image_url=None,
@@ -86,7 +89,7 @@ async def test_get_library_agents_success(
            total_items=2, total_pages=1, current_page=1, page_size=50
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.library.db.list_library_agents")
+    mock_db_call = mocker.patch("backend.api.features.library.db.list_library_agents")
    mock_db_call.return_value = mocked_value

    response = client.get("/agents?search_term=test")
@@ -112,7 +115,7 @@ async def test_get_library_agents_success(


 def test_get_library_agents_error(mocker: pytest_mock.MockFixture, test_user_id: str):
-    mock_db_call = mocker.patch("backend.server.v2.library.db.list_library_agents")
+    mock_db_call = mocker.patch("backend.api.features.library.db.list_library_agents")
    mock_db_call.side_effect = Exception("Test error")

    response = client.get("/agents?search_term=test")
@@ -137,6 +140,7 @@ async def test_get_favorite_library_agents_success(
                id="test-agent-1",
                graph_id="test-agent-1",
                graph_version=1,
+                owner_user_id=test_user_id,
                name="Favorite Agent 1",
                description="Test Favorite Description 1",
                image_url=None,
@@ -161,7 +165,7 @@ async def test_get_favorite_library_agents_success(
        ),
    )
    mock_db_call = mocker.patch(
-        "backend.server.v2.library.db.list_favorite_library_agents"
+        "backend.api.features.library.db.list_favorite_library_agents"
    )
    mock_db_call.return_value = mocked_value

@@ -184,7 +188,7 @@ def test_get_favorite_library_agents_error(
    mocker: pytest_mock.MockFixture, test_user_id: str
 ):
    mock_db_call = mocker.patch(
-        "backend.server.v2.library.db.list_favorite_library_agents"
+        "backend.api.features.library.db.list_favorite_library_agents"
    )
    mock_db_call.side_effect = Exception("Test error")

@@ -204,6 +208,7 @@ def test_add_agent_to_library_success(
        id="test-library-agent-id",
        graph_id="test-agent-1",
        graph_version=1,
+        owner_user_id=test_user_id,
        name="Test Agent 1",
        description="Test Description 1",
        image_url=None,
@@ -223,11 +228,11 @@ def test_add_agent_to_library_success(
    )

    mock_db_call = mocker.patch(
-        "backend.server.v2.library.db.add_store_agent_to_library"
+        "backend.api.features.library.db.add_store_agent_to_library"
    )
    mock_db_call.return_value = mock_library_agent
    mock_complete_onboarding = mocker.patch(
-        "backend.server.v2.library.routes.agents.complete_onboarding_step",
+        "backend.api.features.library.routes.agents.complete_onboarding_step",
        new_callable=AsyncMock,
    )

@@ -249,7 +254,7 @@ def test_add_agent_to_library_success(

 def test_add_agent_to_library_error(mocker: pytest_mock.MockFixture, test_user_id: str):
    mock_db_call = mocker.patch(
-        "backend.server.v2.library.db.add_store_agent_to_library"
+        "backend.api.features.library.db.add_store_agent_to_library"
    )
    mock_db_call.side_effect = Exception("Test error")

