npm - @aifabrix/builder - Versions diffs - 2.1.4 → 2.1.6 - Mend

@aifabrix/builder 2.1.4 → 2.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/lib/commands/app.js +43 -0
package/lib/secrets.js +127 -49
package/lib/templates.js +4 -1
package/lib/utils/compose-generator.js +18 -2
package/lib/utils/env-template.js +70 -0
package/lib/utils/local-secrets.js +98 -0
package/lib/utils/secrets-path.js +114 -0
package/package.json +1 -1
package/templates/applications/keycloak/Dockerfile +5 -4
package/templates/applications/keycloak/env.template +5 -0
package/templates/applications/keycloak/variables.yaml +3 -3
package/templates/applications/miso-controller/Dockerfile +3 -0
package/templates/applications/miso-controller/env.template +3 -3
package/templates/python/docker-compose.hbs +10 -8
package/templates/typescript/docker-compose.hbs +10 -8
package/test-output.txt +5431 -0

package/lib/commands/app.js CHANGED Viewed

@@ -16,6 +16,8 @@ const yaml = require('js-yaml');
 const { getConfig } = require('../config');
 const { authenticatedApiCall } = require('../utils/api');
 const logger = require('../utils/logger');
+const { saveLocalSecret, isLocalhost } = require('../utils/local-secrets');
+const { updateEnvTemplate } = require('../utils/env-template');
 // Import createApp to auto-generate config if missing
 let createApp;
@@ -312,6 +314,26 @@ function setupAppCommands(program) {
           registrationData
         );
+        // Save credentials to local secrets if localhost
+        if (isLocalhost(config.apiUrl)) {
+          const appKey = responseData.application.key;
+          const clientIdKey = `${appKey}-client-idKeyVault`;
+          const clientSecretKey = `${appKey}-client-secretKeyVault`;
+          try {
+            await saveLocalSecret(clientIdKey, responseData.credentials.clientId);
+            await saveLocalSecret(clientSecretKey, responseData.credentials.clientSecret);
+            // Update env.template
+            await updateEnvTemplate(appKey, clientIdKey, clientSecretKey);
+            logger.log(chalk.green('\n✓ Credentials saved to ~/.aifabrix/secrets.local.yaml'));
+            logger.log(chalk.green('✓ env.template updated with MISO_CLIENTID and MISO_CLIENTSECRET\n'));
+          } catch (error) {
+            logger.warn(chalk.yellow(`⚠️  Could not save credentials locally: ${error.message}`));
+          }
+        }
         // Display results
         displayRegistrationResults(responseData, config.apiUrl);
@@ -403,6 +425,27 @@ function setupAppCommands(program) {
         logger.log(chalk.yellow(`   Client Secret: ${response.data.credentials.clientSecret}\n`));
         logger.log(chalk.red('⚠️  Old secret is now invalid. Update GitHub Secrets!\n'));
+        // Save credentials to local secrets if localhost
+        if (isLocalhost(config.apiUrl)) {
+          const appKey = response.data.application?.key || options.app;
+          const clientIdKey = `${appKey}-client-idKeyVault`;
+          const clientSecretKey = `${appKey}-client-secretKeyVault`;
+          try {
+            await saveLocalSecret(clientIdKey, response.data.credentials.clientId);
+            await saveLocalSecret(clientSecretKey, response.data.credentials.clientSecret);
+            // Update env.template
+            await updateEnvTemplate(appKey, clientIdKey, clientSecretKey);
+            logger.log(chalk.green('✓ Credentials saved to ~/.aifabrix/secrets.local.yaml'));
+            logger.log(chalk.green('✓ env.template updated with MISO_CLIENTID and MISO_CLIENTSECRET'));
+            logger.log('');
+          } catch (error) {
+            logger.warn(chalk.yellow(`⚠️  Could not save credentials locally: ${error.message}`));
+          }
+        }
       } catch (error) {
         logger.error(chalk.red('❌ Rotation failed:'), error.message);
         process.exit(1);

