@aifabrix/builder 2.0.2 → 2.0.4

package/lib/utils/health-check.js

@@ -71,10 +71,29 @@ async function waitForDbInit(appName) {
  */
 async function getContainerPort(appName) {
   try {
-    const { stdout: portMapping } = await execAsync(`docker inspect --format='{{range .NetworkSettings.Ports}}{{range .}}{{.HostPort}}{{end}}{{end}}' aifabrix-${appName}`);
-    const ports = portMapping.trim().split('\n').filter(p => p);
+    // Try to get the actual mapped host port from Docker
+    // First try docker inspect for the container port mapping
+    const { stdout: portMapping } = await execAsync(`docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}}{{if $conf}}{{range $conf}}{{.HostPort}}{{end}}{{end}}{{end}}' aifabrix-${appName}`);
+    const ports = portMapping.trim().split('\n').filter(p => p && p !== '');
     if (ports.length > 0) {
-      return parseInt(ports[0], 10);
+      const port = parseInt(ports[0], 10);
+      if (!isNaN(port) && port > 0) {
+        return port;
+      }
+    }
+
+    // Fallback: try docker ps to get port mapping (format: "0.0.0.0:3010->3000/tcp")
+    try {
+      const { stdout: psOutput } = await execAsync(`docker ps --filter "name=aifabrix-${appName}" --format "{{.Ports}}"`);
+      const portMatch = psOutput.match(/:(\d+)->/);
+      if (portMatch) {
+        const port = parseInt(portMatch[1], 10);
+        if (!isNaN(port) && port > 0) {
+          return port;
+        }
+      }
+    } catch (error) {
+      // Fall through
     }
   } catch (error) {
     // Fall through to default
@@ -152,12 +171,12 @@ async function checkHealthEndpoint(healthCheckUrl) {
 async function waitForHealthCheck(appName, timeout = 90, port = null, config = null) {
   await waitForDbInit(appName);
 
-  if (!port) {
-    port = await getContainerPort(appName);
-  }
+  // Always detect the actual port from Docker to ensure we use the correct mapped port
+  const detectedPort = await getContainerPort(appName);
+  const healthCheckPort = port || detectedPort;
 
   const healthCheckPath = config?.healthCheck?.path || '/health';
-  const healthCheckUrl = `http://localhost:${port}${healthCheckPath}`;
+  const healthCheckUrl = `http://localhost:${healthCheckPort}${healthCheckPath}`;
   const maxAttempts = timeout / 2;
 
