feat(autogpt_classic): Implement Flask web interface and enhance file operations

[heeresbach]

• Add autogpt/web_interface.py: Implement Flask web interface with routes for creating, listing, and deleting agents, and saving and retrieving information locally.
• Modify autogpt/commands/file_operations.py: Update write_to_file and read_file functions to handle JSON and CSV formats.
• Update autogpt/agent/agent_manager.py: Add methods for saving and retrieving agent information locally, and for listing and deleting agents.
• Change autogpt/cli.py: Add command-line option to start the Flask web interface.

Changes 🏗️

Checklist 📋

For code changes:

• I have clearly listed my changes in the PR description
• I have made a test plan
• I have tested my changes according to the test plan:
  • ...

Example test plan

• Create from scratch and execute an agent with at least 3 blocks
• Import an agent from file upload, and confirm it executes correctly
• Upload agent to marketplace
• Import an agent from marketplace and confirm it executes correctly
• Edit an agent from monitor, and confirm it executes correctly

For configuration changes:

• .env.example is updated or already compatible with my changes
• docker-compose.yml is updated or already compatible with my changes
• I have included a list of my configuration changes in the PR description (under Changes)

Examples of configuration changes

• Changing ports
• Adding new services that need to communicate with each other
• Secrets or environment variable changes
• New or infrastructure changes such as databases

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

This PR targets the master branch but does not come from dev or a hotfix/* branch.

Automatically setting the base branch to dev.

[github-actions]

This pull request has conflicts with the base branch, please resolve those so we can evaluate the pull request.

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The web interface (autogpt/web_interface.py) lacks authentication and authorization controls, allowing unauthenticated access to agent creation, listing, deletion, and file operations. This could expose sensitive information stored in agents or allow unauthorized file access on the server. Additionally, the file retrieval endpoint (/retrieve) allows reading any file that the application has access to, which could lead to information disclosure if an attacker can specify arbitrary filenames.

⚡ Recommended focus areas for review Type Handling The write_to_file function expects different types for different formats (dict for JSON, list of lists for CSV, string for txt) but this isn't documented in the function signature or docstring, which could lead to runtime errors. if format == "json": with open(filename, "w", encoding="utf-8") as f: json.dump(text, f) elif format == "csv": with open(filename, "w", encoding="utf-8", newline='') as f: writer = csv.writer(f) writer.writerows(text) else: with open(filename, "w", encoding="utf-8") as f: f.write(text) Missing Authentication The Flask web interface doesn't implement any authentication mechanism, allowing anyone to create, list, or delete agents and access files on the system. from flask import Flask, request, jsonify from autogpt.agent.agent_manager import AgentManager from autogpt.commands.file_operations import write_to_file, read_file app = Flask(__name__) agent_manager = AgentManager() @app.route('/agents', methods=['POST']) def create_agent(): data = request.json task = data.get('task') prompt = data.get('prompt') model = data.get('model', 'gpt-3.5-turbo') key, response = agent_manager.create_agent(task, prompt, model) return jsonify({'key': key, 'response': response}) @app.route('/agents', methods=['GET']) def list_agents(): agents = agent_manager.list_agents() return jsonify(agents) @app.route('/agents/<int:key>', methods=['DELETE']) def delete_agent(key): success = agent_manager.delete_agent(key) return jsonify({'success': success}) @app.route('/save', methods=['POST']) def save_information(): data = request.json filename = data.get('filename') content = data.get('content') response = write_to_file(filename, content) return jsonify({'response': response}) @app.route('/retrieve', methods=['GET']) def retrieve_information(): filename = request.args.get('filename') content = read_file(filename) return jsonify({'content': content}) if __name__ == '__main__': app.run(debug=True) Error Handling The retrieve_agent_information method catches all exceptions generically and returns them as part of the response, which might expose sensitive information or implementation details. try: content = read_file(filename) return content except Exception as e: return {"Error": str(e)}

[deepsource-io]

Here's the code health analysis summary for commits 1f2af18..40fa48e. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success	❗ 1 occurence introduced	View Check ↗
Python	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[netlify]

❌ Deploy Preview for auto-gpt-docs failed.

Name	Link
🔨 Latest commit	40fa48e
🔍 Latest deploy log	https://app.netlify.com/sites/auto-gpt-docs/deploys/67e9f8e8c49386000851e6ac

[ntindle]

Thanks for the changes! You've got a couple conflicts and a CLA that needs signed so it can't go in today's release. Ping me when these are resolved and I'll take a look :)

[Pwuts]

Suggested change

	def write_to_file(filename: str, text: str, format: str = "txt") -> str:
	def write_to_file(filename: str, text: str, format: Literal["txt", "json", "csv"] = "txt") -> str:

[Pwuts]

This doesn't make a lot of sense since text is explicitly typed as str. I'd advise breaking this up into separate commands.

[ntindle]

Closing for CLA poke us if you sign :)