collavre 0.20.3 → 0.22.0

data/app/services/collavre/tools/creative_attach_files_service.rb

@@ -0,0 +1,62 @@
+module Collavre
+require "sorbet-runtime"
+require "rails_mcp_engine"
+module Tools
+  class CreativeAttachFilesService
+    extend T::Sig
+    extend ToolMeta
+    include Collavre::PublicAssetsHelper
+
+    tool_name "creative_attach_files_service"
+    tool_description "Attach inline, agent-generated TEXT content (markdown, html, svg, plain text) to a Creative. The content is stored as an ActiveStorage blob, embedded into the Creative's description, and served via CloudFront-cached /public-assets URLs.\n\nUse this for content the agent produced as text (notes, generated markdown/html/svg).\n\nFor BINARY files already on disk (png, mp4, pdf), use the CLI `collavre attach --creative <id> --file <path>` instead — it uploads the raw bytes over a bearer multipart HTTP endpoint without base64 bloat.\n\nRequires :write permission on the target Creative."
+
+    tool_param :creative_id, description: "ID of the Creative to attach content to.", required: true
+    tool_param :files, description: "Array of objects: { filename, content, content_type? }. `content` is the literal UTF-8 text to store (e.g. markdown/html/svg source). `content_type` is inferred from the filename when omitted.", required: true
+
+    sig { params(creative_id: Integer, files: T::Array[T::Hash[String, T.untyped]]).returns(T::Hash[Symbol, T.untyped]) }
+    def call(creative_id:, files:)
+      raise "Current.user is required" unless Current.user
+
+      creative = Creative.find_by(id: creative_id)
+      return { error: "Creative not found", id: creative_id } unless creative
+      unless creative.has_permission?(Current.user, :write)
+        return { error: "No write permission on Creative", id: creative_id }
+      end
+      unless creative.attachments_embeddable?
+        return { error: "Cannot attach files to GitHub-synced content", id: creative_id }
+      end
+      return { error: "No files provided" } if files.blank?
+      # Validate the entire payload before creating any blob, so a bad entry
+      # later in the array never leaves an orphaned blob from an earlier one.
+      return { error: "Each file requires a filename" } if files.any? { |f| f["filename"].to_s.blank? }
+
+      blobs = files.map do |f|
+        name = f["filename"].to_s
+        content = f["content"].to_s
+
+        ActiveStorage::Blob.create_and_upload!(
+          io: StringIO.new(content),
+          filename: name,
+          content_type: f["content_type"].presence || Marcel::MimeType.for(name: name) || "text/plain"
+        )
+      end
+
+      blobs.each { |blob| creative.embed_attachment_blob!(blob) }
+
+      {
+        success: true,
+        creative_id: creative.id,
+        attachments: blobs.map { |b|
+          {
+            signed_id: b.signed_id,
+            filename: b.filename.to_s,
+            content_type: b.content_type,
+            byte_size: b.byte_size,
+            url: public_asset_url(b)
+          }
+        }
+      }
+    end
+  end
+end
+end

data/app/services/collavre/tools/creative_list_attachments_service.rb

@@ -0,0 +1,42 @@
+module Collavre
+require "sorbet-runtime"
+require "rails_mcp_engine"
+module Tools
+  class CreativeListAttachmentsService
+    extend T::Sig
+    extend ToolMeta
+    include Collavre::PublicAssetsHelper
+
+    tool_name "creative_list_attachments_service"
+    tool_description "List all attachments on a Creative with public URLs, filenames, content types, and sizes. Requires :read permission."
+
+    tool_param :creative_id, description: "ID of the Creative.", required: true
+
+    sig { params(creative_id: Integer).returns(T::Hash[Symbol, T.untyped]) }
+    def call(creative_id:)
+      raise "Current.user is required" unless Current.user
+
+      creative = Creative.find_by(id: creative_id)
+      return { error: "Creative not found", id: creative_id } unless creative
+
+      unless creative.has_permission?(Current.user, :read)
+        return { error: "No read permission on Creative", id: creative_id }
+      end
+
+      {
+        success: true,
+        creative_id: creative.id,
+        attachments: creative.files.with_all_variant_records.map { |a|
+          {
+            signed_id: a.blob.signed_id,
+            filename: a.filename.to_s,
+            content_type: a.content_type,
+            byte_size: a.byte_size,
+            url: public_asset_url(a.blob)
+          }
+        }
+      }
+    end
+  end
+end
+end

