venafi-connector-machine 2.2.0 → 2.3.0

package/bundle.mjs

@@ -32887,6 +32887,10 @@ var TEMPLATES = {
       "//      Always normalize through pem.EncodeToMemory() before returning \u2014 even if",
       "//      the source is already PEM \u2014 to guarantee trailing newline and line wrapping.",
       '//   5. discoveryPage: null in the response signals "done" to the platform.',
+      '//   6. Each DiscoveredCertificate MUST include an "installations" array with at least',
+      "//      one entry containing hostname, ipAddress, and port. Without this field, the",
+      "//      platform silently discards discovered certificates \u2014 no error, discovery shows",
+      '//      as "complete" but no certificates appear in the UI.',
       "",
       "package discovery",
       "",
@@ -32935,10 +32939,22 @@ var TEMPLATES = {
       "",
       "// DiscoveredCertificate represents a single certificate found during discovery.",
       "// CRITICAL: Use VALUE types (not pointers) \u2014 pointers serialize to null which the platform rejects.",
+      "// CRITICAL: The Installations field is REQUIRED \u2014 without it, the platform silently discards",
+      '// the certificate. Discovery will show as "complete" but no certs appear in the UI.',
       "type DiscoveredCertificate struct {",
       '	Certificate       string            `json:"certificate"`       // PEM string (use pem.EncodeToMemory)',
       '	CertificateChain  []string          `json:"certificateChain"`  // PEM strings, initialize with make()',
       '	MachineIdentities []MachineIdentity `json:"machineIdentities"` // VALUE type slice, initialize with make()',
+      '	Installations     []Installation    `json:"installations"`     // REQUIRED \u2014 at least one entry',
+      "}",
+      "",
+      "// Installation identifies where the certificate was found (host + port).",
+      "// CRITICAL: At least one Installation is required per DiscoveredCertificate.",
+      "// Without this field, the platform silently drops the certificate from results.",
+      "type Installation struct {",
+      '	Hostname  string `json:"hostname"`',
+      '	IPAddress string `json:"ipAddress"`',
+      '	Port      int    `json:"port"`',
       "}",
       "",
       "// MachineIdentity represents a certificate usage found during discovery.",
@@ -32972,6 +32988,11 @@ var TEMPLATES = {
       '//         Keystore: domain.Keystore{CertificateName: "my-cert"},',
       '//         Binding:  domain.Binding{BindingType: "unbound"},  // never empty',
       "//     }},",
+      "//     Installations: []Installation{{",
+      "//         Hostname:  connection.HostnameOrAddress,",
+      "//         IPAddress: connection.HostnameOrAddress,",
+      "//         Port:      connection.Port,",
+      "//     }},  // REQUIRED \u2014 without this, certs are silently dropped",
       "// })",
       "//",
       "// return c.JSON(http.StatusOK, DiscoverCertificatesResponse{",
@@ -33902,6 +33923,12 @@ ${LESSONS_LEARNED}
 24. **Certificate chain ordering is undocumented** \u2014 Venafi Cloud sends the chain array but the ordering guarantee is not documented. Pass through in received order and note this assumption. Targets with strict ordering requirements may need issuer/subject-based re-sorting
 25. **REST API discovery: convert base64 DER to PEM** \u2014 when a target API returns certs as base64-encoded DER, you MUST convert to PEM for the discovery response (\`base64.Decode \u2192 pem.EncodeToMemory\`). Validate with \`strings.HasPrefix(cert, "-----BEGIN CERTIFICATE-----")\`
 26. **Default binding must be assigned BEFORE discovery type filtering** \u2014 if "unbound" (or any fallback binding) is assigned after the filter runs, unbound certs are silently dropped. Always: find bindings \u2192 assign default if empty \u2192 then filter
+27. **Discovery messages MUST include an \`installations\` array** \u2014 each DiscoveredCertificate must have at least one entry with hostname, ipAddress, and port. Without this field, the platform silently discards the certificate \u2014 discovery shows "complete" but no certs appear in the UI. This is the most common cause of "discovery works but nothing shows up"
+28. **Connection reset after cert import = SUCCESS** \u2014 some targets restart their web gateway or management interface after a certificate is installed, causing connection resets, timeouts, or HTTP errors. These MUST be caught and treated as success, not failure. Add a short retry/delay if you need to verify the install afterward
+29. **Idempotent install detection** \u2014 HTTP 409 or response body containing "already exists" / "identical" during cert import should be treated as success, not error. The certificate was already installed (e.g., from a previous attempt that reported a connection error)
+30. **Error messages must attribute the component** \u2014 prefix all errors so users can identify which system caused the failure: \`"Target API error: ..."\` (target returned an error), \`"Target connection error: ..."\` (cannot reach target), \`"Connector error: ..."\` (invalid request or internal processing error). This saves significant support/debugging time
+31. **Binding is optional in the manifest** \u2014 if your target has no binding concept (single-cert targets), you can omit binding from the domainSchema. However, if binding was ever defined and machines exist with binding data, you MUST keep at least \`{"properties": {}, "type": "object"}\` or the Venafi UI will crash when editing those machines. \`x-primaryKey\` is optional on binding when it has no properties, but always required on keystore
+32. **Dropdowns use \`oneOf\` with \`const\`, not \`enum\`** \u2014 the correct manifest pattern for dropdown fields is \`"oneOf": [{"const": "value", "x-labelLocalizationKey": "field.value"}]\`. Using \`enum\` alone does not render labels in the UI
 `;
 }
 function getRESTClientPattern(args) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "venafi-connector-machine",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "description": "MCP server providing machine connector-specific knowledge, templates, and tools for building Venafi machine connectors",
   "main": "bundle.mjs",
   "type": "module",