fix the secrets loader component issue

Signed-off-by: betterclever <[email protected]>

Author: betterclever

backend/src/dsl/validator.ts

@@ -420,22 +420,30 @@ function validateEntryPointConfiguration(
  */
 function isValidSecretId(secretId: string): boolean {
   // Secret IDs should be reasonable-length identifiers, not raw secret values
-  // Reject common patterns that suggest raw API keys or secrets
+  
+  // 1. Explicitly allow UUIDs (common format for internal IDs)
+  const uuidPattern = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  if (uuidPattern.test(secretId)) {
+    return true;
+  }
+
+  // 2. Reject common patterns that suggest raw API keys or secrets
   const suspiciousPatterns = [
     /^AIza[A-Za-z0-9_-]{35}$/, // Google API keys
     /^sk-[A-Za-z0-9]{48}$/, // Stripe keys
-    /^[A-Za-z0-9]{32,}$/, // Generic long alphanumeric strings
     /^ghp_[A-Za-z0-9]{36}$/, // GitHub PATs
     /^xoxb-[0-9]+-[0-9]+-[A-Za-z0-9]{24}$/, // Slack bot tokens
+    /^[A-Za-z0-9]{32,}$/, // Generic long alphanumeric strings (no dashes/underscores)
   ];
 
   // If it matches suspicious patterns, it's probably a raw secret
   if (suspiciousPatterns.some((pattern) => pattern.test(secretId))) {
     return false;
   }
 
-  // Valid secret IDs should be reasonable length and not look like raw secrets
-  return secretId.length >= 3 && secretId.length <= 100 && !/[A-Za-z0-9_-]{30,}/.test(secretId);
+  // Valid secret names should be reasonable length.
+  // We allow names with dashes/underscores even if long, as they are likely identifiers.
+  return secretId.length >= 1 && secretId.length <= 100;
 }
 
 function resolveActionPortSnapshot(

docs/components/core.mdx

@@ -102,7 +102,7 @@ Fetches secrets from the ShipSec-managed secret store.
 
 | Parameter | Type | Description |
 |-----------|------|-------------|
-| `secretId` | Secret | Secret name or UUID |
+| `secretName` | Secret | Secret name or UUID |
 | `version` | Number | Optional version pin |
 | `outputFormat` | Select | `raw` or `json` |
 

frontend/src/components/workflow/ParameterField.tsx

@@ -154,7 +154,7 @@ export function ParameterField({
     }
     if (
       typeof currentValue === 'string' &&
-      secrets.some((secret) => secret.id === currentValue)
+      secrets.some((secret) => secret.id === currentValue || secret.name === currentValue)
     ) {
       return 'select'
     }
@@ -183,11 +183,11 @@ export function ParameterField({
     if (
       secretMode === 'select' &&
       (typeof currentValue !== 'string' ||
-        !secrets.some((secret) => secret.id === currentValue))
+        !secrets.some((secret) => secret.id === currentValue || secret.name === currentValue))
     ) {
       const firstSecret = secrets[0]
       if (firstSecret) {
-        onChange(firstSecret.id)
+        onChange(firstSecret.name)
       }
     }
   }, [parameter.type, secretMode, secrets, currentValue, onChange, isReceivingInput])
@@ -518,12 +518,14 @@ export function ParameterField({
 
     case 'secret': {
       const hasSecrets = secrets.length > 0
-      const selectedSecretId =
-        typeof currentValue === 'string' && secrets.some((secret) => secret.id === currentValue)
-          ? currentValue
-          : ''
+      const activeSecret = secrets.find(
+        (s) => s.id === currentValue || s.name === currentValue
+      )
+
+      const selectedSecretKey = activeSecret?.name ?? ''
+
       const manualValue =
-        typeof currentValue === 'string' && !secrets.some((secret) => secret.id === currentValue)
+        typeof currentValue === 'string' && !activeSecret
           ? currentValue
           : ''
       const disableForGithubConnection =
@@ -547,14 +549,14 @@ export function ParameterField({
             return
           }
           const existing =
-            secrets.find((secret) => secret.id === selectedSecretId) ?? secrets[0]
+            secrets.find((s) => s.id === currentValue || s.name === currentValue) ?? secrets[0]
           setSecretMode('select')
-          updateSecretValue(existing?.id ?? undefined)
+          updateSecretValue(existing?.name ?? undefined)
           return
         }
 
         setSecretMode('manual')
-        if (selectedSecretId) {
+        if (selectedSecretKey) {
           updateSecretValue(undefined)
         }
       }
@@ -626,7 +628,7 @@ export function ParameterField({
 
           {secretMode === 'select' && hasSecrets && (
             <select
-              value={selectedSecretId}
+              value={selectedSecretKey}
               onChange={(e) => {
                 const nextValue = e.target.value
                 updateSecretValue(nextValue === '' ? undefined : nextValue)
@@ -636,7 +638,7 @@ export function ParameterField({
             >
               <option value="">Select a secret…</option>
               {secrets.map((secret) => (
-                <option key={secret.id} value={secret.id}>
+                <option key={secret.id} value={secret.name}>
                   {secret.name}
                 </option>
               ))}
@@ -661,9 +663,9 @@ export function ParameterField({
             />
           )}
 
-          {secretMode === 'select' && selectedSecretId && (
+          {secretMode === 'select' && activeSecret && (
             <p className="text-xs text-muted-foreground">
-              ID: <span className="font-mono">{selectedSecretId}</span>
+              Reference: <span className="font-mono">{activeSecret.name}</span> (ID: {activeSecret.id.substring(0, 8)}...)
             </p>
           )}
 

worker/src/components/core/secret-fetch.ts

@@ -10,7 +10,7 @@ const inputSchema = z.object({
   secretId: z
     .string()
     .min(1, 'Secret identifier is required')
-    .describe('Secret name or UUID from the ShipSec secret store'),
+    .describe('Name or UUID of the secret in the ShipSec store'),
   version: z
     .number()
     .int()
@@ -91,10 +91,10 @@ const definition: ComponentDefinition<Input, Output> = {
     parameters: [
       {
         id: 'secretId',
-        label: 'Secret ID',
+        label: 'Secret Name',
         type: 'secret',
         required: true,
-        description: 'Secret name or UUID from the platform store.',
+        description: 'Name or UUID of the secret from the platform store.',
       },
       {
         id: 'version',