data/app/services/collavre/tools/creative_remove_attachment_service.rb

@@ -0,0 +1,37 @@
+module Collavre
+require "sorbet-runtime"
+require "rails_mcp_engine"
+module Tools
+  class CreativeRemoveAttachmentService
+    extend T::Sig
+    extend ToolMeta
+
+    tool_name "creative_remove_attachment_service"
+    tool_description "Remove a single attachment from a Creative by its signed_id. Requires :write permission. Strips the attachment's node from the description and purges the underlying blob asynchronously when nothing else references it."
+
+    tool_param :creative_id, description: "ID of the Creative.", required: true
+    tool_param :signed_id, description: "signed_id of the blob (from creative_list_attachments_service or creative_attach_files_service response).", required: true
+
+    sig { params(creative_id: Integer, signed_id: String).returns(T::Hash[Symbol, T.untyped]) }
+    def call(creative_id:, signed_id:)
+      raise "Current.user is required" unless Current.user
+
+      creative = Creative.find_by(id: creative_id)
+      return { error: "Creative not found", id: creative_id } unless creative
+
+      unless creative.has_permission?(Current.user, :write)
+        return { error: "No write permission on Creative", id: creative_id }
+      end
+
+      # HTML is the source of truth: strip the node from the description and let
+      # after_save reconcile detach + safe-purge the blob. Removing only the
+      # ActiveStorage attachment would leave a dangling node in the description
+      # (broken asset, or reconciled back into creative.files on the next save).
+      removed = creative.remove_attachment!(signed_id)
+      return { error: "Attachment not found on this Creative" } unless removed
+
+      { success: true, creative_id: creative.id, removed_signed_id: signed_id }
+    end
+  end
+end
+end

data/app/services/collavre/tools/cron_list_service.rb

@@ -5,6 +5,7 @@ module Tools
   class CronListService
     extend T::Sig
     extend ToolMeta
+    include Collavre::Crons::RecurringTaskArguments
 
     tool_name "cron_list"
     tool_description "List recurring scheduled jobs. Returns all cron jobs for creatives the current user has access to. Filter by creative_id to see jobs for a specific creative."
@@ -46,20 +47,6 @@ module Tools
 
       { success: true, cron_jobs: results, count: results.size }
     end
-
-    private
-
-    def parse_arguments(task)
-      args = task.arguments
-      return {} unless args.is_a?(Array) && args.first.is_a?(Hash)
-
-      args.first.stringify_keys
-    end
-
-    def parse_creative_id_from_key(key)
-      match = key.match(/\Acron_(\d+)_/)
-      match[1].to_i if match
-    end
   end
 end
 end

data/app/services/collavre/tools/permission_denied_error.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Collavre
+  module Tools
+    # Raised by tool services when the current user lacks the required
+    # creative-level permission to perform a mutating action.
+    class PermissionDeniedError < StandardError; end
+  end
+end

