feat: Add Template Library (#278)

* feat: Add Template Library functionality

- Add comprehensive template library for workflow templates
- Support publishing workflows as templates with GitHub integration
- Allow users to browse and use existing templates
- Include template submission workflow with pull request generation
- Add frontend UI for template discovery and usage
- Add database schema for templates and submissions
- Implement GitHub template service for fetching templates
- Add workflow sanitization service to remove sensitive data
- Include TypeScript type definitions and error handling

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: Resolve ESLint/Prettier formatting issues in Template Library

- Change Array<T> to T[] in templateStore.ts
- Fix Select component props formatting in TemplateLibraryPage
- Fix Button onClick callback formatting
- Fix fetch call and .json() chaining formatting
- Fix Publish as Template text wrapping in TopBar

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: Resolve ESLint/Prettier formatting issues in backend templates

- Change Array<T> to T[] throughout template files
- Fix import statement formatting
- Fix query chain formatting in repository
- Fix unused variables by prefixing with underscore
- Fix object literal formatting and error logging

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: Temporarily disable Templates module due to Bun+NestJS compatibility issue

The TemplatesModule causes a "function is not a constructor" error when loaded
by NestJS in the Bun runtime. This is a known Bun+NestJS compatibility issue
(see oven-sh/bun#4858).

Changes:
- Added forwardRef for WorkflowsModule import (good practice regardless)
- Added comments documenting the temporary disable
- Removed TemplatesModule from app.module.ts coreModules array

The backend now starts successfully. The template library feature will be
unavailable until this compatibility issue is resolved.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: Refactor Template Library to use GitHub web flow

This commit refactors the Template Library to use GitHub's web flow
for publishing instead of Octokit API, and fixes Bun+NestJS compatibility
issues.

Changes:
- Frontend now generates GitHub URLs directly for template submission
- Added GitHub sync service to fetch templates from repository
- Made template listing endpoints public for browsing
- Fixed Bun+NestJS constructor error by removing duplicate providers
- Replaced RequireWorkflowRole with RolesGuard to avoid module dependencies
- Added better PR creation instructions in the publish modal
- Removed Octokit dependency and token from backend

Users can now:
1. Publish workflows as templates via GitHub PR flow
2. Browse templates from the library (after sync from GitHub)
3. Sync templates from GitHub repo to database via admin endpoint

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: Add GitHub webhook endpoint for automatic template sync

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: Add GITHUB_WEBHOOK_SECRET env var placeholder

This is required for webhook signature verification.

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: Remove dead syncTemplates method from TemplateService

The sync is now handled directly by GitHubSyncService in the
controller. This removes confusing dead code that returned a
"disabled" message.

Also fixes ESLint errors for unused parameters.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: Simplify template sync to startup-only with rate limit handling

- Remove webhook controller and token auth (repo is public)
- Remove periodic sync interval to avoid GitHub rate limit exhaustion
- Add graceful 403 rate limit handling in GitHub API calls
- Fix findAll() query composition bug using and() pattern
- Add tag filtering, ILIKE escaping, and proper sort ordering
- Add ARCHITECTURE.md documenting the template library system

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: Resolve lint and prettier formatting errors in frontend templates

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: Use clipboard instead of URL for template content to avoid GitHub URL length limit

Large workflow graphs were causing "URL is too long" errors on GitHub.
Now copies template JSON to clipboard and instructs user to paste it
in the GitHub editor.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: Fix template sync validation and improve publish UX

Backend: Remove mandatory `manifest` field check - actual templates
only have `_metadata`, `graph`, and `requiredSecrets`. Build manifest
from `_metadata` for DB storage.

Frontend: Strip viewport/position data from graph to reduce URL size.
Embed template content in GitHub URL when it fits (<7.5KB), fall back
to clipboard with paste instructions only for very large templates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: Implement Use Template, fix publish UX, fix card layout

- Implement useTemplate endpoint: creates a real workflow from template
  graph via WorkflowsService, increments popularity counter
- Publish flow: use minified JSON + stripped layout data to always
  embed content in GitHub URL (no clipboard fallback)
- Template cards: fix inconsistent button positioning with flex layout
  so buttons are always pinned to the bottom of each card

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: Fix Use Template redirect, restore JSON formatting, add GitHub token support

