@aifabrix/builder 2.0.0 → 2.0.3

package/lib/deployer.js

@@ -12,6 +12,7 @@
 const axios = require('axios');
 const chalk = require('chalk');
 const auditLogger = require('./audit-logger');
+const logger = require('./utils/logger');
 
 /**
  * Validates and sanitizes controller URL
@@ -25,13 +26,13 @@ function validateControllerUrl(url) {
     throw new Error('Controller URL is required and must be a string');
   }
 
-  // Must use HTTPS for security
-  if (!url.startsWith('https://')) {
-    throw new Error('Controller URL must use HTTPS (https://)');
+  // Must use HTTPS for security (allow http://localhost for local development)
+  if (!url.startsWith('https://') && !url.startsWith('http://localhost')) {
+    throw new Error('Controller URL must use HTTPS (https://) or http://localhost');
   }
 
   // Basic URL format validation
-  const urlPattern = /^https:\/\/[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(\/.*)?$/;
+  const urlPattern = /^(https?):\/\/[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(localhost)?(:[0-9]+)?(\/.*)?$/;
   if (!urlPattern.test(url)) {
     throw new Error('Invalid controller URL format');
   }
@@ -41,36 +42,79 @@ function validateControllerUrl(url) {
 }
 
 /**
- * Sends deployment manifest to Miso Controller
+ * Creates authentication headers for Client Credentials flow
  *
- * @async
- * @param {string} url - Controller URL
- * @param {Object} manifest - Deployment manifest
- * @param {Object} options - Deployment options (timeout, retries, etc.)
- * @returns {Promise<Object>} Deployment result from controller
- * @throws {Error} If deployment fails
+ * @param {string} clientId - Application client ID
+ * @param {string} clientSecret - Application client secret
+ * @returns {Object} Headers object with authentication
+ * @throws {Error} If credentials are missing
  */
-async function sendDeploymentRequest(url, manifest, options = {}) {
-  const endpoint = `${url}/api/pipeline/deploy`;
-  const timeout = options.timeout || 30000;
-  const maxRetries = options.maxRetries || 3;
+function createClientCredentialsHeaders(clientId, clientSecret) {
+  if (!clientId || !clientSecret) {
+    throw new Error('Client ID and Client Secret are required for authentication');
+  }
+  return {
+    'x-client-id': clientId,
+    'x-client-secret': clientSecret
+  };
+}
 
-  const requestConfig = {
+/**
+ * Validates environment key
+ * @param {string} envKey - Environment key to validate
+ * @throws {Error} If environment key is invalid
+ */
+function validateEnvironmentKey(envKey) {
+  if (!envKey || typeof envKey !== 'string') {
+    throw new Error('Environment key is required and must be a string');
+  }
+
+  const validEnvironments = ['miso', 'dev', 'tst', 'pro'];
+  if (!validEnvironments.includes(envKey.toLowerCase())) {
+    throw new Error(`Invalid environment key: ${envKey}. Must be one of: ${validEnvironments.join(', ')}`);
+  }
+
+  return envKey.toLowerCase();
+}
+
+/**
+ * Creates deployment request configuration
+ * @function createDeploymentRequestConfig
+ * @param {string} clientId - Client ID
+ * @param {string} clientSecret - Client Secret
+ * @param {number} timeout - Request timeout
+ * @returns {Object} Request configuration
+ */
+function createDeploymentRequestConfig(clientId, clientSecret, timeout) {
+  return {
     headers: {
       'Content-Type': 'application/json',
-      'User-Agent': 'aifabrix-builder/2.0.0'
+      'User-Agent': 'aifabrix-builder/2.0.0',
+      ...createClientCredentialsHeaders(clientId, clientSecret)
     },
     timeout,
-    validateStatus: (status) => status < 500 // Don't throw on 4xx errors
+    validateStatus: (status) => status < 500
   };
+}
 
