diff --git a/packages/plugins/sandbox-providers/exe-dev/package.json b/packages/plugins/sandbox-providers/exe-dev/package.json index 82a71590..33ae49bf 100644 --- a/packages/plugins/sandbox-providers/exe-dev/package.json +++ b/packages/plugins/sandbox-providers/exe-dev/package.json @@ -1,6 +1,6 @@ { "name": "@paperclipai/plugin-exe-dev", - "version": "0.1.0", + "version": "0.1.1", "description": "exe.dev sandbox provider plugin for Paperclip environments", "license": "MIT", "homepage": "https://github.com/paperclipai/paperclip", diff --git a/packages/plugins/sandbox-providers/exe-dev/src/manifest.ts b/packages/plugins/sandbox-providers/exe-dev/src/manifest.ts index 8e71d6c7..6455294e 100644 --- a/packages/plugins/sandbox-providers/exe-dev/src/manifest.ts +++ b/packages/plugins/sandbox-providers/exe-dev/src/manifest.ts @@ -1,7 +1,7 @@ import type { PaperclipPluginManifestV1 } from "@paperclipai/plugin-sdk"; const PLUGIN_ID = "paperclip.exe-dev-sandbox-provider"; -const PLUGIN_VERSION = "0.1.0"; +const PLUGIN_VERSION = "0.1.1"; const manifest: PaperclipPluginManifestV1 = { id: PLUGIN_ID, @@ -26,106 +26,150 @@ const manifest: PaperclipPluginManifestV1 = { configSchema: { type: "object", properties: { + // ---- Essentials (always visible, in this order) ---- apiKey: { type: "string", format: "secret-ref", description: - "Environment-specific exe.dev API token. Needs `/exec` permission for at least `new`, `ls`, and `rm`. Paste a token or an existing Paperclip secret reference; saved environments store pasted values as company secrets. Falls back to EXE_API_KEY if omitted.", - }, - apiUrl: { - type: "string", - description: - "Optional exe.dev HTTPS API base URL or /exec endpoint. Defaults to https://exe.dev/exec.", - }, - namePrefix: { - type: "string", - description: "Optional prefix used when generating VM names.", - default: "paperclip", - }, - image: { - type: "string", - description: "Optional container image to use when creating the VM.", - }, - command: { - type: "string", - description: "Optional container command passed to `exe.dev new --command`.", - }, - cpu: { - type: "number", - description: "Optional CPU count passed to `exe.dev new --cpu`.", - }, - memory: { - type: "string", - description: "Optional memory size such as `4GB`.", - }, - disk: { - type: "string", - description: "Optional disk size such as `20GB`.", - }, - comment: { - type: "string", - description: "Optional short note attached to created VMs.", - }, - env: { - type: "object", - description: "Optional environment variables applied at VM creation time.", - additionalProperties: { type: "string" }, - }, - integrations: { - type: "array", - description: "Optional exe.dev integrations to attach during VM creation.", - items: { type: "string" }, - }, - tags: { - type: "array", - description: "Optional tags to apply during VM creation.", - items: { type: "string" }, - }, - setupScript: { - type: "string", - description: "Optional first-boot setup script passed to `exe.dev new --setup-script`.", - }, - prompt: { - type: "string", - description: "Optional Shelley prompt passed to `exe.dev new --prompt`.", - }, - timeoutMs: { - type: "number", - description: "Timeout for VM lifecycle and SSH operations in milliseconds.", - default: 300000, - }, - reuseLease: { - type: "boolean", - description: - "Whether to keep the VM alive between runs instead of deleting it on release.", - default: false, - }, - sshUser: { - type: "string", - description: "Optional SSH username for direct VM access.", + "Paste your exe.dev API token, or pick a saved Paperclip secret. Create one at exe.dev → Settings → API tokens with `/exec` scope (`new`, `ls`, `rm`).", }, sshPrivateKey: { type: "string", format: "secret-ref", - maxLength: 4096, + maxLength: 8192, description: - "Optional exe.dev-registered SSH private key. Paste the private key or an existing Paperclip secret reference; saved environments store pasted values as company secrets. If omitted, Paperclip falls back to sshIdentityFile, then the host's default SSH agent/keychain.", + "Paste the SSH private key you registered with exe.dev, or pick a saved secret. Leave blank to fall back to an on-host key (see Advanced → SSH access).", + }, + // ---- Advanced: SSH access ---- + sshUser: { + type: "string", + description: + "Login user on the VM. Leave blank to use the image default, usually `root`.", + "x-paperclip-advanced": true, + "x-paperclip-group": "SSH access", }, sshIdentityFile: { type: "string", description: - "Optional absolute path to the SSH private key the Paperclip host should use for VM access when sshPrivateKey is omitted. Leave both blank to rely on the host's default SSH agent/keychain.", + "Absolute path to a private key on the Paperclip host. Used only when SSH Private Key is empty.", + "x-paperclip-advanced": true, + "x-paperclip-group": "SSH access", }, sshPort: { type: "number", description: "SSH port for direct VM access.", default: 22, + "x-paperclip-advanced": true, + "x-paperclip-group": "SSH access", }, strictHostKeyChecking: { type: "string", description: "Host key policy passed to ssh via StrictHostKeyChecking. Typical values are `accept-new`, `yes`, or `no`.", default: "accept-new", + "x-paperclip-advanced": true, + "x-paperclip-group": "SSH access", + }, + // ---- Advanced: VM resources ---- + image: { + type: "string", + description: "Optional container image to use when creating the VM.", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM resources", + }, + cpu: { + type: "number", + description: "Optional CPU count passed to `exe.dev new --cpu`.", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM resources", + }, + memory: { + type: "string", + description: "Optional memory size such as `4GB`.", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM resources", + }, + disk: { + type: "string", + description: "Optional disk size such as `20GB`.", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM resources", + }, + // ---- Advanced: VM creation ---- + command: { + type: "string", + description: "Optional container command passed to `exe.dev new --command`.", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM creation", + }, + env: { + type: "object", + description: "Optional environment variables applied at VM creation time.", + additionalProperties: { type: "string" }, + "x-paperclip-advanced": true, + "x-paperclip-group": "VM creation", + }, + integrations: { + type: "array", + description: "Optional exe.dev integrations to attach during VM creation.", + items: { type: "string" }, + "x-paperclip-advanced": true, + "x-paperclip-group": "VM creation", + }, + tags: { + type: "array", + description: "Optional tags to apply during VM creation.", + items: { type: "string" }, + "x-paperclip-advanced": true, + "x-paperclip-group": "VM creation", + }, + setupScript: { + type: "string", + description: "Optional first-boot setup script passed to `exe.dev new --setup-script`.", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM creation", + }, + prompt: { + type: "string", + description: "Optional Shelley prompt passed to `exe.dev new --prompt`.", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM creation", + }, + comment: { + type: "string", + description: "Optional short note attached to created