@aion0/forge 0.10.39 → 0.10.41

package/lib/chat/protocols/http.ts

@@ -396,6 +396,16 @@ function buildFormBody(spec: string | Record<string, unknown> | undefined, injec
   // the actual key+value choices to per-user instance config without
   // hardcoding them in the manifest. Rows with empty name or value
   // are dropped.
+  //
+  // Values pass through expandAllTokens — Jenkins' inject_params
+  // typically reads cross-connector refs like
+  //   { name: TOKEN_USER,     value: "{connector:gitlab.token_name}" }
+  //   { name: TOKEN_PASSWORD, value: "{connector:gitlab.token}"     }
+  // and we want the runtime gitlab value, not the literal string.
+  // Key gets the same treatment so connectors can template that too.
+  // Rows where either side resolves to empty (or stays an unresolved
+  // {settings|args}.X) get dropped — same guard as the static inject
+  // branch above.
   if (injectFrom) {
     let rows: any = (settings as any)[injectFrom];
     if (typeof rows === 'string') {
@@ -404,9 +414,12 @@ function buildFormBody(spec: string | Record<string, unknown> | undefined, injec
     if (Array.isArray(rows)) {
       for (const row of rows) {
         if (!row || typeof row !== 'object') continue;
-        const k = typeof row.name === 'string' ? row.name.trim() : '';
-        const v = typeof row.value === 'string' ? row.value : (row.value == null ? '' : String(row.value));
+        const rawK = typeof row.name === 'string' ? row.name : '';
+        const rawV = typeof row.value === 'string' ? row.value : (row.value == null ? '' : String(row.value));
+        const k = expandAllTokens(rawK, settings, args).trim();
+        const v = expandAllTokens(rawV, settings, args);
         if (!k || !v) continue;
+        if (/\{(settings|args|connector:)/.test(k) || /\{(settings|args|connector:)/.test(v)) continue;
         obj[k] = v;
       }
     }

package/lib/chat/tool-dispatcher.ts

@@ -19,7 +19,8 @@ import {
   getConnectorEntries,
 } from '../connectors/registry';
 import { expandSettingsTokens } from '../plugins/templates';
-import type { ConnectorEntry, ConnectorTool } from '../connectors/types';
+import { resolveWizardTemplate } from '../connectors/wizard-template';
+import type { ConnectorEntry, ConnectorTool, ConnectorDefinition } from '../connectors/types';
 
 export interface ToolCall {
   id: string;
@@ -39,6 +40,44 @@ export type BuiltinHandler = (input: unknown) => Promise<string>;
 const BUILTINS: Record<string, BuiltinHandler> = {
   get_current_time: async () => new Date().toISOString(),
 
