feat(agent-installer): refine Agent Tunnel dialog text

Align user-facing strings with the project's UI conventions and remove
implementation-specific terminology so the installer reads cleanly to an
operator who doesn't (and shouldn't have to) know about transport
protocols, token formats, or which Devolutions product minted the
enrollment string.

- Drop "QUIC" from feature description and dialog title/subtitle. The
  agent tunnel may be implemented over QUIC today; that's not something
  the operator running the installer needs to think about.
- Drop "JWT" from labels, hints, and error messages. "Enrollment string"
  is the product term we already use and is self-explanatory.
- Drop "Devolutions Server, Hub, or Gateway" enumeration. The
  enrollment string originates from whatever orchestration tool the
  operator runs (could be DVLS, Hub, a rebranded distribution, or a
  future third-party integration). Replace with "your gateway operator"
  — neutral, accurate, doesn't lock in product names.
- Drop the JWT-shape and base64url-decodability checks in
  `AgentTunnelDialog.DoValidate`. The dialog now only checks the
  enrollment string is non-empty; structural validation happens at the
  gateway and the gateway's error reaches the operator verbatim through
  the InstallMessage.Error surface. Avoids the dialog half-validating
  implementation details that may evolve.
- Tighten dialog title from "Agent Tunnel Configuration" to "Agent
  Tunnel" to match the noun-phrase pattern in the rest of the wxl
  catalog (e.g. "Destination Folder", "External URL", "Certificate").
- Normalize casing to Title Case for labels (matching existing
  "Advertise Subnets:" / "Advertise Domains:"). Hints stay sentence
  case ending with a period.
- Update Agent Name hint to describe the fallback chain in plain
  English without leaking JWT internals.
- Reword the enrollment-timeout failure to prompt the operator to check
  Gateway reachability, which is the actual recovery action.

Same edits applied to the French resource file.

Author: irvingoujAtDevolution

package/AgentWindowsManaged/Actions/CustomActions.cs

@@ -337,16 +337,15 @@ ActionResult Fail(string msg)
 
             if (enrollmentString.Length == 0)
             {
-                return Fail("Agent tunnel feature was selected but no enrollment string was provided. " +
-                    "Paste a JWT from Devolutions Server, Hub, or Gateway, or deselect the Agent Tunnel feature.");
+                return Fail("An enrollment string is required. Paste the enrollment string provided by your gateway operator, or deselect the Agent Tunnel feature.");
             }
 
             try
             {
-                // The enrollment string is the DVLS-signed JWT verbatim. The agent's
-                // `up --enrollment-string` parses `jet_gw_url` and `jet_agent_name` from the JWT
-                // claims itself, so we just hand the JWT through. Advertise domains aren't a CLI
-                // flag — agent.json carries them — so we patch that after enrollment succeeds.
+                // Hand the enrollment string through verbatim. The agent's
+                // `up --enrollment-string` parses the gateway URL and agent name out of it.
+                // Advertise domains aren't a CLI flag — agent.json carries them — so we patch
+                // that after enrollment succeeds.
                 string installDir = session.Property(AgentProperties.InstallDir);
                 string exePath = Path.Combine(installDir, Includes.EXECUTABLE_NAME);
 
@@ -379,7 +378,7 @@ ActionResult Fail(string msg)
                 if (!process.WaitForExit(60_000))
                 {
                     try { process.Kill(); } catch { /* already gone */ }
-                    return Fail("Agent tunnel enrollment timed out after 60 seconds.");
+                    return Fail("Agent tunnel enrollment timed out. Verify your Devolutions Gateway is reachable from this machine.");
                 }
                 string stdout = process.StandardOutput.ReadToEnd();
                 string stderr = process.StandardError.ReadToEnd();

package/AgentWindowsManaged/Dialogs/AgentTunnelDialog.cs

@@ -2,8 +2,6 @@
 using DevolutionsAgent.Properties;
 
 using System;
-using System.Linq;
-using System.Text.RegularExpressions;
 using System.Windows.Forms;
 
 using WixSharp;
@@ -43,36 +41,18 @@ public override void OnLoad(object sender, EventArgs e)
 
     public override bool DoValidate()
     {
-        // The dialog is only reached when the Agent Tunnel feature is selected (see Wizard.ShouldSkip),
-        // so an enrollment string is required at this point.
+        // The dialog is only reached when the Agent Tunnel feature is selected
+        // (see Wizard.ShouldSkip), so an enrollment string is required here.
+        // Structural validation of the string itself happens server-side at
+        // enrollment time — surface that gateway error verbatim rather than
+        // half-validating implementation details (signature, encoding, etc.)
+        // here.
         if (string.IsNullOrWhiteSpace(enrollmentString.Text))
         {
-            ShowValidationErrorString("Enrollment string is required. Paste a JWT from Devolutions Server, Hub, or Gateway, or go back and deselect the Agent Tunnel feature.");
+            ShowValidationErrorString("An enrollment string is required. Paste the enrollment string provided by your gateway operator, or go back and deselect the Agent Tunnel feature.");
             return false;
         }
 