package/lib/secrets.js CHANGED Viewed

@@ -19,6 +19,10 @@ const {
   generateMissingSecrets,
   createDefaultSecrets
 } = require('./utils/secrets-generator');
+const {
+  resolveSecretsPath,
+  getActualSecretsPath
+} = require('./utils/secrets-path');
 /**
  * Loads environment configuration for docker/local context
@@ -31,73 +35,147 @@ function loadEnvConfig() {
 }
 /**
- * Loads secrets from the specified file or default location
- * Supports both user secrets (~/.aifabrix/secrets.yaml) and project overrides
+ * Loads secrets from file with cascading lookup support
+ * First checks ~/.aifabrix/secrets.local.yaml, then build.secrets from variables.yaml
+ *
+ * @async
+ * @function loadSecretsFromFile
+ * @param {string} filePath - Path to secrets file
+ * @returns {Promise<Object>} Loaded secrets object or empty object if file doesn't exist
+ */
+async function loadSecretsFromFile(filePath) {
+  if (!fs.existsSync(filePath)) {
+    return {};
+  }
+  try {
+    const content = fs.readFileSync(filePath, 'utf8');
+    const secrets = yaml.load(content);
+    if (!secrets || typeof secrets !== 'object') {
+      return {};
+    }
+    return secrets;
+  } catch (error) {
+    logger.warn(`Warning: Could not read secrets file ${filePath}: ${error.message}`);
+    return {};
+  }
+}
+/**
+ * Loads secrets with cascading lookup
+ * Supports both user secrets (~/.aifabrix/secrets.local.yaml) and project overrides
+ * User's file takes priority, then falls back to build.secrets from variables.yaml
  *
  * @async
  * @function loadSecrets
- * @param {string} [secretsPath] - Path to secrets file (optional)
+ * @param {string} [secretsPath] - Path to secrets file (optional, for explicit override)
+ * @param {string} [appName] - Application name (optional, for variables.yaml lookup)
  * @returns {Promise<Object>} Loaded secrets object
- * @throws {Error} If secrets file cannot be loaded or parsed
+ * @throws {Error} If no secrets file found and no fallback available
  *
  * @example
  * const secrets = await loadSecrets('../../secrets.local.yaml');
  * // Returns: { 'postgres-passwordKeyVault': 'admin123', ... }
  */
-async function loadSecrets(secretsPath) {
-  const resolvedPath = resolveSecretsPath(secretsPath);
+async function loadSecrets(secretsPath, appName) {
+  // If explicit path provided, use it (backward compatibility)
+  if (secretsPath) {
+    const resolvedPath = resolveSecretsPath(secretsPath);
+    if (!fs.existsSync(resolvedPath)) {
+      throw new Error(`Secrets file not found: ${resolvedPath}`);
+    }
-  if (!fs.existsSync(resolvedPath)) {
-    throw new Error(`Secrets file not found: ${resolvedPath}`);
-  }
+    const content = fs.readFileSync(resolvedPath, 'utf8');
+    const secrets = yaml.load(content);
-  const content = fs.readFileSync(resolvedPath, 'utf8');
-  const secrets = yaml.load(content);
+    if (!secrets || typeof secrets !== 'object') {
+      throw new Error(`Invalid secrets file format: ${resolvedPath}`);
+    }
-  if (!secrets || typeof secrets !== 'object') {
-    throw new Error(`Invalid secrets file format: ${resolvedPath}`);
+    return secrets;
   }
-  return secrets;
-}
+  // Cascading lookup: user's file first
+  const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
+  let mergedSecrets;
+  if (fs.existsSync(userSecretsPath)) {
+    try {
+      const content = fs.readFileSync(userSecretsPath, 'utf8');
+      const secrets = yaml.load(content);
+      if (!secrets || typeof secrets !== 'object') {
+        throw new Error(`Invalid secrets file format: ${userSecretsPath}`);
+      }
+      mergedSecrets = secrets;
+    } catch (error) {
+      // If it's a format error, throw it; otherwise log warning and continue
+      if (error.message.includes('Invalid secrets file format')) {
+        throw error;
+      }
+      logger.warn(`Warning: Could not read secrets file ${userSecretsPath}: ${error.message}`);
+      mergedSecrets = {};
+    }
+  } else {
+    mergedSecrets = {};
+  }
-/**
- * Resolves secrets file path (same logic as loadSecrets)
- * Also checks common locations if path is not provided