+/**
+ * Handles deployment request retry logic
+ * @async
+ * @function handleDeploymentRetry
+ * @param {string} endpoint - API endpoint
+ * @param {Object} manifest - Deployment manifest
+ * @param {Object} requestConfig - Request configuration
+ * @param {number} maxRetries - Maximum retry attempts
+ * @returns {Promise<Object>} Deployment result
+ * @throws {Error} If deployment fails after retries
+ */
+async function handleDeploymentRetry(endpoint, manifest, requestConfig, maxRetries) {
   let lastError;
 
   for (let attempt = 1; attempt <= maxRetries; attempt++) {
     try {
       const response = await axios.post(endpoint, manifest, requestConfig);
 
-      // Check for HTTP errors
       if (response.status >= 400) {
         const error = new Error(`Controller returned error: ${response.status} ${response.statusText}`);
         error.status = response.status;
@@ -84,41 +128,76 @@ async function sendDeploymentRequest(url, manifest, options = {}) {
       }
 
       return response.data;
-
     } catch (error) {
       lastError = error;
 
-      // Log retry attempt
       if (attempt < maxRetries) {
-        const delay = Math.min(1000 * Math.pow(2, attempt - 1), 5000); // Exponential backoff, max 5s
-        console.log(chalk.yellow(`⚠️  Deployment attempt ${attempt} failed, retrying in ${delay}ms...`));
+        const delay = Math.min(1000 * Math.pow(2, attempt - 1), 5000);
+        logger.log(chalk.yellow(`⚠️  Deployment attempt ${attempt} failed, retrying in ${delay}ms...`));
         await new Promise(resolve => setTimeout(resolve, delay));
       }
     }
   }
 
-  // All retries failed
   throw new Error(`Deployment failed after ${maxRetries} attempts: ${lastError.message}`);
 }
 
+/**
+ * Sends deployment manifest to Miso Controller with Client Credentials authentication
+ *
+ * @async
+ * @param {string} url - Controller URL
+ * @param {string} envKey - Environment key (dev, tst, pro)
+ * @param {Object} manifest - Deployment manifest
+ * @param {string} clientId - Client ID for authentication
+ * @param {string} clientSecret - Client Secret for authentication
+ * @param {Object} options - Deployment options (timeout, retries, etc.)
+ * @returns {Promise<Object>} Deployment result from controller
+ * @throws {Error} If deployment fails
+ */
+async function sendDeploymentRequest(url, envKey, manifest, clientId, clientSecret, options = {}) {
+  const validatedEnvKey = validateEnvironmentKey(envKey);
+  const endpoint = `${url}/api/v1/pipeline/${validatedEnvKey}/deploy`;
+  const timeout = options.timeout || 30000;
+  const maxRetries = options.maxRetries || 3;
+  const requestConfig = createDeploymentRequestConfig(clientId, clientSecret, timeout);
+
+  return handleDeploymentRetry(endpoint, manifest, requestConfig, maxRetries);
+}
+
+/**
+ * Checks if deployment status is terminal
+ * @function isTerminalStatus
+ * @param {string} status - Deployment status
+ * @returns {boolean} True if status is terminal
+ */
+function isTerminalStatus(status) {
+  return status === 'completed' || status === 'failed' || status === 'cancelled';
+}
+
 /**
  * Polls deployment status from controller
  *
  * @async
  * @param {string} deploymentId - Deployment ID to poll
  * @param {string} controllerUrl - Controller URL
+ * @param {string} envKey - Environment key
+ * @param {string} clientId - Client ID for authentication
+ * @param {string} clientSecret - Client Secret for authentication
  * @param {Object} options - Polling options (interval, maxAttempts, etc.)
  * @returns {Promise<Object>} Deployment status
  */
-async function pollDeploymentStatus(deploymentId, controllerUrl, options = {}) {
+async function pollDeploymentStatus(deploymentId, controllerUrl, envKey, clientId, clientSecret, options = {}) {
   const interval = options.interval || 5000;
-  const maxAttempts = options.maxAttempts || 60; // 5 minutes max
+  const maxAttempts = options.maxAttempts || 60;
 