   for (let attempts = 0; attempts < maxAttempts; attempts++) {

package/lib/utils/secrets-generator.js

@@ -0,0 +1,209 @@
+/**
+ * AI Fabrix Builder Secrets Generation Utilities
+ *
+ * This module handles secret generation and file management.
+ * Generates default secret values and manages secrets files.
+ *
+ * @fileoverview Secret generation utilities for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+const os = require('os');
+const crypto = require('crypto');
+const logger = require('./logger');
+
+/**
+ * Finds missing secret keys from template
+ * @function findMissingSecretKeys
+ * @param {string} envTemplate - Environment template content
+ * @param {Object} existingSecrets - Existing secrets object
+ * @returns {string[]} Array of missing secret keys
+ */
+function findMissingSecretKeys(envTemplate, existingSecrets) {
+  const kvPattern = /kv:\/\/([a-zA-Z0-9-_]+)/g;
+  const missingKeys = [];
+  const seenKeys = new Set();
+
+  let match;
+  while ((match = kvPattern.exec(envTemplate)) !== null) {
+    const secretKey = match[1];
+    if (!seenKeys.has(secretKey) && !(secretKey in existingSecrets)) {
+      missingKeys.push(secretKey);
+      seenKeys.add(secretKey);
+    }
+  }
+
+  return missingKeys;
+}
+
+/**
+ * Generates secret value based on key name
+ * @function generateSecretValue
+ * @param {string} key - Secret key name
+ * @returns {string} Generated secret value
+ */
+function generateSecretValue(key) {
+  const keyLower = key.toLowerCase();
+
+  if (keyLower.includes('password')) {
+    const dbPasswordMatch = key.match(/^databases-([a-z0-9-_]+)-\d+-passwordKeyVault$/i);
+    if (dbPasswordMatch) {
+      const appName = dbPasswordMatch[1];
+      const dbName = appName.replace(/-/g, '_');
+      return `${dbName}_pass123`;
+    }
+    return crypto.randomBytes(32).toString('base64');
+  }
+
+  if (keyLower.includes('url') || keyLower.includes('uri')) {
+    const dbUrlMatch = key.match(/^databases-([a-z0-9-_]+)-\d+-urlKeyVault$/i);
+    if (dbUrlMatch) {
+      const appName = dbUrlMatch[1];
+      const dbName = appName.replace(/-/g, '_');
+      return `postgresql://${dbName}_user:${dbName}_pass123@\${DB_HOST}:5432/${dbName}`;
+    }
+    return '';
+  }
+
+  if (keyLower.includes('key') || keyLower.includes('secret') || keyLower.includes('token')) {
+    return crypto.randomBytes(32).toString('base64');
+  }
+
+  return '';
+}
+
+/**
+ * Loads existing secrets from file
+ * @function loadExistingSecrets
+ * @param {string} resolvedPath - Path to secrets file
+ * @returns {Object} Existing secrets object
+ */
+function loadExistingSecrets(resolvedPath) {
+  if (!fs.existsSync(resolvedPath)) {
+    return {};
+  }
+
+  try {
+    const content = fs.readFileSync(resolvedPath, 'utf8');
+    const secrets = yaml.load(content) || {};
+    return typeof secrets === 'object' ? secrets : {};
+  } catch (error) {
+    logger.warn(`Warning: Could not read existing secrets file: ${error.message}`);
+    return {};
+  }
+}
+
+/**
+ * Saves secrets file
+ * @function saveSecretsFile
+ * @param {string} resolvedPath - Path to secrets file
+ * @param {Object} secrets - Secrets object to save
+ * @throws {Error} If save fails
+ */
+function saveSecretsFile(resolvedPath, secrets) {
+  const dir = path.dirname(resolvedPath);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  }
+
+  const yamlContent = yaml.dump(secrets, {
+    indent: 2,
+    lineWidth: 120,
+    noRefs: true,
+    sortKeys: false
+  });
+
+  fs.writeFileSync(resolvedPath, yamlContent, { mode: 0o600 });
+}
+
+/**
+ * Generates missing secret keys in secrets file
+ * Scans env.template for kv:// references and adds missing keys with secure defaults
+ *
+ * @async
+ * @function generateMissingSecrets
+ * @param {string} envTemplate - Environment template content
+ * @param {string} secretsPath - Path to secrets file
+ * @returns {Promise<string[]>} Array of newly generated secret keys
+ * @throws {Error} If generation fails
+ *
+ * @example
+ * const newKeys = await generateMissingSecrets(template, '~/.aifabrix/secrets.yaml');
+ * // Returns: ['new-secret-key', 'another-secret']
+ */
+async function generateMissingSecrets(envTemplate, secretsPath) {
+  const resolvedPath = secretsPath || path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
+  const existingSecrets = loadExistingSecrets(resolvedPath);
+  const missingKeys = findMissingSecretKeys(envTemplate, existingSecrets);
+
+  if (missingKeys.length === 0) {
+    return [];
+  }
+
+  const newSecrets = {};
+  for (const key of missingKeys) {
+    newSecrets[key] = generateSecretValue(key);
+  }
+
+  const updatedSecrets = { ...existingSecrets, ...newSecrets };
+  saveSecretsFile(resolvedPath, updatedSecrets);
+
+  logger.log(`✓ Generated ${missingKeys.length} missing secret key(s): ${missingKeys.join(', ')}`);
+  return missingKeys;
+}
+
+/**
+ * Creates default secrets file if it doesn't exist
+ * Generates template with common secrets for local development
+ *
+ * @async
+ * @function createDefaultSecrets
+ * @param {string} secretsPath - Path where to create secrets file
+ * @returns {Promise<void>} Resolves when file is created
+ * @throws {Error} If file creation fails
+ *
+ * @example
+ * await createDefaultSecrets('~/.aifabrix/secrets.yaml');
+ * // Default secrets file is created
+ */
+async function createDefaultSecrets(secretsPath) {
+  const resolvedPath = secretsPath.startsWith('~')
+    ? path.join(os.homedir(), secretsPath.slice(1))
+    : secretsPath;
+
+  const dir = path.dirname(resolvedPath);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  }
+
+  const defaultSecrets = `# Local Development Secrets
+# Production uses Azure KeyVault
+
+# Database Secrets
+postgres-passwordKeyVault: "admin123"
+
+# Redis Secrets
+redis-passwordKeyVault: ""
+redis-urlKeyVault: "redis://\${REDIS_HOST}:6379"
+
+# Keycloak Secrets
+keycloak-admin-passwordKeyVault: "admin123"
+keycloak-auth-server-urlKeyVault: "http://\${KEYCLOAK_HOST}:8082"
+`;
+
+  fs.writeFileSync(resolvedPath, defaultSecrets, { mode: 0o600 });
+}
+
+module.exports = {
+  findMissingSecretKeys,
+  generateSecretValue,
+  loadExistingSecrets,
+  saveSecretsFile,
+  generateMissingSecrets,
+  createDefaultSecrets
+};
+