- * @function resolveSecretsPath
- * @param {string} [secretsPath] - Path to secrets file (optional)
- * @returns {string} Resolved secrets file path
- */
-function resolveSecretsPath(secretsPath) {
-  let resolvedPath = secretsPath;
-  if (!resolvedPath) {
-    // Check common locations for secrets.local.yaml
-    const commonLocations = [
-      path.join(process.cwd(), '..', 'aifabrix-setup', 'secrets.local.yaml'),
-      path.join(process.cwd(), '..', '..', 'aifabrix-setup', 'secrets.local.yaml'),
-      path.join(process.cwd(), 'secrets.local.yaml'),
-      path.join(process.cwd(), '..', 'secrets.local.yaml'),
-      path.join(os.homedir(), '.aifabrix', 'secrets.yaml')
-    ];
-    // Find first existing file
-    for (const location of commonLocations) {
-      if (fs.existsSync(location)) {
-        resolvedPath = location;
-        break;
+  // Then check build.secrets from variables.yaml if appName provided
+  if (appName) {
+    const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
+    if (fs.existsSync(variablesPath)) {
+      try {
+        const variablesContent = fs.readFileSync(variablesPath, 'utf8');
+        const variables = yaml.load(variablesContent);
+        if (variables?.build?.secrets) {
+          const buildSecretsPath = path.resolve(
+            path.dirname(variablesPath),
+            variables.build.secrets
+          );
+          const buildSecrets = await loadSecretsFromFile(buildSecretsPath);
+          // Merge: user's file takes priority, but use build.secrets for missing/empty values
+          for (const [key, value] of Object.entries(buildSecrets)) {
+            if (!(key in mergedSecrets) || !mergedSecrets[key] || mergedSecrets[key] === '') {
+              mergedSecrets[key] = value;
+            }
+          }
+        }
+      } catch (error) {
+        logger.warn(`Warning: Could not load build.secrets from variables.yaml: ${error.message}`);
       }
     }
+  }
-    // If none found, use default location
-    if (!resolvedPath) {
-      resolvedPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
+  // If still no secrets found, try default location
+  if (Object.keys(mergedSecrets).length === 0) {
+    const defaultPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
+    if (fs.existsSync(defaultPath)) {
+      try {
+        const content = fs.readFileSync(defaultPath, 'utf8');
+        const secrets = yaml.load(content);
+        if (!secrets || typeof secrets !== 'object') {
+          throw new Error(`Invalid secrets file format: ${defaultPath}`);
+        }
+        mergedSecrets = secrets;
+      } catch (error) {
+        // If it's a format error, throw it; otherwise log warning
+        if (error.message.includes('Invalid secrets file format')) {
+          throw error;
+        }
+        logger.warn(`Warning: Could not read secrets file ${defaultPath}: ${error.message}`);
+      }
     }
-  } else if (secretsPath.startsWith('..')) {
-    resolvedPath = path.resolve(process.cwd(), secretsPath);
   }
-  return resolvedPath;
+  // If still empty, throw error
+  if (Object.keys(mergedSecrets).length === 0) {
+    throw new Error('No secrets file found. Please create ~/.aifabrix/secrets.local.yaml or configure build.secrets in variables.yaml');
+  }
+  return mergedSecrets;
 }
 /**
@@ -246,14 +324,14 @@ async function generateEnvFile(appName, secretsPath, environment = 'local', forc
   const template = loadEnvTemplate(templatePath);
-  // Resolve secrets path to show in error messages
-  const resolvedSecretsPath = resolveSecretsPath(secretsPath);
+  // Resolve secrets path to show in error messages (use actual path that loadSecrets would use)
+  const resolvedSecretsPath = getActualSecretsPath(secretsPath, appName);
   if (force) {
     await generateMissingSecrets(template, resolvedSecretsPath);
   }
-  const secrets = await loadSecrets(secretsPath);
+  const secrets = await loadSecrets(secretsPath, appName);
   const resolved = await resolveKvReferences(template, secrets, environment, resolvedSecretsPath);
   fs.writeFileSync(envPath, resolved, { mode: 0o600 });