+  // Register an enterprise marketplace key so subsequent connector /
+  // workflow lookups overlay the named tenant's private repo on top of
+  // the public marketplace. The user typically pastes a key string like
+  // `fortinet:github_pat_…` directly into chat — see lib/enterprise.ts for
+  // the two accepted formats. Triggers an immediate sync so the new
+  // source is visible without manual Refresh.
+  add_enterprise_key: async (input) => {
+    const { key } = (input as { key?: string } | undefined) || {};
+    if (!key || typeof key !== 'string' || !key.trim()) {
+      return 'Error: key is required (paste the full enterprise key string).';
+    }
+    const { addEnterpriseKey } = await import('../enterprise');
+    const r = addEnterpriseKey(key.trim());
+    if (!r.ok) return `Could not add key: ${r.reason}`;
+
+    // Best-effort sync — failures here don't undo the key add; user can
+    // hit Refresh in Settings later. Connector first (since enterprise
+    // registry.json lives in the connector cache), then workflow
+    // (re-reads that same cache for recipes/pipelines).
+    const syncDetail: string[] = [];
+    try {
+      const { syncRegistry } = await import('../connectors/sync');
+      const s = await syncRegistry({ refreshInstalled: false });
+      syncDetail.push(`connectors: ${s.ok ? `${s.registry_count} entries` : `failed (${s.error})`}`);
+    } catch (e) {
+      syncDetail.push(`connectors: failed (${(e as Error).message})`);
+    }
+    try {
+      const { syncMarketplace } = await import('../workflow-marketplace');
+      const w = await syncMarketplace();
+      syncDetail.push(`workflows: ${w.ok ? `${w.recipes} recipes + ${w.pipelines} pipelines` : `failed (${w.error})`}`);
+    } catch (e) {
+      syncDetail.push(`workflows: failed (${(e as Error).message})`);
+    }
+
+    return `✓ Added enterprise key for tenant "${r.tenant_id}". Sync: ${syncDetail.join('; ')}. The new source will surface in Settings → Marketplace Providers and in any marketplace listing.`;
+  },
+
   // Trigger a pipeline workflow defined under flows/<name>.yaml. Mirrors
   // the same MCP tool used by Claude Code tasks (forge-mcp-server.ts), but
   // available directly inside the chat agent so users can say "run the
@@ -504,6 +543,17 @@ export const BUILTIN_TOOL_DEFS: BuiltinToolDef[] = [
     description: 'Get the current local time as an ISO 8601 string. Use whenever the user asks about "now" or "today".',
     input_schema: { type: 'object', properties: {} },
   },
+  {
+    name: 'add_enterprise_key',
+    description: 'Register an enterprise marketplace key the user has pasted (e.g. "fortinet:github_pat_…" short form, or "github_pat_…@github.com/owner/forge-enterprise-agent-name" long form). Adds the tenant\'s private repo as a higher-priority marketplace source over public forge-connectors / forge-workflow. Call this when the user says something like "here\'s my enterprise key", "我有 fortinet 的 key 给你", or pastes a string matching either format. Triggers an immediate marketplace sync; the new source becomes visible in Settings → Marketplace Providers and in any marketplace listing. DO NOT invent or hallucinate keys — only call with the exact string the user provided.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        key: { type: 'string', description: 'The enterprise key string verbatim, as pasted by the user.' },
+      },
+      required: ['key'],
+    },
+  },
   {
     name: 'trigger_pipeline',
     description: 'Trigger a Forge pipeline workflow (YAML under flows/). Two-step usage: (1) call with NO args first — returns every workflow + its input schema (which fields are required vs have defaults). (2) call again with workflow=<name> and input={...} passing ONLY required fields and any optional fields the user explicitly specified. NEVER pass invented placeholder values for optional fields with defaults — omit them and the default is used. On success returns JSON: {ok, pipeline_id, workflow, status, terminal, errors?, warning?, hint?}. If the run is still running, follow the hint — call start_watch on get_pipeline_status and STOP polling in this conversation.',
@@ -756,6 +806,80 @@ function buildConnectorPayload(
   };
 }
 
+/**
+ * Walk the active wizard template's `_prompts` and find the one whose
+ * `${key}` is substituted into `<connectorId>.config.<field>`. Returns
+ * the prompt's url + label hint so the chat-side preflight can mirror
+ * the wizard's "click here to create your PAT" UX.
+ *
+ * Returns null when no template / no matching prompt. Best-effort —
+ * the chat error still gives the user enough to act on.
+ */
+function lookupWizardPromptHint(
+  connectorId: string,
+  field: string,
+): { url?: string; url_label?: string; prompt_label?: string } | null {
+  const resolved = resolveWizardTemplate();
+  if (!resolved) return null;
+  const tmpl = resolved.template as any;
+  if (!tmpl || typeof tmpl !== 'object') return null;
+  const connectorBlock = tmpl[connectorId];
+  const rawVal = connectorBlock?.config?.[field];
+  if (typeof rawVal !== 'string') return null;
+  const m = rawVal.match(/^\$\{([a-zA-Z0-9_]+)\}$/);
+  if (!m) return null;
+  const promptKey = m[1];
+  const p = tmpl._prompts?.[promptKey];
+  if (!p) return null;
+  return {
+    url: typeof p.url === 'string' ? p.url : undefined,
+    url_label: typeof p.url_label === 'string' ? p.url_label : undefined,
+    prompt_label: typeof p.label === 'string' ? p.label : undefined,
+  };
+}
+
+/**
+ * Check that every `required: true` setting on the connector has a
+ * non-empty value in the user's installed config. Returns a chat-
+ * friendly error string (with PAT-creation URL when the wizard template
+ * declares one) when something's missing, else null.
+ */
+function preflightConnectorSettings(
+  def: ConnectorDefinition,
+  settings: Record<string, any>,
+): string | null {
+  const schema = def.settings || {};
+  const missing: Array<{ key: string; label: string; hint: ReturnType<typeof lookupWizardPromptHint> }> = [];
+  for (const [key, fdef] of Object.entries(schema)) {
+    if (!fdef?.required) continue;
+    const v = settings?.[key];
+    const empty = v == null
+      || (typeof v === 'string' && v.trim() === '')
+      || (Array.isArray(v) && v.length === 0);
+    if (!empty) continue;
+    missing.push({
+      key,
+      label: fdef.label || key,
+      hint: lookupWizardPromptHint(def.id, key),
+    });
+  }
+  if (missing.length === 0) return null;
+
+  const lines = [
+    `${def.name} isn't configured yet — needs ${missing.length === 1 ? '1 field' : `${missing.length} fields`} before tools can run:`,
+    '',
+  ];
+  for (const m of missing) {
+    lines.push(`• ${m.label} (${m.key})`);
+    if (m.hint?.url) {
+      lines.push(`  ${m.hint.url_label || 'Get it here'}: ${m.hint.url}`);
+    }
+  }
+  lines.push('');
+  lines.push(`Then open Settings → Connectors → ${def.name} to paste the values in.`);
+  return lines.join('\n');
+}
+
 // ─── Public entry ─────────────────────────────────────────
 