--- a/autogpt_platform/backend/backend/api/features/oauth.py
+++ b/autogpt_platform/backend/backend/api/features/oauth.py
@@ -0,0 +1,833 @@
+"""
+OAuth 2.0 Provider Endpoints
+
+Implements OAuth 2.0 Authorization Code flow with PKCE support.
+
+Flow:
+1. User clicks "Login with AutoGPT" in 3rd party app
+2. App redirects user to /auth/authorize with client_id, redirect_uri, scope, state
+3. User sees consent screen (if not already logged in, redirects to login first)
+4. User approves → backend creates authorization code
+5. User redirected back to app with code
+6. App exchanges code for access/refresh tokens at /api/oauth/token
+7. App uses access token to call external API endpoints
+"""
+
+import io
+import logging
+import os
+import uuid
+from datetime import datetime
+from typing import Literal, Optional
+from urllib.parse import urlencode
+
+from autogpt_libs.auth import get_user_id
+from fastapi import APIRouter, Body, HTTPException, Security, UploadFile, status
+from gcloud.aio import storage as async_storage
+from PIL import Image
+from prisma.enums import APIKeyPermission
+from pydantic import BaseModel, Field
+
+from backend.data.auth.oauth import (
+    InvalidClientError,
+    InvalidGrantError,
+    OAuthApplicationInfo,
+    TokenIntrospectionResult,
+    consume_authorization_code,
+    create_access_token,
+    create_authorization_code,
+    create_refresh_token,
+    get_oauth_application,
+    get_oauth_application_by_id,
+    introspect_token,
+    list_user_oauth_applications,
+    refresh_tokens,
+    revoke_access_token,
+    revoke_refresh_token,
+    update_oauth_application,
+    validate_client_credentials,
+    validate_redirect_uri,
+    validate_scopes,
+)
+from backend.util.settings import Settings
+from backend.util.virus_scanner import scan_content_safe
+
+settings = Settings()
+logger = logging.getLogger(__name__)
+
+router = APIRouter()
+
+
+# ============================================================================
+# Request/Response Models
+# ============================================================================
+
+
+class TokenResponse(BaseModel):
+    """OAuth 2.0 token response"""
+
+    token_type: Literal["Bearer"] = "Bearer"
+    access_token: str
+    access_token_expires_at: datetime
+    refresh_token: str
+    refresh_token_expires_at: datetime
+    scopes: list[str]
+
+
+class ErrorResponse(BaseModel):
+    """OAuth 2.0 error response"""
+
+    error: str
+    error_description: Optional[str] = None
+
+
+class OAuthApplicationPublicInfo(BaseModel):
+    """Public information about an OAuth application (for consent screen)"""
+
+    name: str
+    description: Optional[str] = None
+    logo_url: Optional[str] = None
+    scopes: list[str]
+
+
+# ============================================================================
+# Application Info Endpoint
+# ============================================================================
+
+
+@router.get(
+    "/app/{client_id}",
+    responses={
+        404: {"description": "Application not found or disabled"},
+    },
+)
+async def get_oauth_app_info(
+    client_id: str, user_id: str = Security(get_user_id)
+) -> OAuthApplicationPublicInfo:
+    """
+    Get public information about an OAuth application.
+
+    This endpoint is used by the consent screen to display application details
+    to the user before they authorize access.
+
+    Returns:
+    - name: Application name
+    - description: Application description (if provided)
+    - scopes: List of scopes the application is allowed to request
+    """
+    app = await get_oauth_application(client_id)
+    if not app or not app.is_active:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Application not found",
+        )
+
+    return OAuthApplicationPublicInfo(
+        name=app.name,
+        description=app.description,
+        logo_url=app.logo_url,
+        scopes=[s.value for s in app.scopes],
+    )
+
+
+# ============================================================================
+# Authorization Endpoint
+# ============================================================================
+
+
+class AuthorizeRequest(BaseModel):
+    """OAuth 2.0 authorization request"""
+
+    client_id: str = Field(description="Client identifier")
+    redirect_uri: str = Field(description="Redirect URI")
+    scopes: list[str] = Field(description="List of scopes")
+    state: str = Field(description="Anti-CSRF token from client")
+    response_type: str = Field(
+        default="code", description="Must be 'code' for authorization code flow"
+    )
+    code_challenge: str = Field(description="PKCE code challenge (required)")
+    code_challenge_method: Literal["S256", "plain"] = Field(
+        default="S256", description="PKCE code challenge method (S256 recommended)"
+    )
+
+
+class AuthorizeResponse(BaseModel):
+    """OAuth 2.0 authorization response with redirect URL"""
+
+    redirect_url: str = Field(description="URL to redirect the user to")
+
+
+@router.post("/authorize")
+async def authorize(
+    request: AuthorizeRequest = Body(),
+    user_id: str = Security(get_user_id),
+) -> AuthorizeResponse:
+    """
+    OAuth 2.0 Authorization Endpoint
+
+    User must be logged in (authenticated with Supabase JWT).
+    This endpoint creates an authorization code and returns a redirect URL.
+
+    PKCE (Proof Key for Code Exchange) is REQUIRED for all authorization requests.
+
+    The frontend consent screen should call this endpoint after the user approves,
+    then redirect the user to the returned `redirect_url`.
+
+    Request Body:
+    - client_id: The OAuth application's client ID
+    - redirect_uri: Where to redirect after authorization (must match registered URI)
+    - scopes: List of permissions (e.g., "EXECUTE_GRAPH READ_GRAPH")
+    - state: Anti-CSRF token provided by client (will be returned in redirect)
+    - response_type: Must be "code" (for authorization code flow)
+    - code_challenge: PKCE code challenge (required)
+    - code_challenge_method: "S256" (recommended) or "plain"
+
+    Returns:
+    - redirect_url: The URL to redirect the user to (includes authorization code)
+
+    Error cases return a redirect_url with error parameters, or raise HTTPException
+    for critical errors (like invalid redirect_uri).
+    """
+    try:
+        # Validate response_type
+        if request.response_type != "code":
+            return _error_redirect_url(
+                request.redirect_uri,
+                request.state,
+                "unsupported_response_type",
+                "Only 'code' response type is supported",
+            )
+
+        # Get application
+        app = await get_oauth_application(request.client_id)
+        if not app:
+            return _error_redirect_url(
+                request.redirect_uri,
+                request.state,
+                "invalid_client",
+                "Unknown client_id",
+            )
+
+        if not app.is_active:
+            return _error_redirect_url(
+                request.redirect_uri,
+                request.state,
+                "invalid_client",
+                "Application is not active",
+            )
+
+        # Validate redirect URI
+        if not validate_redirect_uri(app, request.redirect_uri):
+            # For invalid redirect_uri, we can't redirect safely
+            # Must return error instead
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=(
+                    "Invalid redirect_uri. "
+                    f"Must be one of: {', '.join(app.redirect_uris)}"
+                ),
+            )
+
+        # Parse and validate scopes
+        try:
+            requested_scopes = [APIKeyPermission(s.strip()) for s in request.scopes]
+        except ValueError as e:
+            return _error_redirect_url(
+                request.redirect_uri,
+                request.state,
+                "invalid_scope",
+                f"Invalid scope: {e}",
+            )
+
+        if not requested_scopes:
+            return _error_redirect_url(
+                request.redirect_uri,
+                request.state,
+                "invalid_scope",
+                "At least one scope is required",
+            )
+
+        if not validate_scopes(app, requested_scopes):
+            return _error_redirect_url(
+                request.redirect_uri,
+                request.state,
+                "invalid_scope",
+                "Application is not authorized for all requested scopes. "
+                f"Allowed: {', '.join(s.value for s in app.scopes)}",
+            )
+
+        # Create authorization code
+        auth_code = await create_authorization_code(
+            application_id=app.id,
+            user_id=user_id,
+            scopes=requested_scopes,
+            redirect_uri=request.redirect_uri,
+            code_challenge=request.code_challenge,
+            code_challenge_method=request.code_challenge_method,
+        )
+
+        # Build redirect URL with authorization code
+        params = {
+            "code": auth_code.code,
+            "state": request.state,
+        }
+        redirect_url = f"{request.redirect_uri}?{urlencode(params)}"
+
+        logger.info(
+            f"Authorization code issued for user #{user_id} "
+            f"and app {app.name} (#{app.id})"
+        )
+
+        return AuthorizeResponse(redirect_url=redirect_url)
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error in authorization endpoint: {e}", exc_info=True)
+        return _error_redirect_url(
+            request.redirect_uri,
+            request.state,
+            "server_error",
+            "An unexpected error occurred",
+        )
+
+
+def _error_redirect_url(
+    redirect_uri: str,
+    state: str,
+    error: str,
+    error_description: Optional[str] = None,
+) -> AuthorizeResponse:
+    """Helper to build redirect URL with OAuth error parameters"""
+    params = {
+        "error": error,
+        "state": state,
+    }
+    if error_description:
+        params["error_description"] = error_description
+
+    redirect_url = f"{redirect_uri}?{urlencode(params)}"
+    return AuthorizeResponse(redirect_url=redirect_url)
+
+
+# ============================================================================
+# Token Endpoint
+# ============================================================================
+
+
+class TokenRequestByCode(BaseModel):
+    grant_type: Literal["authorization_code"]
+    code: str = Field(description="Authorization code")
+    redirect_uri: str = Field(
+        description="Redirect URI (must match authorization request)"
+    )
+    client_id: str
+    client_secret: str
+    code_verifier: str = Field(description="PKCE code verifier")
+
+
+class TokenRequestByRefreshToken(BaseModel):
+    grant_type: Literal["refresh_token"]
+    refresh_token: str
+    client_id: str
+    client_secret: str
+
+
+@router.post("/token")
+async def token(
+    request: TokenRequestByCode | TokenRequestByRefreshToken = Body(),
+) -> TokenResponse:
+    """
+    OAuth 2.0 Token Endpoint
+
+    Exchanges authorization code or refresh token for access token.
+
+    Grant Types:
+    1. authorization_code: Exchange authorization code for tokens
+       - Required: grant_type, code, redirect_uri, client_id, client_secret
+       - Optional: code_verifier (required if PKCE was used)
+
+    2. refresh_token: Exchange refresh token for new access token
+       - Required: grant_type, refresh_token, client_id, client_secret
+
+    Returns:
+    - access_token: Bearer token for API access (1 hour TTL)
+    - token_type: "Bearer"
+    - expires_in: Seconds until access token expires
+    - refresh_token: Token for refreshing access (30 days TTL)
+    - scopes: List of scopes
+    """
+    # Validate client credentials
+    try:
+        app = await validate_client_credentials(
+            request.client_id, request.client_secret
+        )
+    except InvalidClientError as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=str(e),
+        )
+
+    # Handle authorization_code grant
+    if request.grant_type == "authorization_code":
+        # Consume authorization code
+        try:
+            user_id, scopes = await consume_authorization_code(
+                code=request.code,
+                application_id=app.id,
+                redirect_uri=request.redirect_uri,
+                code_verifier=request.code_verifier,
+            )
+        except InvalidGrantError as e:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=str(e),
+            )
+
+        # Create access and refresh tokens
+        access_token = await create_access_token(app.id, user_id, scopes)
+        refresh_token = await create_refresh_token(app.id, user_id, scopes)
+
+        logger.info(
+            f"Access token issued for user #{user_id} and app {app.name} (#{app.id})"
+            "via authorization code"
+        )
+
+        if not access_token.token or not refresh_token.token:
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail="Failed to generate tokens",
+            )
+
+        return TokenResponse(
+            token_type="Bearer",
+            access_token=access_token.token.get_secret_value(),
+            access_token_expires_at=access_token.expires_at,
+            refresh_token=refresh_token.token.get_secret_value(),
+            refresh_token_expires_at=refresh_token.expires_at,
+            scopes=list(s.value for s in scopes),
+        )
+
+    # Handle refresh_token grant
+    elif request.grant_type == "refresh_token":
+        # Refresh access token
+        try:
+            new_access_token, new_refresh_token = await refresh_tokens(
+                request.refresh_token, app.id
+            )
+        except InvalidGrantError as e:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=str(e),
+            )
+
+        logger.info(
+            f"Tokens refreshed for user #{new_access_token.user_id} "
+            f"by app {app.name} (#{app.id})"
+        )
+
+        if not new_access_token.token or not new_refresh_token.token:
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail="Failed to generate tokens",
+            )
+
+        return TokenResponse(
+            token_type="Bearer",
+            access_token=new_access_token.token.get_secret_value(),
+            access_token_expires_at=new_access_token.expires_at,
+            refresh_token=new_refresh_token.token.get_secret_value(),
+            refresh_token_expires_at=new_refresh_token.expires_at,
+            scopes=list(s.value for s in new_access_token.scopes),
+        )
+
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Unsupported grant_type: {request.grant_type}. "
+            "Must be 'authorization_code' or 'refresh_token'",
+        )
+
+
+# ============================================================================
+# Token Introspection Endpoint
+# ============================================================================
+
+
+@router.post("/introspect")
+async def introspect(
+    token: str = Body(description="Token to introspect"),
+    token_type_hint: Optional[Literal["access_token", "refresh_token"]] = Body(
+        None, description="Hint about token type ('access_token' or 'refresh_token')"
+    ),
+    client_id: str = Body(description="Client identifier"),
+    client_secret: str = Body(description="Client secret"),
+) -> TokenIntrospectionResult:
+    """
+    OAuth 2.0 Token Introspection Endpoint (RFC 7662)
+
+    Allows clients to check if a token is valid and get its metadata.
+
+    Returns:
+    - active: Whether the token is currently active
+    - scopes: List of authorized scopes (if active)
+    - client_id: The client the token was issued to (if active)
+    - user_id: The user the token represents (if active)
+    - exp: Expiration timestamp (if active)
+    - token_type: "access_token" or "refresh_token" (if active)
+    """
+    # Validate client credentials
+    try:
+        await validate_client_credentials(client_id, client_secret)
+    except InvalidClientError as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=str(e),
+        )
+
+    # Introspect the token
+    return await introspect_token(token, token_type_hint)
+
+
+# ============================================================================
+# Token Revocation Endpoint
+# ============================================================================
+
+
+@router.post("/revoke")
+async def revoke(
+    token: str = Body(description="Token to revoke"),
+    token_type_hint: Optional[Literal["access_token", "refresh_token"]] = Body(
+        None, description="Hint about token type ('access_token' or 'refresh_token')"
+    ),
+    client_id: str = Body(description="Client identifier"),
+    client_secret: str = Body(description="Client secret"),
+):
+    """
+    OAuth 2.0 Token Revocation Endpoint (RFC 7009)
+
+    Allows clients to revoke an access or refresh token.
+
+    Note: Revoking a refresh token does NOT revoke associated access tokens.
+    Revoking an access token does NOT revoke the associated refresh token.
+    """
+    # Validate client credentials
+    try:
+        app = await validate_client_credentials(client_id, client_secret)
+    except InvalidClientError as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=str(e),
+        )
+
+    # Try to revoke as access token first
+    # Note: We pass app.id to ensure the token belongs to the authenticated app
+    if token_type_hint != "refresh_token":
+        revoked = await revoke_access_token(token, app.id)
+        if revoked:
+            logger.info(
+                f"Access token revoked for app {app.name} (#{app.id}); "
+                f"user #{revoked.user_id}"
+            )
+            return {"status": "ok"}
+
+    # Try to revoke as refresh token
+    revoked = await revoke_refresh_token(token, app.id)
+    if revoked:
+        logger.info(
+            f"Refresh token revoked for app {app.name} (#{app.id}); "
+            f"user #{revoked.user_id}"
+        )
+        return {"status": "ok"}
+
+    # Per RFC 7009, revocation endpoint returns 200 even if token not found
+    # or if token belongs to a different application.
+    # This prevents token scanning attacks.
+    logger.warning(f"Unsuccessful token revocation attempt by app {app.name} #{app.id}")
+    return {"status": "ok"}
+
+
+# ============================================================================
+# Application Management Endpoints (for app owners)
+# ============================================================================
+
+
+@router.get("/apps/mine")
+async def list_my_oauth_apps(
+    user_id: str = Security(get_user_id),
+) -> list[OAuthApplicationInfo]:
+    """
+    List all OAuth applications owned by the current user.
+
+    Returns a list of OAuth applications with their details including:
+    - id, name, description, logo_url
+    - client_id (public identifier)
+    - redirect_uris, grant_types, scopes
+    - is_active status
+    - created_at, updated_at timestamps
+
+    Note: client_secret is never returned for security reasons.
+    """
+    return await list_user_oauth_applications(user_id)
+
+
+@router.patch("/apps/{app_id}/status")
+async def update_app_status(
+    app_id: str,
+    user_id: str = Security(get_user_id),
+    is_active: bool = Body(description="Whether the app should be active", embed=True),
+) -> OAuthApplicationInfo:
+    """
+    Enable or disable an OAuth application.
+
+    Only the application owner can update the status.
+    When disabled, the application cannot be used for new authorizations
+    and existing access tokens will fail validation.
+
+    Returns the updated application info.
+    """
+    updated_app = await update_oauth_application(
+        app_id=app_id,
+        owner_id=user_id,
+        is_active=is_active,
+    )
+
+    if not updated_app:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Application not found or you don't have permission to update it",
+        )
+
+    action = "enabled" if is_active else "disabled"
+    logger.info(f"OAuth app {updated_app.name} (#{app_id}) {action} by user #{user_id}")
+
+    return updated_app
+
+
+class UpdateAppLogoRequest(BaseModel):
+    logo_url: str = Field(description="URL of the uploaded logo image")
+
+
+@router.patch("/apps/{app_id}/logo")
+async def update_app_logo(
+    app_id: str,
+    request: UpdateAppLogoRequest = Body(),
+    user_id: str = Security(get_user_id),
+) -> OAuthApplicationInfo:
+    """
+    Update the logo URL for an OAuth application.
+
+    Only the application owner can update the logo.
+    The logo should be uploaded first using the media upload endpoint,
+    then this endpoint is called with the resulting URL.
+
+    Logo requirements:
+    - Must be square (1:1 aspect ratio)
+    - Minimum 512x512 pixels
+    - Maximum 2048x2048 pixels
+
+    Returns the updated application info.
+    """
+    if (
+        not (app := await get_oauth_application_by_id(app_id))
+        or app.owner_id != user_id
+    ):
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="OAuth App not found",
+        )
+
+    # Delete the current app logo file (if any and it's in our cloud storage)
+    await _delete_app_current_logo_file(app)
+
+    updated_app = await update_oauth_application(
+        app_id=app_id,
+        owner_id=user_id,
+        logo_url=request.logo_url,
+    )
+
+    if not updated_app:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Application not found or you don't have permission to update it",
+        )
+
+    logger.info(
+        f"OAuth app {updated_app.name} (#{app_id}) logo updated by user #{user_id}"
+    )
+
+    return updated_app
+
+
+# Logo upload constraints
+LOGO_MIN_SIZE = 512
+LOGO_MAX_SIZE = 2048
+LOGO_ALLOWED_TYPES = {"image/jpeg", "image/png", "image/webp"}
+LOGO_MAX_FILE_SIZE = 3 * 1024 * 1024  # 3MB
+
+
+@router.post("/apps/{app_id}/logo/upload")
+async def upload_app_logo(
+    app_id: str,
+    file: UploadFile,
+    user_id: str = Security(get_user_id),
+) -> OAuthApplicationInfo:
+    """
+    Upload a logo image for an OAuth application.
+
+    Requirements:
+    - Image must be square (1:1 aspect ratio)
+    - Minimum 512x512 pixels
+    - Maximum 2048x2048 pixels
+    - Allowed formats: JPEG, PNG, WebP
+    - Maximum file size: 3MB
+
+    The image is uploaded to cloud storage and the app's logoUrl is updated.
+    Returns the updated application info.
+    """
+    # Verify ownership to reduce vulnerability to DoS(torage) or DoM(oney) attacks
+    if (
+        not (app := await get_oauth_application_by_id(app_id))
+        or app.owner_id != user_id
+    ):
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="OAuth App not found",
+        )
+
+    # Check GCS configuration
+    if not settings.config.media_gcs_bucket_name:
+        raise HTTPException(
+            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+            detail="Media storage is not configured",
+        )
+
+    # Validate content type
+    content_type = file.content_type
+    if content_type not in LOGO_ALLOWED_TYPES:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Invalid file type. Allowed: JPEG, PNG, WebP. Got: {content_type}",
+        )
+
+    # Read file content
+    try:
+        file_bytes = await file.read()
+    except Exception as e:
+        logger.error(f"Error reading logo file: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Failed to read uploaded file",
+        )
+
+    # Check file size
+    if len(file_bytes) > LOGO_MAX_FILE_SIZE:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=(
+                "File too large. "
+                f"Maximum size is {LOGO_MAX_FILE_SIZE // 1024 // 1024}MB"
+            ),
+        )
+
+    # Validate image dimensions
+    try:
+        image = Image.open(io.BytesIO(file_bytes))
+        width, height = image.size
+
+        if width != height:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=f"Logo must be square. Got {width}x{height}",
+            )
+
+        if width < LOGO_MIN_SIZE:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=f"Logo too small. Minimum {LOGO_MIN_SIZE}x{LOGO_MIN_SIZE}. "
+                f"Got {width}x{height}",
+            )
+
+        if width > LOGO_MAX_SIZE:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=f"Logo too large. Maximum {LOGO_MAX_SIZE}x{LOGO_MAX_SIZE}. "
+                f"Got {width}x{height}",
+            )
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error validating logo image: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid image file",
+        )
+
+    # Scan for viruses
+    filename = file.filename or "logo"
+    await scan_content_safe(file_bytes, filename=filename)
+
+    # Generate unique filename
+    file_ext = os.path.splitext(filename)[1].lower() or ".png"
+    unique_filename = f"{uuid.uuid4()}{file_ext}"
+    storage_path = f"oauth-apps/{app_id}/logo/{unique_filename}"
+
+    # Upload to GCS
+    try:
+        async with async_storage.Storage() as async_client:
+            bucket_name = settings.config.media_gcs_bucket_name
+
+            await async_client.upload(
+                bucket_name, storage_path, file_bytes, content_type=content_type
+            )
+
+            logo_url = f"https://storage.googleapis.com/{bucket_name}/{storage_path}"
+    except Exception as e:
+        logger.error(f"Error uploading logo to GCS: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to upload logo",
+        )
+
+    # Delete the current app logo file (if any and it's in our cloud storage)
+    await _delete_app_current_logo_file(app)
+
+    # Update the app with the new logo URL
+    updated_app = await update_oauth_application(
+        app_id=app_id,
+        owner_id=user_id,
+        logo_url=logo_url,
+    )
+
+    if not updated_app:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Application not found or you don't have permission to update it",
+        )
+
+    logger.info(
+        f"OAuth app {updated_app.name} (#{app_id}) logo uploaded by user #{user_id}"
+    )
+
+    return updated_app
+
+
+async def _delete_app_current_logo_file(app: OAuthApplicationInfo):
+    """
+    Delete the current logo file for the given app, if there is one in our cloud storage
+    """
+    bucket_name = settings.config.media_gcs_bucket_name
+    storage_base_url = f"https://storage.googleapis.com/{bucket_name}/"
+
+    if app.logo_url and app.logo_url.startswith(storage_base_url):
+        # Parse blob path from URL: https://storage.googleapis.com/{bucket}/{path}
+        old_path = app.logo_url.replace(storage_base_url, "")
+        try:
+            async with async_storage.Storage() as async_client:
+                await async_client.delete(bucket_name, old_path)
+            logger.info(f"Deleted old logo for OAuth app #{app.id}: {old_path}")
+        except Exception as e:
+            # Log but don't fail - the new logo was uploaded successfully
+            logger.warning(
+                f"Failed to delete old logo for OAuth app #{app.id}: {e}", exc_info=e
+            )
--- a/autogpt_platform/backend/backend/api/features/oauth_test.py
+++ b/autogpt_platform/backend/backend/api/features/oauth_test.py
--- a/autogpt_platform/backend/backend/api/features/otto/init.py
+++ b/autogpt_platform/backend/backend/api/features/otto/init.py
--- a/autogpt_platform/backend/backend/api/features/otto/models.py
+++ b/autogpt_platform/backend/backend/api/features/otto/models.py
--- a/autogpt_platform/backend/backend/api/features/otto/routes.py
+++ b/autogpt_platform/backend/backend/api/features/otto/routes.py
--- a/autogpt_platform/backend/backend/api/features/otto/routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/otto/routes_test.py
@@ -6,9 +6,9 @@ import pytest
 import pytest_mock
 from pytest_snapshot.plugin import Snapshot

