From a1891117823ad5160fd4b32696dfca29baeee1fd Mon Sep 17 00:00:00 2001 From: Marco Sadjadi Date: Wed, 20 May 2026 17:04:46 +0200 Subject: [PATCH] feat(marketplace): default-on share in wizard + owner unshare anytime MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Goal: maximize template volume without a dark pattern and without leaking data. Wizard Done-page Share panel: - 'Share as template in the marketplace (recommended)' checkbox, default ON, rendered inline in the build-success flow where every user lands. - Honest copy — corrected a draft that claimed 'only abstracted code pattern is shared'. That is false: the FULL generated code becomes publicly viewable on the template detail page (by design, for pre-fork audit). The panel now says: 'Your secrets stay private ... but your generated code becomes publicly viewable so others can audit it before forking. Unshare anytime.' - When checked: inline minimal form — short description (prefilled from the spec), category select, optional per-secret credential hints. One 'Publish to marketplace' click. Not auto-published silently — that would be a consent dark pattern; one visible deliberate click keeps it clean. - Forked servers don't show the panel (re-publishing a fork is an edge case). Owner unshare/reshare: - GET /v1/servers/:id/template — owner lookup, drives the Publish tab UI. - PATCH /v1/templates/:slug/visibility { shared } — owner-only toggle between public and hidden. 403 for non-owners, 409 if an admin took it down (owner cannot resurrect an admin takedown). Audit-logged as template.unshare / template.reshare. - Server-detail Publish tab now detects an existing template and shows the shared status (public/hidden/takedown badge), fork count, a marketplace link and an Unshare/Re-share button — instead of the publish form. Why this is safe to default ON: - Secrets are architecturally bound to mcp_servers, never copied into templates. Publish reads tools_schema + generated_code only; the secrets table is never touched. Data leak is structurally impossible, not policy-dependent. - Publish re-scans the generated code for banned patterns AND hardcoded credentials (sovereign-audit hardening) before it can reach the marketplace. - The user sees a visible, pre-ticked checkbox and reads one honest sentence before publishing. Privacy-conscious users untick; everyone else contributes volume. Informed consent, GDPR-clean. Verified end-to-end via API: GET server/:id/template -> null (unpublished) POST /v1/templates -> published, slug share-test-server GET server/:id/template -> status public PATCH visibility {shared:false} -> hidden, drops out of public list PATCH visibility {shared:true} -> public again UI: Publish tab renders the shared-status panel with View + Unshare (screenshot confirmed). Also: hero badge date set to 2026-05-20. Changed 'MCP spec 2025-11-25' to 'updated 2026-05-20' — claiming an MCP spec dated today would be factually wrong (no such spec release exists); 'updated' is accurate and gives the requested fresh date. The real spec date is still cited correctly in /docs. --- apps/api/src/routes/templates.ts | 75 +++++++ .../web/app/(dashboard)/servers/[id]/page.tsx | 93 +++++++++ apps/web/app/(dashboard)/servers/new/page.tsx | 188 ++++++++++++++++++ apps/web/app/(marketing)/page.tsx | 2 +- 4 files changed, 357 insertions(+), 1 deletion(-) diff --git a/apps/api/src/routes/templates.ts b/apps/api/src/routes/templates.ts index 39bfc52..8f4b4e0 100644 --- a/apps/api/src/routes/templates.ts +++ b/apps/api/src/routes/templates.ts @@ -206,6 +206,81 @@ export async function templateRoutes(app: FastifyInstance): Promise { return reply.send({ template }); }); + // ---- "Is this server already published?" (owner lookup, drives the detail-page tab) ---- + app.get('/v1/servers/:id/template', { preHandler: requireAuth }, async (req, reply) => { + const user = req.user!; + const Params = z.object({ id: z.string().uuid() }); + const parsed = Params.safeParse(req.params); + if (!parsed.success) return reply.code(400).send({ error: 'invalid_id' }); + + // Verify the server belongs to the caller's org + const [server] = await db + .select({ id: mcpServers.id }) + .from(mcpServers) + .where(and(eq(mcpServers.id, parsed.data.id), eq(mcpServers.orgId, user.orgId))) + .limit(1); + if (!server) return reply.code(404).send({ error: 'not_found' }); + + const [template] = await db + .select({ + id: templates.id, + slug: templates.slug, + title: templates.title, + status: templates.status, + verified: templates.verified, + forkCount: templates.forkCount, + }) + .from(templates) + .where(eq(templates.sourceServerId, parsed.data.id)) + .orderBy(desc(templates.createdAt)) + .limit(1); + + return reply.send({ template: template ?? null }); + }); + + // ---- Owner visibility toggle (unshare / re-share anytime) ---- + app.patch('/v1/templates/:slug/visibility', { preHandler: requireAuth }, async (req, reply) => { + const user = req.user!; + const Params = z.object({ slug: z.string().regex(SLUG_REGEX) }); + const Body = z.object({ shared: z.boolean() }); + const p = Params.safeParse(req.params); + const b = Body.safeParse(req.body); + if (!p.success || !b.success) return reply.code(400).send({ error: 'invalid_input' }); + + const [template] = await db + .select() + .from(templates) + .where(eq(templates.slug, p.data.slug)) + .limit(1); + if (!template) return reply.code(404).send({ error: 'not_found' }); + + // Only the owner can toggle their own template. Admins use /v1/admin/templates. + if (template.ownerUserId !== user.userId) { + return reply.code(403).send({ error: 'forbidden' }); + } + // A template the admin took down cannot be re-shared by the owner. + if (template.status === 'takedown') { + return reply.code(409).send({ error: 'taken_down', detail: template.takedownReason }); + } + + const nextStatus = b.data.shared ? 'public' : 'hidden'; + await db + .update(templates) + .set({ status: nextStatus, updatedAt: new Date() }) + .where(eq(templates.id, template.id)); + + await audit({ + orgId: user.orgId, + userId: user.userId, + action: b.data.shared ? 'template.reshare' : 'template.unshare', + resourceType: 'template', + resourceId: template.id, + metadata: { slug: template.slug }, + ipAddress: req.ip, + }); + return reply.send({ ok: true, status: nextStatus }); + }); + // ---- Public list with ranking ---- app.get('/v1/templates', async (req, reply) => { const Query = z.object({ diff --git a/apps/web/app/(dashboard)/servers/[id]/page.tsx b/apps/web/app/(dashboard)/servers/[id]/page.tsx index a26fb02..b83ed5d 100644 --- a/apps/web/app/(dashboard)/servers/[id]/page.tsx +++ b/apps/web/app/(dashboard)/servers/[id]/page.tsx @@ -295,6 +295,15 @@ interface SecretHint { howToGetUrl: string; } +interface ExistingTemplate { + id: string; + slug: string; + title: string; + status: 'draft' | 'public' | 'hidden' | 'takedown'; + verified: boolean; + forkCount: number; +} + function PublishPanel({ serverId, serverStatus }: { serverId: string; serverStatus: string }) { const [title, setTitle] = useState(''); const [category, setCategory] = useState('other'); @@ -305,6 +314,32 @@ function PublishPanel({ serverId, serverStatus }: { serverId: string; serverStat const [error, setError] = useState(null); const [publishedSlug, setPublishedSlug] = useState(null); + const [existing, setExisting] = useState(undefined); + + async function reloadExisting() { + try { + const r = await apiFetch<{ template: ExistingTemplate | null }>( + `/v1/servers/${serverId}/template`, + ); + setExisting(r.template); + } catch { + setExisting(null); + } + } + + useEffect(() => { + reloadExisting(); + }, [serverId]); + + async function toggleVisibility(shared: boolean) { + if (!existing) return; + await apiFetch(`/v1/templates/${existing.slug}/visibility`, { + method: 'PATCH', + body: JSON.stringify({ shared }), + }); + reloadExisting(); + } + if (serverStatus !== 'live') { return (
@@ -316,6 +351,64 @@ function PublishPanel({ serverId, serverStatus }: { serverId: string; serverStat ); } + // Already published — show shared status + view + unshare/reshare. + if (existing) { + const isTakedown = existing.status === 'takedown'; + const isShared = existing.status === 'public'; + return ( +
+
+