 export interface DispatchOptions {
@@ -856,6 +980,44 @@ export async function dispatchTool(
     effectiveSettings = { ...located.settings, ...inst };
   }
 
+  // Post-overlay arg defaults — for any tool parameter the LLM omitted,
+  // check effectiveSettings for a `default_<paramName>` field and use
+  // its value. Lets connectors declare instance-level defaults (e.g.
+  // Jenkins `default_job_path = "fortinac-build-7.6-token"`) so users
+  // can say "build fortinac" without spelling out the job path every
+  // time. Strict: only string args, only when missing or blank, only
+  // when the default is non-empty.
+  // Stem-strip param + setting suffixes so default_project_path can fill a
+  // project_id arg (GitLab accepts URL-encoded paths as :id, and the wizard
+  // baked the user's default as `_path`). Exact match wins; stem match is
+  // the safety net.
+  const stem = (n: string) => n.replace(/_(id|path|name|key|slug)$/, '');
+  for (const pname of Object.keys(located.tool.parameters || {})) {
+    const current = argInput[pname];
+    if (current != null && !(typeof current === 'string' && current.trim() === '')) continue;
+    let fallback = (effectiveSettings as any)?.[`default_${pname}`];
+    if (typeof fallback !== 'string' || !fallback.trim()) {
+      const want = stem(pname);
+      for (const k of Object.keys(effectiveSettings || {})) {
+        if (!k.startsWith('default_')) continue;
+        if (stem(k.slice('default_'.length)) !== want) continue;
+        const v = (effectiveSettings as any)[k];
+        if (typeof v === 'string' && v.trim()) { fallback = v; break; }
+      }
+    }
+    if (typeof fallback === 'string' && fallback.trim() !== '') {
+      argInput[pname] = fallback;
+    }
+  }
+
+  // Preflight: any required setting blank? Bail with a wizard-style
+  // error pointing at the credential-creation URL instead of letting
+  // the call HTTP-401 (or browser-script silently misbehave) at the
+  // user. Mirrors the wizard's required-field message verbatim when
+  // a matching ${key} prompt exists.
+  const cfgGap = preflightConnectorSettings(def, effectiveSettings);
+  if (cfgGap) return { content: cfgGap, is_error: true };
+
   try {
     let result: ToolResult;
     switch (protocol) {

package/lib/connectors/registry.ts

@@ -107,12 +107,24 @@ export function getConnectorEntries(def: ConnectorDefinition): ConnectorEntry[]
 
 /**
  * Wire shape of `<dataDir>/connector-configs.json`:
- *   { "<id>": { config, installed_version, enabled } }
+ *   { "<id>": { config, installed_version, enabled, installed_source_id } }
+ *
+ * `installed_source_id` records which marketplace source the on-disk
+ * manifest came from — `public`, `enterprise-<tenant_id>`, or undefined
+ * for install-local / pre-enterprise rows. UI uses it for the source
+ * badge; sync.ts updates it on every refresh so it stays in step with
+ * the priority-winning source.
  */
 interface ConnectorConfigRow {
   config: Record<string, unknown>;
   installed_version: string;
   enabled?: boolean;
+  installed_source_id?: string;
+  /** E3: which department template last wrote this row. Future
+   *  wizard re-runs default the dept picker to this value so a user
+   *  on FortiNAC doesn't get bumped to FortiWeb when they re-open
+   *  the wizard. */
+  installed_dept?: string;
 }
 
 type ConfigStore = Record<string, ConnectorConfigRow>;
@@ -161,6 +173,18 @@ function transformConnectorSecrets(
 