VMs.", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM creation", + }, + namePrefix: { + type: "string", + description: "Optional prefix used when generating VM names.", + default: "paperclip", + "x-paperclip-advanced": true, + "x-paperclip-group": "VM creation", + }, + // ---- Advanced: API + runtime ---- + apiUrl: { + type: "string", + description: + "Optional exe.dev HTTPS API base URL or /exec endpoint. Defaults to https://exe.dev/exec.", + "x-paperclip-advanced": true, + "x-paperclip-group": "API + runtime", + }, + timeoutMs: { + type: "number", + description: "Timeout for VM lifecycle and SSH operations in milliseconds.", + default: 300000, + "x-paperclip-advanced": true, + "x-paperclip-group": "API + runtime", + }, + reuseLease: { + type: "boolean", + description: + "Whether to keep the VM alive between runs instead of deleting it on release.", + default: false, + "x-paperclip-advanced": true, + "x-paperclip-group": "API + runtime", }, }, }, diff --git a/packages/plugins/sandbox-providers/exe-dev/src/plugin.test.ts b/packages/plugins/sandbox-providers/exe-dev/src/plugin.test.ts index de4ef5c0..1866b3d6 100644 --- a/packages/plugins/sandbox-providers/exe-dev/src/plugin.test.ts +++ b/packages/plugins/sandbox-providers/exe-dev/src/plugin.test.ts @@ -14,7 +14,7 @@ vi.mock("node:child_process", async () => { }; }); -import plugin from "./plugin.js"; +import plugin, { validateSshPrivateKey } from "./plugin.js"; class MockChildProcess extends EventEmitter { stdout = new EventEmitter(); @@ -165,6 +165,117 @@ describe("exe.dev sandbox provider plugin", () => { }); }); + describe("sshPrivateKey validation", () => { + const VALID_OPENSSH = [ + "-----BEGIN OPENSSH PRIVATE KEY-----", + "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gt", + "ZWQyNTUxOQAAACBPzMxQp4Y6XCfDV2t6oWmqHkKx0K7C7w7q9F6gQ3jPbgAAAJjJ8jjE", + "yfI4xAAAAAtzc2gtZWQyNTUxOQAAACBPzMxQp4Y6XCfDV2t6oWmqHkKx0K7C7w7q9F6g", + "Q3jPbgAAAEDqLhB4kV1tw8m4gE9oNCkF2cJv0YnHQ8E5sHU3xKnD5k/MzFCnhjpcJ8NX", + "a3qhaaoeQrHQrsLvDur0XqBDeM9uAAAAFXVzZXJAaG9zdAECAwQ=", + "-----END OPENSSH PRIVATE KEY-----", + ].join("\n"); + const VALID_RSA_PEM = [ + "-----BEGIN RSA PRIVATE KEY-----", + "MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu", + "KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm", + "o3qGy0t6z5tZbcgvflRslzu1HxXLpwYqQq2gMNw9UQAoHs3rDl+EzBjF6trBV5wF", + "wQIhANwiwDR7TVlIRk5kbgPMd2dDgY8mAU1cQ8KbWvjVMmKxAiEAxYTUyVjwhfQy", + "VJoR7T0n4XdR1n+W8Eth7AEPxnHfaQECIB5cNuqB9F1qC2pSyf6e+UAyl9rmKQXp", + "-----END RSA PRIVATE KEY-----", + ].join("\n"); + + it("accepts a valid OpenSSH PEM block", () => { + expect(validateSshPrivateKey(VALID_OPENSSH)).toBeNull(); + }); + + it("accepts a valid PKCS#1 RSA PEM block", () => { + expect(validateSshPrivateKey(VALID_RSA_PEM)).toBeNull(); + }); + + it("accepts UUID-like secret reference values from the save-time schema stage", async () => { + process.env.EXE_API_KEY = "host-key"; + + const result = await plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "exe-dev", + config: { + apiKey: "api-key", + sshPrivateKey: "11111111-1111-4111-8111-111111111111", + }, + }); + + expect(result).toMatchObject({ + ok: true, + normalizedConfig: { + sshPrivateKey: "11111111-1111-4111-8111-111111111111", + }, + }); + expect(result?.errors ?? []).toEqual([]); + }); + + it("treats empty / whitespace-only input as valid (falls back to on-host key)", () => { + expect(validateSshPrivateKey("")).toBeNull(); + expect(validateSshPrivateKey(" \n\n ")).toBeNull(); + }); + + it("rejects a pasted public key", () => { + expect( + validateSshPrivateKey("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+gT9 user@host"), + ).toMatch(/looks