-        // JWT shape: three base64url segments separated by dots. The agent's `up --enrollment-string`
-        // parses the JWT claims for jet_gw_url / jet_agent_name, so the dialog only sanity-checks
-        // shape and base64url decodability here; signature verification happens at the gateway.
-        string text = Regex.Replace(enrollmentString.Text, @"\s+", "");
-        string[] parts = text.Split('.');
-        if (parts.Length != 3 || parts.Any(string.IsNullOrEmpty))
-        {
-            ShowValidationErrorString("Enrollment string must be a JWT (three base64url segments separated by dots).");
-            return false;
-        }
-        foreach (string seg in parts)
-        {
-            string b64 = seg.Replace('-', '+').Replace('_', '/');
-            b64 = b64.PadRight((b64.Length + 3) & ~3, '=');
-            try { _ = Convert.FromBase64String(b64); }
-            catch (FormatException)
-            {
-                ShowValidationErrorString("Enrollment string is not valid base64url.");
-                return false;
-            }
-        }
-
         return true;
     }
 

package/AgentWindowsManaged/Resources/DevolutionsAgent_en-us.wxl

@@ -10,7 +10,7 @@
                 <String Id="FeatureSessionDescription">Installs the RDP Extension</String>
                 <String Id="FeatureSessionName">RDP Extension</String>
                 <String Id="FeatureAgentTunnelName">Agent Tunnel</String>
-                <String Id="FeatureAgentTunnelDescription">Configure the agent to connect to a Devolutions Gateway via QUIC tunnel. Requires an enrollment string from Devolutions Server, Hub, or Gateway.</String>
+                <String Id="FeatureAgentTunnelDescription">Connects the agent to a Devolutions Gateway. Requires an enrollment string from your gateway operator.</String>
                 <String Id="Language">1033</String>
                 <String Id="ProductDescription">System-wide service for extending Devolutions Gateway functionality.</String>
                 <String Id="VendorFullName">Devolutions Inc.</String>
@@ -60,13 +60,13 @@ If it appears minimized then active it from the taskbar.</String>
                     <!-- dialogs.welcome -->
                 <String Id="WelcomeDlgTitle">Welcome to the [ProductName] 20[ProductVersion] Setup Wizard</String>
                     <!-- dialogs.agentTunnel -->
-                <String Id="AgentTunnelDlgTitle">Agent Tunnel Configuration</String>
-                <String Id="AgentTunnelDlgDescription">Configure connection to a Devolutions Gateway via QUIC tunnel.</String>
-                <String Id="AgentTunnelDlgEnrollmentStringLabel">Enrollment String (paste the JWT from Devolutions Server, Hub, or Gateway):</String>
+                <String Id="AgentTunnelDlgTitle">Agent Tunnel</String>
+                <String Id="AgentTunnelDlgDescription">Connect this agent to a Devolutions Gateway.</String>
+                <String Id="AgentTunnelDlgEnrollmentStringLabel">Enrollment String (provided by your gateway operator):</String>
+                <String Id="AgentTunnelDlgAgentNameLabel">Agent Name (Optional):</String>
+                <String Id="AgentTunnelDlgAgentNameHint">Identifies this agent in your gateway's management console. If left blank, the name embedded in the enrollment string is used, falling back to this computer's name.</String>
                 <String Id="AgentTunnelDlgSubnetsLabel">Advertise Subnets:</String>
-                <String Id="AgentTunnelDlgSubnetsHint">Comma-separated CIDR notation, e.g. 10.10.0.0/24, 192.168.1.0/24. Leave blank for auto-detection.</String>
+                <String Id="AgentTunnelDlgSubnetsHint">Optional. Comma-separated CIDR ranges, e.g. 10.10.0.0/24, 192.168.1.0/24. If left blank, the agent's local subnets are detected automatically.</String>
                 <String Id="AgentTunnelDlgDomainsLabel">Advertise Domains:</String>
-                <String Id="AgentTunnelDlgDomainsHint">Comma-separated DNS suffixes the agent can resolve, e.g. corp.example.com, lab.example.com. Leave blank to skip.</String>
-                <String Id="AgentTunnelDlgAgentNameLabel">Agent name (optional):</String>
-                <String Id="AgentTunnelDlgAgentNameHint">Identifier for this agent. Leave blank to use the name in the JWT, or the local computer name as a final fallback.</String>
+                <String Id="AgentTunnelDlgDomainsHint">Optional. Comma-separated DNS suffixes the agent can resolve, e.g. corp.example.com, lab.example.com.</String>
                     </WixLocalization>