package/lib/validator.js

@@ -185,13 +185,17 @@ async function validateEnvTemplate(appName) {
   const lines = content.split('\n');
   lines.forEach((line, index) => {
     const trimmed = line.trim();
+    // Skip empty lines and comments
     if (trimmed && !trimmed.startsWith('#')) {
       if (!trimmed.includes('=')) {
         errors.push(`Line ${index + 1}: Invalid environment variable format (missing =)`);
       } else {
-        const [key, value] = trimmed.split('=', 2);
-        if (!key || !value) {
-          errors.push(`Line ${index + 1}: Invalid environment variable format`);
+        const [key, _value] = trimmed.split('=', 2);
+        // Trim key to handle whitespace issues
+        // Empty values are allowed (_value can be empty string or undefined)
+        const trimmedKey = key ? key.trim() : '';
+        if (!trimmedKey) {
+          errors.push(`Line ${index + 1}: Invalid environment variable format (missing variable name)`);
         }
       }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.0.2",
+  "version": "2.0.4",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {
@@ -18,6 +18,7 @@
     "lint:ci": "eslint . --ext .js --format json --output-file eslint-report.json",
     "dev": "node bin/aifabrix.js",
     "build": "npm run lint && npm run test:ci",
+    "pack": "npm run build && npm pack",
     "validate": "npm run build",
     "prepublishOnly": "npm run validate",
     "precommit": "npm run lint:fix && npm run test"

package/templates/applications/miso-controller/rbac.yaml

@@ -52,6 +52,53 @@ permissions:
     roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
     description: "Deactivate service users"
   
+  # User Management
+  - name: "users:create"
+    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
+    description: "Create new users"
+  
+  - name: "users:read"
+    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-observer"]
+    description: "View user information and profiles"
+  
+  - name: "users:update"
+    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
+    description: "Update user information and manage group memberships"
+  
+  - name: "users:delete"
+    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
+    description: "Delete users"
+  
+  # Group Management
+  - name: "groups:create"
+    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
+    description: "Create new groups"
+  
+  - name: "groups:read"
+    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-observer"]
+    description: "View group information and members"
+  
+  - name: "groups:update"
+    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
+    description: "Update group information"
+  
+  - name: "groups:delete"
+    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
+    description: "Delete groups"
+  
+  # Administrative Permissions
+  - name: "admin:read"
+    roles: ["aifabrix-platform-admin"]
+    description: "Administrative read access to all resources"
+  
+  - name: "admin:write"
+    roles: ["aifabrix-platform-admin"]
+    description: "Administrative write access to all resources"
+  
+  - name: "admin:delete"
+    roles: ["aifabrix-platform-admin"]
+    description: "Administrative delete access to all resources"
+  
   # Template Applications (environment = null)
   - name: "applications:create"
     roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin", "aifabrix-deployment-admin"]
@@ -165,4 +212,3 @@ permissions:
   - name: "dashboard:read"
     roles: ["aifabrix-platform-admin", "aifabrix-deployment-admin", "aifabrix-developer", "aifabrix-observer"]
     description: "View dashboard summaries and aggregates"
-

package/templates/applications/miso-controller/variables.yaml

@@ -1,6 +1,6 @@
 # Application Metadata
 app:
-  key: miso
+  key: miso-controller
   displayName: "Miso Controller"
   description: "AI Fabrix Miso Controller - Backend API and orchestration service"
   type: webapp
@@ -36,21 +36,21 @@ healthCheck:
 authentication:
   type: keycloak
   enableSSO: true
-  requiredRoles: ["aifabrix-user"]
+  requiredRoles:
+    - aifabrix-user
   endpoints:
-    local: "http://localhost:3000/auth/callback"
+    local: http://localhost:3000/auth/callback
 