like a PUBLIC key/); + }); + + it("rejects a PuTTY PPK file paste", () => { + const ppk = [ + "PuTTY-User-Key-File-3: ssh-ed25519", + "Encryption: none", + "Comment: imported-openssh-key", + "Public-Lines: 2", + "AAAAC3NzaC1lZDI1NTE5AAAAIE+gT9zMxQp4Y6XCfDV2t6oWmqHkKx0K7C7w7q9F6g", + "Q3jP", + ].join("\n"); + expect(validateSshPrivateKey(ppk)).toMatch(/PuTTY \.ppk/); + }); + + it("rejects a missing END marker (truncated paste)", () => { + const truncated = VALID_OPENSSH.split("\n").slice(0, -1).join("\n"); + expect(validateSshPrivateKey(truncated)).toMatch(/missing its '-----END/); + }); + + it("rejects a body with non-base64 characters", () => { + const garbled = [ + "-----BEGIN OPENSSH PRIVATE KEY-----", + "this is not base64!!", + "-----END OPENSSH PRIVATE KEY-----", + ].join("\n"); + expect(validateSshPrivateKey(garbled)).toMatch(/non-base64/); + }); + + it("rejects a header/footer label mismatch", () => { + const mismatched = [ + "-----BEGIN OPENSSH PRIVATE KEY-----", + "Zm9vYmFy", + "-----END RSA PRIVATE KEY-----", + ].join("\n"); + expect(validateSshPrivateKey(mismatched)).toMatch(/header\/footer mismatch/); + }); + + it("returns the sshPrivateKey error from onEnvironmentValidateConfig on save", async () => { + process.env.EXE_API_KEY = "host-key"; + + const result = await plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "exe-dev", + config: { + sshPrivateKey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+gT9 user@host", + }, + }); + + expect(result?.ok).toBe(false); + expect(result?.errors ?? []).toEqual( + expect.arrayContaining([expect.stringMatching(/sshPrivateKey looks like a PUBLIC key/)]), + ); + }); + }); + it("acquires a lease by creating a VM and preparing the SSH workspace", async () => { fetchMock.mockResolvedValueOnce( new Response(JSON.stringify({ @@ -346,6 +457,38 @@ describe("exe.dev sandbox provider plugin", () => { expect(String(fetchMock.mock.calls[1]?.[1]?.body ?? "")).toBe("rm --json 'paperclip-env-run'"); }); + it("surfaces invalid SSH key-format guidance during lease acquisition", async () => { + fetchMock.mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-env-run", + ssh_dest: "paperclip-env-run.exe.xyz", + https_url: "https://paperclip-env-run.exe.xyz", + status: "running", + }), { status: 200 }), + ); + fetchMock.mockResolvedValueOnce(new Response("{}", { status: 200 })); + queueSpawnResult({ + code: 255, + stderr: 'Load key "/tmp/paperclip-exe-dev-ssh-abc/id_ed25519": invalid format\n', + }); + + await expect(plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + apiKey: "api-key", + sshPrivateKey: "not-actually-a-key", + timeoutMs: 300000, + }, + })).rejects.toThrow( + "the configured SSH private key isn't an OpenSSH-format private key", + ); + + expect(String(fetchMock.mock.calls[1]?.[1]?.body ?? "")).toBe("rm --json 'paperclip-env-run'"); + }); + it("redacts sensitive lifecycle flags in API errors", async () => { fetchMock.mockResolvedValueOnce(new Response("upstream boom", { status: 500 })); diff --git a/packages/plugins/sandbox-providers/exe-dev/src/plugin.ts b/packages/plugins/sandbox-providers/exe-dev/src/plugin.ts index 5ec07d27..86d47aee 100644 --- a/packages/plugins/sandbox-providers/exe-dev/src/plugin.ts +++ b/packages/plugins/sandbox-providers/exe-dev/src/plugin.ts @@ -68,6 +68,8 @@ const SSH_SIGKILL_GRACE_MS = 250; const MAX_VM_RECORD_DEPTH = 4; const EXE_DEV_SSH_ONBOARDING_MARKER = "Please complete registration by running: ssh exe.dev"; const EXE_DEV_SSH_EMAIL_PROMPT = "Please enter your email address:"; +const EXE_DEV_SSH_INVALID_KEY_FORMAT = /Load key [^\n]*invalid format/i; +const