data/app/services/collavre/tools/preview_attach_service.rb

@@ -0,0 +1,128 @@
+module Collavre
+require "sorbet-runtime"
+require "rails_mcp_engine"
+module Tools
+  # Attach a development-preview chip to a topic. AI Agents call this after
+  # spinning up `./bin/dev` against a worktree so the preview URL and run
+  # state surface as a chip in the typing-indicator row. Idempotent by
+  # (topic_id, worktree_id).
+  class PreviewAttachService
+    extend T::Sig
+    extend ToolMeta
+
+    tool_name "preview_attach"
+    tool_description <<~DESC.strip
+      Attach a development preview server to a Collavre topic. Renders a
+      chip in the topic's typing-indicator row with a clickable link to the
+      preview URL and a state badge (running/stopped). Call this after
+      starting a preview server (e.g. ./bin/dev on a worktree). Idempotent
+      per (topic_id, worktree_id) — calling twice does not duplicate the
+      chip or re-announce.
+    DESC
+
+    tool_param :topic_id, description: "The Collavre topic id to attach the preview chip to."
+    tool_param :preview_url, description: "Full URL of the preview server, e.g. http://localhost:4001"
+    tool_param :worktree_id, description: "Stable identifier for the worktree (or environment) running this preview. Used as the dedup key — re-calling with the same worktree_id reactivates the existing chip instead of creating a duplicate."
+    tool_param :label, description: "Optional display label shown on the chip. Defaults to a localized 'Preview' string.", required: false
+
+    sig do
+      params(
+        topic_id: Integer,
+        preview_url: String,
+        worktree_id: String,
+        label: T.nilable(String)
+      ).returns(T::Hash[Symbol, T.untyped])
+    end
+    def call(topic_id:, preview_url:, worktree_id:, label: nil)
+      validate_preview_url!(preview_url)
+
+      topic = Collavre::Topic.find(topic_id)
+      Collavre::Tools::TopicAuthorizer.authorize_write!(topic)
+
+      refresh_config = ->(c) {
+        # Re-attach against the same worktree may carry a fresh URL/label
+        # (e.g. port reassignment after a restart). Refresh the persisted
+        # config so the chip link goes to the live server, not the dead one
+        # — applies both when reactivating a stopped chip and when the chip
+        # is still active (:noop), which is the common dev-restart case.
+        new_config = c.config.merge(
+          "preview_url" => preview_url,
+          "preview_state" => "running"
+        )
+        new_config["label"] = label if label
+        c.config = new_config
+        # Also refresh the cached chip fields that record_event! seeded on the
+        # first attach. The chip partial renders latest_link.presence ||
+        # default_link, so without this update a :noop reattach with a new port
+        # leaves the chip pointing at the dead URL even though config is fresh.
+        # (On :reactivate the subsequent inject_into_topic! would overwrite
+        # these via record_event! anyway, so updating here is harmless.)
+        c.latest_link = preview_url
+        c.latest_label = c.default_label
+      }
+
+      channel, status = Collavre::ChannelAttacher.call(
+        channel_class: Collavre::PreviewChannel,
+        lookup: -> { lookup_channel(topic, worktree_id) },
+        create_attrs: {
+          topic_id: topic.id,
+          config: {
+            "worktree_id" => worktree_id,
+            "preview_url" => preview_url,
+            "preview_state" => "running",
+            "label" => label
+          }.compact
+        },
+        on_reactivate: refresh_config,
+        on_noop: refresh_config
+      )
+
+      # Mirror PR-channel UX: only the first attach (and a true reactivation
+      # from stopped/dismissed) announces in the topic. Subsequent idempotent
+      # attaches stay silent so frequent restarts do not spam the timeline.
+      if status == :created || status == :reactivated
+        channel.inject_into_topic!(channel.attached_message)
+      end
+
+      {
+        ok: true,
+        channel_id: channel.id,
+        worktree_id: worktree_id,
+        preview_url: preview_url,
+        status: status
+      }
+    end
+
+    private
+
+    ALLOWED_PREVIEW_URL_SCHEMES = %w[http https].freeze
+    private_constant :ALLOWED_PREVIEW_URL_SCHEMES
+
+    # The preview_url is rendered directly as the chip's <a href> via ERB,
+    # which escapes quotes but does NOT reject dangerous URL schemes. Without
+    # this gate a write-capable MCP caller could persist `javascript:...` or
+    # `data:...` and turn the chip into a one-click XSS for any topic viewer.
+    sig { params(preview_url: String).void }
+    def validate_preview_url!(preview_url)
+      uri = URI.parse(preview_url)
+      unless ALLOWED_PREVIEW_URL_SCHEMES.include?(uri.scheme&.downcase)
+        raise ArgumentError, "preview_url must be http(s); got: #{preview_url.inspect}"
+      end
+      raise ArgumentError, "preview_url must include a host" if uri.host.to_s.empty?
+    rescue URI::InvalidURIError
+      raise ArgumentError, "preview_url is not a valid URI: #{preview_url.inspect}"
+    end
+
+    # config is JSON, so worktree_id matching is a Ruby-side scan over the
+    # topic's preview channels. With only a handful of previews per topic in
+    # practice this is fine and avoids JSON operator divergence between
+    # Postgres (config->>'worktree_id') and SQLite (json_extract).
+    sig { params(topic: Collavre::Topic, worktree_id: String).returns(T.nilable(Collavre::PreviewChannel)) }
+    def lookup_channel(topic, worktree_id)
+      Collavre::PreviewChannel.where(topic_id: topic.id).find do |c|
+        c.worktree_id.to_s == worktree_id.to_s
+      end
+    end
+  end
+end
+end

