feat(platform): admin preview marketplace submissions before approving (#12536) ## Why Admins reviewing marketplace submissions currently approve blindly — they can see raw metadata in the admin table but cannot see what the listing actually looks like (images, video, branding, layout). This risks approving inappropriate content. With full-scale production approaching, this is critical. Additionally, when a creator un-publishes an agent, users who already added it to their library lose access — breaking their workflows. Product decided on a "you added it, you keep it" model. ## What - **Admin preview page** at `/admin/marketplace/preview/[id]` — renders the listing exactly as it would appear on the public marketplace - **Add to Library** for admins to test-run pending agents before approving - **Library membership grants graph access** — if you added an agent to your library, you keep access even if it's un-published or rejected - **Preview button** on every submission row in the admin marketplace table - **Cross-reference comments** on original functions to prevent SECRT-2162-style regressions ## How ### Backend **Admin preview (`store/db.py`):** - `get_store_agent_details_as_admin()` queries `StoreListingVersion` directly, bypassing the APPROVED-only `StoreAgent` DB view - Validates `CreatorProfile` FK integrity, reads all fields including `recommendedScheduleCron` **Admin add-to-library (`library/_add_to_library.py`):** - Extracted shared logic into `resolve_graph_for_library()` + `add_graph_to_library()` — eliminates duplication between public and admin paths - Admin path uses `get_graph_as_admin()` to bypass marketplace status checks - Handles concurrent double-click race via `UniqueViolationError` catch **Library membership grants graph access (`data/graph.py`):** - `get_graph()` now falls back to `LibraryAgent` lookup if ownership and marketplace checks fail - Only for authenticated users with non-deleted, non-archived library records - `validate_graph_execution_permissions()` updated to match — library membership grants execution access too **New endpoints (`store_admin_routes.py`):** - `GET /admin/submissions/{id}/preview` — returns `StoreAgentDetails` - `POST /admin/submissions/{id}/add-to-library` — creates `LibraryAgent` via admin path ### Frontend - Preview page reuses `AgentInfo` + `AgentImages` with admin banner - Shows instructions, recommended schedule, and slug - "Add to My Library" button wired to admin endpoint - Preview button added to `ExpandableRow` (header + version history) - Categories column uncommented in version history table ### Testing (19 tests) **Graph access control (9 in `graph_test.py`):** Owner access, marketplace access, library member access (unpublished), deleted/archived/anonymous denied, null FK denied, efficiency checks **Admin bypass (5 in `store_admin_routes_test.py`):** Preview uses StoreListingVersion not StoreAgent, admin path uses get_graph_as_admin, regular path uses get_graph, library member can view in builder **Security (3):** Non-admin 403 on preview, non-admin 403 on add-to-library, nonexistent 404 **SECRT-2162 regression (2):** Admin access to pending agent, export with sub-graphs ### Checklist - [x] Changes clearly listed - [x] Test plan made - [x] 19 backend tests pass - [x] Frontend lints and types clean ## Test plan - [x] Navigate to `/admin/marketplace`, click Preview on a PENDING submission - [x] Verify images, video, description, categories, instructions, schedule render correctly - [x] Click "Add to My Library", verify agent appears in library and opens in builder - [x] Verify non-admin users get 403 - [x] Verify un-publishing doesn't break access for users who already added it 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **High Risk** > Adds new admin-only endpoints that bypass marketplace approval/ownership checks and changes `get_graph`/execution authorization to grant access via library membership, which impacts security-sensitive access control paths. > > **Overview** > Adds **admin preview + review workflow support** for marketplace submissions: new admin routes to `GET /admin/submissions/{id}/preview` (querying `StoreListingVersion` directly) and `POST /admin/submissions/{id}/add-to-library` (admin bypass to pull pending graphs into an admin’s library). > > Refactors library add-from-store logic into shared helpers (`resolve_graph_for_library`, `add_graph_to_library`) and introduces an admin variant `add_store_agent_to_library_as_admin`, including restore of archived/deleted entries and dedup/race handling. > > Changes core graph access rules: `get_graph()` now falls back to **library membership** (non-deleted/non-archived, version-specific) when ownership and marketplace approval don’t apply, and `validate_graph_execution_permissions()` is updated accordingly. Frontend adds a preview link and a dedicated admin preview page with “Add to My Library”; tests expand significantly to lock in the new bypass and access-control behavior. > > ^{Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit a362415d12ea337e3bbd313b47f4cb92a5a0e98e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).} <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

