fix(validator): don't flag flag-style HR tokens; round-trip Insert from URL without forcing an empty <Calculation>

Insert from URL renders its SelectAll boolean as the bare flag token
'Select' (present = True, absent = False) — same style as 'Verify SSL
Certificates' and 'Don't encode URL'. The validator's positional match
was checking 'Select' against SelectAll's ['On', 'Off'] and yellow-
underlining it.

Fix: when a bare token exactly equals an unused boolean/flag-param's
HrLabel, treat it as a presence marker and consume the param without
value validation. Falls through to positional enum validation for
tokens that aren't flag labels.

Also fixed InsertFromUrlStep.ToXml to skip the <Calculation> URL
element when Url is null — matches the real FM Pro shapes in the
user's sample where the base step contains only the four boolean
flag children and no URL calc. Url and Target are now both optional,
so a bare-bones Insert from URL round-trips byte-intact.

Added regression tests covering:
- Flag tokens not flagged by the validator.
- Real-world Insert from URL shapes from the user's FM Pro export.
- Display-line from typical shape validates cleanly end-to-end.

Author: fuzzzerd

src/SharpFM.Model/Scripting/ScriptValidator.cs

@@ -123,14 +123,36 @@ public static List<ScriptDiagnostic> Validate(string displayText)
                         break;
                     }
 
-                    // Second: positional match — consume the next available
-                    // param in order. Only validate the value when that
-                    // param has restricted values (enum/boolean). Non-enum
+                    // Flag-style match: a bare token that exactly equals
+                    // an unused boolean/flag param's HrLabel is a presence
+                    // marker (e.g. "Select", "Verify SSL Certificates",
+                    // "Append line feed"). Not a value — consume the
+                    // param and skip value validation.
+                    bool matchedFlag = false;
+                    if (!matchedLabel)
+                    {
+                        for (int pi = 0; pi < metadata.Params.Count; pi++)
+                        {
+                            if (usedParams[pi]) continue;
+                            var catalogParam = metadata.Params[pi];
+                            if (catalogParam.HrLabel is null) continue;
+                            if (catalogParam.Type is not ("boolean" or "flagBoolean" or "flagElement")) continue;
+                            if (!paramTrimmed.Equals(catalogParam.HrLabel, StringComparison.OrdinalIgnoreCase)) continue;
+
+                            usedParams[pi] = true;
+                            matchedFlag = true;
+                            break;
+                        }
+                    }
+
+                    // Positional match — consume the next available param
+                    // in order. Only validate the value when that param
+                    // has restricted values (enum/boolean). Non-enum
                     // params (field, calc, text) accept anything, so we
                     // must NOT keep searching past them looking for an
                     // enum — that produced false-positive warnings on
                     // field references like "Assets::Selected File".
-                    if (!matchedLabel && !LooksLikeCalculation(paramTrimmed))
+                    if (!matchedLabel && !matchedFlag && !LooksLikeCalculation(paramTrimmed))
                     {
                         for (int pi = 0; pi < metadata.Params.Count; pi++)
                         {

src/SharpFM.Model/Scripting/Steps/InsertFromUrlStep.cs

@@ -15,7 +15,7 @@ public sealed class InsertFromUrlStep : ScriptStep, IStepFactory
     public bool VerifySslCertificates { get; set; }
     public bool DontEncodeUrl { get; set; }
     public FieldRef? Target { get; set; }
-    public Calculation Url { get; set; }
+    public Calculation? Url { get; set; }
     public Calculation? CurlOptions { get; set; }
 
     public InsertFromUrlStep(
@@ -34,7 +34,7 @@ public InsertFromUrlStep(
         VerifySslCertificates = verifySslCertificates;
         DontEncodeUrl = dontEncodeUrl;
         Target = target;
-        Url = url ?? new Calculation("");
+        Url = url;
         CurlOptions = curlOptions;
     }
 
