fix: there were multiple bugs after reviewing like secret mapping ,env fixed them.

Signed-off-by: Krishna Mohan <krishanmohank974@gmail.com>

Author: krishna9358

backend/.env.docker

@@ -33,7 +33,7 @@ LOG_KAFKA_BROKERS="redpanda:9092"
 
 
 # GitHub template repository configuration
-GITHUB_TEMPLATE_REPO=krishna9358/workflow-templates
+GITHUB_TEMPLATE_REPO=shipsecai/workflow-templates
 GITHUB_TEMPLATE_BRANCH=main
 # Optional: GitHub personal access token for higher rate limits (60/hr → 5000/hr)
 GITHUB_TEMPLATE_TOKEN=

backend/src/config/env.schema.ts

@@ -79,7 +79,7 @@ export const backendEnvSchema = z
     GITHUB_TEMPLATE_REPO: z
       .string()
       .optional()
-      .default('krishna9358/workflow-templates')
+      .default('shipsecai/workflow-templates')
       .refine((v) => v.includes('/'), {
         message: 'GITHUB_TEMPLATE_REPO must be in owner/repo format',
       }),

backend/src/templates/ARCHITECTURE.md

@@ -405,9 +405,9 @@ curl -X POST -H "Authorization: Bearer {admin_token}" \
 
 ### Required Variables
 
-| Variable               | Description                                   | Example                          |
-| ---------------------- | --------------------------------------------- | -------------------------------- |
-| `GITHUB_TEMPLATE_REPO` | Public GitHub repository containing templates | `krishna9358/workflow-templates` |
+| Variable               | Description                                   | Example                        |
+| ---------------------- | --------------------------------------------- | ------------------------------ |
+| `GITHUB_TEMPLATE_REPO` | Public GitHub repository containing templates | `shipsecai/workflow-templates` |
 
 ### Optional Variables
 
@@ -421,7 +421,7 @@ curl -X POST -H "Authorization: Bearer {admin_token}" \
 # .env or .env.docker
 