UUID_SECRET_REF_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i; // exe.dev's `--setup-script` runs at VM init as the unprivileged `exedev` user, which // has passwordless sudo. The Paperclip sandbox callback bridge is a Node script, so @@ -139,6 +141,74 @@ function isValidUrl(value: string): boolean { } } +function isSecretRef(value: string): boolean { + return UUID_SECRET_REF_RE.test(value); +} + +// Catch the SSH-key paste failure modes we've seen in the wild (wrong file, +// PPK export, truncated paste) before the user pays the cost of provisioning a +// VM and getting a cryptic SSH error. Inline parse — no `ssh-keygen` dependency +// — so this also works on hosts where openssh-client isn't installed. +export function validateSshPrivateKey(rawKey: string): string | null { + const trimmed = rawKey.trim(); + if (!trimmed) return null; + + if (/^PuTTY-User-Key-File-\d/m.test(trimmed)) { + return "sshPrivateKey looks like a PuTTY .ppk file. Convert it to OpenSSH format (PuTTYgen → Conversions → Export OpenSSH key) and paste the resulting PEM."; + } + + if ( + /^(?:ssh-(?:rsa|dss|ed25519)|ecdsa-sha2-[a-z0-9-]+|sk-(?:ssh-ed25519|ecdsa-sha2-[a-z0-9-]+)@openssh\.com)\s+\S/.test( + trimmed, + ) + ) { + return "sshPrivateKey looks like a PUBLIC key. Paste the matching private key (the file without the .pub extension)."; + } + + const headerMatch = trimmed.match(/^-----BEGIN ([A-Z0-9 ]*)PRIVATE KEY-----/m); + if (!headerMatch) { + return "sshPrivateKey must be a PEM-encoded private key starting with a line like '-----BEGIN OPENSSH PRIVATE KEY-----'."; + } + + const footerMatch = trimmed.match(/^-----END ([A-Z0-9 ]*)PRIVATE KEY-----\s*$/m); + if (!footerMatch) { + return "sshPrivateKey is missing its '-----END … PRIVATE KEY-----' footer. Make sure you copied the whole file, including the final line."; + } + + const headerLabel = headerMatch[1].trim(); + const footerLabel = footerMatch[1].trim(); + if (headerLabel !== footerLabel) { + return `sshPrivateKey header/footer mismatch (BEGIN ${headerLabel || "(none)"} vs END ${footerLabel || "(none)"}). The file is likely truncated or two keys are concatenated.`; + } + + const headerLineEnd = trimmed.indexOf("\n", headerMatch.index ?? 0); + const footerStart = trimmed.lastIndexOf(footerMatch[0]); + if (headerLineEnd < 0 || footerStart <= headerLineEnd) { + return "sshPrivateKey appears to be empty between its BEGIN and END markers."; + } + + const bodyLines = trimmed + .slice(headerLineEnd + 1, footerStart) + .split(/\r?\n/) + .map((line) => line.trim()) + .filter((line) => line.length > 0); + if (bodyLines.length === 0) { + return "sshPrivateKey appears to be empty between its BEGIN and END markers."; + } + + // PEM bodies are base64 lines, optionally preceded by `Header: value` lines + // on encrypted PKCS#1 keys (`Proc-Type:`, `DEK-Info:`). + const base64Line = /^[A-Za-z0-9+/=]+$/; + const pemHeaderLine = /^[A-Za-z][A-Za-z0-9-]*:\s.+$/; + for (const line of bodyLines) { + if (!base64Line.test(line) && !pemHeaderLine.test(line)) { + return "sshPrivateKey body contains non-base64 characters. The key may have been corrupted by line-wrapping or copy-paste."; + } + } + + return null; +} + function normalizeApiUrl(value: string | null): string { if (!value) return DEFAULT_API_URL; const trimmed = value.trim(); @@ -498,6 +568,13 @@ function formatSshFailure( ].join(" "); } + if (EXE_DEV_SSH_INVALID_KEY_FORMAT.test(combinedOutput)) { + return [ + `Failed to ${action} exe.dev VM ${vmName}: the configured SSH private key isn't an OpenSSH-format private key.