data/app/services/collavre/tools/preview_detach_service.rb

@@ -0,0 +1,61 @@
+module Collavre
+require "sorbet-runtime"
+require "rails_mcp_engine"
+module Tools
+  # Mark a previously-attached preview as stopped. AI Agents call this
+  # immediately before killing the preview server (per the worktree cleanup
+  # workflow) so the chip flips to the "stopped" badge with reduced opacity.
+  # The chip stays visible until the user dismisses it with the X button —
+  # mirrors the PR-channel post-close UX where the closed badge persists for
+  # context.
+  class PreviewDetachService
+    extend T::Sig
+    extend ToolMeta
+
+    tool_name "preview_detach"
+    tool_description <<~DESC.strip
+      Mark a development preview as stopped. The chip stays visible with a
+      stopped badge until the user dismisses it. Idempotent — calling on an
+      already-stopped or missing channel returns ok with status :noop.
+    DESC
+
+    tool_param :topic_id, description: "The Collavre topic id the preview was attached to."
+    tool_param :worktree_id, description: "The worktree_id used when the preview was attached."
+
+    sig do
+      params(
+        topic_id: Integer,
+        worktree_id: String
+      ).returns(T::Hash[Symbol, T.untyped])
+    end
+    def call(topic_id:, worktree_id:)
+      topic = Collavre::Topic.find(topic_id)
+      Collavre::Tools::TopicAuthorizer.authorize_write!(topic)
+
+      channel = lookup_channel(topic, worktree_id)
+      return { ok: true, status: :noop, worktree_id: worktree_id } if channel.nil?
+
+      status =
+        if channel.preview_state == "stopped" && channel.detached?
+          :noop
+        else
+          channel.preview_state = "stopped"
+          channel.state = :detached unless channel.detached?
+          channel.save!
+          :stopped
+        end
+
+      { ok: true, channel_id: channel.id, worktree_id: worktree_id, status: status }
+    end
+
+    private
+
+    sig { params(topic: Collavre::Topic, worktree_id: String).returns(T.nilable(Collavre::PreviewChannel)) }
+    def lookup_channel(topic, worktree_id)
+      Collavre::PreviewChannel.where(topic_id: topic.id).find do |c|
+        c.worktree_id.to_s == worktree_id.to_s
+      end
+    end
+  end
+end
+end

data/app/services/collavre/tools/topic_authorizer.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Collavre
+  module Tools
+    # Topic write authorization for MCP tool services. Mirrors
+    # CreativePermissionGuard#require_creative_write! but is callable outside a
+    # controller request. Attaching a channel injects external messages into a
+    # topic, so it is a write-equivalent mutation — restrict to users with
+    # write permission on the topic's effective_origin creative.
+    module TopicAuthorizer
+      module_function
+
+      def authorize_write!(topic, user: Collavre::Current.user)
+        creative = topic.creative&.effective_origin
+        raise ArgumentError, "Topic has no creative" unless creative
+        return if creative.user == user
+        return if user && creative.has_permission?(user, :write)
+
+        raise Collavre::Tools::PermissionDeniedError,
+          "No write permission on topic #{topic.id}"
+      end
+    end
+  end
+end

data/app/services/collavre/topic_branch_service.rb

@@ -4,16 +4,23 @@ module Collavre
 
     MAX_BRANCH_COMMENTS = 100
 
-    def initialize(creative:, user:, source_topic:)
+    def initialize(creative:, user:, source_topic:, name: nil)
       @creative = creative
       @user = user
       @source_topic = source_topic
+      @name = name
     end
 
