feat(platform): Backend completion of Onboarding tasks

[kcze]

Make onboarding task completion backend-authoritative which prevents cheating (previously users could mark all tasks as completed instantly and get rewards) and makes task completion more reliable. Completion of tasks is moved backend with exception of introductory onboarding tasks and visit-page type tasks.

Changes 🏗️

• Move incrementing run counter backend and make webhook-triggered and scheduled task execution count as well
• Use user timezone for calculating run streak
• Frontend task completion is moved from update onboarding state to separate endpoint and guarded so only frontend tasks can be completed
• Graph creation, execution and add marketplace agent to library accept source, so appropriate tasks can be completed
• Replace client.ts api calls with orval generated and remove no longer used functions from client.ts
• Add resolveResponse helper function that unwraps orval generated call result to 2xx response

Small changes&bug fixes:

• Make Redis notification bus serialize all payload fields
• Fix confetti when group is finished
• Collapse finished group when opening Wallet
• Play confetti only for tasks that are listed in the Wallet UI

Checklist 📋

For code changes:

• I have clearly listed my changes in the PR description
• I have made a test plan
• I have tested my changes according to the test plan:
  • Onboarding can be finished
  • All tasks can be finished and work properly
  • Confetti works properly

[github-actions]

This pull request has conflicts with the base branch, please resolve those so we can evaluate the pull request.

[github-actions]

Conflicts have been resolved! 🎉 A maintainer will review the pull request shortly.

[AutoGPT-Agent]

Thanks for implementing the backend support for onboarding tasks! This looks like a solid improvement that will help track and reward user progress automatically.

However, before this PR can be merged, you need to address these issues:

Missing PR Description

• Please add a clear description of the changes made in this PR
• Complete the checklist in the PR description, particularly the test plan

Technical Implementation

The implementation looks good overall! Here are some observations:

• Great work adding the timezone-aware tracking for consecutive run days
• Good job handling onboarding notifications and rewards consistently
• The automatic milestone tracking will improve the user experience
• The serializer fix for notification payloads is a nice catch

Please update the PR description with details about:

1. The purpose of these changes
2. Which onboarding steps are now automatically tracked
3. How the reward system works
4. Your test plan (how you've verified these changes)

Once you've addressed these documentation issues, this PR should be ready for another review.

[AutoGPT-Agent]

Thanks for this PR that improves the security of the onboarding process by moving task completion to the backend!

What looks good

• The code changes are well-structured and maintain proper user_id checks
• The PR description clearly explains the changes and intent
• You've maintained backward compatibility while adding important security improvements
• The timezone handling for run streaks is a nice improvement

What needs attention

The PR needs a completed checklist as per our requirements. Please fill out the test plan section and check off the boxes in the PR description. Since this is a significant change touching both backend and frontend, having a clear test plan is important.

Suggested test plan could include:

• Testing completion of different types of onboarding tasks (frontend vs backend-controlled)
• Verifying timezone-based run streak calculation
• Testing that webhook-triggered executions properly count toward run counts
• Verifying that task rewards are correctly applied
• Testing that frontend can't complete backend-protected tasks

Once you've added and checked off the test plan items, this PR should be good to go!

[AutoGPT-Agent]

Thanks for your PR on making onboarding task completion backend-authoritative! The changes look well thought out and should effectively prevent users from cheating by marking all tasks as completed instantly.

I noticed a few items to address before this can be merged:

1. Your checklist indicates you haven't fully tested that onboarding can be completed from start to finish. This seems like an important test to complete given the significance of the changes to the onboarding flow.

2. Consider completing all the checkboxes in your test plan to confirm you've verified all aspects of the functionality.

3. The PR includes a helpful helper function resolveResponse for unwrapping orval generated call results, which improves code readability throughout the frontend changes.

4. The timezone-aware streak calculation is a nice improvement that will make the feature more reliable for users in different regions.

Once you've completed testing the full onboarding flow and updated your checklist accordingly, this PR should be ready for final review and merging. The code changes themselves look well-structured and maintain proper security patterns with user_id checks.

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Type Validation The POST /onboarding/step handler validates the 'step' argument using get_args on FrontendOnboardingStep. FastAPI/Orval may coerce values differently; ensure the request body schema strictly restricts values and that invalid enum strings are rejected as intended. async def onboarding_complete_step( user_id: Annotated[str, Security(get_user_id)], step: FrontendOnboardingStep ): if step not in get_args(FrontendOnboardingStep): raise HTTPException(status_code=400, detail="Invalid onboarding step") return await complete_onboarding_step(user_id, step) Concurrency increment_runs reads onboarding then updates counters and computes milestones based on old completedSteps. In concurrent executions, milestones or counters might race. Consider doing the update and step computation in a transaction or re-fetching state after update to avoid duplicate or missed completions. async def increment_runs(user_id: str): """ Increment a user's run counters and trigger any onboarding milestones. """ user_timezone = await _get_user_timezone(user_id) onboarding = await get_user_onboarding(user_id) new_run_count = onboarding.agentRuns + 1 last_run_at, consecutive_run_days = _calculate_consecutive_run_days( onboarding.lastRunAt, onboarding.consecutiveRunDays, user_timezone ) await UserOnboarding.prisma().update( where={"userId": user_id}, data={ "agentRuns": new_run_count, "lastRunAt": last_run_at, "consecutiveRunDays": consecutive_run_days, }, ) milestones = _get_run_milestone_steps(new_run_count, consecutive_run_days) new_steps = [step for step in milestones if step not in onboarding.completedSteps] for step in new_steps: await complete_onboarding_step(user_id, step) Backward Compatibility Notification payload now enforces event type and OnboardingNotificationPayload.step as OnboardingStep and allows extras via model_config. Verify all producers/consumers (WS, Redis serializer) handle this shape and that older clients expecting string step don't break. type: str event: str model_config = pydantic.ConfigDict(extra="allow") class OnboardingNotificationPayload(NotificationPayload): step: OnboardingStep

[kcze]

This makes all fields of NotificationPayload subclasses serialized (in this case OnboardingNotificationPayload)

[kcze]

This is a subset of OnboardingStep with only the step that are allowed to be completed frontend-side.

[kcze]

Step completion has now dedicated endpoint.

[kcze]

This makes sure we don't actually call onboarding function (and try to access db)

[kcze]

We need sources to know if an onboarding step should be completed; for example running agent from library shouldn't be completed when running onboarding agent or in the builder.

[kcze]

The following functions are to calculate run streak for the user for running agent, i.e. keep increasing by one every day and if one day is missed reset. The time is calculated in the user timezone.

[github-actions]

This pull request has conflicts with the base branch, please resolve those so we can evaluate the pull request.

[github-actions]

Conflicts have been resolved! 🎉 A maintainer will review the pull request shortly.

[majdyz]

I don't know how far are we trying to be careful with this,
It's safer to just increment the integer field than do this see Updating Atomic Fields in https://prisma-client-py.readthedocs.io/en/v0.1.0/reference/operations/#integer-fields_1