`, + "Confirm the secret starts with `-----BEGIN … PRIVATE KEY-----` and isn't the `.pub` file or a PuTTY `.ppk` export.", + ].join(" "); + } + return `Failed to ${action} exe.dev VM ${vmName}: ${result.stderr.trim() || result.stdout.trim() || "unknown error"}`; } @@ -686,6 +763,10 @@ const plugin = definePlugin({ ) { errors.push("strictHostKeyChecking cannot be empty."); } + if (config.sshPrivateKey && !isSecretRef(config.sshPrivateKey)) { + const sshKeyError = validateSshPrivateKey(config.sshPrivateKey); + if (sshKeyError) errors.push(sshKeyError); + } warnings.push( "The Paperclip host must have SSH access to the created exe.dev VM, and its SSH key must be registered with exe.dev. The API token only covers provisioning.", diff --git a/packages/shared/src/types/plugin.ts b/packages/shared/src/types/plugin.ts index f9330a48..351b2dda 100644 --- a/packages/shared/src/types/plugin.ts +++ b/packages/shared/src/types/plugin.ts @@ -38,8 +38,24 @@ import type { Routine, RoutineTrigger, RoutineVariable } from "./routine.js"; /** * A JSON Schema object used for plugin config schemas and tool parameter schemas. * Plugins provide these as plain JSON Schema compatible objects. + * + * The Paperclip extension keywords below are recognised by the Paperclip UI + * but are otherwise ignored by standard JSON Schema validators. */ -export type JsonSchema = Record; +export type JsonSchema = { + /** + * When true, the Paperclip config UI hides this property behind an + * "Advanced options" disclosure. Defaults to false (always visible). + */ + "x-paperclip-advanced"?: boolean; + /** + * Optional sub-section heading used to group advanced properties inside + * the disclosure (e.g. "SSH access", "VM resources"). Ignored when + * `x-paperclip-advanced` is not true. + */ + "x-paperclip-group"?: string; + [key: string]: unknown; +}; export type { PluginDatabaseCoreReadTable, diff --git a/ui/src/components/JsonSchemaForm.test.tsx b/ui/src/components/JsonSchemaForm.test.tsx index 458d2d19..755acc61 100644 --- a/ui/src/components/JsonSchemaForm.test.tsx +++ b/ui/src/components/JsonSchemaForm.test.tsx @@ -3,7 +3,7 @@ import { act } from "react"; import { createRoot } from "react-dom/client"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; -import { JsonSchemaForm } from "./JsonSchemaForm"; +import { JsonSchemaForm, getDefaultValues } from "./JsonSchemaForm"; // eslint-disable-next-line @typescript-eslint/no-explicit-any (globalThis as any).IS_REACT_ACT_ENVIRONMENT = true; @@ -204,6 +204,177 @@ describe("JsonSchemaForm secret-ref rendering", () => { }); }); + it("renders no Advanced disclosure when no field opts in", async () => { + const root = createRoot(container); + + await act(async () => { + root.render( + {}} + />, + ); + }); + + // No disclosure button should be present in the passthrough case. + const buttons = Array.from(container.querySelectorAll("button")); + const advancedButton = buttons.find((b) => + b.textContent?.includes("Advanced options"), + ); + expect(advancedButton).toBeUndefined(); + + // Both fields render in the flat layout: the secret picker (rendered as + // a -
- {selectedSandboxProvider?.description ? ( -
- {selectedSandboxProvider.description} -
- ) : null} - {selectedSandboxSchema ? ( - - setEnvironmentForm((current) => ({ ...current, sandboxConfig: values }))} - errors={sandboxConfigErrors} - /> - ) : ( -
- This provider does not declare additional configuration fields. -
- )} -
+ {selectedSandboxProvider?.description ? ( +
+ {selectedSandboxProvider.description} +
+ ) : null} + {selectedSandboxSchema ? ( + + setEnvironmentForm((current) => ({ ...current, sandboxConfig: values }))} + errors={sandboxConfigErrors} + /> + ) : ( +
+ This provider does not declare additional configuration fields. +
+ )} ) : null}