 # Build Configuration
 build:
-  context: ..                                           # Docker build context (relative to builder/)
-  dockerfile: builder/Dockerfile                        # Dockerfile name (empty = use template)
-  envOutputPath: ../packages/miso-controller/.env       # Copy .env to repo root for local dev
-  localPort: 3010                                       # Port for local development (different from Docker port)
-  language: typescript                                  # Runtime language for template selection
-  secrets:                                              # Path to secrets file (optional)
+  context: ..                                           		# Docker build context (relative to builder/)
+  dockerfile: builder/miso-controller/Dockerfile         		# Dockerfile name (empty = use template)
+  envOutputPath:          	                                # Copy .env to repo root for local dev (relative to builder/) (if null, no .env file is copied) (if empty, .env file is copied to repo root)
+  localPort: 3010                                           # Port for local development (different from Docker port)
+  language: typescript                                  		# Runtime language for template selection (typescript or python)
+  secrets:                                                 	# Path to secrets file
 
 # Docker Compose
 compose:
   file: docker-compose.yaml
   service: miso-controller
-

package/templates/infra/compose.yaml

@@ -2,8 +2,6 @@
 # Shared infrastructure services only
 # Generated by AI Fabrix Builder SDK
 
-version: "3.9"
-
 services:
   # PostgreSQL Database with pgvector extension
   postgres:

package/templates/python/docker-compose.hbs

@@ -2,8 +2,6 @@
 # Generated by AI Fabrix Builder SDK
 # Service definition for local development
 
-version: "3.9"
-
 services:
   {{app.key}}:
     image: {{image.name}}:{{image.tag}}
@@ -48,23 +46,34 @@ services:
     command: >
       sh -c "
         export PGHOST=postgres PGPORT=5432 PGUSER=pgadmin &&
-        export PGPASSWORD="${POSTGRES_PASSWORD}" &&
+        export PGPASSWORD=\"${POSTGRES_PASSWORD}\" &&
+        echo 'Waiting for PostgreSQL to be ready...' &&
+        counter=0 &&
+        while [ $counter -lt 30 ]; do
+          if pg_isready -h postgres -p 5432 -U pgadmin >/dev/null 2>&1; then
+            echo 'PostgreSQL is ready!'
+            break
+          fi
+          echo 'Waiting for PostgreSQL...'
+          sleep 1
+          counter=$((counter + 1))
+        done &&
         {{#if databases}}
         {{#each databases}}
         echo 'Creating {{name}} database and user...' &&
-        psql -d postgres -c 'CREATE DATABASE {{name}};' || echo '{{name}} database exists' &&
-        psql -d postgres -c \"CREATE USER {{name}}_user WITH PASSWORD '{{name}}_pass123';\" || echo '{{name}}_user exists' &&
-        psql -d postgres -c 'GRANT ALL PRIVILEGES ON DATABASE {{name}} TO {{name}}_user;' &&
-        psql -d {{name}} -c 'ALTER SCHEMA public OWNER TO {{name}}_user;' &&
-        psql -d {{name}} -c 'GRANT ALL ON SCHEMA public TO {{name}}_user;' &&
+        (psql -d postgres -c 'CREATE DATABASE {{name}};' || true) &&
+        (psql -d postgres -c \"CREATE USER {{name}}_user WITH PASSWORD '{{name}}_pass123';\" || true) &&
+        psql -d postgres -c 'GRANT ALL PRIVILEGES ON DATABASE {{name}} TO {{name}}_user;' || true &&
+        psql -d {{name}} -c 'ALTER SCHEMA public OWNER TO {{name}}_user;' || true &&
+        psql -d {{name}} -c 'GRANT ALL ON SCHEMA public TO {{name}}_user;' || true &&
         {{/each}}
         {{else}}
         echo 'Creating {{app.key}} database and user...' &&
-        psql -d postgres -c 'CREATE DATABASE {{app.key}};' || echo '{{app.key}} database exists' &&
-        psql -d postgres -c \"CREATE USER {{app.key}}_user WITH PASSWORD '{{app.key}}_pass123';\" || echo '{{app.key}}_user exists' &&
-        psql -d postgres -c 'GRANT ALL PRIVILEGES ON DATABASE {{app.key}} TO {{app.key}}_user;' &&
-        psql -d {{app.key}} -c 'ALTER SCHEMA public OWNER TO {{app.key}}_user;' &&
-        psql -d {{app.key}} -c 'GRANT ALL ON SCHEMA public TO {{app.key}}_user;' &&
+        (psql -d postgres -c 'CREATE DATABASE {{app.key}};' || true) &&
+        (psql -d postgres -c \"CREATE USER {{app.key}}_user WITH PASSWORD '{{app.key}}_pass123';\" || true) &&
+        psql -d postgres -c 'GRANT ALL PRIVILEGES ON DATABASE {{app.key}} TO {{app.key}}_user;' || true &&
+        psql -d {{app.key}} -c 'ALTER SCHEMA public OWNER TO {{app.key}}_user;' || true &&
+        psql -d {{app.key}} -c 'GRANT ALL ON SCHEMA public TO {{app.key}}_user;' || true &&
         {{/if}}
         echo 'Database initialization complete!'
       "