@@ -50,7 +50,7 @@ public override XElement ToXml()
             new XElement("VerifySSLCertificates", new XAttribute("state", VerifySslCertificates ? "True" : "False")));
         if (CurlOptions is not null)
             step.Add(new XElement("CURLOptions", CurlOptions.ToXml("Calculation")));
-        step.Add(Url.ToXml("Calculation"));
+        if (Url is not null) step.Add(Url.ToXml("Calculation"));
         if (Target is not null)
         {
             if (Target.IsVariable) step.Add(new XElement("Text"));
@@ -65,9 +65,10 @@ public override string ToDisplayLine()
         if (SelectAll) parts.Add("Select");
         parts.Add($"With dialog: {(WithDialog ? "On" : "Off")}");
         if (Target is not null) parts.Add($"Target: {Target.ToDisplayString()}");
-        parts.Add(Url.Text);
+        if (Url is not null) parts.Add(Url.Text);
         if (VerifySslCertificates) parts.Add("Verify SSL Certificates");
         if (CurlOptions is not null) parts.Add($"cURL options: {CurlOptions.Text}");
+        if (DontEncodeUrl) parts.Add("Don't encode URL");
         return $"Insert from URL [ {string.Join(" ; ", parts)} ]";
     }
 
@@ -81,7 +82,7 @@ public override string ToDisplayLine()
         var curlEl = step.Element("CURLOptions")?.Element("Calculation");
         var curl = curlEl is not null ? Calculation.FromXml(curlEl) : null;
         var urlEl = step.Element("Calculation");
-        var url = urlEl is not null ? Calculation.FromXml(urlEl) : new Calculation("");
+        var url = urlEl is not null ? Calculation.FromXml(urlEl) : null;
         var fieldEl = step.Element("Field");
         var target = fieldEl is not null ? FieldRef.FromXml(fieldEl) : null;
         return new InsertFromUrlStep(selectAll, withDialog, verify, dontEncode, target, url, curl, enabled);
@@ -92,8 +93,9 @@ public static ScriptStep FromDisplayParams(bool enabled, string[] hrParams)
         bool selectAll = false;
         bool withDialog = true;
         bool verify = false;
+        bool dontEncode = false;
         FieldRef? target = null;
-        Calculation url = new("");
+        Calculation? url = null;
         Calculation? curl = null;
         bool urlSeen = false;
         foreach (var tok in hrParams)
@@ -103,6 +105,8 @@ public static ScriptStep FromDisplayParams(bool enabled, string[] hrParams)
                 selectAll = true;
             else if (t.Equals("Verify SSL Certificates", StringComparison.OrdinalIgnoreCase))
                 verify = true;
+            else if (t.Equals("Don't encode URL", StringComparison.OrdinalIgnoreCase))
+                dontEncode = true;
             else if (t.StartsWith("With dialog:", StringComparison.OrdinalIgnoreCase))
                 withDialog = t.Substring(12).Trim().Equals("On", StringComparison.OrdinalIgnoreCase);
             else if (t.StartsWith("Target:", StringComparison.OrdinalIgnoreCase))
@@ -115,7 +119,7 @@ public static ScriptStep FromDisplayParams(bool enabled, string[] hrParams)
                 urlSeen = true;
             }
         }
-        return new InsertFromUrlStep(selectAll, withDialog, verify, false, target, url, curl, enabled);
+        return new InsertFromUrlStep(selectAll, withDialog, verify, dontEncode, target, url, curl, enabled);
     }
 
     public static StepMetadata Metadata { get; } = new()

