AutoGPT feat(platform/blocks): implement ConcatenateListsBlock

Summary

This pull request introduces the ConcatenateListsBlock, a new block that merges multiple lists into a single flattened list. The implementation uses itertools.chain for efficient concatenation and includes input validation to ensure the input structure is correct.

Changes Included Added concatenate_lists.py under backend/backend/blocks/ Added unit tests under backend/test/blocks/ Tests cover normal list merging, empty list handling, and invalid input cases

Test Plan

The block was validated using the included unit tests. All unit tests were executed locally under Python 3.12 in a virtual environment using pytest -q.

Nov 11 '25 12:11 PratyushSingh2002

This PR targets the master branch but does not come from dev or a hotfix/* branch.

Automatically setting the base branch to dev.

Nov 11 '25 12:11 github-actions[bot]

[!IMPORTANT]

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

[ ] Create PR with unit tests
[ ] Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Nov 11 '25 12:11 coderabbitai[bot]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 5 🔵🔵🔵🔵🔵

🧪 PR contains tests

🔒 Security concerns

CORS configuration:
New build_cors_params and regex support add complexity. In production, localhost is blocked (literal and regex), with tests covering this. Validate that all middleware instantiations consistently use build_cors_params and that no other entry points bypass it.

Admin analytics endpoint: The new admin endpoint invokes LLMs using an internal API key and bypasses feature flags via skip_feature_flag=True. Ensure this endpoint remains admin-protected (it uses requires_admin_user) and that rate limiting and logging do not leak sensitive content.

WebSocket notifications: A new notification bus delivers arbitrary payloads to users. Confirm payload sanitization on the frontend if any content could be user-generated to avoid UI injection risks. No direct XSS concerns are evident; messages are JSON-only.

No other obvious credential exposure or injection risks found.

⚡ Recommended focus areas for review

Possible Issue

The tool map key was changed from setup_agent to schedule_agent, but the actual tool implementation file is still named setup_agent.py. Verify that callers use the new name and that the backend and frontend agree on tool names to avoid 404/unknown tool errors.

"find_agent": find_agent_tool,
"get_agent_details": get_agent_details_tool,
"get_required_setup_info": get_required_setup_info_tool,
"schedule_agent": setup_agent_tool,
"run_agent": run_agent_tool,

API Change Risk

connect_socket and disconnect_socket now require user_id. Ensure all call sites were updated; missing updates could break WS connections. There are updated usages in tests and ws_api, but double-check other imports/usages not shown in the diff.

async def connect_socket(self, websocket: WebSocket, *, user_id: str):
    await websocket.accept()
    self.active_connections.add(websocket)
    if user_id not in self.user_connections:
        self.user_connections[user_id] = set()
    self.user_connections[user_id].add(websocket)

def disconnect_socket(self, websocket: WebSocket, *, user_id: str):
    self.active_connections.discard(websocket)
    for subscribers in self.subscriptions.values():
        subscribers.discard(websocket)
    user_conns = self.user_connections.get(user_id)
    if user_conns is not None:
        user_conns.discard(websocket)
        if not user_conns:
            self.user_connections.pop(user_id, None)

Validation Edge Cases

CORS origin validation now accepts regex entries and auto-completes localhost/127.0.0.1 ports. Confirm no duplicates or ordering issues occur and that invalid but tricky patterns are correctly rejected across environments.

backend_cors_allow_origins: List[str] = Field(
    default=["http://localhost:3000"],
    description="Allowed Origins for CORS. Supports exact URLs (http/https) or entries prefixed with "
    '"regex:" to match via regular expression.',
)

@field_validator("backend_cors_allow_origins")
@classmethod
def validate_cors_allow_origins(cls, v: List[str]) -> List[str]:
    validated: List[str] = []
    localhost_ports: set[str] = set()
    ip127_ports: set[str] = set()

    for raw_origin in v:
        origin = raw_origin.strip()
        if origin.startswith("regex:"):
            pattern = origin[len("regex:") :]
            if not pattern:
                raise ValueError("Invalid regex pattern: pattern cannot be empty")
            try:
                re.compile(pattern)
            except re.error as exc:
                raise ValueError(
                    f"Invalid regex pattern '{pattern}': {exc}"
                ) from exc
            validated.append(origin)
            continue

        if origin.startswith(("http://", "https://")):
            if "localhost" in origin:
                try:
                    port = origin.split(":")[2]
                    localhost_ports.add(port)
                except IndexError as exc:
                    raise ValueError(
                        "localhost origins must include an explicit port, e.g. http://localhost:3000"
                    ) from exc
            if "127.0.0.1" in origin:
                try:
                    port = origin.split(":")[2]
                    ip127_ports.add(port)
                except IndexError as exc:
                    raise ValueError(
                        "127.0.0.1 origins must include an explicit port, e.g. http://127.0.0.1:3000"
                    ) from exc
            validated.append(origin)
            continue

        raise ValueError(f"Invalid URL or regex origin: {origin}")

    for port in ip127_ports - localhost_ports:
        validated.append(f"http://localhost:{port}")
    for port in localhost_ports - ip127_ports:
        validated.append(f"http://127.0.0.1:{port}")

    return validated

Nov 11 '25 12:11 qodo-code-review[bot]

Here's the code health analysis summary for commits 2cb6fd5..aced109. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Python	✅ Success	❗ 3 occurences introduced	View Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

Nov 11 '25 12:11 deepsource-io[bot]

Deploy Preview for auto-gpt-docs canceled.