fix(backend): support Responses API in SmartDecisionMakerBlock (#12489) ## Summary - Fixes SmartDecisionMakerBlock conversation management to work with OpenAI's Responses API, which was introduced in #12099 (commit 1240f38) - The migration to `responses.create` updated the outbound LLM call but missed the conversation history serialization — the `raw_response` is now the entire `Response` object (not a `ChatCompletionMessage`), and tool calls/results use `function_call` / `function_call_output` types instead of role-based messages - This caused a 400 error on the second LLM call in agent mode: `"Invalid value: ''. Supported values are: 'assistant', 'system', 'developer', and 'user'."` ### Changes **`smart_decision_maker.py`** — 6 functions updated: | Function | Fix | |---|---| | `_convert_raw_response_to_dict` | Detects Responses API `Response` objects, extracts output items as a list | | `_get_tool_requests` | Recognizes `type: "function_call"` items | | `_get_tool_responses` | Recognizes `type: "function_call_output"` items | | `_create_tool_response` | New `responses_api` kwarg produces `function_call_output` format | | `_update_conversation` | Handles list return from `_convert_raw_response_to_dict` | | Non-agent mode path | Same list handling for traditional execution | **`test_smart_decision_maker_responses_api.py`** — 61 tests covering: - Every branch of all 6 affected helper functions - Chat Completions, Anthropic, and Responses API formats - End-to-end agent mode and traditional mode conversation validity ## Test plan - [x] 61 new unit tests all pass - [x] 11 existing SmartDecisionMakerBlock tests still pass (no regressions) - [x] All pre-commit hooks pass (ruff, black, isort, pyright) - [ ] CI integration tests 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Updates core LLM invocation and agent conversation/tool-call bookkeeping to match OpenAI’s Responses API, which can affect tool execution loops and prompt serialization across providers. Risk is mitigated by extensive new unit tests, but regressions could surface in production agent-mode flows or token/usage accounting. > > **Overview** > **Migrates OpenAI calls from Chat Completions to the Responses API end-to-end**, including tool schema conversion, output parsing, reasoning/text extraction, and updated token usage fields in `LLMResponse`. > > **Fixes SmartDecisionMakerBlock conversation/tool handling for Responses API** by treating `raw_response` as a Response object (splitting it into `output` items for replay), recognizing `function_call`/`function_call_output` entries, and emitting tool outputs in the correct Responses format to prevent invalid follow-up prompts. > > Also adjusts prompt compaction/token estimation to understand Responses API tool items, changes `get_execution_outputs_by_node_exec_id` to return list-valued `CompletedBlockOutput`, removes `gpt-3.5-turbo` from model/cost/docs lists, and adds focused unit tests plus a lightweight `conftest.py` to run these tests without the full server stack. > > ^{Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ff292efd3dd68d17152032ddfde33fb55be2f582. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).} <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Otto <otto@agpt.co> Co-authored-by: Krzysztof Czerwinski <kpczerwinski@gmail.com>

fix(backend): agent generator sets invalid model on PerplexityBlocks (#12391) Fixes the agent generator setting `gpt-5.2-2025-12-11` (or `gpt-4o`) as the model for PerplexityBlocks instead of valid Perplexity models, causing 100% failure rate for agents using Perplexity blocks. ### Changes 🏗️ - **Fixer: block-aware model validation** — `fix_ai_model_parameter()` now reads the block's `inputSchema` to check for `enum` constraints on the model field. Blocks with their own model enum (PerplexityBlock, IdeogramBlock, CodexBlock, etc.) are validated against their own allowed values with the correct default, instead of the hardcoded generic set (`gpt-4o`, `claude-opus-4-6`). This also fixes `edit_agent` which runs through the same fixer pipeline. - **PerplexityBlock: runtime fallback** — Added a `field_validator` on the model field that gracefully falls back to `SONAR` instead of crashing when an invalid model value is encountered at runtime. Also overrides `validate_data` to sanitize invalid model values *before* JSON schema validation (which runs in `Block._execute` before Pydantic instantiation), ensuring the fallback is actually reachable during block execution. - **DB migration** — Fixes existing PerplexityBlock nodes with invalid model values in both `AgentNode.constantInput` and `AgentNodeExecutionInputOutput` (preset overrides), matching the pattern from the Gemini migration. - **Tests** — Fixer tests for block-specific enum validation, plus `validate_data`-level tests ensuring invalid models are sanitized before JSON schema validation rejects them. Resolves [SECRT-2097](https://linear.app/autogpt/issue/SECRT-2097) ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] All existing + new fixer tests pass - [x] PerplexityBlock block test passes - [x] 11 perplexity_test.py tests pass (field_validator + validate_data paths) - [x] Verified invalid model (`gpt-5.2-2025-12-11`) falls back to `perplexity/sonar` at runtime - [x] Verified valid Perplexity models are preserved by the fixer - [x] Migration covers both constantInput and preset overrides

fix(frontend): revalidate layout after email/password login (#12285) Requested by @ntindle After logging in with email/password, the page navigates but renders a blank/unauthenticated state (just logo + cookie banner). A manual page refresh fixes it. The `login` server action calls `signInWithPassword()` server-side but doesn't call `revalidatePath()`, so Next.js serves cached RSC payloads that don't reflect the new auth state. The OAuth callback route already does this correctly. **Fix:** Add `revalidatePath(next, "layout")` after successful login, matching the OAuth callback pattern. Closes SECRT-2059