- Fix workflowId undefined in redirect by mapping backend response
  (workflow.id → workflowId) in templateStore
- Restore pretty-printed JSON (2-space indent) in publish flow so
  GitHub renders syntax highlighting correctly
- Add optional GITHUB_TEMPLATE_TOKEN env var for authenticated API
  requests (60 → 5000 req/hr) with startup log showing auth status

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: Add ETag conditional requests and fix missing node positions

- Implement ETag-based caching in GitHub sync service: stores ETags
  per URL, sends If-None-Match on subsequent requests, returns cached
  data on 304 Not Modified (zero rate limit cost)
- Fix Use Template 500 error caused by missing node positions: add
  default grid layout positions for nodes that lack them before
  WorkflowGraphSchema validation
- Stop stripping node positions during publish (required by schema),
  only strip viewport which has a schema default
- Sync response now includes unchanged[] and directoryCacheHit stats

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: use clipboard copy-paste for GitHub webflow to avoid long URL errors

Template content is no longer embedded in the GitHub URL params, which
caused browser URL length limit errors for large workflows. Instead,
the code is auto-copied to clipboard and users paste it in the GitHub
editor. A "Copy Template Code" button is shown in the success state
for re-copying.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix(test): mock IsolatedContainerVolume in naabu tests

Tests were failing because IsolatedContainerVolume tried to create
real Docker volumes. Mock the volume class so tests don't require
a running Docker daemon.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: add explanatory note for GitHub PR workflow in publish modal

Clarify that templates are submitted via GitHub pull requests and
that users need to paste the copied code into the GitHub editor.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: add GITHUB_TEMPLATE_* env vars to backend validation schema

Add Zod validation for GITHUB_TEMPLATE_REPO (owner/repo format),
GITHUB_TEMPLATE_BRANCH, and GITHUB_TEMPLATE_TOKEN to catch
misconfiguration at startup instead of silent runtime failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: add workflow preview thumbnails and revamp template library UI

- Add inline SVG workflow graph previews on template cards
- Cursor-based zoom with scroll wheel and transform-origin tracking
- Category-themed gradients, icons, and color-coded badges
- Improved card design with hover animations and better layout
- Better loading skeletons, empty state, and error handling

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: improve workflow preview thumbnails and UI polish

- Card-style nodes with header band, icon, label, subtitle, port dots
- Wider nodes (160px) matching real builder proportions
- Stronger shadows and contrast for dark/light mode visibility
- Add "scroll to zoom" hint on hover
- Indent tag filter row for alignment
- Better edge styling with thicker arrows

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: improve template library UI, add JSONC support, and consolidate navbar actions

- Template cards: display tags and author metadata side by side
- JSONC support: publish templates as .jsonc, backend strips comments
  before parsing, sync accepts both .json and .jsonc files
- GitHub publish flow: pre-fill editor with placeholder comment
- Navbar: consolidate undo/redo/import/export into vertical three-dots
  menu to the right of the Run button

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: redesign template cards with premium marketplace styling

Implements detailed design spec with rounded-2xl cards, theme-specific
preview gradients, author avatars, title case names, marketplace metadata
(stars, secrets, updated time), full-width indigo CTA with arrow animation,
eye preview button with tooltip, and tag overflow tooltip.

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: add automatic GitHub template sync every 30 minutes

Replaces manual-only sync with a recurring setInterval that syncs
templates from GitHub every 30 minutes. ETag caching ensures minimal
API cost when nothing has changed. Cleans up interval on module destroy.

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: use primary color for CTA button and deduplicate category from tags

Switch "Use Template" button from hardcoded indigo to the codebase's
primary color token. Filter out the category name from the tags list
so it doesn't appear redundantly in both the badge and tags row.

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* feat: add template detail modal and move page title to navbar

Add click-to-preview modal on template cards showing large graph,
full title/description, and Use Template CTA. Move page title to
AppTopBar navbar and remove in-page header to match Schedules layout.

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: address code review findings for template library

- Sanitize {{secret:SECRET_ID}} references in publish validation (#1)
- Migrate UseTemplateModal from Zustand to TanStack Query mutation (#2)
- Reset modal state on template/open change to prevent stale data (#3)
- Fetch GitHub repo config dynamically with fallback defaults (#4)
- Use snake_case keys for analytics event properties (#5)

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

* fix: there were multiple bugs after reviewing like secret mapping ,env fixed them.