-  const statusEndpoint = `${controllerUrl}/api/pipeline/status/${deploymentId}`;
+  const validatedEnvKey = validateEnvironmentKey(envKey);
+  const statusEndpoint = `${controllerUrl}/api/v1/environments/${validatedEnvKey}/deployments/${deploymentId}`;
 
   for (let attempt = 0; attempt < maxAttempts; attempt++) {
     try {
       const response = await axios.get(statusEndpoint, {
+        headers: createClientCredentialsHeaders(clientId, clientSecret),
         timeout: 10000,
         validateStatus: (status) => status < 500
       });
@@ -126,15 +205,12 @@ async function pollDeploymentStatus(deploymentId, controllerUrl, options = {}) {
       if (response.status === 200) {
         const status = response.data.status;
 
-        // Terminal states
-        if (status === 'completed' || status === 'failed' || status === 'cancelled') {
+        if (isTerminalStatus(status)) {
           return response.data;
         }
 
-        // Log progress
-        console.log(chalk.blue(`   Status: ${status} (attempt ${attempt + 1}/${maxAttempts})`));
+        logger.log(chalk.blue(`   Status: ${status} (attempt ${attempt + 1}/${maxAttempts})`));
 
-        // Wait before next poll
         if (attempt < maxAttempts - 1) {
           await new Promise(resolve => setTimeout(resolve, interval));
         }
@@ -174,75 +250,141 @@ function handleDeploymentError(error) {
 }
 
 /**
- * Deploys application to Miso Controller
+ * Sends deployment request to controller
+ * @async
+ * @param {string} url - Controller URL
+ * @param {string} validatedEnvKey - Validated environment key
+ * @param {Object} manifest - Deployment manifest
+ * @param {string} clientId - Client ID
+ * @param {string} clientSecret - Client Secret
+ * @param {Object} options - Deployment options
+ * @returns {Promise<Object>} Deployment result
+ */
+async function sendDeployment(url, validatedEnvKey, manifest, clientId, clientSecret, options) {
+  logger.log(chalk.blue(`📤 Sending deployment request to ${url}/api/v1/pipeline/${validatedEnvKey}/deploy...`));
+  const result = await sendDeploymentRequest(url, validatedEnvKey, manifest, clientId, clientSecret, {
+    timeout: options.timeout || 30000,
+    maxRetries: options.maxRetries || 3
+  });
+
+  if (result.deploymentId) {
+    auditLogger.logDeploymentSuccess(manifest.key, result.deploymentId, url);
+  }
+
+  return result;
+}
+
+/**
+ * Polls deployment status if enabled
+ * @async
+ * @param {Object} result - Deployment result
+ * @param {string} url - Controller URL
+ * @param {string} validatedEnvKey - Validated environment key
+ * @param {string} clientId - Client ID
+ * @param {string} clientSecret - Client Secret
+ * @param {Object} options - Deployment options
+ * @returns {Promise<Object>} Deployment result with status
+ */
+async function pollDeployment(result, url, validatedEnvKey, clientId, clientSecret, options) {
+  if (!options.poll || !result.deploymentId) {
+    return result;
+  }
+
+  logger.log(chalk.blue(`\n⏳ Polling deployment status (${options.pollInterval || 5000}ms intervals)...`));
+  const status = await pollDeploymentStatus(
+    result.deploymentId,
+    url,
+    validatedEnvKey,
+    clientId,
+    clientSecret,
+    {
+      interval: options.pollInterval || 5000,
+      maxAttempts: options.pollMaxAttempts || 60
+    }
+  );
+
+  result.status = status;
+  return result;
+}
+
+/**
+ * Handles deployment errors and maps them to user-friendly messages
+ * @param {Error} error - Error object
+ * @param {string} manifestKey - Manifest key for audit logging
+ * @param {string} url - Controller URL for audit logging
+ * @throws {Error} User-friendly error message
+ */
+function handleDeploymentErrors(error, manifestKey, url) {
+  auditLogger.logDeploymentFailure(manifestKey, url, error);
+
+  const safeError = handleDeploymentError(error);
+
+  if (safeError.status === 401 || safeError.status === 403) {
+    throw new Error('Authentication failed. Check your client ID and client secret.');
+  }
+
+  if (safeError.status === 400) {
+    throw new Error('Invalid deployment manifest. Please check your configuration.');
+  }
+
+  if (safeError.status === 404) {
+    throw new Error('Controller endpoint not found. Check the controller URL and environment.');
+  }
+
+  if (safeError.code === 'ECONNREFUSED') {
+    throw new Error('Cannot connect to controller. Check if the controller is running.');
+  }
+
+  if (safeError.code === 'ENOTFOUND') {
+    throw new Error('Controller hostname not found. Check your controller URL.');
+  }
+
+  if (safeError.timeout) {
+    throw new Error('Request timed out. The controller may be overloaded.');
+  }
+
+  throw new Error(safeError.message);
+}
+
+/**
+ * Deploys application to Miso Controller with Client Credentials authentication
  * Main orchestrator for the deployment process
  *
  * @async
  * @param {Object} manifest - Deployment manifest
  * @param {string} controllerUrl - Controller URL
+ * @param {string} envKey - Environment key (dev, tst, pro)
+ * @param {string} clientId - Client ID for authentication
+ * @param {string} clientSecret - Client Secret for authentication
  * @param {Object} options - Deployment options
  * @returns {Promise<Object>} Deployment result
  * @throws {Error} If deployment fails
  */
-async function deployToController(manifest, controllerUrl, options = {}) {
+async function deployToController(manifest, controllerUrl, envKey, clientId, clientSecret, options = {}) {
+  // Validate inputs
+  if (!envKey) {
+    throw new Error('Environment key is required');
+  }
+  if (!clientId || !clientSecret) {
+    throw new Error('Client ID and Client Secret are required for authentication');
+  }
+
   // Validate and sanitize controller URL
   const url = validateControllerUrl(controllerUrl);
+  const validatedEnvKey = validateEnvironmentKey(envKey);
 