     # Creates a new topic with copies of the selected comments.
     # Returns the new Topic.
-    def call(comment_ids:)
-      comment_ids = Array(comment_ids).map(&:presence).compact.map(&:to_i).first(MAX_BRANCH_COMMENTS)
+    # enforce_limit: false bypasses MAX_BRANCH_COMMENTS for system-initiated
+    # full-history copies (e.g. Drop Trigger) where the UI's selection cap
+    # does not apply.
+    # auto_select: false omits user_id from the topic-created broadcast so
+    # background/system branches do not hijack the owner's current selection.
+    def call(comment_ids:, enforce_limit: true, auto_select: true)
+      comment_ids = Array(comment_ids).map(&:presence).compact.map(&:to_i)
+      comment_ids = comment_ids.first(MAX_BRANCH_COMMENTS) if enforce_limit
       raise BranchError, I18n.t("collavre.comments.branch.no_selection") if comment_ids.empty?
 
       validate_permissions!
@@ -24,14 +31,14 @@ module Collavre
         copy_comments(originals)
       end
 
-      broadcast_topic_created
+      broadcast_topic_created(auto_select: auto_select)
 
       @new_topic
     end
 
     private
 
-    attr_reader :creative, :user, :source_topic
+    attr_reader :creative, :user, :source_topic, :name
 
     def validate_permissions!
       unless creative.has_permission?(user, :feedback)
@@ -49,25 +56,28 @@ module Collavre
     end
 
     def create_branch_topic
-      prefix = I18n.t("collavre.topics.branch_prefix")
-      source_name = source_topic&.name || I18n.t("collavre.comments.topic_main", default: "All Messages")
-      name = "#{prefix}:#{source_name}"
-
-      # Ensure uniqueness
-      existing = creative.topics.where("name LIKE ?", "#{Topic.sanitize_sql_like(name)}%").pluck(:name)
-      if existing.include?(name)
-        counter = 2
-        counter += 1 while existing.include?("#{name} #{counter}")
-        name = "#{name} #{counter}"
-      end
+      topic_name = name.presence || default_branch_name
 
       creative.topics.create!(
-        name: name,
+        name: topic_name,
         user: user,
         source_topic_id: source_topic&.id
       )
     end
 
+    def default_branch_name
+      prefix = I18n.t("collavre.topics.branch_prefix")
+      source_name = source_topic&.name || I18n.t("collavre.comments.topic_main", default: "All Messages")
+      candidate = "#{prefix}:#{source_name}"
+
+      existing = creative.topics.where("name LIKE ?", "#{Topic.sanitize_sql_like(candidate)}%").pluck(:name)
+      return candidate unless existing.include?(candidate)
+
+      counter = 2
+      counter += 1 while existing.include?("#{candidate} #{counter}")
+      "#{candidate} #{counter}"
+    end
+
     def copy_comments(originals)
       id_mapping = {}
 
@@ -98,15 +108,13 @@ module Collavre
       end
     end
 
-    def broadcast_topic_created
-      TopicsChannel.broadcast_to(
-        creative,
-        {
-          action: "created",
-          topic: { id: @new_topic.id, name: @new_topic.name, source_topic_id: @new_topic.source_topic_id },
-          user_id: user.id
-        }
-      )
+    def broadcast_topic_created(auto_select: true)
+      payload = {
+        action: "created",
+        topic: { id: @new_topic.id, name: @new_topic.name, source_topic_id: @new_topic.source_topic_id }
+      }
+      payload[:user_id] = user.id if auto_select
+      TopicsChannel.broadcast_to(creative, payload)
     end
   end
 end

