feat(iffy): Add initial iffy moderation

[Bentlybro]

This is the initial code for the iffy moderation setup.

Changes 🏗️

In backend/executor/manager.py I have had to make it so add_execution is synchronous but calls an async implementation because we need to perform content moderation with send_to_iffy, which is an async function, if there is a better way to do this please let me know, Then further down we collect all the blocks and the info and send it all to iffy

In backend/util/iffy.py this is where we have the actual send_to_iffy function, this gets all of the data and formats it + gets the other data we need like username and userid + adds the metadata like graphExecutionId ect, then combines it all together into a payload to be sent to iffy

In backend/server/v2/iffy/routes.py i have added @iffy_router.post("/webhook") to receive the returned info from iffy's webhook, then we split it into two.

handle_record_event deals with flagged blocks, if any are flagged it gets the graph_exec_id from the metadata, then calls execution_manager.cancel_execution(graph_exec_id) to stop the graph from running.

and handle_user_event, currently we dont have any systems setup yet to deal with suspending/banning a user so for now i just log the data and return 200 to prevent iffy from sending the data again. The next TODO: would be to setup a system to actually use this info so we can suspend/ban users

I have added a fallback / backup incase iffy fails to reply/if iffy is down in backend/util/openrouter.py we are just using OpenRouter and making it pick any model and just asking it if it things the content is safe or not, if flagged it stops the graph from running. TODO: Improve this and the prompting down the line

In backend/server/rest_api.py i am just adding the router for /api/iffy

This current setup does work but there are some issues that i have been trying to fix and i feel some other eyes on this may help.

• Sometimes the executor is faster than iffy, so this means the executor runs before iffy has had time to process and reply, I tried to make it check the blocks before we start the executor but i was having issues getting all the block data so if any one has any suggestion's for that please let me know,
• Currently we are only checking the blocks at the start of the execution, we should probably check the blocks during execution too because i setup a graph that uses pastebin to get data that should be flagged, but its missed because we only check at the start, i tried to add this but we currently dont have a way to "pause"/"slow down" a execution so the execution would run and finish before iffy has checked it all.
• One thing I noticed is if a graph has multiple blocks that are flagged, it will try to stop the execution multiple times based on how many flagged blocks there are, I need to fix this and make it only try to stop the execution once

List of TODO's down the line/in other Pr's:

• Add a system to deal with suspending/banning users
• improve the prompting for the OpenRouter fallback if needed.
• Fix multiple flagged blocks trying to cancel the same running graph.

Once we are happy with this setup we will need to setup Iffy on GCP.

Link to Iffy's github and also big shout out to @s3ththompson and the Iffy team for several updates to iffy during the setup of this which has helped so much. Id also love your feedback on this if you have any thoughts or suggestions.

Checklist 📋

This may be difficult to test locally for other people just because of how i have iffy setup, i am hosting a version of it on my server, i can give the api keys/url's and so on just contact me, tho you may need to use nginx? to make it so iffy can call back to your local machine for its webhook replies, For now ill leave the test plan empty because of this

For code changes:

• I have clearly listed my changes in the PR description
• I have made a test plan
• I have tested my changes according to the test plan:
  • [ ]

[netlify]

✅ Deploy Preview for auto-gpt-docs-dev canceled.

Name	Link
🔨 Latest commit	46ad1fe
🔍 Latest deploy log	https://app.netlify.com/sites/auto-gpt-docs-dev/deploys/67d16a4db09373000812e054

[deepsource-io]

Here's the code health analysis summary for commits c1e3294..46ad1fe. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Python	✅ Success	❗ 53 occurences introduced 🎯 20 occurences resolved	View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[netlify]

✅ Deploy Preview for auto-gpt-docs ready!

Name	Link
🔨 Latest commit	46ad1fe
🔍 Latest deploy log	https://app.netlify.com/sites/auto-gpt-docs/deploys/67d16a4d8612390008a16426
😎 Deploy Preview	https://deploy-preview-9621--auto-gpt-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[AutoGPT-Agent]

The PR appears to have several issues that need addressing: 1) The test plan section is completely empty when it should document testing steps for such a critical security feature 2) The PR template is only partially filled out - missing configuration checklist items which may be relevant given new environment variables being added 3) The PR acknowledges known issues with race conditions and incomplete moderation coverage that could lead to unsafe content getting through. While the core functionality seems solid, these gaps should be addressed before merging.

[AutoGPT-Agent]

The PR follows most guidelines but has some issues that need addressing: 1) The test plan is completely empty and marked as skipped rather than explaining why testing may be difficult, 2) While they state configuration changes are needed for Iffy/GCP, the configuration checklist section is missing entirely rather than being filled out to indicate needed changes to .env.example etc.

[AutoGPT-Agent]

The PR is well documented with clear changes and explanations, but has some issues to address: 1) The test plan is incomplete and they acknowledge testing will be difficult for others, 2) There are known execution timing issues that need to be resolved, 3) Missing runtime block checking capability. However, the code changes themselves properly handle user_id validation and have good security considerations built in with the fallback to OpenRouter when Iffy fails. The scope of changes is focused on content moderation features.

[AutoGPT-Agent]

The PR appears to be well documented with clear changes and explanations. The author has acknowledged some current limitations and areas for improvement. However, there are a few issues that need to be addressed: 1) The test plan is empty and marked as difficult to test locally 2) The author notes some timing issues with iffy vs executor that need to be resolved 3) The PR includes significant new functionality but does not have proper test coverage plans. While these are concerns, they appear to be actively acknowledged and discussed rather than ignored.

[AutoGPT-Agent]

While this PR shows good progress on implementing content moderation, there are a few issues that need to be addressed:

1. The PR template is only partially filled out - missing test plan
2. The changes include significant new code but don't clearly document how user_id is protected/validated in data routes
3. The code has some recognized issues detailed in the description that should be fixed before merging (execution timing, checking blocks during execution, multiple stop attempts)

[ntindle]

self.run_and_wait( probably exists