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

---------

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>

Author: krishna9358

.github/workflows/release.yml

@@ -3,7 +3,7 @@ name: Release
 on:
   push:
     tags:
-      - 'v*.*.*'  # Triggers on tags like v1.0.0, v1.2.3, etc.
+      - 'v*.*.*' # Triggers on tags like v1.0.0, v1.2.3, etc.
   workflow_dispatch:
     inputs:
       version:
@@ -27,7 +27,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0  # Full history for changelog generation
+          fetch-depth: 0 # Full history for changelog generation
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -62,7 +62,7 @@ jobs:
           # Check if this is the latest tag (highest semver)
           CURRENT_TAG="${{ steps.version.outputs.version_clean }}"
           LATEST_TAG=$(git tag -l 'v*.*.*' | sort -V | tail -1 | sed 's/^v//')
-          
+
           if [ "$CURRENT_TAG" = "$LATEST_TAG" ]; then
             echo "is_latest=true" >> $GITHUB_OUTPUT
             echo "This is the latest release"
@@ -81,7 +81,7 @@ jobs:
           # Convert repository owner to lowercase for Docker registry compatibility
           IMAGE_PREFIX_LOWER=$(echo "${{ env.IMAGE_PREFIX }}" | tr '[:upper:]' '[:lower:]')
           VERSION_TAG="${{ env.REGISTRY }}/${IMAGE_PREFIX_LOWER}-backend:${{ steps.version.outputs.version_clean }}"
-          
+
           if [ "${{ steps.is_latest.outputs.is_latest }}" = "true" ]; then
             echo "backend_tags<<EOF" >> $GITHUB_OUTPUT
             echo "$VERSION_TAG" >> $GITHUB_OUTPUT
@@ -166,22 +166,22 @@ jobs:
         run: |
           VERSION="${{ steps.version.outputs.version }}"
           PREVIOUS_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
-          
+
           # Convert repository owner to lowercase for Docker registry compatibility
           IMAGE_PREFIX_LOWER=$(echo "${{ env.IMAGE_PREFIX }}" | tr '[:upper:]' '[:lower:]')
-          
+
           if [ -z "$PREVIOUS_TAG" ]; then
             echo "No previous tag found, generating full changelog"
             CHANGELOG=$(git log --pretty=format:"- %s (%h)" --no-merges)
           else
             echo "Generating changelog from $PREVIOUS_TAG to $VERSION"
             CHANGELOG=$(git log ${PREVIOUS_TAG}..HEAD --pretty=format:"- %s (%h)" --no-merges)
           fi
-          
+
           if [ -z "$CHANGELOG" ]; then
             CHANGELOG="No changes detected"
           fi
-          
+
           {
             echo "## Release $VERSION"
             echo ""
@@ -195,7 +195,7 @@ jobs:
             echo ""
             echo "$CHANGELOG"
           } > CHANGELOG.md
-          
+
           echo "changelog<<EOF" >> $GITHUB_OUTPUT
           cat CHANGELOG.md >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT

backend/.env.docker

@@ -29,4 +29,11 @@ LOKI_USERNAME=""
 LOKI_PASSWORD=""
 
 # Kafka / Redpanda configuration for node I/O, log, and event ingestion (Docker network)
-LOG_KAFKA_BROKERS="redpanda:9092"
+LOG_KAFKA_BROKERS="redpanda:9092"
+
+
+# GitHub template repository configuration
+GITHUB_TEMPLATE_REPO=shipsecai/workflow-templates
+GITHUB_TEMPLATE_BRANCH=main
+# Optional: GitHub personal access token for higher rate limits (60/hr → 5000/hr)
+GITHUB_TEMPLATE_TOKEN=