Name	Link
Latest commit	aced109f1e394311350e2dccabea304ae92bb73d
Latest deploy log	https://app.netlify.com/projects/auto-gpt-docs/deploys/692f1ccf8d643d00084ae42f

Nov 11 '25 12:11 netlify[bot]

Thanks for contributing the new ConcatenateListsBlock! The implementation looks good and includes proper tests.

However, your PR description is missing the required checklist section from our PR template. Please update your PR description to include the complete checklist section and make sure all applicable items are checked off.

Specifically, your PR should include:

The standard checklist for code changes
Confirmation that you've tested your changes according to the test plan

The code itself looks solid - I appreciate the clean implementation using itertools.chain and the thorough test coverage for both valid and invalid inputs. Once you update the PR description with the required checklist, this should be ready for review.

Nov 11 '25 12:11 AutoGPT-Agent

Thank you for implementing the ConcatenateListsBlock! The code implementation looks good with proper error handling and the tests cover the important cases.

However, our PR process requires using the standard PR template with a completed checklist. Could you please update your PR description to include the checklist from our template and check off the appropriate items?

Specifically, please:

Include the standard checklist section
Check off items confirming you've tested your changes
Add any specific test steps you performed

The code itself looks ready to merge once the description is updated with the required checklist format.

Nov 11 '25 12:11 AutoGPT-Agent

Thank you for implementing the ConcatenateListsBlock! The implementation looks clean and includes appropriate error handling and tests.

However, before we can merge this PR, please update your PR description to include the required checklist from our PR template. The checklist needs to be filled out completely since this PR involves code changes.

Please make sure to:

Include the complete checklist section
Check all applicable boxes
Add your specific test plan in the designated area

The code implementation itself looks good - I like the use of itertools.chain for efficient concatenation and the error handling approach.

Nov 11 '25 12:11 AutoGPT-Agent

Deploy Preview for auto-gpt-docs-dev canceled.

Name	Link
Latest commit	aced109f1e394311350e2dccabea304ae92bb73d
Latest deploy log	https://app.netlify.com/projects/auto-gpt-docs-dev/deploys/692f1ccfa9ee050008740315

Dec 01 '25 19:12 netlify[bot]

Thanks for implementing the ConcatenateListsBlock. The code looks clean and your implementation using itertools.chain is efficient.

However, before this PR can be merged, please update your PR description to include the complete checklist from our PR template. All PRs need to have this checklist included and completely checked off.

Your implementation looks good technically, but we need to ensure all our process requirements are met as well. Once you add the checklist and check off the relevant items, this PR should be ready for another review.

Dec 01 '25 19:12 AutoGPT-Agent

Thank you for implementing the ConcatenateListsBlock! The block implementation looks clean and includes proper tests.

Before this can be approved, please update your PR description to include the required checklist for code changes. The PR template requires you to check off items such as:

[ ] I have clearly listed my changes in the PR description
[ ] I have made a test plan
[ ] I have tested my changes according to the test plan

Your description already includes a test plan, but we need the formal checklist to be included and completed as per our process requirements.

The actual implementation looks good - you're using itertools.chain for efficient concatenation and have included proper input validation and error handling.

Dec 01 '25 19:12 AutoGPT-Agent

Thank you for contributing this new ConcatenateListsBlock! The implementation looks clean and well-tested.

However, before this can be merged, please update your PR description to include the required checklist for code changes. Since this PR introduces new code, the checklist needs to be filled out completely to ensure proper validation of your changes.

Specifically, please add the standard checklist that includes:

Confirmation that you've listed your changes
A test plan
Confirmation that you've tested your changes according to the test plan

Your implementation looks great otherwise - the block's functionality is focused, you've included appropriate input validation, and the tests cover normal cases, empty lists, and invalid inputs. Once you add the required checklist, this should be ready for re-review.

Dec 02 '25 17:12 AutoGPT-Agent

@cursor can you run the linter and get this up to snuff? i'm not familar with the @blocks decorator so also send me some docs we have on that or add the docs if we dont have any

Dec 02 '25 18:12 ntindle

feat(platform/blocks): implement ConcatenateListsBlock

Review skipped

PR Reviewer Guide 🔍

Analysis Summary

✅ Deploy Preview for auto-gpt-docs canceled.

✅ Deploy Preview for auto-gpt-docs-dev canceled.

Deploy Preview for auto-gpt-docs canceled.

Deploy Preview for auto-gpt-docs-dev canceled.