package/lib/templates.js CHANGED Viewed

@@ -128,7 +128,10 @@ function buildDatabaseEnv(config) {
     'DB_PORT': '5432',
     'DB_NAME': dbName,
     'DB_USER': `${dbName}_user`,
-    'DB_PASSWORD': `kv://databases-${appName}-0-passwordKeyVault`
+    'DB_PASSWORD': `kv://databases-${appName}-0-passwordKeyVault`,
+    // Also include DB_0_PASSWORD for compatibility with compose generator
+    // (compose generator expects DB_0_PASSWORD when databases array is present)
+    'DB_0_PASSWORD': `kv://databases-${appName}-0-passwordKeyVault`
   };
 }

package/lib/utils/compose-generator.js CHANGED Viewed

@@ -21,16 +21,32 @@ handlebars.registerHelper('pgQuote', (identifier) => {
     return '';
   }
   // Always quote identifiers to handle hyphens and special characters
-  return `"${String(identifier).replace(/"/g, '""')}"`;
+  // Return SafeString to prevent HTML escaping
+  return new handlebars.SafeString(`"${String(identifier).replace(/"/g, '""')}"`);
 });
 // Helper to generate quoted PostgreSQL user name from database name
+// User names must use underscores (not hyphens) for PostgreSQL compatibility
 handlebars.registerHelper('pgUser', (dbName) => {
   if (!dbName) {
     return '';
   }
+  // Replace hyphens with underscores in user name (database names can have hyphens, but user names should not)
+  const userName = `${String(dbName).replace(/-/g, '_')}_user`;
+  // Return SafeString to prevent HTML escaping
+  return new handlebars.SafeString(`"${userName.replace(/"/g, '""')}"`);
+});
+// Helper to generate old user name format (for migration - drops old users with hyphens)
+// This is used to drop legacy users that were created with hyphens before the fix
+handlebars.registerHelper('pgUserOld', (dbName) => {
+  if (!dbName) {
+    return '';
+  }
+  // Old format: database name + _user (preserving hyphens)
   const userName = `${String(dbName)}_user`;
-  return `"${userName.replace(/"/g, '""')}"`;
+  // Return SafeString to prevent HTML escaping
+  return new handlebars.SafeString(`"${userName.replace(/"/g, '""')}"`);
 });
 /**

package/lib/utils/env-template.js ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * Environment Template Utilities
+ *
+ * Helper functions for updating env.template files
+ *
+ * @fileoverview Environment template update utilities
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+const fs = require('fs').promises;
+const fsSync = require('fs');
+const path = require('path');
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+/**
+ * Updates env.template to add MISO_CLIENTID and MISO_CLIENTSECRET entries
+ * @async
+ * @param {string} appKey - Application key
+ * @param {string} clientIdKey - Secret key for client ID (e.g., 'myapp-client-idKeyVault')
+ * @param {string} clientSecretKey - Secret key for client secret (e.g., 'myapp-client-secretKeyVault')
+ * @returns {Promise<void>} Resolves when template is updated
+ */
+async function updateEnvTemplate(appKey, clientIdKey, clientSecretKey) {
+  const envTemplatePath = path.join(process.cwd(), 'builder', appKey, 'env.template');
+  if (!fsSync.existsSync(envTemplatePath)) {
+    logger.warn(chalk.yellow(`⚠️  env.template not found for ${appKey}, skipping update`));
+    return;
+  }
+  try {
+    let content = await fs.readFile(envTemplatePath, 'utf8');
+    // Check if MISO_CLIENTID already exists
+    const hasClientId = /^MISO_CLIENTID\s*=/m.test(content);
+    const hasClientSecret = /^MISO_CLIENTSECRET\s*=/m.test(content);
+    if (hasClientId && hasClientSecret) {
+      // Update existing entries
+      content = content.replace(/^MISO_CLIENTID\s*=.*$/m, `MISO_CLIENTID=kv://${clientIdKey}`);
+      content = content.replace(/^MISO_CLIENTSECRET\s*=.*$/m, `MISO_CLIENTSECRET=kv://${clientSecretKey}`);
+    } else {
+      // Add new section if not present
+      const misoSection = `# MISO Application Client Credentials (per application)
+MISO_CLIENTID=kv://${clientIdKey}
+MISO_CLIENTSECRET=kv://${clientSecretKey}
+`;
+      // Try to find a good place to insert (after last section or at end)
+      const lastSectionMatch = content.match(/# =+.*$/gm);
+      if (lastSectionMatch && lastSectionMatch.length > 0) {
+        const lastSectionIndex = content.lastIndexOf(lastSectionMatch[lastSectionMatch.length - 1]);
+        const insertIndex = content.indexOf('\n', lastSectionIndex) + 1;
+        content = content.slice(0, insertIndex) + '\n' + misoSection + content.slice(insertIndex);
+      } else {
+        content = content + '\n' + misoSection;
+      }
+    }
+    await fs.writeFile(envTemplatePath, content, 'utf8');
+    logger.log(chalk.green(`✓ Updated env.template for ${appKey}`));
+  } catch (error) {
+    logger.warn(chalk.yellow(`⚠️  Could not update env.template: ${error.message}`));
+  }
+}
+module.exports = { updateEnvTemplate };