-import backend.server.v2.otto.models as otto_models
-import backend.server.v2.otto.routes as otto_routes
-from backend.server.v2.otto.service import OttoService
+from . import models as otto_models
+from . import routes as otto_routes
+from .service import OttoService

 app = fastapi.FastAPI()
 app.include_router(otto_routes.router)
--- a/autogpt_platform/backend/backend/api/features/otto/service.py
+++ b/autogpt_platform/backend/backend/api/features/otto/service.py
--- a/autogpt_platform/backend/backend/api/features/postmark/init.py
+++ b/autogpt_platform/backend/backend/api/features/postmark/init.py
--- a/autogpt_platform/backend/backend/server/routers/postmark/models.py
+++ b/autogpt_platform/backend/backend/server/routers/postmark/models.py
--- a/autogpt_platform/backend/backend/server/routers/postmark/postmark.py
+++ b/autogpt_platform/backend/backend/server/routers/postmark/postmark.py
@@ -4,12 +4,15 @@ from typing import Annotated
 from fastapi import APIRouter, Body, HTTPException, Query, Security
 from fastapi.responses import JSONResponse

+from backend.api.utils.api_key_auth import APIKeyAuthenticator
 from backend.data.user import (
    get_user_by_email,
    set_user_email_verification,
    unsubscribe_user_by_token,
 )
-from backend.server.routers.postmark.models import (
+from backend.util.settings import Settings
+
+from .models import (
    PostmarkBounceEnum,
    PostmarkBounceWebhook,
    PostmarkClickWebhook,
@@ -19,8 +22,6 @@ from backend.server.routers.postmark.models import (
    PostmarkSubscriptionChangeWebhook,
    PostmarkWebhook,
 )
-from backend.server.utils.api_key_auth import APIKeyAuthenticator
-from backend.util.settings import Settings

 logger = logging.getLogger(__name__)
 settings = Settings()
--- a/autogpt_platform/backend/backend/api/features/store/README.md
+++ b/autogpt_platform/backend/backend/api/features/store/README.md
--- a/autogpt_platform/backend/backend/api/features/store/init.py
+++ b/autogpt_platform/backend/backend/api/features/store/init.py
--- a/autogpt_platform/backend/backend/api/features/store/cache.py
+++ b/autogpt_platform/backend/backend/api/features/store/cache.py
@@ -1,8 +1,9 @@
 from typing import Literal

-import backend.server.v2.store.db
 from backend.util.cache import cached

+from . import db as store_db
+
 ##############################################
 ############### Caches #######################
 ##############################################
@@ -27,10 +28,9 @@ async def _get_cached_store_agents(
    category: str | None,
    page: int,
    page_size: int,
-    filter_mode: Literal["strict", "permissive", "combined"] = "permissive",
 ):
-    """Cached helper to get store agents with hybrid search support."""
-    return await backend.server.v2.store.db.get_store_agents(
+    """Cached helper to get store agents."""
+    return await store_db.get_store_agents(
        featured=featured,
        creators=[creator] if creator else None,
        sorted_by=sorted_by,
@@ -38,16 +38,17 @@ async def _get_cached_store_agents(
        category=category,
        page=page,
        page_size=page_size,
-        filter_mode=filter_mode,
    )


 # Cache individual agent details for 15 minutes
@cached(maxsize=200, ttl_seconds=300, shared_cache=True)
-async def _get_cached_agent_details(username: str, agent_name: str):
+async def _get_cached_agent_details(
+    username: str, agent_name: str, include_changelog: bool = False
+):
    """Cached helper to get agent details."""
-    return await backend.server.v2.store.db.get_store_agent_details(
-        username=username, agent_name=agent_name
+    return await store_db.get_store_agent_details(
+        username=username, agent_name=agent_name, include_changelog=include_changelog
    )


@@ -61,7 +62,7 @@ async def _get_cached_store_creators(
    page_size: int,
 ):
    """Cached helper to get store creators."""
-    return await backend.server.v2.store.db.get_store_creators(
+    return await store_db.get_store_creators(
        featured=featured,
        search_query=search_query,
        sorted_by=sorted_by,
@@ -74,6 +75,4 @@ async def _get_cached_store_creators(
@cached(maxsize=100, ttl_seconds=300, shared_cache=True)
 async def _get_cached_creator_details(username: str):
    """Cached helper to get creator details."""
-    return await backend.server.v2.store.db.get_store_creator_details(
-        username=username.lower()
-    )
+    return await store_db.get_store_creator_details(username=username.lower())
--- a/autogpt_platform/backend/backend/api/features/store/db.py
+++ b/autogpt_platform/backend/backend/api/features/store/db.py
--- a/autogpt_platform/backend/backend/api/features/store/db_test.py
+++ b/autogpt_platform/backend/backend/api/features/store/db_test.py
@@ -6,8 +6,8 @@ import prisma.models
 import pytest
 from prisma import Prisma

-import backend.server.v2.store.db as db
-from backend.server.v2.store.model import Profile
+from . import db
+from .model import Profile


@pytest.fixture(autouse=True)
@@ -40,6 +40,8 @@ async def test_get_store_agents(mocker):
            runs=10,
            rating=4.5,
            versions=["1.0"],
+            agentGraphVersions=["1"],
+            agentGraphId="test-graph-id",
            updated_at=datetime.now(),
            is_available=False,
            useForOnboarding=False,
@@ -83,6 +85,8 @@ async def test_get_store_agent_details(mocker):
        runs=10,
        rating=4.5,
        versions=["1.0"],
+        agentGraphVersions=["1"],
+        agentGraphId="test-graph-id",
        updated_at=datetime.now(),
        is_available=False,
        useForOnboarding=False,
@@ -105,6 +109,8 @@ async def test_get_store_agent_details(mocker):
        runs=15,
        rating=4.8,
        versions=["1.0", "2.0"],
+        agentGraphVersions=["1", "2"],
+        agentGraphId="test-graph-id-active",
        updated_at=datetime.now(),
        is_available=True,
        useForOnboarding=False,
@@ -405,347 +411,3 @@ async def test_get_store_agents_search_category_array_injection():
    # Verify the query executed without error
    # Category should be parameterized, preventing SQL injection
    assert isinstance(result.agents, list)
-
-
-# Hybrid search tests (BM25 + vector + popularity with RRF ranking)
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_get_store_agents_hybrid_search_mocked(mocker):
-    """Test hybrid search uses embedding service and executes query safely."""
-    from backend.integrations.embeddings import EMBEDDING_DIMENSIONS
-
-    # Mock embedding service
-    mock_embedding = [0.1] * EMBEDDING_DIMENSIONS
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock(
-        return_value=mock_embedding
-    )
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Mock query_raw_with_schema to return empty results
-    mocker.patch(
-        "backend.server.v2.store.db.query_raw_with_schema",
-        mocker.AsyncMock(side_effect=[[], [{"count": 0}]]),
-    )
-
-    # Call function with search query
-    result = await db.get_store_agents(search_query="test query")
-
-    # Verify embedding service was called
-    mock_embedding_service.generate_embedding.assert_called_once_with("test query")
-
-    # Verify results
-    assert isinstance(result.agents, list)
-    assert len(result.agents) == 0
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_get_store_agents_hybrid_search_with_results(mocker):
-    """Test hybrid search returns properly formatted results with RRF scoring."""
-    from backend.integrations.embeddings import EMBEDDING_DIMENSIONS
-
-    # Mock embedding service
-    mock_embedding = [0.1] * EMBEDDING_DIMENSIONS
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock(
-        return_value=mock_embedding
-    )
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Mock query results (hybrid search returns rrf_score instead of similarity)
-    mock_agents = [
-        {
-            "slug": "test-agent",
-            "agent_name": "Test Agent",
-            "agent_image": ["image.jpg"],
-            "creator_username": "creator",
-            "creator_avatar": "avatar.jpg",
-            "sub_heading": "Test heading",
-            "description": "Test description",
-            "runs": 10,
-            "rating": 4.5,
-            "categories": ["test"],
-            "featured": False,
-            "is_available": True,
-            "updated_at": datetime.now(),
-            "rrf_score": 0.048,  # RRF score from combined rankings
-        }
-    ]
-    mock_count = [{"count": 1}]
-
-    mocker.patch(
-        "backend.server.v2.store.db.query_raw_with_schema",
-        mocker.AsyncMock(side_effect=[mock_agents, mock_count]),
-    )
-
-    # Call function with search query
-    result = await db.get_store_agents(search_query="test query")
-
-    # Verify results
-    assert len(result.agents) == 1
-    assert result.agents[0].slug == "test-agent"
-    assert result.agents[0].agent_name == "Test Agent"
-    assert result.pagination.total_items == 1
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_get_store_agents_hybrid_search_with_filters(mocker):
-    """Test hybrid search works correctly with additional filters."""
-    from backend.integrations.embeddings import EMBEDDING_DIMENSIONS
-
-    # Mock embedding service
-    mock_embedding = [0.1] * EMBEDDING_DIMENSIONS
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock(
-        return_value=mock_embedding
-    )
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Mock query_raw_with_schema
-    mock_query = mocker.patch(
-        "backend.server.v2.store.db.query_raw_with_schema",
-        mocker.AsyncMock(side_effect=[[], [{"count": 0}]]),
-    )
-
-    # Call function with search query and filters
-    await db.get_store_agents(
-        search_query="test query",
-        featured=True,
-        creators=["creator1", "creator2"],
-        category="AI",
-    )
-
-    # Verify query was called with parameterized values
-    # First call is the main query, second is count
-    assert mock_query.call_count == 2
-
-    # Check that the SQL query includes proper parameterization
-    first_call_args = mock_query.call_args_list[0]
-    sql_query = first_call_args[0][0]
-
-    # Verify key elements of hybrid search query
-    assert "embedding <=> $1::vector" in sql_query  # Vector search
-    assert "ts_rank_cd" in sql_query  # BM25 search
-    assert "rrf_score" in sql_query  # RRF ranking
-    assert "featured = true" in sql_query
-    assert "creator_username = ANY($" in sql_query
-    assert "= ANY(categories)" in sql_query
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_get_store_agents_hybrid_search_strict_filter_mode(mocker):
-    """Test hybrid search with strict filter mode requires both BM25 and vector matches."""
-    from backend.integrations.embeddings import EMBEDDING_DIMENSIONS
-
-    # Mock embedding service
-    mock_embedding = [0.1] * EMBEDDING_DIMENSIONS
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock(
-        return_value=mock_embedding
-    )
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Mock query_raw_with_schema
-    mock_query = mocker.patch(
-        "backend.server.v2.store.db.query_raw_with_schema",
-        mocker.AsyncMock(side_effect=[[], [{"count": 0}]]),
-    )
-
-    # Call function with strict filter mode
-    await db.get_store_agents(search_query="test query", filter_mode="strict")
-
-    # Check that the SQL query includes strict filtering conditions
-    first_call_args = mock_query.call_args_list[0]
-    sql_query = first_call_args[0][0]
-
-    # Strict mode requires both embedding AND search to be present
-    assert "embedding IS NOT NULL" in sql_query
-    assert "search IS NOT NULL" in sql_query
-    # Strict score filter requires both thresholds to be met
-    assert "bm25_score >=" in sql_query
-    assert "AND vector_score >=" in sql_query
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_get_store_agents_hybrid_search_permissive_filter_mode(mocker):
-    """Test hybrid search with permissive filter mode requires either BM25 or vector match."""
-    from backend.integrations.embeddings import EMBEDDING_DIMENSIONS
-
-    # Mock embedding service
-    mock_embedding = [0.1] * EMBEDDING_DIMENSIONS
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock(
-        return_value=mock_embedding
-    )
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Mock query_raw_with_schema
-    mock_query = mocker.patch(
-        "backend.server.v2.store.db.query_raw_with_schema",
-        mocker.AsyncMock(side_effect=[[], [{"count": 0}]]),
-    )
-
-    # Call function with permissive filter mode
-    await db.get_store_agents(search_query="test query", filter_mode="permissive")
-
-    # Check that the SQL query includes permissive filtering conditions
-    first_call_args = mock_query.call_args_list[0]
-    sql_query = first_call_args[0][0]
-
-    # Permissive mode requires at least one signal
-    assert "(embedding IS NOT NULL OR search IS NOT NULL)" in sql_query
-    # Permissive score filter requires either threshold to be met
-    assert "OR vector_score >=" in sql_query
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_get_store_agents_hybrid_search_combined_filter_mode(mocker):
-    """Test hybrid search with combined filter mode (default) filters by RRF score."""
-    from backend.integrations.embeddings import EMBEDDING_DIMENSIONS
-
-    # Mock embedding service
-    mock_embedding = [0.1] * EMBEDDING_DIMENSIONS
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock(
-        return_value=mock_embedding
-    )
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Mock query_raw_with_schema
-    mock_query = mocker.patch(
-        "backend.server.v2.store.db.query_raw_with_schema",
-        mocker.AsyncMock(side_effect=[[], [{"count": 0}]]),
-    )
-
-    # Call function with combined filter mode (default)
-    await db.get_store_agents(search_query="test query", filter_mode="combined")
-
-    # Check that the SQL query includes combined filtering
-    first_call_args = mock_query.call_args_list[0]
-    sql_query = first_call_args[0][0]
-
-    # Combined mode requires at least one signal
-    assert "(embedding IS NOT NULL OR search IS NOT NULL)" in sql_query
-    # Combined mode uses "1=1" as pre-filter (no individual score filtering)
-    # But applies RRF score threshold to filter irrelevant results
-    assert "rrf_score" in sql_query
-    assert "rrf_score >=" in sql_query  # RRF threshold filter applied
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_generate_and_store_embedding_success(mocker):
-    """Test that embedding generation and storage works correctly."""
-    from backend.integrations.embeddings import EMBEDDING_DIMENSIONS
-
-    # Mock embedding service
-    mock_embedding = [0.1] * EMBEDDING_DIMENSIONS
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock(
-        return_value=mock_embedding
-    )
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Mock query_raw_with_schema
-    mock_query = mocker.patch(
-        "backend.server.v2.store.db.query_raw_with_schema",
-        mocker.AsyncMock(return_value=[]),
-    )
-
-    # Call the internal function
-    await db._generate_and_store_embedding(
-        store_listing_version_id="version-123",
-        name="Test Agent",
-        sub_heading="A test agent",
-        description="Does testing",
-    )
-
-    # Verify embedding service was called with combined text
-    mock_embedding_service.generate_embedding.assert_called_once_with(
-        "Test Agent A test agent Does testing"
-    )
-
-    # Verify database update was called
-    mock_query.assert_called_once()
-    call_args = mock_query.call_args
-    assert "UPDATE" in call_args[0][0]
-    assert "embedding = $1::vector" in call_args[0][0]
-    assert call_args[0][2] == "version-123"
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_generate_and_store_embedding_empty_text(mocker):
-    """Test that embedding is not generated for empty text."""
-    # Mock embedding service
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock()
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Mock query_raw_with_schema
-    mock_query = mocker.patch(
-        "backend.server.v2.store.db.query_raw_with_schema",
-        mocker.AsyncMock(return_value=[]),
-    )
-
-    # Call with empty fields
-    await db._generate_and_store_embedding(
-        store_listing_version_id="version-123",
-        name="",
-        sub_heading="",
-        description="",
-    )
-
-    # Verify embedding service was NOT called
-    mock_embedding_service.generate_embedding.assert_not_called()
-
-    # Verify database was NOT updated
-    mock_query.assert_not_called()
-
-
-@pytest.mark.asyncio(loop_scope="session")
-async def test_generate_and_store_embedding_handles_error(mocker):
-    """Test that embedding generation errors don't crash the operation."""
-    # Mock embedding service to raise an error
-    mock_embedding_service = mocker.MagicMock()
-    mock_embedding_service.generate_embedding = mocker.AsyncMock(
-        side_effect=Exception("API error")
-    )
-    mocker.patch(
-        "backend.server.v2.store.db.get_embedding_service",
-        mocker.MagicMock(return_value=mock_embedding_service),
-    )
-
-    # Call should not raise - errors are logged but not propagated
-    await db._generate_and_store_embedding(
-        store_listing_version_id="version-123",
-        name="Test Agent",
-        sub_heading="A test agent",
-        description="Does testing",
-    )
-
-    # Verify embedding service was called (and failed)
-    mock_embedding_service.generate_embedding.assert_called_once()
--- a/autogpt_platform/backend/backend/api/features/store/exceptions.py
+++ b/autogpt_platform/backend/backend/api/features/store/exceptions.py
--- a/autogpt_platform/backend/backend/api/features/store/image_gen.py
+++ b/autogpt_platform/backend/backend/api/features/store/image_gen.py
--- a/autogpt_platform/backend/backend/api/features/store/media.py
+++ b/autogpt_platform/backend/backend/api/features/store/media.py
@@ -5,11 +5,12 @@ import uuid
 import fastapi
 from gcloud.aio import storage as async_storage