 # GitHub template repository (must be public)
-GITHUB_TEMPLATE_REPO=krishna9358/workflow-templates
+GITHUB_TEMPLATE_REPO=shipsecai/workflow-templates
 GITHUB_TEMPLATE_BRANCH=main
 ```
 
@@ -705,7 +705,7 @@ Common validation failures:
 
 ### Templates Not Showing
 
-1. **Check `GITHUB_TEMPLATE_REPO`** in `.env` -- must match your actual public repo (e.g., `krishna9358/workflow-templates`)
+1. **Check `GITHUB_TEMPLATE_REPO`** in `.env` -- must match your actual public repo (e.g., `shipsecai/workflow-templates`)
 2. **Ensure the repo is public** -- the sync uses unauthenticated GitHub API calls
 3. Check branch name in `GITHUB_TEMPLATE_BRANCH`
 4. Review backend logs for sync errors (look for `GitHubSyncService` messages)

backend/src/templates/github-sync.service.ts

@@ -87,15 +87,15 @@ export class GitHubSyncService implements OnModuleInit, OnModuleDestroy {
       `GitHub API auth: ${hasToken ? 'token configured (5000 req/hr)' : 'unauthenticated (60 req/hr)'}`,
     );
     this.logger.log('Starting automatic template sync...');
-    try {
-      const result = await this.syncTemplates();
-      this.logger.log(
-        `Startup sync complete: ${result.synced.length} synced, ${result.failed.length} failed`,
-      );
-    } catch (err) {
-      this.logger.error('Startup sync failed', err);
-      // Don't throw - allow the application to start even if sync fails
-    }
+    this.syncTemplates()
+      .then((result) => {
+        this.logger.log(
+          `Startup sync complete: ${result.synced.length} synced, ${result.failed.length} failed`,
+        );
+      })
+      .catch((err) => {
+        this.logger.error('Startup sync failed', err);
+      });
 
     // Schedule recurring sync every 30 minutes
     this.syncInterval = setInterval(() => {
@@ -150,7 +150,7 @@ export class GitHubSyncService implements OnModuleInit, OnModuleDestroy {
   private getRepoConfig(): { owner: string; repo: string; branch: string } {
     const repo = this.configService.get<string>(
       'GITHUB_TEMPLATE_REPO',
-      'krishna9358/workflow-templates',
+      'shipsecai/workflow-templates',
     );
     const branch = this.configService.get<string>('GITHUB_TEMPLATE_BRANCH', 'main');
     const [owner, repoName] = repo.split('/');
@@ -176,7 +176,7 @@ export class GitHubSyncService implements OnModuleInit, OnModuleDestroy {
       headers['If-None-Match'] = cached.etag;
     }
 
-    const response = await fetch(url, { headers });
+    const response = await fetch(url, { headers, signal: AbortSignal.timeout(15_000) });
 
     // 304 Not Modified — use cached data, zero rate limit cost
     if (response.status === 304 && cached) {
@@ -230,7 +230,7 @@ export class GitHubSyncService implements OnModuleInit, OnModuleDestroy {
       headers['If-None-Match'] = cached.etag;
     }
 
-    const response = await fetch(url, { headers });
+    const response = await fetch(url, { headers, signal: AbortSignal.timeout(15_000) });
 
     // 304 Not Modified — use cached content, zero rate limit cost
     if (response.status === 304 && cached) {
@@ -256,7 +256,7 @@ export class GitHubSyncService implements OnModuleInit, OnModuleDestroy {
     if (data.content && data.encoding === 'base64') {
       content = Buffer.from(data.content, 'base64').toString('utf-8');
     } else if (data.download_url) {
-      const dlResponse = await fetch(data.download_url);
+      const dlResponse = await fetch(data.download_url, { signal: AbortSignal.timeout(15_000) });
       content = await dlResponse.text();
     }
 

backend/src/templates/templates.service.ts

@@ -113,7 +113,7 @@ export class TemplateService {
     // 3. Build the workflow graph from the template, overriding the name
     //    Templates may lack node positions (stripped during publish to reduce size)
     //    so we add default positions in a grid layout before schema validation.
-    const graphData: Record<string, unknown> = {
+    let graphData: Record<string, unknown> = {
       ...template.graph,
       name: params.workflowName,
     };
@@ -127,6 +127,14 @@ export class TemplateService {
       });
     }
 
+    if (params.secretMappings && template.requiredSecrets && template.requiredSecrets.length > 0) {
+      graphData = this.applySecretMappings(
+        graphData,
+        params.secretMappings,
+        template.requiredSecrets,
+      );
+    }
+
     // Parse through the WorkflowGraphSchema to ensure it conforms to the
     // expected shape (adds defaults for viewport, config, etc.)
     const workflowGraph = WorkflowGraphSchema.parse(graphData);
@@ -166,4 +174,73 @@ export class TemplateService {
   async getSubmissions(userId: string) {
     return await this.templatesRepository.findSubmissionsByUser(userId);
   }
+
+  private applySecretMappings(
+    graph: Record<string, unknown>,
+    secretMappings: Record<string, string>,
+    requiredSecrets: { name: string; type: string; description?: string; placeholder?: string }[],
+  ): Record<string, unknown> {
+    if (!secretMappings || Object.keys(secretMappings).length === 0) {
+      return graph;
+    }
+
+    const json = JSON.stringify(graph);
+
+    if (requiredSecrets.length === 1 && secretMappings[requiredSecrets[0].name]) {
+      const replaced = json.replace(
+        /\{\{SECRET_PLACEHOLDER\}\}/g,
+        secretMappings[requiredSecrets[0].name],
+      );
+      return JSON.parse(replaced);