Merge branch 'master' into dev

fix(security): enforce disabled flag on blocks in graph validation (#12059) ## Summary Blocks marked `disabled=True` (like BlockInstallationBlock) were not being checked during graph validation, allowing them to be used via direct API calls despite being hidden from the UI. This adds a security check in `_validate_graph_get_errors()` to reject any graph containing disabled blocks. ## Security Advisory GHSA-4crw-9p35-9x54 ## Linear SECRT-1927 ## Changes - Added `block.disabled` check in graph validation (6 lines) ## Testing - Graphs with disabled blocks → rejected with clear error message - Graphs with valid blocks → unchanged behavior <!-- greptile_comment --> <h2>Greptile Overview</h2> <details><summary><h3>Greptile Summary</h3></summary> Adds critical security validation to prevent execution of disabled blocks (like `BlockInstallationBlock`) via direct API calls. The fix validates that `block.disabled` is `False` during graph validation in `_validate_graph_get_errors()` on line 747-750, ensuring disabled blocks are rejected before graph creation or execution. This closes a vulnerability where blocks marked disabled in the UI could still be used through API endpoints. </details> <details><summary><h3>Confidence Score: 5/5</h3></summary> - This PR is safe to merge and addresses a critical security vulnerability - The fix is minimal (6 lines), correctly placed in the validation flow, includes clear security context (GHSA reference), and follows existing validation patterns. The check is positioned after block existence validation and before input validation, ensuring disabled blocks are caught early in both graph creation and execution paths. - No files require special attention </details> <!-- greptile_other_comments_section --> <!-- /greptile_comment --> --------- Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

refactor(frontend): remove defaultExpanded prop from ToolAccordion components (#12054) ### Changes - Removed `defaultExpanded` prop from `ToolAccordion` in CreateAgent, EditAgent, RunAgent, and RunBlock components to streamline the code and improve readability. ### Impact - This refactor enhances maintainability by reducing complexity in the component structure while preserving existing functionality. ### Changes 🏗️ - Removed conditional expansion logic from all tool components - Simplified ToolAccordion implementation across all affected components ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Create and run agents with various tools to verify accordion behavior works correctly - [x] Verify that UI components expand and collapse as expected - [x] Test with different output types to ensure proper rendering --------- Co-authored-by: Ubbe <hi@ubbe.dev> Co-authored-by: Lluis Agusti <hi@llu.lu>

fix(copilot): update homepage copy to focus on problem discovery (#11956) ## Summary Update the CoPilot homepage to shift from "what do you want to automate?" to "tell me about your problems." This lowers the barrier to engagement by letting users describe their work frustrations instead of requiring them to identify automations themselves. ## Changes | Element | Before | After | |---------|--------|-------| | Headline | "What do you want to automate?" | "Tell me about your work — I'll find what to automate." | | Placeholder | "You can search or just ask - e.g. 'create a blog post outline'" | "What's your role and what eats up most of your day? e.g. 'I'm a real estate agent and I hate...'" | | Button 1 | "Show me what I can automate" | "I don't know where to start, just ask me stuff" | | Button 2 | "Design a custom workflow" | "I do the same thing every week and it's killing me" | | Button 3 | "Help me with content creation" | "Help me find where I'm wasting my time" | | Container | max-w-2xl | max-w-3xl | > **Note on container width:** The `max-w-2xl` → `max-w-3xl` change is just to keep the longer headline on one line. This works but may not be the ideal solution — @lluis-xai should advise on the proper approach. ## Why This Matters The current UX assumes users know what they want to automate. In reality, most users know what frustrates them but can't identify automations. The current screen blocks Otto from starting the discovery conversation that leads to useful recommendations. ## Files Changed - `autogpt_platform/frontend/src/app/(platform)/copilot/page.tsx` — headline, placeholder, container width - `autogpt_platform/frontend/src/app/(platform)/copilot/helpers.ts` — quick action button text Resolves: [SECRT-1876](https://linear.app/autogpt/issue/SECRT-1876) --------- Co-authored-by: Lluis Agusti <hi@llu.lu>

Merge branch 'dev'