tests/SharpFM.Tests/Scripting/ScriptValidatorTests.cs

@@ -178,4 +178,25 @@ public void PositionalEnum_StillFlaggedWhenInvalid()
         Assert.NotEmpty(diagnostics);
         Assert.Equal(DiagnosticSeverity.Warning, diagnostics[0].Severity);
     }
+
+    [Fact]
+    public void InsertFromUrl_SelectFlagToken_NotFlagged()
+    {
+        // Regression: "Select" is a flag-style presence marker for the
+        // SelectAll boolean param, not a value. The validator used to
+        // check "Select" against ["On", "Off"] and fail.
+        var script = "Insert from URL [ Select ; With dialog: Off ; $url ]";
+        var diagnostics = ScriptValidator.Validate(script);
+        Assert.Empty(diagnostics);
+    }
+
+    [Fact]
+    public void InsertFromUrl_AllFlagTokens_NotFlagged()
+    {
+        // Every flag token on Insert from URL is a bare HrLabel: "Select",
+        // "Verify SSL Certificates". None should warn.
+        var script = "Insert from URL [ Select ; With dialog: Off ; $url ; Verify SSL Certificates ]";
+        var diagnostics = ScriptValidator.Validate(script);
+        Assert.Empty(diagnostics);
+    }
 }

tests/SharpFM.Tests/Scripting/Steps/InsertFromUrlStepTests.cs

@@ -25,4 +25,57 @@ public void Registry_HasStep()
         Assert.True(StepRegistry.ByName.TryGetValue("Insert from URL", out var metadata));
         Assert.Equal(160, metadata!.Id);
     }
+
+    [Theory]
+    [InlineData(false, false, true, false, false, false, false)]
+    [InlineData(true, false, false, false, false, false, false)]
+    [InlineData(false, false, true, false, true, true, true)]
+    [InlineData(true, false, true, false, true, true, true)]
+    [InlineData(true, false, true, true, true, true, true)]
+    [InlineData(true, true, true, true, true, true, true)]
+    public void RealWorldShapes_RoundTrip(
+        bool noInteract, bool dontEncode, bool selectAll, bool verifySsl,
+        bool withCurlOptions, bool withUrl, bool withField)
+    {
+        // Covers the series of variants in the user's FM Pro sample: base,
+        // base without Select, with calcs, set to variable, verify SSL on,
+        // and DontEncodeURL on. Each must XML-round-trip byte-intact.
+        var xml = new System.Text.StringBuilder();
+        xml.Append("<Step enable=\"True\" id=\"160\" name=\"Insert from URL\">");
+        xml.Append($"<NoInteract state=\"{(noInteract ? "True" : "False")}\" />");
+        xml.Append($"<DontEncodeURL state=\"{(dontEncode ? "True" : "False")}\" />");
+        xml.Append($"<SelectAll state=\"{(selectAll ? "True" : "False")}\" />");
+        xml.Append($"<VerifySSLCertificates state=\"{(verifySsl ? "True" : "False")}\" />");
+        if (withCurlOptions)
+            xml.Append("<CURLOptions><Calculation><![CDATA[\"--user myuser:mypass\"]]></Calculation></CURLOptions>");
+        if (withUrl)
+            xml.Append("<Calculation><![CDATA[\"https://example.com/\" & $id]]></Calculation>");
+        if (withField)
+        {
+            xml.Append("<Text />");
+            xml.Append("<Field>$insertFromUrlDataResponseVar</Field>");
+        }
+        xml.Append("</Step>");
+
+        var source = XElement.Parse(xml.ToString());
+        var step = InsertFromUrlStep.Metadata.FromXml!(source);
+        Assert.True(XNode.DeepEquals(source, step.ToXml()),
+            $"Round-trip mismatch.\nSource:\n{source}\n\nOutput:\n{step.ToXml()}");
+    }
+
+    [Fact]
+    public void Display_BaseShape_IsValidatorClean()
+    {
+        // Sanity: render the display line for a typical shape and feed
+        // it back through the script validator — zero diagnostics expected.
+        var source = XElement.Parse(
+            "<Step enable=\"True\" id=\"160\" name=\"Insert from URL\">"
+            + "<NoInteract state=\"False\" /><DontEncodeURL state=\"False\" />"
+            + "<SelectAll state=\"True\" /><VerifySSLCertificates state=\"False\" />"
+            + "</Step>");
+        var step = InsertFromUrlStep.Metadata.FromXml!(source);
+        var display = step.ToDisplayLine();
+        var diagnostics = SharpFM.Model.Scripting.ScriptValidator.Validate(display);
+        Assert.Empty(diagnostics);
+    }
 }