-import backend.server.v2.store.exceptions
 from backend.util.exceptions import MissingConfigError
 from backend.util.settings import Settings
 from backend.util.virus_scanner import scan_content_safe

+from . import exceptions as store_exceptions
+
 logger = logging.getLogger(__name__)

 ALLOWED_IMAGE_TYPES = {"image/jpeg", "image/png", "image/gif", "image/webp"}
@@ -68,61 +69,55 @@ async def upload_media(
        await file.seek(0)  # Reset file pointer
    except Exception as e:
        logger.error(f"Error reading file content: {str(e)}")
-        raise backend.server.v2.store.exceptions.FileReadError(
-            "Failed to read file content"
-        ) from e
+        raise store_exceptions.FileReadError("Failed to read file content") from e

    # Validate file signature/magic bytes
    if file.content_type in ALLOWED_IMAGE_TYPES:
        # Check image file signatures
        if content.startswith(b"\xff\xd8\xff"):  # JPEG
            if file.content_type != "image/jpeg":
-                raise backend.server.v2.store.exceptions.InvalidFileTypeError(
+                raise store_exceptions.InvalidFileTypeError(
                    "File signature does not match content type"
                )
        elif content.startswith(b"\x89PNG\r\n\x1a\n"):  # PNG
            if file.content_type != "image/png":
-                raise backend.server.v2.store.exceptions.InvalidFileTypeError(
+                raise store_exceptions.InvalidFileTypeError(
                    "File signature does not match content type"
                )
        elif content.startswith(b"GIF87a") or content.startswith(b"GIF89a"):  # GIF
            if file.content_type != "image/gif":
-                raise backend.server.v2.store.exceptions.InvalidFileTypeError(
+                raise store_exceptions.InvalidFileTypeError(
                    "File signature does not match content type"
                )
        elif content.startswith(b"RIFF") and content[8:12] == b"WEBP":  # WebP
            if file.content_type != "image/webp":
-                raise backend.server.v2.store.exceptions.InvalidFileTypeError(
+                raise store_exceptions.InvalidFileTypeError(
                    "File signature does not match content type"
                )
        else:
-            raise backend.server.v2.store.exceptions.InvalidFileTypeError(
-                "Invalid image file signature"
-            )
+            raise store_exceptions.InvalidFileTypeError("Invalid image file signature")

    elif file.content_type in ALLOWED_VIDEO_TYPES:
        # Check video file signatures
        if content.startswith(b"\x00\x00\x00") and (content[4:8] == b"ftyp"):  # MP4
            if file.content_type != "video/mp4":
-                raise backend.server.v2.store.exceptions.InvalidFileTypeError(
+                raise store_exceptions.InvalidFileTypeError(
                    "File signature does not match content type"
                )
        elif content.startswith(b"\x1a\x45\xdf\xa3"):  # WebM
            if file.content_type != "video/webm":
-                raise backend.server.v2.store.exceptions.InvalidFileTypeError(
+                raise store_exceptions.InvalidFileTypeError(
                    "File signature does not match content type"
                )
        else:
-            raise backend.server.v2.store.exceptions.InvalidFileTypeError(
-                "Invalid video file signature"
-            )
+            raise store_exceptions.InvalidFileTypeError("Invalid video file signature")

    settings = Settings()

    # Check required settings first before doing any file processing
    if not settings.config.media_gcs_bucket_name:
        logger.error("Missing GCS bucket name setting")
-        raise backend.server.v2.store.exceptions.StorageConfigError(
+        raise store_exceptions.StorageConfigError(
            "Missing storage bucket configuration"
        )

@@ -137,7 +132,7 @@ async def upload_media(
            and content_type not in ALLOWED_VIDEO_TYPES
        ):
            logger.warning(f"Invalid file type attempted: {content_type}")
-            raise backend.server.v2.store.exceptions.InvalidFileTypeError(
+            raise store_exceptions.InvalidFileTypeError(
                f"File type not supported. Must be jpeg, png, gif, webp, mp4 or webm. Content type: {content_type}"
            )

@@ -150,16 +145,14 @@ async def upload_media(
                file_size += len(chunk)
                if file_size > MAX_FILE_SIZE:
                    logger.warning(f"File size too large: {file_size} bytes")
-                    raise backend.server.v2.store.exceptions.FileSizeTooLargeError(
+                    raise store_exceptions.FileSizeTooLargeError(
                        "File too large. Maximum size is 50MB"
                    )
-        except backend.server.v2.store.exceptions.FileSizeTooLargeError:
+        except store_exceptions.FileSizeTooLargeError:
            raise
        except Exception as e:
            logger.error(f"Error reading file chunks: {str(e)}")
-            raise backend.server.v2.store.exceptions.FileReadError(
-                "Failed to read uploaded file"
-            ) from e
+            raise store_exceptions.FileReadError("Failed to read uploaded file") from e

        # Reset file pointer
        await file.seek(0)
@@ -198,14 +191,14 @@ async def upload_media(

        except Exception as e:
            logger.error(f"GCS storage error: {str(e)}")
-            raise backend.server.v2.store.exceptions.StorageUploadError(
+            raise store_exceptions.StorageUploadError(
                "Failed to upload file to storage"
            ) from e

-    except backend.server.v2.store.exceptions.MediaUploadError:
+    except store_exceptions.MediaUploadError:
        raise
    except Exception as e:
        logger.exception("Unexpected error in upload_media")
-        raise backend.server.v2.store.exceptions.MediaUploadError(
+        raise store_exceptions.MediaUploadError(
            "Unexpected error during media upload"
        ) from e
--- a/autogpt_platform/backend/backend/api/features/store/media_test.py
+++ b/autogpt_platform/backend/backend/api/features/store/media_test.py
@@ -6,17 +6,18 @@ import fastapi
 import pytest
 import starlette.datastructures

-import backend.server.v2.store.exceptions
-import backend.server.v2.store.media
 from backend.util.settings import Settings

+from . import exceptions as store_exceptions
+from . import media as store_media
+

@pytest.fixture
 def mock_settings(monkeypatch):
    settings = Settings()
    settings.config.media_gcs_bucket_name = "test-bucket"
    settings.config.google_application_credentials = "test-credentials"
-    monkeypatch.setattr("backend.server.v2.store.media.Settings", lambda: settings)
+    monkeypatch.setattr("backend.api.features.store.media.Settings", lambda: settings)
    return settings


@@ -32,12 +33,13 @@ def mock_storage_client(mocker):

    # Mock the constructor to return our mock client
    mocker.patch(
-        "backend.server.v2.store.media.async_storage.Storage", return_value=mock_client
+        "backend.api.features.store.media.async_storage.Storage",
+        return_value=mock_client,
    )

    # Mock virus scanner to avoid actual scanning
    mocker.patch(
-        "backend.server.v2.store.media.scan_content_safe", new_callable=AsyncMock
+        "backend.api.features.store.media.scan_content_safe", new_callable=AsyncMock
    )

    return mock_client
@@ -53,7 +55,7 @@ async def test_upload_media_success(mock_settings, mock_storage_client):
        headers=starlette.datastructures.Headers({"content-type": "image/jpeg"}),
    )

-    result = await backend.server.v2.store.media.upload_media("test-user", test_file)
+    result = await store_media.upload_media("test-user", test_file)

    assert result.startswith(
        "https://storage.googleapis.com/test-bucket/users/test-user/images/"
@@ -69,8 +71,8 @@ async def test_upload_media_invalid_type(mock_settings, mock_storage_client):
        headers=starlette.datastructures.Headers({"content-type": "text/plain"}),
    )

-    with pytest.raises(backend.server.v2.store.exceptions.InvalidFileTypeError):
-        await backend.server.v2.store.media.upload_media("test-user", test_file)
+    with pytest.raises(store_exceptions.InvalidFileTypeError):
+        await store_media.upload_media("test-user", test_file)

    mock_storage_client.upload.assert_not_called()

@@ -79,7 +81,7 @@ async def test_upload_media_missing_credentials(monkeypatch):
    settings = Settings()
    settings.config.media_gcs_bucket_name = ""
    settings.config.google_application_credentials = ""
-    monkeypatch.setattr("backend.server.v2.store.media.Settings", lambda: settings)
+    monkeypatch.setattr("backend.api.features.store.media.Settings", lambda: settings)

    test_file = fastapi.UploadFile(
        filename="laptop.jpeg",
@@ -87,8 +89,8 @@ async def test_upload_media_missing_credentials(monkeypatch):
        headers=starlette.datastructures.Headers({"content-type": "image/jpeg"}),
    )

-    with pytest.raises(backend.server.v2.store.exceptions.StorageConfigError):
-        await backend.server.v2.store.media.upload_media("test-user", test_file)
+    with pytest.raises(store_exceptions.StorageConfigError):
+        await store_media.upload_media("test-user", test_file)


 async def test_upload_media_video_type(mock_settings, mock_storage_client):
@@ -98,7 +100,7 @@ async def test_upload_media_video_type(mock_settings, mock_storage_client):
        headers=starlette.datastructures.Headers({"content-type": "video/mp4"}),
    )

-    result = await backend.server.v2.store.media.upload_media("test-user", test_file)
+    result = await store_media.upload_media("test-user", test_file)

    assert result.startswith(
        "https://storage.googleapis.com/test-bucket/users/test-user/videos/"
@@ -117,8 +119,8 @@ async def test_upload_media_file_too_large(mock_settings, mock_storage_client):
        headers=starlette.datastructures.Headers({"content-type": "image/jpeg"}),
    )

-    with pytest.raises(backend.server.v2.store.exceptions.FileSizeTooLargeError):
-        await backend.server.v2.store.media.upload_media("test-user", test_file)
+    with pytest.raises(store_exceptions.FileSizeTooLargeError):
+        await store_media.upload_media("test-user", test_file)


 async def test_upload_media_file_read_error(mock_settings, mock_storage_client):
@@ -129,8 +131,8 @@ async def test_upload_media_file_read_error(mock_settings, mock_storage_client):
    )
    test_file.read = unittest.mock.AsyncMock(side_effect=Exception("Read error"))

-    with pytest.raises(backend.server.v2.store.exceptions.FileReadError):
-        await backend.server.v2.store.media.upload_media("test-user", test_file)
+    with pytest.raises(store_exceptions.FileReadError):
+        await store_media.upload_media("test-user", test_file)


 async def test_upload_media_png_success(mock_settings, mock_storage_client):
@@ -140,7 +142,7 @@ async def test_upload_media_png_success(mock_settings, mock_storage_client):
        headers=starlette.datastructures.Headers({"content-type": "image/png"}),
    )