backend/drizzle/0020_create-templates.sql

@@ -0,0 +1,59 @@
+-- Create templates table
+CREATE TABLE "templates" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"name" varchar(255) NOT NULL,
+	"description" text,
+	"category" varchar(100),
+	"tags" jsonb DEFAULT '[]'::jsonb NOT NULL,
+	"author" varchar(255),
+	"repository" varchar(255) NOT NULL,
+	"path" varchar(500) NOT NULL,
+	"branch" varchar(100) DEFAULT 'main' NOT NULL,
+	"version" varchar(50),
+	"commit_sha" varchar(100),
+	"manifest" jsonb NOT NULL,
+	"graph" jsonb,
+	"required_secrets" jsonb DEFAULT '[]'::jsonb NOT NULL,
+	"popularity" integer DEFAULT 0 NOT NULL,
+	"is_official" boolean DEFAULT false NOT NULL,
+	"is_verified" boolean DEFAULT false NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+-- Create templates_submissions table
+CREATE TABLE "templates_submissions" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"template_name" varchar(255) NOT NULL,
+	"description" text,
+	"category" varchar(100),
+	"repository" varchar(255) NOT NULL,
+	"branch" varchar(100),
+	"path" varchar(500) NOT NULL,
+	"commit_sha" varchar(100),
+	"pr_number" integer,
+	"pr_url" varchar(500),
+	"status" varchar(50) DEFAULT 'pending' NOT NULL,
+	"submitted_by" varchar(191) NOT NULL,
+	"organization_id" varchar(191),
+	"manifest" jsonb,
+	"graph" jsonb,
+	"feedback" text,
+	"reviewed_by" varchar(191),
+	"reviewed_at" timestamp with time zone,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+-- Create indexes for templates
+CREATE INDEX "templates_repository_path_idx" ON "templates" ("repository", "path");
+CREATE INDEX "templates_category_idx" ON "templates" ("category");
+CREATE INDEX "templates_is_active_idx" ON "templates" ("is_active");
+CREATE INDEX "templates_popularity_idx" ON "templates" ("popularity" DESC);
+--> statement-breakpoint
+-- Create indexes for templates_submissions
+CREATE INDEX "templates_submissions_pr_number_idx" ON "templates_submissions" ("pr_number");
+CREATE INDEX "templates_submissions_submitted_by_idx" ON "templates_submissions" ("submitted_by");
+CREATE INDEX "templates_submissions_status_idx" ON "templates_submissions" ("status");
+CREATE INDEX "templates_submissions_organization_id_idx" ON "templates_submissions" ("organization_id");

backend/package.json

@@ -45,6 +45,7 @@
     "bcryptjs": "^3.0.3",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.3",
+    "cookie-parser": "^1.4.7",
     "date-fns": "^4.1.0",
     "dotenv": "^17.2.3",
     "drizzle-orm": "^0.44.7",

backend/src/app.module.ts

@@ -34,6 +34,7 @@ import { WebhooksModule } from './webhooks/webhooks.module';
 import { HumanInputsModule } from './human-inputs/human-inputs.module';
 import { McpServersModule } from './mcp-servers/mcp-servers.module';
 import { McpGroupsModule } from './mcp-groups/mcp-groups.module';
+import { TemplatesModule } from './templates/templates.module';
 
 const coreModules = [
   AgentsModule,
@@ -53,6 +54,7 @@ const coreModules = [
   McpGroupsModule,
   McpModule,
   StudioMcpModule,
+  TemplatesModule,
   AuditModule,
 ];
 

backend/src/config/env.schema.ts

@@ -75,6 +75,17 @@ export const backendEnvSchema = z
     PLATFORM_SERVICE_TOKEN: z.string().optional().default(''),
     PLATFORM_API_TIMEOUT_MS: z.string().optional().default(''),
 
+    // --- GitHub Template Library ---
+    GITHUB_TEMPLATE_REPO: z
+      .string()
+      .optional()
+      .default('shipsecai/workflow-templates')
+      .refine((v) => v.includes('/'), {
+        message: 'GITHUB_TEMPLATE_REPO must be in owner/repo format',
+      }),
+    GITHUB_TEMPLATE_BRANCH: z.string().optional().default('main'),
+    GITHUB_TEMPLATE_TOKEN: z.string().optional(),
+
     // --- Temporal ---
     TEMPORAL_BOOTSTRAP_DEMO: stringToBoolean(false),
   })

backend/src/database/schema/index.ts

@@ -21,3 +21,4 @@ export * from './mcp-servers';
 
 export * from './node-io';
 export * from './organization-settings';
+export * from './templates';