   if (t === 'secret' || t === 'password') {
     if (typeof value !== 'string' || !value) return value;
+    // Template tokens (`{base_url}`, `{connector:gitlab.token}`,
+    // `{user.login}`, `{settings.x}`, `{secret:scope.path}`) are literal
+    // references resolved at request time by expandAllTokens. Encrypting
+    // them would (a) hide the indirection from users browsing their
+    // connector settings, and (b) treat the *resolved* value as
+    // plaintext on decrypt. Skip the encrypt step for any value that
+    // looks like a single token reference (`{[A-Za-z0-9_.:]+}`).
+    // Real PATs / api-tokens never contain `{` or `}`, so the false-
+    // positive risk on a legitimate secret value is zero.
+    if (op === 'encrypt' && /^\{[A-Za-z0-9_.:]+\}$/.test(value.trim())) {
+      return value;
+    }
     if (op === 'encrypt') return isEncrypted(value) ? value : (() => {
       try { return encryptSecret(value); } catch { return value; }
     })();
@@ -241,6 +265,7 @@ function saveStore(store: ConfigStore): void {
       config: encryptedConfig,
       installed_version: row.installed_version,
       enabled: row.enabled !== false,
+      installed_source_id: row.installed_source_id,
     };
   }
   writeFileSync(configsFile(), JSON.stringify(out, null, 2), { mode: 0o600 });
@@ -253,6 +278,14 @@ export interface InstalledConnector {
   config: Record<string, unknown>;
   installed_version: string;
   enabled: boolean;
+  /** Marketplace source that provided the on-disk manifest:
+   *  `public` | `enterprise-<tenant_id>` | undefined for install-local
+   *  or pre-enterprise rows. */
+  installed_source_id?: string;
+  /** E3: department name (matches template `_department_name`) the
+   *  row was last applied under. Used by the wizard to default the
+   *  dept picker to whatever the user last chose. */
+  installed_dept?: string;
 }
 
 export function isInstalled(id: string): boolean {
@@ -287,6 +320,8 @@ export function listInstalledConnectors(): InstalledConnector[] {
       config: row.config || {},
       installed_version: row.installed_version || def.version,
       enabled: row.enabled !== false,
+      installed_source_id: row.installed_source_id,
+      installed_dept: row.installed_dept,
     });
   }
   return out;
@@ -302,6 +337,8 @@ export function getInstalledConnector(id: string): InstalledConnector | null {
     config: row.config || {},
     installed_version: row.installed_version || def.version,
     enabled: row.enabled !== false,
+    installed_source_id: row.installed_source_id,
+    installed_dept: row.installed_dept,
   };
 }
 
@@ -309,8 +346,18 @@ export function getInstalledConnector(id: string): InstalledConnector | null {
  * Install (or upgrade) a connector by writing its manifest YAML and
  * recording the version in the config store. Existing user config is
  * preserved across upgrades.
+ *
+ * `opts.source_id` records which marketplace source provided this
+ * manifest. Sync passes the priority-winning source id; install-local
+ * leaves it undefined. Preserves the previous source_id when undefined
+ * is passed so a manual re-install doesn't accidentally orphan the
+ * source tracking.
  */
-export function installConnector(id: string, manifestYaml: string): boolean {
+export function installConnector(
+  id: string,
+  manifestYaml: string,
+  opts: { source_id?: string } = {},
+): boolean {
   const def = parseManifest(manifestYaml);
   if (!def || def.id !== id) return false;
   const dir = join(connectorsDir(), id);
@@ -318,11 +365,12 @@ export function installConnector(id: string, manifestYaml: string): boolean {
   writeFileSync(join(dir, 'manifest.yaml'), manifestYaml, { mode: 0o600 });
 
   const store = loadStore();
-  const prev = store[id]?.config || {};
+  const prev = store[id];
   store[id] = {
-    config: prev,
+    config: prev?.config || {},
     installed_version: def.version,
     enabled: true,
+    installed_source_id: opts.source_id !== undefined ? opts.source_id : prev?.installed_source_id,
   };
   saveStore(store);
   return true;
@@ -371,6 +419,23 @@ export function setConnectorConfig(
     store[id] = { ...row, config };
   }
   saveStore(store);
+  // Creds may have changed — drop any cached probe so the Login Status
+  // panel re-probes on next view. Dynamic import to avoid pulling the
+  // auth subsystem (and its disk I/O) into every registry consumer.
+  import('../auth/login-status').then(m => m.invalidateCachedResult(`connector:${id}`)).catch(() => {});
+  return true;
+}
+
+/** E3: stamp the dept that owns this connector's last applied config.
+ *  Called by applyConnectors when the template carries _department_name.
+ *  Removing the dept = pass undefined; reading is via the underlying
+ *  store row. */
+export function setConnectorDept(id: string, dept: string | undefined): boolean {
+  const store = loadStore();
+  if (!store[id]) return false;
+  if (dept && dept.trim()) store[id].installed_dept = dept.trim();
+  else delete store[id].installed_dept;
+  saveStore(store);
   return true;
 }