-    result = await backend.server.v2.store.media.upload_media("test-user", test_file)
+    result = await store_media.upload_media("test-user", test_file)
    assert result.startswith(
        "https://storage.googleapis.com/test-bucket/users/test-user/images/"
    )
@@ -154,7 +156,7 @@ async def test_upload_media_gif_success(mock_settings, mock_storage_client):
        headers=starlette.datastructures.Headers({"content-type": "image/gif"}),
    )

-    result = await backend.server.v2.store.media.upload_media("test-user", test_file)
+    result = await store_media.upload_media("test-user", test_file)
    assert result.startswith(
        "https://storage.googleapis.com/test-bucket/users/test-user/images/"
    )
@@ -168,7 +170,7 @@ async def test_upload_media_webp_success(mock_settings, mock_storage_client):
        headers=starlette.datastructures.Headers({"content-type": "image/webp"}),
    )

-    result = await backend.server.v2.store.media.upload_media("test-user", test_file)
+    result = await store_media.upload_media("test-user", test_file)
    assert result.startswith(
        "https://storage.googleapis.com/test-bucket/users/test-user/images/"
    )
@@ -182,7 +184,7 @@ async def test_upload_media_webm_success(mock_settings, mock_storage_client):
        headers=starlette.datastructures.Headers({"content-type": "video/webm"}),
    )

-    result = await backend.server.v2.store.media.upload_media("test-user", test_file)
+    result = await store_media.upload_media("test-user", test_file)
    assert result.startswith(
        "https://storage.googleapis.com/test-bucket/users/test-user/videos/"
    )
@@ -196,8 +198,8 @@ async def test_upload_media_mismatched_signature(mock_settings, mock_storage_cli
        headers=starlette.datastructures.Headers({"content-type": "image/jpeg"}),
    )

-    with pytest.raises(backend.server.v2.store.exceptions.InvalidFileTypeError):
-        await backend.server.v2.store.media.upload_media("test-user", test_file)
+    with pytest.raises(store_exceptions.InvalidFileTypeError):
+        await store_media.upload_media("test-user", test_file)


 async def test_upload_media_invalid_signature(mock_settings, mock_storage_client):
@@ -207,5 +209,5 @@ async def test_upload_media_invalid_signature(mock_settings, mock_storage_client
        headers=starlette.datastructures.Headers({"content-type": "image/jpeg"}),
    )

-    with pytest.raises(backend.server.v2.store.exceptions.InvalidFileTypeError):
-        await backend.server.v2.store.media.upload_media("test-user", test_file)
+    with pytest.raises(store_exceptions.InvalidFileTypeError):
+        await store_media.upload_media("test-user", test_file)
--- a/autogpt_platform/backend/backend/api/features/store/model.py
+++ b/autogpt_platform/backend/backend/api/features/store/model.py
@@ -1,5 +1,4 @@
 import datetime
-from enum import Enum
 from typing import List

 import prisma.enums
@@ -8,17 +7,10 @@ import pydantic
 from backend.util.models import Pagination


-class SearchFilterMode(str, Enum):
-    """How to combine BM25 and vector search results for filtering.
-
-    - STRICT: Must pass BOTH BM25 AND vector similarity thresholds
-    - PERMISSIVE: Must pass EITHER BM25 OR vector similarity threshold
-    - COMBINED: No pre-filtering, only the combined RRF score matters (default)
-    """
-
-    STRICT = "strict"
-    PERMISSIVE = "permissive"
-    COMBINED = "combined"
+class ChangelogEntry(pydantic.BaseModel):
+    version: str
+    changes_summary: str
+    date: datetime.datetime


 class MyAgent(pydantic.BaseModel):
@@ -69,12 +61,17 @@ class StoreAgentDetails(pydantic.BaseModel):
    runs: int
    rating: float
    versions: list[str]
+    agentGraphVersions: list[str]
+    agentGraphId: str
    last_updated: datetime.datetime
    recommended_schedule_cron: str | None = None

    active_version_id: str | None = None
    has_approved_version: bool = False

+    # Optional changelog data when include_changelog=True
+    changelog: list[ChangelogEntry] | None = None
+

 class Creator(pydantic.BaseModel):
    name: str
@@ -113,6 +110,7 @@ class Profile(pydantic.BaseModel):


 class StoreSubmission(pydantic.BaseModel):
+    listing_id: str
    agent_id: str
    agent_version: int
    name: str
@@ -167,8 +165,12 @@ class StoreListingsWithVersionsResponse(pydantic.BaseModel):


 class StoreSubmissionRequest(pydantic.BaseModel):
-    agent_id: str
-    agent_version: int
+    agent_id: str = pydantic.Field(
+        ..., min_length=1, description="Agent ID cannot be empty"
+    )
+    agent_version: int = pydantic.Field(
+        ..., gt=0, description="Agent version must be greater than 0"
+    )
    slug: str
    name: str
    sub_heading: str
--- a/autogpt_platform/backend/backend/api/features/store/model_test.py
+++ b/autogpt_platform/backend/backend/api/features/store/model_test.py
@@ -2,11 +2,11 @@ import datetime

 import prisma.enums

-import backend.server.v2.store.model
+from . import model as store_model


 def test_pagination():
-    pagination = backend.server.v2.store.model.Pagination(
+    pagination = store_model.Pagination(
        total_items=100, total_pages=5, current_page=2, page_size=20
    )
    assert pagination.total_items == 100
@@ -16,7 +16,7 @@ def test_pagination():


 def test_store_agent():
-    agent = backend.server.v2.store.model.StoreAgent(
+    agent = store_model.StoreAgent(
        slug="test-agent",
        agent_name="Test Agent",
        agent_image="test.jpg",
@@ -34,9 +34,9 @@ def test_store_agent():


 def test_store_agents_response():
-    response = backend.server.v2.store.model.StoreAgentsResponse(
+    response = store_model.StoreAgentsResponse(
        agents=[
-            backend.server.v2.store.model.StoreAgent(
+            store_model.StoreAgent(
                slug="test-agent",
                agent_name="Test Agent",
                agent_image="test.jpg",
@@ -48,7 +48,7 @@ def test_store_agents_response():
                rating=4.5,
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            total_items=1, total_pages=1, current_page=1, page_size=20
        ),
    )
@@ -57,7 +57,7 @@ def test_store_agents_response():


 def test_store_agent_details():
-    details = backend.server.v2.store.model.StoreAgentDetails(
+    details = store_model.StoreAgentDetails(
        store_listing_version_id="version123",
        slug="test-agent",
        agent_name="Test Agent",
@@ -72,6 +72,8 @@ def test_store_agent_details():
        runs=50,
        rating=4.5,
        versions=["1.0", "2.0"],
+        agentGraphVersions=["1", "2"],
+        agentGraphId="test-graph-id",
        last_updated=datetime.datetime.now(),
    )
    assert details.slug == "test-agent"
@@ -81,7 +83,7 @@ def test_store_agent_details():


 def test_creator():
-    creator = backend.server.v2.store.model.Creator(
+    creator = store_model.Creator(
        agent_rating=4.8,
        agent_runs=1000,
        name="Test Creator",
@@ -96,9 +98,9 @@ def test_creator():


 def test_creators_response():
-    response = backend.server.v2.store.model.CreatorsResponse(
+    response = store_model.CreatorsResponse(
        creators=[
-            backend.server.v2.store.model.Creator(
+            store_model.Creator(
                agent_rating=4.8,
                agent_runs=1000,
                name="Test Creator",
@@ -109,7 +111,7 @@ def test_creators_response():
                is_featured=False,
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            total_items=1, total_pages=1, current_page=1, page_size=20
        ),
    )
@@ -118,7 +120,7 @@ def test_creators_response():


 def test_creator_details():
-    details = backend.server.v2.store.model.CreatorDetails(
+    details = store_model.CreatorDetails(
        name="Test Creator",
        username="creator1",
        description="Test description",
@@ -135,7 +137,8 @@ def test_creator_details():


 def test_store_submission():
-    submission = backend.server.v2.store.model.StoreSubmission(
+    submission = store_model.StoreSubmission(
+        listing_id="listing123",
        agent_id="agent123",
        agent_version=1,
        sub_heading="Test subheading",
@@ -154,9 +157,10 @@ def test_store_submission():


 def test_store_submissions_response():
-    response = backend.server.v2.store.model.StoreSubmissionsResponse(
+    response = store_model.StoreSubmissionsResponse(
        submissions=[
-            backend.server.v2.store.model.StoreSubmission(
+            store_model.StoreSubmission(
+                listing_id="listing123",
                agent_id="agent123",
                agent_version=1,
                sub_heading="Test subheading",
@@ -170,7 +174,7 @@ def test_store_submissions_response():
                rating=4.5,
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            total_items=1, total_pages=1, current_page=1, page_size=20
        ),
    )
@@ -179,7 +183,7 @@ def test_store_submissions_response():


 def test_store_submission_request():
-    request = backend.server.v2.store.model.StoreSubmissionRequest(
+    request = store_model.StoreSubmissionRequest(
        agent_id="agent123",
        agent_version=1,
        slug="test-agent",
--- a/autogpt_platform/backend/backend/api/features/store/routes.py
+++ b/autogpt_platform/backend/backend/api/features/store/routes.py
@@ -9,14 +9,14 @@ import fastapi
 import fastapi.responses

 import backend.data.graph
-import backend.server.v2.store.cache as store_cache
-import backend.server.v2.store.db
-import backend.server.v2.store.exceptions
-import backend.server.v2.store.image_gen
-import backend.server.v2.store.media
-import backend.server.v2.store.model
 import backend.util.json

+from . import cache as store_cache
+from . import db as store_db
+from . import image_gen as store_image_gen
+from . import media as store_media
+from . import model as store_model
+
 logger = logging.getLogger(__name__)

 router = fastapi.APIRouter()
@@ -32,7 +32,7 @@ router = fastapi.APIRouter()
    summary="Get user profile",
    tags=["store", "private"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
-    response_model=backend.server.v2.store.model.ProfileDetails,
+    response_model=store_model.ProfileDetails,
 )
 async def get_profile(
    user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
@@ -41,7 +41,7 @@ async def get_profile(
    Get the profile details for the authenticated user.
    Cached for 1 hour per user.
    """
-    profile = await backend.server.v2.store.db.get_user_profile(user_id)
+    profile = await store_db.get_user_profile(user_id)
    if profile is None:
        return fastapi.responses.JSONResponse(
            status_code=404,
@@ -55,10 +55,10 @@ async def get_profile(
    summary="Update user profile",
    tags=["store", "private"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
-    response_model=backend.server.v2.store.model.CreatorDetails,
+    response_model=store_model.CreatorDetails,
 )
 async def update_or_create_profile(
-    profile: backend.server.v2.store.model.Profile,
+    profile: store_model.Profile,
    user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
 ):
    """
@@ -74,9 +74,7 @@ async def update_or_create_profile(
    Raises:
        HTTPException: If there is an error updating the profile
    """
-    updated_profile = await backend.server.v2.store.db.update_profile(
-        user_id=user_id, profile=profile
-    )
+    updated_profile = await store_db.update_profile(user_id=user_id, profile=profile)
    return updated_profile


@@ -89,7 +87,7 @@ async def update_or_create_profile(
    "/agents",
    summary="List store agents",
    tags=["store", "public"],
-    response_model=backend.server.v2.store.model.StoreAgentsResponse,
+    response_model=store_model.StoreAgentsResponse,
 )
 async def get_agents(
    featured: bool = False,
@@ -99,30 +97,18 @@ async def get_agents(
    category: str | None = None,
    page: int = 1,
    page_size: int = 20,
-    filter_mode: Literal["strict", "permissive", "combined"] = "permissive",
 ):
    """
    Get a paginated list of agents from the store with optional filtering and sorting.

-    When search_query is provided, uses hybrid search combining:
-    - BM25 full-text search (lexical matching)
-    - Vector semantic similarity (meaning-based matching)
-    - Popularity signal (run counts)
-
-    Results are ranked using Reciprocal Rank Fusion (RRF).
-
    Args:
        featured (bool, optional): Filter to only show featured agents. Defaults to False.
        creator (str | None, optional): Filter agents by creator username. Defaults to None.
        sorted_by (str | None, optional): Sort agents by "runs" or "rating". Defaults to None.
-        search_query (str | None, optional): Search agents by name, subheading and description.
+        search_query (str | None, optional): Search agents by name, subheading and description. Defaults to None.
        category (str | None, optional): Filter agents by category. Defaults to None.
        page (int, optional): Page number for pagination. Defaults to 1.
        page_size (int, optional): Number of agents per page. Defaults to 20.
-        filter_mode (str, optional): Controls result filtering when searching:
-            - "strict": Must match BOTH BM25 AND vector thresholds
-            - "permissive": Must match EITHER BM25 OR vector threshold
-            - "combined": No threshold filtering, rely on RRF score (default)

    Returns:
        StoreAgentsResponse: Paginated list of agents matching the filters
@@ -156,7 +142,6 @@ async def get_agents(
        category=category,
        page=page,
        page_size=page_size,
-        filter_mode=filter_mode,
    )
    return agents

@@ -165,9 +150,13 @@ async def get_agents(
    "/agents/{username}/{agent_name}",
    summary="Get specific agent",
    tags=["store", "public"],
-    response_model=backend.server.v2.store.model.StoreAgentDetails,
+    response_model=store_model.StoreAgentDetails,
 )
-async def get_agent(username: str, agent_name: str):
+async def get_agent(
+    username: str,
+    agent_name: str,
+    include_changelog: bool = fastapi.Query(default=False),
+):
    """
    This is only used on the AgentDetails Page.

