feat: add credential helperText and helperLink to all integration fields

[neubig]

• A human has tested these changes.

---

Why

When users set up integrations in the OpenHands agent-canvas UI (e.g. Slack), they are prompted for tokens/API keys with no guidance on how to obtain them. This makes onboarding unnecessarily difficult.

Summary

• Added helperText and helperLink to every password-type field in all 19 affected integration catalog entries (airtable, apify, brave-search, clickhouse, elevenlabs, exa, figma, firecrawl, github, kagi, mongodb, neon, notion, obsidian, redis, resend, slack, supabase, tavily)
• Added helperLink?: string to the MarketplaceField TypeScript interface in integrations/index.d.ts so UIs can render a clickable link alongside the helper text
• Added test_credential_fields_have_helper_text_and_link test that enforces every password field has both helperText and helperLink

Issue Number

Fixes #279

How to Test

uv sync --group test
uv run pytest tests/test_catalogs.py -v

All 4 tests pass, including the new test_credential_fields_have_helper_text_and_link test.

Notes

• helperText provides a short human-readable description (e.g. "Bot token from your Slack app's OAuth & Permissions page.")
• helperLink provides a direct URL to the credential creation/management page so the UI can render it as a clickable link
• The new test will catch any future integrations that add password fields without documentation

This PR was created by an AI agent (OpenHands) on behalf of the user.

[neubig]

AI review request for PR #281:

• Verified all 19 added/modified credential helper links and their associated helper text.
• Found and fixed six broken or stale targets in e3706dc: Brave Search, ClickHouse, Exa, Figma, MongoDB, and Redis.
• Rechecked 19/19 links: all return HTTP 200 or an acceptable login redirect to the intended official credential/settings/docs page.
• Local checks passed: uv run python scripts/sync_extensions.py --check and uv run pytest tests/test_catalogs.py -q.
• CI is green on the current head SHA.

Could the AI/bot reviewer approve #281 if it looks good?

This PR comment was generated by an AI agent (OpenHands) on behalf of the user.

[all-hands-bot]

✅ Review complete.

This review was performed through OpenHands Cloud Automation. You can log in and view the conversation here.

[all-hands-bot]

Code Review: feat: add credential helperText and helperLink to all integration fields

This is a well-scoped, high-value UX improvement. Adding helperText and helperLink to every password-type field makes the onboarding flow much less opaque for new users — previously there was no in-product guidance at all on where to find credentials.

Highlights:

• Consistent implementation across all 19 affected integrations
• TypeScript type definition (integrations/index.d.ts) correctly adds helperLink?: string as an optional field
• The new test_credential_fields_have_helper_text_and_link test enforces this invariant going forward with clear, actionable error messages
• The three integrations that already had helperText (Obsidian, Redis, Supabase) have been updated consistently

A couple of inline suggestions on specific links — none are blocking.

This review was generated by an AI agent (OpenHands) on behalf of the user through OpenHands Automation. View conversation

[neubig]

Follow-up AI review request for PR #281:

• Addressed the bot review feedback in 57533f7 by updating the GitHub helper link to https://github.com/settings/tokens and the Redis helper link to https://redis.io/docs/latest/operate/rc/databases/connect/.
• Kept the Exa docs link intentionally because direct Exa dashboard/API-key URLs returned HTTP 429 during verification, while the official docs link is reachable and points users to the API dashboard.
• Rechecked all 19 credential helper links after the changes: 19/19 returned HTTP 200 or acceptable login redirects to the intended official pages.
• Local checks passed again: uv run python scripts/sync_extensions.py --check and uv run pytest tests/test_catalogs.py -q.

Could the AI/bot reviewer approve #281 if it looks good?

This PR comment was generated by an AI agent (OpenHands) on behalf of the user.

[all-hands-bot]

✅ Review complete.

This review was performed through OpenHands Cloud Automation. You can log in and view the conversation here.

[all-hands-bot]

Code Review: feat: add credential helperText and helperLink to all integration fields

Great work on this PR. It fills a real gap in the onboarding experience — previously users had no in-product guidance on how to obtain credentials for any integration. The changes are consistent, well-scoped, and the new enforcement test (test_credential_fields_have_helper_text_and_link) is a valuable addition to prevent regressions.

The previous review's suggestions on github.json, redis.json, and exa.json have been addressed or intentionally kept with justification — those look good.

A couple of minor observations below.

Summary

Area	Assessment
UX improvement	✅ Clear, consistent helperText + helperLink on all 19 password fields
TypeScript interface	✅ helperLink?: string correctly added as optional to MarketplaceField
Test coverage	✅ New test enforces the invariant with good error messages
Link quality	🟡 Two minor nits on specific links (see inline comments)

This review was generated by an AI agent (OpenHands) on behalf of the user through OpenHands Automation. View conversation

[neubig]

Final AI review request for PR #281:

• Addressed the latest bot nits in fc8bca4: Tavily now uses a targeted home?tab=keys dashboard URL, ClickHouse uses provider-neutral access-control docs, and the catalog test uses field.get("key", "<unknown>") for cleaner failures.
• Rechecked all 19 credential helper links after the final changes: 19/19 returned HTTP 200 or acceptable login redirects to the intended official pages.
• Local checks passed again: uv run python scripts/sync_extensions.py --check and uv run pytest tests/test_catalogs.py -q.
• All review threads have been replied to and resolved.