   // Log deployment attempt for audit
   auditLogger.logDeploymentAttempt(manifest.key, url, options);
 
   try {
     // Send deployment request
-    console.log(chalk.blue(`📤 Sending deployment request to ${url}...`));
-    const result = await sendDeploymentRequest(url, manifest, {
-      timeout: options.timeout || 30000,
-      maxRetries: options.maxRetries || 3
-    });
-
-    // Log success
-    if (result.deploymentId) {
-      auditLogger.logDeploymentSuccess(manifest.key, result.deploymentId, url);
-    }
+    const result = await sendDeployment(url, validatedEnvKey, manifest, clientId, clientSecret, options);
 
     // Poll for deployment status if enabled
-    if (options.poll && result.deploymentId) {
-      console.log(chalk.blue(`\n⏳ Polling deployment status (${options.pollInterval || 5000}ms intervals)...`));
-      const status = await pollDeploymentStatus(
-        result.deploymentId,
-        url,
-        {
-          interval: options.pollInterval || 5000,
-          maxAttempts: options.pollMaxAttempts || 60
-        }
-      );
-      result.status = status;
-    }
-
-    return result;
+    return await pollDeployment(result, url, validatedEnvKey, clientId, clientSecret, options);
 
   } catch (error) {
-    // Log failure for audit
-    auditLogger.logDeploymentFailure(manifest.key, url, error);
-
-    // Handle and re-throw with safe error
-    const safeError = handleDeploymentError(error);
-
-    // Provide user-friendly error messages
-    if (safeError.status === 401 || safeError.status === 403) {
-      throw new Error('Authentication failed. Check your deployment key.');
-    } else if (safeError.status === 400) {
-      throw new Error('Invalid deployment manifest. Please check your configuration.');
-    } else if (safeError.status === 404) {
-      throw new Error('Controller endpoint not found. Check the controller URL.');
-    } else if (safeError.code === 'ECONNREFUSED') {
-      throw new Error('Cannot connect to controller. Check if the controller is running.');
-    } else if (safeError.code === 'ENOTFOUND') {
-      throw new Error('Controller hostname not found. Check your controller URL.');
-    } else if (safeError.timeout) {
-      throw new Error('Request timed out. The controller may be overloaded.');
-    }
-
-    throw new Error(safeError.message);
+    handleDeploymentErrors(error, manifest.key, url);
   }
 }
 