@@ -177,7 +166,7 @@ async def get_agent(username: str, agent_name: str):
    # URL decode the agent name since it comes from the URL path
    agent_name = urllib.parse.unquote(agent_name).lower()
    agent = await store_cache._get_cached_agent_details(
-        username=username, agent_name=agent_name
+        username=username, agent_name=agent_name, include_changelog=include_changelog
    )
    return agent

@@ -188,13 +177,13 @@ async def get_agent(username: str, agent_name: str):
    tags=["store"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
 )
-async def get_graph_meta_by_store_listing_version_id(store_listing_version_id: str):
+async def get_graph_meta_by_store_listing_version_id(
+    store_listing_version_id: str,
+) -> backend.data.graph.GraphMeta:
    """
    Get Agent Graph from Store Listing Version ID.
    """
-    graph = await backend.server.v2.store.db.get_available_graph(
-        store_listing_version_id
-    )
+    graph = await store_db.get_available_graph(store_listing_version_id)
    return graph


@@ -203,15 +192,13 @@ async def get_graph_meta_by_store_listing_version_id(store_listing_version_id: s
    summary="Get agent by version",
    tags=["store"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
-    response_model=backend.server.v2.store.model.StoreAgentDetails,
+    response_model=store_model.StoreAgentDetails,
 )
 async def get_store_agent(store_listing_version_id: str):
    """
    Get Store Agent Details from Store Listing Version ID.
    """
-    agent = await backend.server.v2.store.db.get_store_agent_by_version_id(
-        store_listing_version_id
-    )
+    agent = await store_db.get_store_agent_by_version_id(store_listing_version_id)

    return agent

@@ -221,12 +208,12 @@ async def get_store_agent(store_listing_version_id: str):
    summary="Create agent review",
    tags=["store"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
-    response_model=backend.server.v2.store.model.StoreReview,
+    response_model=store_model.StoreReview,
 )
 async def create_review(
    username: str,
    agent_name: str,
-    review: backend.server.v2.store.model.StoreReviewCreate,
+    review: store_model.StoreReviewCreate,
    user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
 ):
    """
@@ -244,7 +231,7 @@ async def create_review(
    username = urllib.parse.unquote(username).lower()
    agent_name = urllib.parse.unquote(agent_name).lower()
    # Create the review
-    created_review = await backend.server.v2.store.db.create_store_review(
+    created_review = await store_db.create_store_review(
        user_id=user_id,
        store_listing_version_id=review.store_listing_version_id,
        score=review.score,
@@ -263,7 +250,7 @@ async def create_review(
    "/creators",
    summary="List store creators",
    tags=["store", "public"],
-    response_model=backend.server.v2.store.model.CreatorsResponse,
+    response_model=store_model.CreatorsResponse,
 )
 async def get_creators(
    featured: bool = False,
@@ -308,7 +295,7 @@ async def get_creators(
    "/creator/{username}",
    summary="Get creator details",
    tags=["store", "public"],
-    response_model=backend.server.v2.store.model.CreatorDetails,
+    response_model=store_model.CreatorDetails,
 )
 async def get_creator(
    username: str,
@@ -332,7 +319,7 @@ async def get_creator(
    summary="Get my agents",
    tags=["store", "private"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
-    response_model=backend.server.v2.store.model.MyAgentsResponse,
+    response_model=store_model.MyAgentsResponse,
 )
 async def get_my_agents(
    user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
@@ -342,9 +329,7 @@ async def get_my_agents(
    """
    Get user's own agents.
    """
-    agents = await backend.server.v2.store.db.get_my_agents(
-        user_id, page=page, page_size=page_size
-    )
+    agents = await store_db.get_my_agents(user_id, page=page, page_size=page_size)
    return agents


@@ -369,7 +354,7 @@ async def delete_submission(
    Returns:
        bool: True if the submission was successfully deleted, False otherwise
    """
-    result = await backend.server.v2.store.db.delete_store_submission(
+    result = await store_db.delete_store_submission(
        user_id=user_id,
        submission_id=submission_id,
    )
@@ -382,7 +367,7 @@ async def delete_submission(
    summary="List my submissions",
    tags=["store", "private"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
-    response_model=backend.server.v2.store.model.StoreSubmissionsResponse,
+    response_model=store_model.StoreSubmissionsResponse,
 )
 async def get_submissions(
    user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
@@ -412,7 +397,7 @@ async def get_submissions(
        raise fastapi.HTTPException(
            status_code=422, detail="Page size must be greater than 0"
        )
-    listings = await backend.server.v2.store.db.get_store_submissions(
+    listings = await store_db.get_store_submissions(
        user_id=user_id,
        page=page,
        page_size=page_size,
@@ -425,10 +410,10 @@ async def get_submissions(
    summary="Create store submission",
    tags=["store", "private"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
-    response_model=backend.server.v2.store.model.StoreSubmission,
+    response_model=store_model.StoreSubmission,
 )
 async def create_submission(
-    submission_request: backend.server.v2.store.model.StoreSubmissionRequest,
+    submission_request: store_model.StoreSubmissionRequest,
    user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
 ):
    """
@@ -444,7 +429,7 @@ async def create_submission(
    Raises:
        HTTPException: If there is an error creating the submission
    """
-    result = await backend.server.v2.store.db.create_store_submission(
+    result = await store_db.create_store_submission(
        user_id=user_id,
        agent_id=submission_request.agent_id,
        agent_version=submission_request.agent_version,
@@ -469,11 +454,11 @@ async def create_submission(
    summary="Edit store submission",
    tags=["store", "private"],
    dependencies=[fastapi.Security(autogpt_libs.auth.requires_user)],
-    response_model=backend.server.v2.store.model.StoreSubmission,
+    response_model=store_model.StoreSubmission,
 )
 async def edit_submission(
    store_listing_version_id: str,
-    submission_request: backend.server.v2.store.model.StoreSubmissionEditRequest,
+    submission_request: store_model.StoreSubmissionEditRequest,
    user_id: str = fastapi.Security(autogpt_libs.auth.get_user_id),
 ):
    """
@@ -490,7 +475,7 @@ async def edit_submission(
    Raises:
        HTTPException: If there is an error editing the submission
    """
-    result = await backend.server.v2.store.db.edit_store_submission(
+    result = await store_db.edit_store_submission(
        user_id=user_id,
        store_listing_version_id=store_listing_version_id,
        name=submission_request.name,
@@ -531,9 +516,7 @@ async def upload_submission_media(
    Raises:
        HTTPException: If there is an error uploading the media
    """
-    media_url = await backend.server.v2.store.media.upload_media(
-        user_id=user_id, file=file
-    )
+    media_url = await store_media.upload_media(user_id=user_id, file=file)
    return media_url


@@ -568,14 +551,12 @@ async def generate_image(
    # Use .jpeg here since we are generating JPEG images
    filename = f"agent_{agent_id}.jpeg"

-    existing_url = await backend.server.v2.store.media.check_media_exists(
-        user_id, filename
-    )
+    existing_url = await store_media.check_media_exists(user_id, filename)
    if existing_url:
        logger.info(f"Using existing image for agent {agent_id}")
        return fastapi.responses.JSONResponse(content={"image_url": existing_url})
    # Generate agent image as JPEG
-    image = await backend.server.v2.store.image_gen.generate_agent_image(agent=agent)
+    image = await store_image_gen.generate_agent_image(agent=agent)

    # Create UploadFile with the correct filename and content_type
    image_file = fastapi.UploadFile(
@@ -583,7 +564,7 @@ async def generate_image(
        filename=filename,
    )

-    image_url = await backend.server.v2.store.media.upload_media(
+    image_url = await store_media.upload_media(
        user_id=user_id, file=image_file, use_file_name=True
    )

@@ -612,7 +593,7 @@ async def download_agent_file(
    Raises:
        HTTPException: If the agent is not found or an unexpected error occurs.
    """
-    graph_data = await backend.server.v2.store.db.get_agent(store_listing_version_id)
+    graph_data = await store_db.get_agent(store_listing_version_id)
    file_name = f"agent_{graph_data.id}_v{graph_data.version or 'latest'}.json"

    # Sending graph as a stream (similar to marketplace v1)
--- a/autogpt_platform/backend/backend/api/features/store/routes_test.py
+++ b/autogpt_platform/backend/backend/api/features/store/routes_test.py
@@ -8,15 +8,15 @@ import pytest
 import pytest_mock
 from pytest_snapshot.plugin import Snapshot

-import backend.server.v2.store.model
-import backend.server.v2.store.routes
+from . import model as store_model
+from . import routes as store_routes

 # Using a fixed timestamp for reproducible tests
 # 2023 date is intentionally used to ensure tests work regardless of current year
 FIXED_NOW = datetime.datetime(2023, 1, 1, 0, 0, 0)

 app = fastapi.FastAPI()
-app.include_router(backend.server.v2.store.routes.router)
+app.include_router(store_routes.router)

 client = fastapi.testclient.TestClient(app)

@@ -35,23 +35,21 @@ def test_get_agents_defaults(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreAgentsResponse(
+    mocked_value = store_model.StoreAgentsResponse(
        agents=[],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=0,
            total_items=0,
            total_pages=0,
            page_size=10,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agents")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agents")
    mock_db_call.return_value = mocked_value
    response = client.get("/agents")
    assert response.status_code == 200

-    data = backend.server.v2.store.model.StoreAgentsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreAgentsResponse.model_validate(response.json())
    assert data.pagination.total_pages == 0
    assert data.agents == []

@@ -65,7 +63,6 @@ def test_get_agents_defaults(
        category=None,
        page=1,
        page_size=20,
-        filter_mode="permissive",
    )


@@ -73,9 +70,9 @@ def test_get_agents_featured(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreAgentsResponse(
+    mocked_value = store_model.StoreAgentsResponse(
        agents=[
-            backend.server.v2.store.model.StoreAgent(
+            store_model.StoreAgent(
                slug="featured-agent",
                agent_name="Featured Agent",
                agent_image="featured.jpg",
@@ -87,20 +84,18 @@ def test_get_agents_featured(
                rating=4.5,
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=1,
            total_items=1,
            total_pages=1,
            page_size=20,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agents")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agents")
    mock_db_call.return_value = mocked_value
    response = client.get("/agents?featured=true")
    assert response.status_code == 200
-    data = backend.server.v2.store.model.StoreAgentsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreAgentsResponse.model_validate(response.json())
    assert len(data.agents) == 1
    assert data.agents[0].slug == "featured-agent"
    snapshot.snapshot_dir = "snapshots"
@@ -113,7 +108,6 @@ def test_get_agents_featured(
        category=None,
        page=1,
        page_size=20,
-        filter_mode="permissive",
    )


@@ -121,9 +115,9 @@ def test_get_agents_by_creator(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreAgentsResponse(
+    mocked_value = store_model.StoreAgentsResponse(
        agents=[
-            backend.server.v2.store.model.StoreAgent(
+            store_model.StoreAgent(
                slug="creator-agent",
                agent_name="Creator Agent",
                agent_image="agent.jpg",
@@ -135,20 +129,18 @@ def test_get_agents_by_creator(
                rating=4.0,
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=1,
            total_items=1,
            total_pages=1,
            page_size=20,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agents")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agents")
    mock_db_call.return_value = mocked_value
    response = client.get("/agents?creator=specific-creator")
    assert response.status_code == 200
-    data = backend.server.v2.store.model.StoreAgentsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreAgentsResponse.model_validate(response.json())
    assert len(data.agents) == 1
    assert data.agents[0].creator == "specific-creator"
    snapshot.snapshot_dir = "snapshots"
@@ -161,7 +153,6 @@ def test_get_agents_by_creator(
        category=None,
        page=1,
        page_size=20,
-        filter_mode="permissive",
    )


@@ -169,9 +160,9 @@ def test_get_agents_sorted(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreAgentsResponse(
+    mocked_value = store_model.StoreAgentsResponse(
        agents=[
-            backend.server.v2.store.model.StoreAgent(
+            store_model.StoreAgent(
                slug="top-agent",
                agent_name="Top Agent",
                agent_image="top.jpg",
@@ -183,20 +174,18 @@ def test_get_agents_sorted(
                rating=5.0,
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=1,
            total_items=1,
            total_pages=1,
            page_size=20,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agents")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agents")
    mock_db_call.return_value = mocked_value
    response = client.get("/agents?sorted_by=runs")
    assert response.status_code == 200
-    data = backend.server.v2.store.model.StoreAgentsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreAgentsResponse.model_validate(response.json())
    assert len(data.agents) == 1
    assert data.agents[0].runs == 1000
    snapshot.snapshot_dir = "snapshots"
@@ -209,7 +198,6 @@ def test_get_agents_sorted(
        category=None,
        page=1,
        page_size=20,
-        filter_mode="permissive",
    )


@@ -217,9 +205,9 @@ def test_get_agents_search(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreAgentsResponse(
+    mocked_value = store_model.StoreAgentsResponse(
        agents=[
-            backend.server.v2.store.model.StoreAgent(
+            store_model.StoreAgent(
                slug="search-agent",
                agent_name="Search Agent",
                agent_image="search.jpg",
@@ -231,20 +219,18 @@ def test_get_agents_search(
                rating=4.2,
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=1,
            total_items=1,
            total_pages=1,
            page_size=20,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agents")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agents")
    mock_db_call.return_value = mocked_value
    response = client.get("/agents?search_query=specific")
    assert response.status_code == 200
-    data = backend.server.v2.store.model.StoreAgentsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreAgentsResponse.model_validate(response.json())
    assert len(data.agents) == 1
    assert "specific" in data.agents[0].description.lower()
    snapshot.snapshot_dir = "snapshots"
@@ -257,7 +243,6 @@ def test_get_agents_search(
        category=None,
        page=1,
        page_size=20,
-        filter_mode="permissive",
    )