package/templates/typescript/docker-compose.hbs

@@ -2,8 +2,6 @@
 # Generated by AI Fabrix Builder SDK
 # Service definition for local development
 
-version: "3.9"
-
 services:
   {{app.key}}:
     image: {{image.name}}:{{image.tag}}
@@ -48,23 +46,34 @@ services:
     command: >
       sh -c "
         export PGHOST=postgres PGPORT=5432 PGUSER=pgadmin &&
-        export PGPASSWORD="${POSTGRES_PASSWORD}" &&
+        export PGPASSWORD=\"${POSTGRES_PASSWORD}\" &&
+        echo 'Waiting for PostgreSQL to be ready...' &&
+        counter=0 &&
+        while [ $counter -lt 30 ]; do
+          if pg_isready -h postgres -p 5432 -U pgadmin >/dev/null 2>&1; then
+            echo 'PostgreSQL is ready!'
+            break
+          fi
+          echo 'Waiting for PostgreSQL...'
+          sleep 1
+          counter=$((counter + 1))
+        done &&
         {{#if databases}}
         {{#each databases}}
         echo 'Creating {{name}} database and user...' &&
-        psql -d postgres -c 'CREATE DATABASE {{name}};' || echo '{{name}} database exists' &&
-        psql -d postgres -c \"CREATE USER {{name}}_user WITH PASSWORD '{{name}}_pass123';\" || echo '{{name}}_user exists' &&
-        psql -d postgres -c 'GRANT ALL PRIVILEGES ON DATABASE {{name}} TO {{name}}_user;' &&
-        psql -d {{name}} -c 'ALTER SCHEMA public OWNER TO {{name}}_user;' &&
-        psql -d {{name}} -c 'GRANT ALL ON SCHEMA public TO {{name}}_user;' &&
+        (psql -d postgres -c 'CREATE DATABASE {{name}};' || true) &&
+        (psql -d postgres -c \"CREATE USER {{name}}_user WITH PASSWORD '{{name}}_pass123';\" || true) &&
+        psql -d postgres -c 'GRANT ALL PRIVILEGES ON DATABASE {{name}} TO {{name}}_user;' || true &&
+        psql -d {{name}} -c 'ALTER SCHEMA public OWNER TO {{name}}_user;' || true &&
+        psql -d {{name}} -c 'GRANT ALL ON SCHEMA public TO {{name}}_user;' || true &&
         {{/each}}
         {{else}}
         echo 'Creating {{app.key}} database and user...' &&
-        psql -d postgres -c 'CREATE DATABASE {{app.key}};' || echo '{{app.key}} database exists' &&
-        psql -d postgres -c \"CREATE USER {{app.key}}_user WITH PASSWORD '{{app.key}}_pass123';\" || echo '{{app.key}}_user exists' &&
-        psql -d postgres -c 'GRANT ALL PRIVILEGES ON DATABASE {{app.key}} TO {{app.key}}_user;' &&
-        psql -d {{app.key}} -c 'ALTER SCHEMA public OWNER TO {{app.key}}_user;' &&
-        psql -d {{app.key}} -c 'GRANT ALL ON SCHEMA public TO {{app.key}}_user;' &&
+        (psql -d postgres -c 'CREATE DATABASE {{app.key}};' || true) &&
+        (psql -d postgres -c \"CREATE USER {{app.key}}_user WITH PASSWORD '{{app.key}}_pass123';\" || true) &&
+        psql -d postgres -c 'GRANT ALL PRIVILEGES ON DATABASE {{app.key}} TO {{app.key}}_user;' || true &&
+        psql -d {{app.key}} -c 'ALTER SCHEMA public OWNER TO {{app.key}}_user;' || true &&
+        psql -d {{app.key}} -c 'GRANT ALL ON SCHEMA public TO {{app.key}}_user;' || true &&
         {{/if}}
         echo 'Database initialization complete!'
       "