mirror of https://github.com/Significant-Gravitas/AutoGPT.git synced 2026-04-08 03:00:28 -04:00

Go to file

Nicholas Tindle 83dbcd11e4 docs(frontend, backend): add OAuth security boundary docs (#10202 )

### Why are these changes needed?

<!-- Clearly explain the need for these changes: -->
These changes document the OAuth integration flow for CASA lvl 2
compliance, specifically addressing the requirement to "Verify
documentation and justification of all the application's trust
boundaries, components, and significant data flows." The documentation
clarifies the two distinct OAuth implementations in AutoGPT: user
authentication via Supabase SSO and API integration credentials for
third-party services.

### Changes 🏗️

<!-- Concisely describe all of the changes made in this pull request:
-->
- Created comprehensive OAuth integration flow documentation at
`/docs/content/platform/contributing/oauth-integration-flow.md`
- Documented trust boundaries between frontend (untrusted), backend API
(trusted), and external providers (semi-trusted)
- Added detailed component architecture for both frontend and backend
OAuth implementations
- Included mermaid diagrams illustrating:
  - OAuth flow sequences (initiation, authorization, token refresh)
  - System architecture showing SSO vs API integration OAuth
  - Data flow diagram
  - Security architecture layers
  - Credential lifecycle state diagram
- Documented security measures including CSRF protection, PKCE
implementation, and token management
- Clarified the distinction between Supabase SSO for user login and
custom OAuth for API integrations
- Added references to source files for up-to-date provider lists rather
than hard-coding all providers

### Checklist 📋

#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
  <!-- Put your test plan here: -->
  - [x] Created documentation file with proper markdown formatting
  - [x] Verified all file paths referenced in documentation exist
  - [x] Confirmed mermaid diagrams render correctly
- [x] Validated that the documentation accurately reflects the codebase
implementation

---------

Co-authored-by: Claude <noreply@anthropic.com>

2025-06-26 18:08:55 +00:00

.github

feat(backend): Add ClamAV support for anti-virus scan on file upload to the platform (#10232 )

2025-06-25 15:29:04 +00:00

.vscode

fix(backend): Make URL pinning work with extra_url_validator (#9940 )

2025-05-15 13:12:39 +00:00

assets

feat(server, autogpt): Add Example files and update build option (#7271 )

2024-06-27 09:56:21 -05:00

autogpt_platform

refactor(frontend): update settings pages fetching using react query (#10248 )

2025-06-26 15:13:20 +00:00

classic

fix: Resolve logger.warn(..) deprecration warnings (#9938 )

2025-05-16 10:56:03 +02:00

docs

docs(frontend, backend): add OAuth security boundary docs (#10202 )

2025-06-26 18:08:55 +00:00

.deepsource.toml

Update .deepsource.toml

2025-01-29 10:31:57 -06:00

.dockerignore

chore(frontend): move from yarn1 to pnpm (#10072 )

2025-06-04 17:07:29 +04:00

.gitattributes

refactor: AutoGPT Platform Stealth Launch Repo Re-Org (#8113 )

2024-09-20 16:50:43 +02:00

.gitignore

feat(platform): setup and configure orval (#10209 )

2025-06-24 14:00:19 +00:00

.gitmodules

feat(platform)!: Lock Supabase docker-compose code (#9620 )

2025-03-19 23:39:09 +07:00

.pr_agent.toml

Create .pr_agent.toml

2024-05-04 09:38:37 -05:00

.pre-commit-config.yaml

chore(frontend): move from yarn1 to pnpm (#10072 )

2025-06-04 17:07:29 +04:00

AGENTS.md

chore(frontend): move from yarn1 to pnpm (#10072 )

2025-06-04 17:07:29 +04:00

CITATION.cff

Rename autogpts/autogpt/CITATION.cff to CITATION.cff (#5785 )

2023-10-22 13:25:05 -05:00

CODE_OF_CONDUCT.md

Relocate CoC and fix symlinks

2023-09-06 17:48:29 +02:00

CONTRIBUTING.md

Update CONTRIBUTING.md

2025-03-24 18:11:56 +00:00

LICENSE

tweak(docs): Further clarify licencing (#8282 )

2024-10-08 10:54:22 -05:00

README.md

docs: add system requirements section to README (#10054 )

2025-06-02 14:46:37 +00:00

SECURITY.md

docs(security): Update disclosure timeline (#9581 )

2025-03-06 15:59:07 +00:00

README.md

AutoGPT: Build, Deploy, and Run AI Agents

AutoGPT is a powerful platform that allows you to create, deploy, and manage continuous AI agents that automate complex workflows.

Hosting Options

Download to self-host
Join the Waitlist for the cloud-hosted beta

How to Setup for Self-Hosting

Note

Setting up and hosting the AutoGPT Platform yourself is a technical process. If you'd rather something that just works, we recommend joining the waitlist for the cloud-hosted beta.

System Requirements

Before proceeding with the installation, ensure your system meets the following requirements:

Hardware Requirements

CPU: 4+ cores recommended
RAM: Minimum 8GB, 16GB recommended
Storage: At least 10GB of free space

Software Requirements

Operating Systems:
- Linux (Ubuntu 20.04 or newer recommended)
- macOS (10.15 or newer)
- Windows 10/11 with WSL2
Required Software (with minimum versions):
- Docker Engine (20.10.0 or newer)
- Docker Compose (2.0.0 or newer)
- Git (2.30 or newer)
- Node.js (16.x or newer)
- npm (8.x or newer)
- VSCode (1.60 or newer) or any modern code editor

Network Requirements

Stable internet connection
Access to required ports (will be configured in Docker)
Ability to make outbound HTTPS connections

Updated Setup Instructions:

We've moved to a fully maintained and regularly updated documentation site.