@@ -265,9 +250,9 @@ def test_get_agents_category(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreAgentsResponse(
+    mocked_value = store_model.StoreAgentsResponse(
        agents=[
-            backend.server.v2.store.model.StoreAgent(
+            store_model.StoreAgent(
                slug="category-agent",
                agent_name="Category Agent",
                agent_image="category.jpg",
@@ -279,20 +264,18 @@ def test_get_agents_category(
                rating=4.1,
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=1,
            total_items=1,
            total_pages=1,
            page_size=20,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agents")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agents")
    mock_db_call.return_value = mocked_value
    response = client.get("/agents?category=test-category")
    assert response.status_code == 200
-    data = backend.server.v2.store.model.StoreAgentsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreAgentsResponse.model_validate(response.json())
    assert len(data.agents) == 1
    snapshot.snapshot_dir = "snapshots"
    snapshot.assert_match(json.dumps(response.json(), indent=2), "agts_category")
@@ -304,7 +287,6 @@ def test_get_agents_category(
        category="test-category",
        page=1,
        page_size=20,
-        filter_mode="permissive",
    )


@@ -312,9 +294,9 @@ def test_get_agents_pagination(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreAgentsResponse(
+    mocked_value = store_model.StoreAgentsResponse(
        agents=[
-            backend.server.v2.store.model.StoreAgent(
+            store_model.StoreAgent(
                slug=f"agent-{i}",
                agent_name=f"Agent {i}",
                agent_image=f"agent{i}.jpg",
@@ -327,20 +309,18 @@ def test_get_agents_pagination(
            )
            for i in range(5)
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=2,
            total_items=15,
            total_pages=3,
            page_size=5,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agents")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agents")
    mock_db_call.return_value = mocked_value
    response = client.get("/agents?page=2&page_size=5")
    assert response.status_code == 200
-    data = backend.server.v2.store.model.StoreAgentsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreAgentsResponse.model_validate(response.json())
    assert len(data.agents) == 5
    assert data.pagination.current_page == 2
    assert data.pagination.page_size == 5
@@ -354,7 +334,6 @@ def test_get_agents_pagination(
        category=None,
        page=2,
        page_size=5,
-        filter_mode="permissive",
    )


@@ -372,7 +351,7 @@ def test_get_agents_malformed_request(mocker: pytest_mock.MockFixture):
    assert response.status_code == 422

    # Verify no DB calls were made
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agents")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agents")
    mock_db_call.assert_not_called()


@@ -380,7 +359,7 @@ def test_get_agent_details(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreAgentDetails(
+    mocked_value = store_model.StoreAgentDetails(
        store_listing_version_id="test-version-id",
        slug="test-agent",
        agent_name="Test Agent",
@@ -395,46 +374,46 @@ def test_get_agent_details(
        runs=100,
        rating=4.5,
        versions=["1.0.0", "1.1.0"],
+        agentGraphVersions=["1", "2"],
+        agentGraphId="test-graph-id",
        last_updated=FIXED_NOW,
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_agent_details")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_agent_details")
    mock_db_call.return_value = mocked_value

    response = client.get("/agents/creator1/test-agent")
    assert response.status_code == 200

-    data = backend.server.v2.store.model.StoreAgentDetails.model_validate(
-        response.json()
-    )
+    data = store_model.StoreAgentDetails.model_validate(response.json())
    assert data.agent_name == "Test Agent"
    assert data.creator == "creator1"
    snapshot.snapshot_dir = "snapshots"
    snapshot.assert_match(json.dumps(response.json(), indent=2), "agt_details")
-    mock_db_call.assert_called_once_with(username="creator1", agent_name="test-agent")
+    mock_db_call.assert_called_once_with(
+        username="creator1", agent_name="test-agent", include_changelog=False
+    )


 def test_get_creators_defaults(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.CreatorsResponse(
+    mocked_value = store_model.CreatorsResponse(
        creators=[],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=0,
            total_items=0,
            total_pages=0,
            page_size=10,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_creators")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_creators")
    mock_db_call.return_value = mocked_value

    response = client.get("/creators")
    assert response.status_code == 200

-    data = backend.server.v2.store.model.CreatorsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.CreatorsResponse.model_validate(response.json())
    assert data.pagination.total_pages == 0
    assert data.creators == []
    snapshot.snapshot_dir = "snapshots"
@@ -448,9 +427,9 @@ def test_get_creators_pagination(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.CreatorsResponse(
+    mocked_value = store_model.CreatorsResponse(
        creators=[
-            backend.server.v2.store.model.Creator(
+            store_model.Creator(
                name=f"Creator {i}",
                username=f"creator{i}",
                description=f"Creator {i} description",
@@ -462,22 +441,20 @@ def test_get_creators_pagination(
            )
            for i in range(5)
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=2,
            total_items=15,
            total_pages=3,
            page_size=5,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_creators")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_creators")
    mock_db_call.return_value = mocked_value

    response = client.get("/creators?page=2&page_size=5")
    assert response.status_code == 200

-    data = backend.server.v2.store.model.CreatorsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.CreatorsResponse.model_validate(response.json())
    assert len(data.creators) == 5
    assert data.pagination.current_page == 2
    assert data.pagination.page_size == 5
@@ -502,7 +479,7 @@ def test_get_creators_malformed_request(mocker: pytest_mock.MockFixture):
    assert response.status_code == 422

    # Verify no DB calls were made
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_creators")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_creators")
    mock_db_call.assert_not_called()


@@ -510,7 +487,7 @@ def test_get_creator_details(
    mocker: pytest_mock.MockFixture,
    snapshot: Snapshot,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.CreatorDetails(
+    mocked_value = store_model.CreatorDetails(
        name="Test User",
        username="creator1",
        description="Test creator description",
@@ -520,13 +497,15 @@ def test_get_creator_details(
        agent_runs=1000,
        top_categories=["category1", "category2"],
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_creator_details")
+    mock_db_call = mocker.patch(
+        "backend.api.features.store.db.get_store_creator_details"
+    )
    mock_db_call.return_value = mocked_value

    response = client.get("/creator/creator1")
    assert response.status_code == 200

-    data = backend.server.v2.store.model.CreatorDetails.model_validate(response.json())
+    data = store_model.CreatorDetails.model_validate(response.json())
    assert data.username == "creator1"
    assert data.name == "Test User"
    snapshot.snapshot_dir = "snapshots"
@@ -539,9 +518,10 @@ def test_get_submissions_success(
    snapshot: Snapshot,
    test_user_id: str,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreSubmissionsResponse(
+    mocked_value = store_model.StoreSubmissionsResponse(
        submissions=[
-            backend.server.v2.store.model.StoreSubmission(
+            store_model.StoreSubmission(
+                listing_id="test-listing-id",
                name="Test Agent",
                description="Test agent description",
                image_urls=["test.jpg"],
@@ -557,22 +537,20 @@ def test_get_submissions_success(
                categories=["test-category"],
            )
        ],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=1,
            total_items=1,
            total_pages=1,
            page_size=20,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_submissions")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_submissions")
    mock_db_call.return_value = mocked_value

    response = client.get("/submissions")
    assert response.status_code == 200

-    data = backend.server.v2.store.model.StoreSubmissionsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreSubmissionsResponse.model_validate(response.json())
    assert len(data.submissions) == 1
    assert data.submissions[0].name == "Test Agent"
    assert data.pagination.current_page == 1
@@ -586,24 +564,22 @@ def test_get_submissions_pagination(
    snapshot: Snapshot,
    test_user_id: str,
 ) -> None:
-    mocked_value = backend.server.v2.store.model.StoreSubmissionsResponse(
+    mocked_value = store_model.StoreSubmissionsResponse(
        submissions=[],
-        pagination=backend.server.v2.store.model.Pagination(
+        pagination=store_model.Pagination(
            current_page=2,
            total_items=10,
            total_pages=2,
            page_size=5,
        ),
    )
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_submissions")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_submissions")
    mock_db_call.return_value = mocked_value

    response = client.get("/submissions?page=2&page_size=5")
    assert response.status_code == 200

-    data = backend.server.v2.store.model.StoreSubmissionsResponse.model_validate(
-        response.json()
-    )
+    data = store_model.StoreSubmissionsResponse.model_validate(response.json())
    assert data.pagination.current_page == 2
    assert data.pagination.page_size == 5
    snapshot.snapshot_dir = "snapshots"
@@ -625,5 +601,5 @@ def test_get_submissions_malformed_request(mocker: pytest_mock.MockFixture):
    assert response.status_code == 422

    # Verify no DB calls were made
-    mock_db_call = mocker.patch("backend.server.v2.store.db.get_store_submissions")
+    mock_db_call = mocker.patch("backend.api.features.store.db.get_store_submissions")
    mock_db_call.assert_not_called()
--- a/autogpt_platform/backend/backend/api/features/store/test_cache_delete.py
+++ b/autogpt_platform/backend/backend/api/features/store/test_cache_delete.py
@@ -8,10 +8,11 @@ from unittest.mock import AsyncMock, patch

 import pytest

-from backend.server.v2.store import cache as store_cache
-from backend.server.v2.store.model import StoreAgent, StoreAgentsResponse
 from backend.util.models import Pagination

+from . import cache as store_cache
+from .model import StoreAgent, StoreAgentsResponse
+

 class TestCacheDeletion:
    """Test cache deletion functionality for store routes."""
@@ -43,7 +44,7 @@ class TestCacheDeletion:
        )

        with patch(
-            "backend.server.v2.store.db.get_store_agents",
+            "backend.api.features.store.db.get_store_agents",
            new_callable=AsyncMock,
            return_value=mock_response,
        ) as mock_db:
@@ -152,7 +153,7 @@ class TestCacheDeletion:
        )

        with patch(
-            "backend.server.v2.store.db.get_store_agents",
+            "backend.api.features.store.db.get_store_agents",
            new_callable=AsyncMock,
            return_value=mock_response,
        ):
@@ -203,7 +204,7 @@ class TestCacheDeletion:
        )

        with patch(
-            "backend.server.v2.store.db.get_store_agents",
+            "backend.api.features.store.db.get_store_agents",
            new_callable=AsyncMock,
            return_value=mock_response,
        ) as mock_db:
--- a/autogpt_platform/backend/backend/server/routers/v1.py
+++ b/autogpt_platform/backend/backend/server/routers/v1.py
@@ -28,12 +28,21 @@ from pydantic import BaseModel
 from starlette.status import HTTP_204_NO_CONTENT, HTTP_404_NOT_FOUND
 from typing_extensions import Optional, TypedDict

-import backend.server.integrations.router
-import backend.server.routers.analytics
-import backend.server.v2.library.db as library_db
-from backend.data import api_key as api_key_db
+from backend.api.model import (
+    CreateAPIKeyRequest,
+    CreateAPIKeyResponse,
+    CreateGraph,
+    GraphExecutionSource,
+    RequestTopUp,
+    SetGraphActiveVersion,
+    TimezoneResponse,
+    UpdatePermissionsRequest,
+    UpdateTimezoneRequest,
+    UploadFileResponse,
+)
 from backend.data import execution as execution_db
 from backend.data import graph as graph_db
+from backend.data.auth import api_key as api_key_db
 from backend.data.block import BlockInput, CompletedBlockOutput, get_block, get_blocks
 from backend.data.credit import (
    AutoTopUpConfig,
@@ -79,19 +88,6 @@ from backend.monitoring.instrumentation import (
    record_graph_execution,
    record_graph_operation,
 )
-from backend.server.model import (
-    CreateAPIKeyRequest,
-    CreateAPIKeyResponse,
-    CreateGraph,
-    GraphExecutionSource,
-    RequestTopUp,
-    SetGraphActiveVersion,
-    TimezoneResponse,
-    UpdatePermissionsRequest,
-    UpdateTimezoneRequest,
-    UploadFileResponse,
-)
-from backend.server.v2.store.model import StoreAgentDetails
 from backend.util.cache import cached
 from backend.util.clients import get_scheduler_client
 from backend.util.cloud_storage import get_cloud_storage_handler
@@ -105,6 +101,10 @@ from backend.util.timezone_utils import (
 )
 from backend.util.virus_scanner import scan_content_safe

+from .library import db as library_db
+from .library import model as library_model
+from .store.model import StoreAgentDetails
+

 def _create_file_size_error(size_bytes: int, max_size_mb: int) -> HTTPException:
    """Create standardized file size error response."""
@@ -118,76 +118,9 @@ settings = Settings()
 logger = logging.getLogger(__name__)


-async def hide_activity_summaries_if_disabled(
-    executions: list[execution_db.GraphExecutionMeta], user_id: str
-) -> list[execution_db.GraphExecutionMeta]:
-    """Hide activity summaries and scores if AI_ACTIVITY_STATUS feature is disabled."""
-    if await is_feature_enabled(Flag.AI_ACTIVITY_STATUS, user_id):
-        return executions  # Return as-is if feature is enabled
-
-    # Filter out activity features if disabled
-    filtered_executions = []
-    for execution in executions:
-        if execution.stats:
-            filtered_stats = execution.stats.without_activity_features()
-            execution = execution.model_copy(update={"stats": filtered_stats})
-        filtered_executions.append(execution)
-    return filtered_executions
-
-
-async def hide_activity_summary_if_disabled(
-    execution: execution_db.GraphExecution | execution_db.GraphExecutionWithNodes,
-    user_id: str,
-) -> execution_db.GraphExecution | execution_db.GraphExecutionWithNodes:
-    """Hide activity summary and score for a single execution if AI_ACTIVITY_STATUS feature is disabled."""
-    if await is_feature_enabled(Flag.AI_ACTIVITY_STATUS, user_id):
-        return execution  # Return as-is if feature is enabled
-
-    # Filter out activity features if disabled
-    if execution.stats:
-        filtered_stats = execution.stats.without_activity_features()
-        return execution.model_copy(update={"stats": filtered_stats})
-    return execution
-
-
-async def _update_library_agent_version_and_settings(
-    user_id: str, agent_graph: graph_db.GraphModel
-) -> library_db.library_model.LibraryAgent:
-    # Keep the library agent up to date with the new active version
-    library = await library_db.update_agent_version_in_library(
-        user_id, agent_graph.id, agent_graph.version
-    )
-    # If the graph has HITL node, initialize the setting if it's not already set.
-    if (
-        agent_graph.has_human_in_the_loop
-        and library.settings.human_in_the_loop_safe_mode is None
-    ):
-        await library_db.update_library_agent_settings(
-            user_id=user_id,
-            agent_id=library.id,
-            settings=library.settings.model_copy(
-                update={"human_in_the_loop_safe_mode": True}
-            ),
-        )
-    return library
-
-
 # Define the API routes
 v1_router = APIRouter()