data/app/services/collavre/topics/orphaned_cron_notifier.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Collavre
+  module Topics
+    # When a Topic is deleted, find every non-static recurring cron task that
+    # targets that topic (topic_id stored inside the task's arguments JSON) and
+    # post a system message into the affected creative's Main topic so the user
+    # knows the cron is now orphaned.
+    #
+    # Decision: notify only. The recurring task is intentionally left in place
+    # so the user can decide whether to re-point or cancel it.
+    class OrphanedCronNotifier
+      include Collavre::Crons::RecurringTaskArguments
+
+      def initialize(topic_id:, topic_name:)
+        @topic_id = topic_id
+        @topic_name = topic_name
+      end
+
+      def call
+        return if @topic_id.blank?
+
+        matching_tasks.each do |task, args|
+          notify_for(task, args)
+        end
+      end
+
+      private
+
+      def matching_tasks
+        SolidQueue::RecurringTask.where(static: false).filter_map do |task|
+          args = parse_arguments(task)
+          target = args["topic_id"]
+          next if target.blank?
+          next unless target.to_i == @topic_id.to_i
+
+          [ task, args ]
+        end
+      end
+
+      def notify_for(task, args)
+        creative_id = args["creative_id"] || parse_creative_id_from_key(task.key)
+        creative = Creative.find_by(id: creative_id)
+        return unless creative
+
+        # The recurring task stores the original (possibly linked/child) creative
+        # id, but Comment#use_origin_creative rewrites the comment to the origin.
+        # Post to the origin's Main topic so the notice stays on the origin and
+        # is reachable from normal topic navigation (matches CronCreateService).
+        main_topic = creative.effective_origin.main_topic
+        return unless main_topic
+
+        Comment.create!(
+          creative: creative,
+          topic_id: main_topic.id,
+          user: nil, # System message
+          skip_default_user: true, # keep user nil even when a deleter is Current.user; don't trigger AI orchestration
+          content: I18n.t(
+            "collavre.topics.orphaned_cron_notice",
+            topic_name: @topic_name,
+            cron_key: task.key,
+            message: args["message"]
+          )
+        )
+      end
+    end
+  end
+end

data/app/views/admin/shared/_tabs.html.erb

@@ -3,4 +3,5 @@
   <%= link_to t('admin.tabs.uiux'), collavre.admin_uiux_path, class: "tab-button #{'active' if controller_name == 'settings' && action_name == 'uiux'}" %>
   <%= link_to t('admin.tabs.users'), collavre.users_path, class: "tab-button #{'active' if controller_name == 'users'}" %>
   <%= link_to t('admin.tabs.orchestration'), collavre.admin_orchestration_path, class: "tab-button #{'active' if controller_name == 'orchestration'}" %>
+  <%= link_to t('collavre.admin.integrations.tab_label'), collavre.admin_integrations_path, class: "tab-button #{'active' if controller_name == 'integrations'}" %>
 </div>

data/app/views/collavre/admin/integrations/_category.html.erb

@@ -0,0 +1,22 @@
+<div style="margin-top: 2em; border-top: 1px solid var(--color-border); padding-top: 1.5em;">
+  <h3 style="font-size: 1.1em; margin-bottom: 1em;">
+    <%= t("collavre.admin.integrations.category.#{category}", default: category.to_s.humanize) %>
+  </h3>
+
+  <div class="table-scroll">
+    <table class="settings-table" style="width: 100%; min-width: 640px; border-collapse: collapse; table-layout: fixed;">
+      <thead>
+        <tr>
+          <th style="text-align: left; padding: 0.5em; width: 30%;"><%= t("collavre.admin.integrations.headers.key") %></th>
+          <th style="text-align: left; padding: 0.5em; width: 50%;"><%= t("collavre.admin.integrations.headers.value") %></th>
+          <th style="text-align: left; padding: 0.5em; width: 20%;"><%= t("collavre.admin.integrations.headers.actions") %></th>
+        </tr>
+      </thead>
+      <tbody>
+        <% rows.each do |row| %>
+          <%= render partial: "setting_row", locals: { row: row, bulk_form_id: bulk_form_id } %>
+        <% end %>
+      </tbody>
+    </table>
+  </div>
+</div>