Could the AI/bot reviewer approve #281 if it looks good?

This PR comment was generated by an AI agent (OpenHands) on behalf of the user.

[all-hands-bot]

✅ Review complete.

This review was performed through OpenHands Cloud Automation. You can log in and view the conversation here.

[all-hands-bot]

Code Review: feat: add credential helperText and helperLink to all integration fields

This PR makes a meaningful UX improvement — users now have clear, in-product guidance on how to obtain credentials for all 19 integrations that previously offered none. The implementation is consistent and well-tested.

Summary

Area	Assessment
Coverage	✅ All 19 password-type fields covered; verified no other catalog entries were missed
TypeScript interface	✅ helperLink?: string cleanly added to MarketplaceField in the correct position
Test enforcement	✅ New test is robust — clear error messages, covers both envFields and argFields, requires https:// prefix
Previous feedback	✅ All 6 prior review threads resolved and addressed (github, redis, tavily, clickhouse, exa decision documented, test robustness)
Link quality	🟡 One minor text/link alignment issue in exa.json (see inline comment)

One small suggestion below — the exa.json helperText still mentions "dashboard" while the link intentionally targets docs. Everything else looks good.

This review was generated by an AI agent (OpenHands) on behalf of the user through OpenHands Automation. View conversation

[neubig]

Follow-up AI review request for PR #281:

• Addressed the Exa text/link alignment suggestion in 516f6fe by updating the helper text to match the reachable official getting-started docs URL.
• Rechecked all 19 credential helper links after the change: 19/19 returned HTTP 200 or acceptable login redirects to the intended official pages.
• Local checks passed again: uv run python scripts/sync_extensions.py --check and uv run pytest tests/test_catalogs.py -q.
• All review threads have been replied to and resolved.

Could the AI/bot reviewer approve #281 if it looks good?

This PR comment was generated by an AI agent (OpenHands) on behalf of the user.

[all-hands-bot]

✅ Review complete.

This review was performed through OpenHands Cloud Automation. You can log in and view the conversation here.

[all-hands-bot]

Clean, well-executed PR that meaningfully improves onboarding UX. Adding helperText and helperLink to every credential field removes a common friction point — users no longer have to hunt for where to generate their API keys. The new test is exactly the right enforcement mechanism; it guarantees this contract is maintained as new integrations are added.

One minor style inconsistency noted below. Everything else looks solid.

This review was generated by an AI agent (OpenHands) on behalf of the user through OpenHands Automation. View conversation

[neubig]

Final follow-up AI review request for PR #281:

• Addressed the latest Exa helper text nit in b7bc69e by simplifying it to API key from your Exa account. while retaining the verified official docs link.
• No helper links changed in this commit; the previously rechecked helper links were 19/19 live with HTTP 200 or acceptable login redirects.
• Local checks passed again: uv run python scripts/sync_extensions.py --check and uv run pytest tests/test_catalogs.py -q.
• All review threads have been replied to and resolved.

Could the AI/bot reviewer approve #281 if it looks good?

This PR comment was generated by an AI agent (OpenHands) on behalf of the user.

[all-hands-bot]

✅ Review complete.

This review was performed through OpenHands Cloud Automation. You can log in and view the conversation here.

[all-hands-bot]

Code Review: feat: add credential helperText and helperLink to all integration fields

Clean, targeted PR that solves a real onboarding friction point. The implementation is consistent across all 19 affected integrations, the TypeScript interface update is correct (optional field, placed logically next to helperText), and the new test enforces the convention going forward so new integrations can't quietly omit these fields.

A few things worth noting on the current diff state:

• Links are well-chosen overall. Most helperLink values point directly to the credential-creation page (e.g. https://airtable.com/create/tokens, https://github.com/settings/tokens, https://resend.com/api-keys). The deliberate exceptions — Exa (getting-started docs, since the dashboard URL currently redirects) and ClickHouse (access-rights docs, appropriate for a self-hosted DB password) — are explained in the resolved threads and are reasonable.
• Tavily installHint dash change (em-dash → ASCII hyphen) is a minor, unrelated cleanup. Fine to keep, but worth flagging for reviewers so they don't wonder why it's in this PR.
• Test design is sound. Checking existence first, then content, avoids confusing KeyError failures. Using field.get("key", "<unknown>") in assertion messages is good defensive practice. The implicit non-empty check on helperLink (via startswith("https://")) is equivalent to an explicit truthy check and keeps the code concise.

No blocking issues found. The PR is ready to merge once a human has verified the UI renders the helper links correctly on at least one integration.

This review was generated by an AI agent (OpenHands) on behalf of the user through OpenHands Automation. View conversation