-v1_router.include_router(
-    backend.server.integrations.router.router,
-    prefix="/integrations",
-    tags=["integrations"],
-)
-
-v1_router.include_router(
-    backend.server.routers.analytics.router,
-    prefix="/analytics",
-    tags=["analytics"],
-    dependencies=[Security(requires_user)],
-)
-

 ########################################################
 ##################### Auth #############################
@@ -953,6 +886,28 @@ async def set_graph_active_version(
        await on_graph_deactivate(current_active_graph, user_id=user_id)


+async def _update_library_agent_version_and_settings(
+    user_id: str, agent_graph: graph_db.GraphModel
+) -> library_model.LibraryAgent:
+    # Keep the library agent up to date with the new active version
+    library = await library_db.update_agent_version_in_library(
+        user_id, agent_graph.id, agent_graph.version
+    )
+    # If the graph has HITL node, initialize the setting if it's not already set.
+    if (
+        agent_graph.has_human_in_the_loop
+        and library.settings.human_in_the_loop_safe_mode is None
+    ):
+        await library_db.update_library_agent_settings(
+            user_id=user_id,
+            agent_id=library.id,
+            settings=library.settings.model_copy(
+                update={"human_in_the_loop_safe_mode": True}
+            ),
+        )
+    return library
+
+
@v1_router.patch(
    path="/graphs/{graph_id}/settings",
    summary="Update graph settings",
@@ -1155,6 +1110,23 @@ async def list_graph_executions(
    )


+async def hide_activity_summaries_if_disabled(
+    executions: list[execution_db.GraphExecutionMeta], user_id: str
+) -> list[execution_db.GraphExecutionMeta]:
+    """Hide activity summaries and scores if AI_ACTIVITY_STATUS feature is disabled."""
+    if await is_feature_enabled(Flag.AI_ACTIVITY_STATUS, user_id):
+        return executions  # Return as-is if feature is enabled
+
+    # Filter out activity features if disabled
+    filtered_executions = []
+    for execution in executions:
+        if execution.stats:
+            filtered_stats = execution.stats.without_activity_features()
+            execution = execution.model_copy(update={"stats": filtered_stats})
+        filtered_executions.append(execution)
+    return filtered_executions
+
+
@v1_router.get(
    path="/graphs/{graph_id}/executions/{graph_exec_id}",
    summary="Get execution details",
@@ -1197,6 +1169,21 @@ async def get_graph_execution(
    return result


+async def hide_activity_summary_if_disabled(
+    execution: execution_db.GraphExecution | execution_db.GraphExecutionWithNodes,
+    user_id: str,
+) -> execution_db.GraphExecution | execution_db.GraphExecutionWithNodes:
+    """Hide activity summary and score for a single execution if AI_ACTIVITY_STATUS feature is disabled."""
+    if await is_feature_enabled(Flag.AI_ACTIVITY_STATUS, user_id):
+        return execution  # Return as-is if feature is enabled
+
+    # Filter out activity features if disabled
+    if execution.stats:
+        filtered_stats = execution.stats.without_activity_features()
+        return execution.model_copy(update={"stats": filtered_stats})
+    return execution
+
+
@v1_router.delete(
    path="/executions/{graph_exec_id}",
    summary="Delete graph execution",
@@ -1257,7 +1244,7 @@ async def enable_execution_sharing(
    )

    # Return the share URL
-    frontend_url = Settings().config.frontend_base_url or "http://localhost:3000"
+    frontend_url = settings.config.frontend_base_url or "http://localhost:3000"
    share_url = f"{frontend_url}/share/{share_token}"

    return ShareResponse(share_url=share_url, share_token=share_token)
--- a/autogpt_platform/backend/backend/server/routers/v1_test.py
+++ b/autogpt_platform/backend/backend/server/routers/v1_test.py
@@ -11,13 +11,13 @@ import starlette.datastructures
 from fastapi import HTTPException, UploadFile
 from pytest_snapshot.plugin import Snapshot

-import backend.server.routers.v1 as v1_routes
 from backend.data.credit import AutoTopUpConfig
 from backend.data.graph import GraphModel
-from backend.server.routers.v1 import upload_file
+
+from .v1 import upload_file, v1_router

 app = fastapi.FastAPI()
-app.include_router(v1_routes.v1_router)
+app.include_router(v1_router)

 client = fastapi.testclient.TestClient(app)

@@ -50,7 +50,7 @@ def test_get_or_create_user_route(
    }

    mocker.patch(
-        "backend.server.routers.v1.get_or_create_user",
+        "backend.api.features.v1.get_or_create_user",
        return_value=mock_user,
    )

@@ -71,7 +71,7 @@ def test_update_user_email_route(
 ) -> None:
    """Test update user email endpoint"""
    mocker.patch(
-        "backend.server.routers.v1.update_user_email",
+        "backend.api.features.v1.update_user_email",
        return_value=None,
    )

@@ -107,7 +107,7 @@ def test_get_graph_blocks(

    # Mock get_blocks
    mocker.patch(
-        "backend.server.routers.v1.get_blocks",
+        "backend.api.features.v1.get_blocks",
        return_value={"test-block": lambda: mock_block},
    )

@@ -146,7 +146,7 @@ def test_execute_graph_block(
    mock_block.execute = mock_execute

    mocker.patch(
-        "backend.server.routers.v1.get_block",
+        "backend.api.features.v1.get_block",
        return_value=mock_block,
    )

@@ -155,7 +155,7 @@ def test_execute_graph_block(
    mock_user.timezone = "UTC"

    mocker.patch(
-        "backend.server.routers.v1.get_user_by_id",
+        "backend.api.features.v1.get_user_by_id",
        return_value=mock_user,
    )

@@ -181,7 +181,7 @@ def test_execute_graph_block_not_found(
 ) -> None:
    """Test execute block with non-existent block"""
    mocker.patch(
-        "backend.server.routers.v1.get_block",
+        "backend.api.features.v1.get_block",
        return_value=None,
    )

@@ -200,7 +200,7 @@ def test_get_user_credits(
    mock_credit_model = Mock()
    mock_credit_model.get_credits = AsyncMock(return_value=1000)
    mocker.patch(
-        "backend.server.routers.v1.get_user_credit_model",
+        "backend.api.features.v1.get_user_credit_model",
        return_value=mock_credit_model,
    )

@@ -227,7 +227,7 @@ def test_request_top_up(
        return_value="https://checkout.example.com/session123"
    )
    mocker.patch(
-        "backend.server.routers.v1.get_user_credit_model",
+        "backend.api.features.v1.get_user_credit_model",
        return_value=mock_credit_model,
    )

@@ -254,7 +254,7 @@ def test_get_auto_top_up(
    mock_config = AutoTopUpConfig(threshold=100, amount=500)

    mocker.patch(
-        "backend.server.routers.v1.get_auto_top_up",
+        "backend.api.features.v1.get_auto_top_up",
        return_value=mock_config,
    )

@@ -279,7 +279,7 @@ def test_configure_auto_top_up(
    """Test configure auto top-up endpoint - this test would have caught the enum casting bug"""
    # Mock the set_auto_top_up function to avoid database operations
    mocker.patch(
-        "backend.server.routers.v1.set_auto_top_up",
+        "backend.api.features.v1.set_auto_top_up",
        return_value=None,
    )

@@ -289,7 +289,7 @@ def test_configure_auto_top_up(
    mock_credit_model.top_up_credits.return_value = None

    mocker.patch(
-        "backend.server.routers.v1.get_user_credit_model",
+        "backend.api.features.v1.get_user_credit_model",
        return_value=mock_credit_model,
    )

@@ -311,7 +311,7 @@ def test_configure_auto_top_up_validation_errors(
 ) -> None:
    """Test configure auto top-up endpoint validation"""
    # Mock set_auto_top_up to avoid database operations for successful case
-    mocker.patch("backend.server.routers.v1.set_auto_top_up")
+    mocker.patch("backend.api.features.v1.set_auto_top_up")

    # Mock credit model to avoid Stripe API calls for the successful case
    mock_credit_model = mocker.AsyncMock()
@@ -319,7 +319,7 @@ def test_configure_auto_top_up_validation_errors(
    mock_credit_model.top_up_credits.return_value = None

    mocker.patch(
-        "backend.server.routers.v1.get_user_credit_model",
+        "backend.api.features.v1.get_user_credit_model",
        return_value=mock_credit_model,
    )

@@ -393,7 +393,7 @@ def test_get_graph(
    )

    mocker.patch(
-        "backend.server.routers.v1.graph_db.get_graph",
+        "backend.api.features.v1.graph_db.get_graph",
        return_value=mock_graph,
    )

@@ -415,7 +415,7 @@ def test_get_graph_not_found(
 ) -> None:
    """Test get graph with non-existent ID"""
    mocker.patch(
-        "backend.server.routers.v1.graph_db.get_graph",
+        "backend.api.features.v1.graph_db.get_graph",
        return_value=None,
    )

@@ -443,15 +443,15 @@ def test_delete_graph(
    )

    mocker.patch(
-        "backend.server.routers.v1.graph_db.get_graph",
+        "backend.api.features.v1.graph_db.get_graph",
        return_value=mock_graph,
    )
    mocker.patch(
-        "backend.server.routers.v1.on_graph_deactivate",
+        "backend.api.features.v1.on_graph_deactivate",
        return_value=None,
    )
    mocker.patch(
-        "backend.server.routers.v1.graph_db.delete_graph",
+        "backend.api.features.v1.graph_db.delete_graph",
        return_value=3,  # Number of versions deleted
    )

@@ -498,8 +498,8 @@ async def test_upload_file_success(test_user_id: str):
    )

    # Mock dependencies
-    with patch("backend.server.routers.v1.scan_content_safe") as mock_scan, patch(
-        "backend.server.routers.v1.get_cloud_storage_handler"
+    with patch("backend.api.features.v1.scan_content_safe") as mock_scan, patch(
+        "backend.api.features.v1.get_cloud_storage_handler"
    ) as mock_handler_getter:

        mock_scan.return_value = None
@@ -550,8 +550,8 @@ async def test_upload_file_no_filename(test_user_id: str):
        ),
    )

-    with patch("backend.server.routers.v1.scan_content_safe") as mock_scan, patch(
-        "backend.server.routers.v1.get_cloud_storage_handler"
+    with patch("backend.api.features.v1.scan_content_safe") as mock_scan, patch(
+        "backend.api.features.v1.get_cloud_storage_handler"
    ) as mock_handler_getter:

        mock_scan.return_value = None
@@ -610,7 +610,7 @@ async def test_upload_file_virus_scan_failure(test_user_id: str):
        headers=starlette.datastructures.Headers({"content-type": "text/plain"}),
    )

-    with patch("backend.server.routers.v1.scan_content_safe") as mock_scan:
+    with patch("backend.api.features.v1.scan_content_safe") as mock_scan:
        # Mock virus scan to raise exception
        mock_scan.side_effect = RuntimeError("Virus detected!")

@@ -631,8 +631,8 @@ async def test_upload_file_cloud_storage_failure(test_user_id: str):
        headers=starlette.datastructures.Headers({"content-type": "text/plain"}),
    )

-    with patch("backend.server.routers.v1.scan_content_safe") as mock_scan, patch(
-        "backend.server.routers.v1.get_cloud_storage_handler"
+    with patch("backend.api.features.v1.scan_content_safe") as mock_scan, patch(
+        "backend.api.features.v1.get_cloud_storage_handler"
    ) as mock_handler_getter:

        mock_scan.return_value = None
@@ -678,8 +678,8 @@ async def test_upload_file_gcs_not_configured_fallback(test_user_id: str):
        headers=starlette.datastructures.Headers({"content-type": "text/plain"}),
    )

-    with patch("backend.server.routers.v1.scan_content_safe") as mock_scan, patch(
-        "backend.server.routers.v1.get_cloud_storage_handler"
+    with patch("backend.api.features.v1.scan_content_safe") as mock_scan, patch(
+        "backend.api.features.v1.get_cloud_storage_handler"
    ) as mock_handler_getter:

        mock_scan.return_value = None
--- a/autogpt_platform/backend/backend/server/middleware/security.py
+++ b/autogpt_platform/backend/backend/server/middleware/security.py
--- a/autogpt_platform/backend/backend/server/middleware/security_test.py
+++ b/autogpt_platform/backend/backend/server/middleware/security_test.py
@@ -3,7 +3,7 @@ from fastapi import FastAPI
 from fastapi.testclient import TestClient
 from starlette.applications import Starlette

-from backend.server.middleware.security import SecurityHeadersMiddleware
+from backend.api.middleware.security import SecurityHeadersMiddleware


@pytest.fixture
--- a/autogpt_platform/backend/backend/server/model.py
+++ b/autogpt_platform/backend/backend/server/model.py
@@ -4,7 +4,7 @@ from typing import Any, Literal, Optional
 import pydantic
 from prisma.enums import OnboardingStep

-from backend.data.api_key import APIKeyInfo, APIKeyPermission
+from backend.data.auth.api_key import APIKeyInfo, APIKeyPermission
 from backend.data.graph import Graph
 from backend.util.timezone_name import TimeZoneName

--- a/Show More
+++ b/Show More