data/app/views/collavre/admin/integrations/_setting_row.html.erb

@@ -0,0 +1,70 @@
+<% definition = row[:definition] %>
+<% key_str = definition.key.to_s %>
+<%
+  source_bg, source_fg = case row[:source]
+    when :db      then ["var(--color-success)", "var(--text-on-badge)"]
+    when :env     then ["var(--color-warning)", "var(--text-on-badge)"]
+    else               ["var(--surface-btn)",   "var(--text-on-btn)"]
+  end
+  current_display = row[:present] ? row[:display_value].to_s : "—"
+%>
+<% description = t("collavre.admin.integrations.descriptions.#{key_str}", default: "") %>
+<tr style="border-top: 1px solid var(--color-border);">
+  <td style="padding: 0.5em; vertical-align: top; word-break: break-word; overflow-wrap: anywhere;">
+    <code style="word-break: break-all; overflow-wrap: anywhere;"><%= key_str %></code>
+    <% if definition.requires_restart %>
+      <span class="badge badge-warning" style="display: inline-block; margin-left: 0.5em; padding: 0.1em 0.5em; font-size: 0.75em; background: var(--color-warning); color: var(--text-on-badge); border-radius: 3px;">
+        <%= t("collavre.admin.integrations.restart_required") %>
+      </span>
+    <% end %>
+    <% if description.present? %>
+      <div style="font-size: 0.85em; color: var(--color-text); margin-top: 0.4em; line-height: 1.4;">
+        <%= simple_format(description) %>
+      </div>
+    <% end %>
+    <div style="font-size: 0.8em; color: var(--color-muted); margin-top: 0.25em;">
+      <%= t("collavre.admin.integrations.env_var_label") %>: <code style="word-break: break-all; overflow-wrap: anywhere;"><%= definition.env_var %></code>
+    </div>
+  </td>
+  <td style="padding: 0.5em; vertical-align: top;">
+    <%# Input references the bulk form via HTML5 `form` attribute so the table is not nested inside <form>. %>
+    <%# Placeholder displays the current value (masked for sensitive); empty input keeps the existing value. %>
+    <% if definition.input_type == :textarea %>
+      <%= text_area_tag "integration_setting[#{key_str}]",
+            nil,
+            form: bulk_form_id,
+            placeholder: current_display,
+            autocomplete: "off",
+            rows: 8,
+            style: "width: 100%; font-family: var(--font-mono, monospace); font-size: 0.85em; min-height: 8em;" %>
+    <% else %>
+      <% input_tag = definition.sensitive ? :password_field_tag : :text_field_tag %>
+      <%= send(input_tag,
+            "integration_setting[#{key_str}]",
+            nil,
+            form: bulk_form_id,
+            placeholder: current_display,
+            autocomplete: "off",
+            style: "width: 100%;") %>
+    <% end %>
+    <div style="font-size: 0.8em; margin-top: 0.25em;">
+      <span class="badge badge-source-<%= row[:source] %>" style="display: inline-block; padding: 0.1em 0.5em; font-size: 0.85em; border-radius: 3px; background: <%= source_bg %>; color: <%= source_fg %>;">
+        <%= t("collavre.admin.integrations.source.#{row[:source]}", default: row[:source].to_s.upcase) %>
+      </span>
+      <% if definition.sensitive %>
+        <span style="margin-left: 0.5em; color: var(--color-muted);"><%= t("collavre.admin.integrations.sensitive") %></span>
+      <% end %>
+      <span style="margin-left: 0.5em; color: var(--color-muted);"><%= t("collavre.admin.integrations.placeholder_leave_blank") %></span>
+    </div>
+  </td>
+  <td style="padding: 0.5em; vertical-align: top; white-space: nowrap;">
+    <%= button_to t("collavre.admin.integrations.actions.reset"),
+          collavre.reset_admin_integration_path(key: key_str),
+          method: :delete,
+          form: {
+            style: "display: inline-block;",
+            data: { turbo_confirm: t("collavre.admin.integrations.confirm_reset") }
+          },
+          class: "btn btn-small btn-secondary" %>
+  </td>
+</tr>