+    }
+
+    const result = JSON.parse(json);
+    this.traverseAndApplySecrets(result, secretMappings);
+    return result;
+  }
+
+  private traverseAndApplySecrets(obj: unknown, secretMappings: Record<string, string>): void {
+    if (typeof obj !== 'object' || obj === null) return;
+
+    if (Array.isArray(obj)) {
+      for (const item of obj) {
+        this.traverseAndApplySecrets(item, secretMappings);
+      }
+      return;
+    }
+
+    const record = obj as Record<string, unknown>;
+
+    const secretKeys = ['secretId', 'secret_name', 'secretName', 'secretRef', 'secret_ref'];
+    for (const key of secretKeys) {
+      if (record[key] === '{{SECRET_PLACEHOLDER}}') {
+        const possibleNameKeys = ['label', 'name', 'key', 'displayName'];
+        for (const nameKey of possibleNameKeys) {
+          const nameValue = record[nameKey];
+          if (typeof nameValue === 'string' && secretMappings[nameValue]) {
+            record[key] = secretMappings[nameValue];
+            break;
+          }
+        }
+
+        if (record[key] === '{{SECRET_PLACEHOLDER}}') {
+          const firstAvailable = Object.values(secretMappings)[0];
+          if (firstAvailable) {
+            record[key] = firstAvailable;
+          }
+        }
+      }
+    }
+
+    for (const [key, value] of Object.entries(record)) {
+      if (typeof value === 'string' && value.includes('{{SECRET_PLACEHOLDER}}')) {
+        const firstAvailable = Object.values(secretMappings)[0];
+        if (firstAvailable) {
+          record[key] = value.replace(/\{\{SECRET_PLACEHOLDER\}\}/g, firstAvailable);
+        }
+      } else if (typeof value === 'object' && value !== null) {
+        this.traverseAndApplySecrets(value, secretMappings);
+      }
+    }
+  }
 }

frontend/.env.example

@@ -19,6 +19,10 @@ VITE_PUBLIC_POSTHOG_HOST=
 # VITE_DISABLE_ANALYTICS=true
 
 
+# GitHub Template Library (owner/repo format)
+VITE_GITHUB_TEMPLATE_REPO=shipsecai/workflow-templates
+VITE_GITHUB_TEMPLATE_BRANCH=main
+
 # Logo.dev public key for brand logos
 VITE_LOGO_DEV_PUBLIC_KEY=
 

frontend/src/features/templates/PublishTemplateModal.tsx

@@ -40,9 +40,9 @@ interface PublishTemplateModalProps {
   onSuccess?: () => void;
 }
 
-// Fallback GitHub repository configuration (overridden by backend /templates/repo-info)
-const DEFAULT_GITHUB_TEMPLATE_REPO = 'krishna9358/workflow-templates';
-const DEFAULT_GITHUB_BRANCH = 'main';
+const DEFAULT_GITHUB_TEMPLATE_REPO =
+  import.meta.env.VITE_GITHUB_TEMPLATE_REPO || 'shipsecai/workflow-templates';
+const DEFAULT_GITHUB_BRANCH = import.meta.env.VITE_GITHUB_TEMPLATE_BRANCH || 'main';
 
 const TEMPLATE_CATEGORIES = [
   'Security',
@@ -274,6 +274,7 @@ export function PublishTemplateModal({
   const [success, setSuccess] = useState(false);
   const [generatedTemplateJson, setGeneratedTemplateJson] = useState<string>('');
   const [copied, setCopied] = useState(false);
+  const [repoUrl, setRepoUrl] = useState(`https://github.com/${DEFAULT_GITHUB_TEMPLATE_REPO}`);
 
   const handleSubmit = useCallback(
     async (e: React.FormEvent) => {
@@ -353,8 +354,11 @@ export function PublishTemplateModal({
         } catch {
           [owner, repo] = DEFAULT_GITHUB_TEMPLATE_REPO.split('/');
           branch = DEFAULT_GITHUB_BRANCH;
+          setRepoUrl(`https://github.com/${DEFAULT_GITHUB_TEMPLATE_REPO}`);
         }
 
+        setRepoUrl(`https://github.com/${owner}/${repo}`);
+
         // Generate GitHub URL without content (avoids long URL errors)
         const githubUrl = generateGitHubUrl(owner, repo, branch, filename, name.trim());
 
@@ -405,6 +409,7 @@ export function PublishTemplateModal({
         setSuccess(false);
         setGeneratedTemplateJson('');
         setCopied(false);
+        setRepoUrl(`https://github.com/${DEFAULT_GITHUB_TEMPLATE_REPO}`);
       }, 200);
     }
   };
@@ -492,7 +497,7 @@ export function PublishTemplateModal({
                   before it&apos;s added to the library.
                 </div>
                 <a
-                  href={`https://github.com/${DEFAULT_GITHUB_TEMPLATE_REPO}`}
+                  href={repoUrl}
                   target="_blank"
                   rel="noopener noreferrer"
                   className="text-primary hover:underline flex items-center gap-1"

frontend/src/hooks/queries/useTemplateQueries.ts

@@ -1,9 +1,9 @@
 import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
 import { api } from '@/services/api';
 import { queryKeys } from '@/lib/queryKeys';
-import type { Template, TemplateCategory } from '@/store/templateStore';
+import type { Template, TemplateCategory } from '@/types/templates';
 
-export type { Template, TemplateCategory } from '@/store/templateStore';
+export type { Template, TemplateCategory } from '@/types/templates';
 
 export function useTemplates(filters?: { category?: string; search?: string; tags?: string[] }) {
   return useQuery<Template[]>({

frontend/src/pages/TemplateLibraryPage.tsx

@@ -944,7 +944,10 @@ export function TemplateLibraryPage() {
         <UseTemplateModal
           template={selectedTemplate}
           open={isUseModalOpen}
-          onOpenChange={setIsUseModalOpen}
+          onOpenChange={(open) => {
+            setIsUseModalOpen(open);
+            if (!open) setSelectedTemplate(null);
+          }}
           onSuccess={handleTemplateUseSuccess}
         />
       )}