👉 Follow the official self-hosting guide here

This tutorial assumes you have Docker, VSCode, git and npm installed.

🧱 AutoGPT Frontend

The AutoGPT frontend is where users interact with our powerful AI automation platform. It offers multiple ways to engage with and leverage our AI agents. This is the interface where you'll bring your AI automation ideas to life:

Agent Builder: For those who want to customize, our intuitive, low-code interface allows you to design and configure your own AI agents.

Workflow Management: Build, modify, and optimize your automation workflows with ease. You build your agent by connecting blocks, where each block performs a single action.

Deployment Controls: Manage the lifecycle of your agents, from testing to production.

Ready-to-Use Agents: Don't want to build? Simply select from our library of pre-configured agents and put them to work immediately.

Agent Interaction: Whether you've built your own or are using pre-configured agents, easily run and interact with them through our user-friendly interface.

Monitoring and Analytics: Keep track of your agents' performance and gain insights to continually improve your automation processes.

Read this guide to learn how to build your own custom blocks.

💽 AutoGPT Server

The AutoGPT Server is the powerhouse of our platform This is where your agents run. Once deployed, agents can be triggered by external sources and can operate continuously. It contains all the essential components that make AutoGPT run smoothly.

Source Code: The core logic that drives our agents and automation processes.

Infrastructure: Robust systems that ensure reliable and scalable performance.

Marketplace: A comprehensive marketplace where you can find and deploy a wide range of pre-built agents.

🐙 Example Agents

Here are two examples of what you can do with AutoGPT:

Generate Viral Videos from Trending Topics
- This agent reads topics on Reddit.
- It identifies trending topics.
- It then automatically creates a short-form video based on the content.
Identify Top Quotes from Videos for Social Media
- This agent subscribes to your YouTube channel.
- When you post a new video, it transcribes it.
- It uses AI to identify the most impactful quotes to generate a summary.
- Then, it writes a post to automatically publish to your social media.

These examples show just a glimpse of what you can achieve with AutoGPT! You can create customized workflows to build agents for any use case.

Mission and Licencing

Our mission is to provide the tools, so that you can focus on what matters:

🏗️ Building - Lay the foundation for something amazing.
🧪 Testing - Fine-tune your agent to perfection.
🤝 Delegating - Let AI work for you, and have your ideas come to life.

Be part of the revolution! AutoGPT is here to stay, at the forefront of AI innovation.

📖 Documentation | 🚀 Contributing

Licensing:

MIT License: The majority of the AutoGPT repository is under the MIT License.

Polyform Shield License: This license applies to the autogpt_platform folder.

For more information, see https://agpt.co/blog/introducing-the-autogpt-platform

🤖 AutoGPT Classic

Below is information about the classic version of AutoGPT.

🛠️ Build your own Agent - Quickstart

🏗️ Forge

Forge your own agent! – Forge is a ready-to-go toolkit to build your own agent application. It handles most of the boilerplate code, letting you channel all your creativity into the things that set your agent apart. All tutorials are located here. Components from forge can also be used individually to speed up development and reduce boilerplate in your agent project.

🚀 Getting Started with Forge – This guide will walk you through the process of creating your own agent and using the benchmark and user interface.

📘 Learn More about Forge

🎯 Benchmark

Measure your agent's performance! The agbenchmark can be used with any agent that supports the agent protocol, and the integration with the project's CLI makes it even easier to use with AutoGPT and forge-based agents. The benchmark offers a stringent testing environment. Our framework allows for autonomous, objective performance evaluations, ensuring your agents are primed for real-world action.

📦 agbenchmark on Pypi | 📘 Learn More about the Benchmark

💻 UI

Makes agents easy to use! The frontend gives you a user-friendly interface to control and monitor your agents. It connects to agents through the agent protocol, ensuring compatibility with many agents from both inside and outside of our ecosystem.

The frontend works out-of-the-box with all agents in the repo. Just use the CLI to run your agent of choice!

📘 Learn More about the Frontend

⌨️ CLI

To make it as easy as possible to use all of the tools offered by the repository, a CLI is included at the root of the repo:

$ ./run
Usage: cli.py [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  agent      Commands to create, start and stop agents
  benchmark  Commands to start the benchmark and list tests and categories
  setup      Installs dependencies needed for your system.

Just clone the repo, install dependencies with ./run setup, and you should be good to go!

🤔 Questions? Problems? Suggestions?

Get help - Discord 💬

To report a bug or request a feature, create a GitHub Issue. Please ensure someone else hasn't created an issue for the same topic.

🤝 Sister projects

🔄 Agent Protocol

To maintain a uniform standard and ensure seamless compatibility with many current and future applications, AutoGPT employs the agent protocol standard by the AI Engineer Foundation. This standardizes the communication pathways from your agent to the frontend and benchmark.

Stars stats

⚡ Contributors

Languages

Python 67.5%

TypeScript 28.6%

Dart 1.4%

JavaScript 0.9%

PLpgSQL 0.6%

Other 0.8%

README.md Unescape Escape

AutoGPT: Build, Deploy, and Run AI Agents

Hosting Options

How to Setup for Self-Hosting

System Requirements

Hardware Requirements

Software Requirements

Network Requirements

Updated Setup Instructions:

🧱 AutoGPT Frontend

💽 AutoGPT Server

🐙 Example Agents

Mission and Licencing

🤖 AutoGPT Classic

🏗️ Forge

🎯 Benchmark

💻 UI

⌨️ CLI

🤔 Questions? Problems? Suggestions?

Get help - Discord 💬

🤝 Sister projects

🔄 Agent Protocol

Stars stats

⚡ Contributors

README.md