Marketplace

+ + {existing.status} + +
+

+ Published as {existing.slug} ·{' '} + {existing.forkCount} fork{existing.forkCount === 1 ? '' : 's'} + {existing.verified && ' · verified'} +

+ {isTakedown && ( +

+ An admin removed this template from the marketplace. You can't re-share it. +

+ )} +
+ + View in marketplace + + {!isTakedown && isShared && ( + + )} + {!isTakedown && !isShared && ( + + )} +
+
+ ); + } + + if (existing === undefined) { + return
Loading…
; + } + function addHint() { setSecretHints((h) => [...h, { key: '', description: '', howToGetUrl: '' }]); } diff --git a/apps/web/app/(dashboard)/servers/new/page.tsx b/apps/web/app/(dashboard)/servers/new/page.tsx index cf4f375..c7fbf18 100644 --- a/apps/web/app/(dashboard)/servers/new/page.tsx +++ b/apps/web/app/(dashboard)/servers/new/page.tsx @@ -635,6 +635,15 @@ export default function NewServerPage() {
)} + {!forkedTemplateId && ( + + )} +
+
+ + )} + + ); +} + function safeJsonObject(s: string): Record { try { const parsed = JSON.parse(s); diff --git a/apps/web/app/(marketing)/page.tsx b/apps/web/app/(marketing)/page.tsx index 1500f25..edecf6f 100644 --- a/apps/web/app/(marketing)/page.tsx +++ b/apps/web/app/(marketing)/page.tsx @@ -96,7 +96,7 @@ export default function Landing() {
- v0.1 — MCP spec 2025-11-25 + v0.1 — updated 2026-05-20

Describe your tool.