backend/src/database/schema/templates.ts

@@ -0,0 +1,99 @@
+import {
+  pgTable,
+  uuid,
+  varchar,
+  text,
+  timestamp,
+  jsonb,
+  boolean,
+  integer,
+} from 'drizzle-orm/pg-core';
+import { z } from 'zod';
+
+/**
+ * Templates table - stores workflow template metadata
+ * Templates are synced from GitHub repository
+ */
+export const templatesTable = pgTable('templates', {
+  id: uuid('id').primaryKey().defaultRandom(),
+  name: varchar('name', { length: 255 }).notNull(),
+  description: text('description'),
+  category: varchar('category', { length: 100 }),
+  tags: jsonb('tags').$type<string[]>().default([]),
+  author: varchar('author', { length: 255 }),
+  // GitHub repository info
+  repository: varchar('repository', { length: 255 }).notNull(), // e.g., "org/templates"
+  path: varchar('path', { length: 500 }).notNull(), // Path to template in repo
+  branch: varchar('branch', { length: 100 }).default('main'),
+  version: varchar('version', { length: 50 }), // Optional version tag
+  commitSha: varchar('commit_sha', { length: 100 }),
+  // Template content
+  manifest: jsonb('manifest').$type<TemplateManifest>().notNull(),
+  graph: jsonb('graph').$type<Record<string, unknown>>(), // Sanitized workflow graph
+  requiredSecrets: jsonb('required_secrets').$type<RequiredSecret[]>().default([]),
+  // Stats and flags
+  popularity: integer('popularity').notNull().default(0),
+  isOfficial: boolean('is_official').notNull().default(false),
+  isVerified: boolean('is_verified').notNull().default(false),
+  isActive: boolean('is_active').notNull().default(true),
+  // Timestamps
+  createdAt: timestamp('created_at', { withTimezone: true }).defaultNow().notNull(),
+  updatedAt: timestamp('updated_at', { withTimezone: true }).defaultNow().notNull(),
+});
+
+/**
+ * Template submissions table - tracks PR-based template submissions
+ */
+export const templatesSubmissionsTable = pgTable('templates_submissions', {
+  id: uuid('id').primaryKey().defaultRandom(),
+  templateName: varchar('template_name', { length: 255 }).notNull(),
+  description: text('description'),
+  category: varchar('category', { length: 100 }),
+  repository: varchar('repository', { length: 255 }).notNull(),
+  branch: varchar('branch', { length: 100 }),
+  path: varchar('path', { length: 500 }).notNull(),
+  commitSha: varchar('commit_sha', { length: 100 }),
+  pullRequestNumber: integer('pr_number'),
+  pullRequestUrl: varchar('pr_url', { length: 500 }),
+  status: varchar('status', { length: 50 }).notNull().default('pending'), // pending, approved, rejected, merged
+  submittedBy: varchar('submitted_by', { length: 191 }).notNull(),
+  organizationId: varchar('organization_id', { length: 191 }),
+  manifest: jsonb('manifest').$type<TemplateManifest>(),
+  graph: jsonb('graph').$type<Record<string, unknown>>(),
+  feedback: text('feedback'),
+  reviewedBy: varchar('reviewed_by', { length: 191 }),
+  reviewedAt: timestamp('reviewed_at', { withTimezone: true }),
+  createdAt: timestamp('created_at', { withTimezone: true }).defaultNow().notNull(),
+  updatedAt: timestamp('updated_at', { withTimezone: true }).defaultNow().notNull(),
+});
+
+// Zod schemas for validation
+export const RequiredSecretSchema = z.object({
+  name: z.string(),
+  type: z.string(),
+  description: z.string().optional(),
+  placeholder: z.string().optional(),
+});
+
+export const TemplateManifestSchema = z.object({
+  name: z.string(),
+  description: z.string().optional(),
+  version: z.string().optional(),
+  author: z.string().optional(),
+  category: z.string().optional(),
+  tags: z.array(z.string()).optional(),
+  requiredSecrets: z.array(RequiredSecretSchema).optional(),
+  entryPoint: z.string().optional(),
+  screenshots: z.array(z.string()).optional(),
+  documentation: z.string().optional(),
+});
+
+// Type exports
+export type TemplateManifest = z.infer<typeof TemplateManifestSchema>;
+export type RequiredSecret = z.infer<typeof RequiredSecretSchema>;
+
+export type Template = typeof templatesTable.$inferSelect;
+export type NewTemplate = typeof templatesTable.$inferInsert;
+
+export type TemplateSubmission = typeof templatesSubmissionsTable.$inferSelect;
+export type NewTemplateSubmission = typeof templatesSubmissionsTable.$inferInsert;