package/AgentWindowsManaged/Resources/DevolutionsAgent_fr-fr.wxl

@@ -4,16 +4,16 @@
                 <String Id="FeatureSessionDescription">Installe l'extension RDP</String>
                 <String Id="FeatureSessionName">Extension RDP</String>
                 <String Id="FeatureAgentTunnelName">Tunnel d'agent</String>
-                <String Id="FeatureAgentTunnelDescription">Configurer l'agent pour se connecter à une passerelle Devolutions via un tunnel QUIC. Nécessite une chaîne d'enrôlement depuis Devolutions Server, Hub, ou Gateway.</String>
-                <String Id="AgentTunnelDlgTitle">Configuration du tunnel d'agent</String>
-                <String Id="AgentTunnelDlgDescription">Configurer la connexion à une passerelle Devolutions via un tunnel QUIC.</String>
-                <String Id="AgentTunnelDlgEnrollmentStringLabel">Chaîne d'enrôlement (collez le JWT depuis Devolutions Server, Hub ou Gateway) :</String>
+                <String Id="FeatureAgentTunnelDescription">Connecte l'agent à une passerelle Devolutions. Nécessite une chaîne d'enrôlement fournie par l'opérateur de votre passerelle.</String>
+                <String Id="AgentTunnelDlgTitle">Tunnel d'agent</String>
+                <String Id="AgentTunnelDlgDescription">Connectez cet agent à une passerelle Devolutions.</String>
+                <String Id="AgentTunnelDlgEnrollmentStringLabel">Chaîne d'enrôlement (fournie par l'opérateur de votre passerelle) :</String>
+                <String Id="AgentTunnelDlgAgentNameLabel">Nom de l'agent (facultatif) :</String>
+                <String Id="AgentTunnelDlgAgentNameHint">Identifie cet agent dans la console de gestion de votre passerelle. Si laissé vide, le nom contenu dans la chaîne d'enrôlement est utilisé, à défaut le nom de cet ordinateur.</String>
                 <String Id="AgentTunnelDlgSubnetsLabel">Sous-réseaux annoncés :</String>
-                <String Id="AgentTunnelDlgSubnetsHint">Notation CIDR séparée par des virgules, p. ex. 10.10.0.0/24, 192.168.1.0/24. Laissez vide pour la détection automatique.</String>
+                <String Id="AgentTunnelDlgSubnetsHint">Facultatif. Plages CIDR séparées par des virgules, p. ex. 10.10.0.0/24, 192.168.1.0/24. Si laissé vide, les sous-réseaux locaux de l'agent sont détectés automatiquement.</String>
                 <String Id="AgentTunnelDlgDomainsLabel">Domaines annoncés :</String>
-                <String Id="AgentTunnelDlgDomainsHint">Suffixes DNS séparés par des virgules que l'agent peut résoudre, p. ex. corp.example.com, lab.example.com. Laissez vide pour ignorer.</String>
-                <String Id="AgentTunnelDlgAgentNameLabel">Nom de l'agent (facultatif) :</String>
-                <String Id="AgentTunnelDlgAgentNameHint">Identifiant de cet agent. Laissez vide pour utiliser le nom inscrit dans le JWT, ou le nom de l'ordinateur local comme dernier recours.</String>
+                <String Id="AgentTunnelDlgDomainsHint">Facultatif. Suffixes DNS séparés par des virgules que l'agent peut résoudre, p. ex. corp.example.com, lab.example.com.</String>
                 <String Id="Language">1036</String>
                 <String Id="ProductDescription">Service à l’échelle du système pour étendre les fonctionnalités de Devolutions Gateway.</String>
                 <String Id="VendorFullName">Devolutions Inc.</String>