Merge branch 'release/v0.6.44'

fix(backend): Use unqualified vector type for pgvector queries (#11818) ## Summary - Remove explicit schema qualification (`{schema}.vector` and `OPERATOR({schema}.<=>)`) from pgvector queries in `embeddings.py` and `hybrid_search.py` - Use unqualified `::vector` type cast and `<=>` operator which work because pgvector is in the search_path on all environments ## Problem The previous approach tried to explicitly qualify the vector type with schema names, but this failed because: - **CI environment**: pgvector is in `public` schema → `platform.vector` doesn't exist - **Dev (Supabase)**: pgvector is in `platform` schema → `public.vector` doesn't exist ## Solution Use unqualified `::vector` and `<=>` operator. PostgreSQL resolves these via `search_path`, which includes the schema where pgvector is installed on all environments. Tested on both local and dev environments with a test script that verified: - ✅ Unqualified `::vector` type cast - ✅ Unqualified `<=>` operator in ORDER BY - ✅ Unqualified `<=>` in SELECT (similarity calculation) - ✅ Combined query patterns matching actual usage ## Test plan - [ ] CI tests pass - [ ] Marketplace approval works on dev after deployment Fixes: AUTOGPT-SERVER-763, AUTOGPT-SERVER-764, AUTOGPT-SERVER-76B

feat(frontend/builder): Add sub-graph update UX (#11631) [OPEN-2743: Ability to Update Sub-Agents in Graph (Without Re-Adding)](https://linear.app/autogpt/issue/OPEN-2743/ability-to-update-sub-agents-in-graph-without-re-adding) Updating sub-graphs is a cumbersome experience at the moment, this should help. :) Demo in Builder v2: https://github.com/user-attachments/assets/df564f32-4d1d-432c-bb91-fe9065068360 https://github.com/user-attachments/assets/f169471a-1f22-46e9-a958-ddb72d3f65af ### Changes 🏗️ - Add sub-graph update banner with I/O incompatibility notification and resolution mode - Red visual indicators for broken inputs/outputs and edges - Update bars and tooltips show compatibility details - Sub-agent update UI with compatibility checks, incompatibility dialog, and guided resolution workflow - Resolution mode banner guiding users to remove incompatible connections - Visual controls to stage/apply updates and auto-apply when broken connections are fixed Technical: - Builder v1: Add `CustomNode` > `IncompatibilityDialog` + `SubAgentUpdateBar` sub-components - Builder v2: Add `SubAgentUpdateFeature` + `ResolutionModeBar` + `IncompatibleUpdateDialog` + `useSubAgentUpdateState` sub-components - Add `useSubAgentUpdate` hook - Related fixes in Builder v1: - Fix static edges not rendering as such - Fix edge styling not applying - Related fixes in Builder v2: - Fix excess spacing for nested node input fields Other: - "Retry" button in error view now reloads the page instead of navigating to `/marketplace` ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - CI for existing frontend UX flows - [x] Updating to a new sub-agent version with compatibility issues: UX flow works - [x] Updating to a new sub-agent version with *no* compatibility issues: works - [x] Designer approves of the look --------- Co-authored-by: abhi1992002 <abhimanyu1992002@gmail.com> Co-authored-by: Abhimanyu Yadav <122007096+Abhi1992002@users.noreply.github.com>

Merge branch 'master' into dev

Merge branch 'master' into dev

fix(frontend/marketplace): Fix rendering creator links without schema (#11516) - [OPEN-2871: TypeError: URL constructor: www.agpt.co is not a valid URL.](https://linear.app/autogpt/issue/OPEN-2871/typeerror-url-constructor-wwwagptco-is-not-a-valid-url) - [Sentry Issue BUILDER-56D: TypeError: URL constructor: www.agpt.co is not a valid URL.](https://significant-gravitas.sentry.io/issues/7081476631/) ### Changes 🏗️ - Amend URL handling in `CreatorLinks` to correctly handle URLs with implicit schema ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - Trivial change, CI is sufficient

fix(frontend): code scanning vulnerability (#11459) ## Changes 🏗️ Addresses this code scanning alert [security/code-scanning/156](https://github.com/Significant-Gravitas/AutoGPT/security/code-scanning/156) ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] No prototype pollution

refactor(turnstile): Remove turnstile (#11387) This PR removes turnstile from the platform. #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [x] Test to make sure that turnstile is gone, it will be. - [x] Test logging in with out turnstile to make sure it still works - [x] Test registering a new account with out turnstile and it works

fix(platform): chat duplicate messages (#11332)

Merge 'master' into 'dev'

feat(frontend): Improve waitlist error display & messages (#11206) Improves the "not on waitlist" error display based on feedback. - Follow-up to #11198 - Follow-up to #11196 ### Changes 🏗️ - Use standard `ErrorCard` - Improve text strings - Merge `isWaitlistError` and `isWaitlistErrorFromParams` ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Put your test plan here: --> - [x] We need to test in dev becasue we don't have a waitlist locally and will revert if it doesnt work - deploy to dev environment and sign up with a non approved account and see if error appears