@@ -251,6 +393,8 @@ module.exports = {
   sendDeploymentRequest,
   pollDeploymentStatus,
   validateControllerUrl,
-  handleDeploymentError
+  handleDeploymentError,
+  createClientCredentialsHeaders,
+  validateEnvironmentKey
 };
 

package/lib/env-reader.js

@@ -177,7 +177,48 @@ function sanitizeEnvValue(value) {
 }
 
 /**
- * Generate environment template with security considerations
+ * Filters existing environment variables for template
+ * @function filterExistingEnvVars
+ * @param {Object} convertedEnv - Converted environment variables
+ * @returns {string[]} Filtered environment variable lines
+ */
+function filterExistingEnvVars(convertedEnv) {
+  const excludedPrefixes = [
+    'NODE_ENV', 'PORT', 'APP_NAME', 'LOG_LEVEL',
+    'DB_', 'DATABASE_', 'REDIS_', 'STORAGE_',
+    'JWT_', 'AUTH_', 'SESSION_'
+  ];
+
+  return Object.entries(convertedEnv)
+    .filter(([key]) => !excludedPrefixes.some(prefix => key.startsWith(prefix)))
+    .map(([key, value]) => `${key}=${value}`);
+}
+
+/**
+ * Validates and processes environment variables
+ * @function validateAndProcessEnvVars
+ * @param {Object} existingEnv - Existing environment variables
+ * @returns {Object} Validation result with warnings
+ */
+function validateAndProcessEnvVars(existingEnv) {
+  const warnings = [];
+
+  Object.entries(existingEnv).forEach(([key, value]) => {
+    if (!validateEnvKey(key)) {
+      warnings.push(`Invalid environment variable name: ${key}`);
+    }
+
+    const sanitizedValue = sanitizeEnvValue(value);
+    if (sanitizedValue !== value) {
+      warnings.push(`Sanitized value for ${key} (removed special characters)`);
+    }
+  });
+
+  return { warnings };
+}
+
+/**
+ * Generates environment template with security considerations
  * @param {Object} config - Application configuration
  * @param {Object} existingEnv - Existing environment variables
  * @returns {Promise<Object>} Template generation result
@@ -190,41 +231,15 @@ async function generateEnvTemplate(config, existingEnv = {}) {
   };
 
   try {
-    // Convert existing environment variables
     const convertedEnv = convertToEnvTemplate(existingEnv, {});
-
-    // Extract secrets for secrets.yaml
     result.secrets = generateSecretsFromEnv(existingEnv);
+    const validation = validateAndProcessEnvVars(existingEnv);
+    result.warnings = validation.warnings;
 
-    // Validate environment variables
-    Object.entries(existingEnv).forEach(([key, value]) => {
-      if (!validateEnvKey(key)) {
-        result.warnings.push(`Invalid environment variable name: ${key}`);
-      }
-
-      const sanitizedValue = sanitizeEnvValue(value);
-      if (sanitizedValue !== value) {
-        result.warnings.push(`Sanitized value for ${key} (removed special characters)`);
-      }
-    });
-
-    // Generate template content
     const { generateEnvTemplate: generateTemplate } = require('./templates');
     const baseTemplate = generateTemplate(config);
 
-    // Add existing environment variables to the template
-    const existingEnvSection = [];
-    Object.entries(convertedEnv).forEach(([key, value]) => {
-      if (!key.startsWith('NODE_ENV') && !key.startsWith('PORT') &&
-          !key.startsWith('APP_NAME') && !key.startsWith('LOG_LEVEL') &&
-          !key.startsWith('DB_') && !key.startsWith('DATABASE_') &&
-          !key.startsWith('REDIS_') && !key.startsWith('STORAGE_') &&
-          !key.startsWith('JWT_') && !key.startsWith('AUTH_') &&
-          !key.startsWith('SESSION_')) {
-        existingEnvSection.push(`${key}=${value}`);
-      }
-    });
-
+    const existingEnvSection = filterExistingEnvVars(convertedEnv);
     if (existingEnvSection.length > 0) {
       result.template = baseTemplate + '\n\n# Existing Environment Variables\n' + existingEnvSection.join('\n');
     } else {