package/lib/utils/local-secrets.js ADDED Viewed

@@ -0,0 +1,98 @@
+/**
+ * Local Secrets Management Utilities
+ *
+ * Helper functions for managing local secrets in ~/.aifabrix/secrets.local.yaml
+ *
+ * @fileoverview Local secrets management utilities
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+const os = require('os');
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+/**
+ * Saves a secret to ~/.aifabrix/secrets.local.yaml
+ * Merges with existing secrets without overwriting other keys
+ *
+ * @async
+ * @function saveLocalSecret
+ * @param {string} key - Secret key name
+ * @param {string} value - Secret value
+ * @returns {Promise<void>} Resolves when secret is saved
+ * @throws {Error} If save fails
+ *
+ * @example
+ * await saveLocalSecret('myapp-client-idKeyVault', 'client-id-value');
+ */
+async function saveLocalSecret(key, value) {
+  if (!key || typeof key !== 'string') {
+    throw new Error('Secret key is required and must be a string');
+  }
+  if (value === undefined || value === null) {
+    throw new Error('Secret value is required');
+  }
+  const secretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
+  const secretsDir = path.dirname(secretsPath);
+  // Create directory if needed
+  if (!fs.existsSync(secretsDir)) {
+    fs.mkdirSync(secretsDir, { recursive: true, mode: 0o700 });
+  }
+  // Load existing secrets
+  let existingSecrets = {};
+  if (fs.existsSync(secretsPath)) {
+    try {
+      const content = fs.readFileSync(secretsPath, 'utf8');
+      existingSecrets = yaml.load(content) || {};
+      if (typeof existingSecrets !== 'object') {
+        existingSecrets = {};
+      }
+    } catch (error) {
+      logger.warn(`Warning: Could not read existing secrets file: ${error.message}`);
+      existingSecrets = {};
+    }
+  }
+  // Merge with new secret
+  const updatedSecrets = {
+    ...existingSecrets,
+    [key]: value
+  };
+  // Save to file
+  const yamlContent = yaml.dump(updatedSecrets, {
+    indent: 2,
+    lineWidth: 120,
+    noRefs: true,
+    sortKeys: false
+  });
+  fs.writeFileSync(secretsPath, yamlContent, { mode: 0o600 });
+  logger.log(chalk.green(`✓ Saved secret ${key} to ${secretsPath}`));
+}
+/**
+ * Checks if a URL is localhost
+ * @function isLocalhost
+ * @param {string} url - URL to check
+ * @returns {boolean} True if URL is localhost
+ */
+function isLocalhost(url) {
+  if (!url || typeof url !== 'string') {
+    return false;
+  }
+  const urlLower = url.toLowerCase();
+  return urlLower.includes('localhost') || urlLower.includes('127.0.0.1');
+}
+module.exports = { saveLocalSecret, isLocalhost };

package/lib/utils/secrets-path.js ADDED Viewed

@@ -0,0 +1,114 @@
+/**
+ * AI Fabrix Builder Secrets Path Resolution
+ *
+ * This module handles secrets file path resolution with cascading lookup support.
+ * Determines the actual path that would be used for loading secrets.
+ *
+ * @fileoverview Secrets path resolution utilities for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const yaml = require('js-yaml');
+/**
+ * Resolves secrets file path (backward compatibility)
+ * Checks common locations if path is not provided
+ * @function resolveSecretsPath
+ * @param {string} [secretsPath] - Path to secrets file (optional)
+ * @returns {string} Resolved secrets file path
+ */
+function resolveSecretsPath(secretsPath) {
+  let resolvedPath = secretsPath;
+  if (!resolvedPath) {
+    // Check common locations for secrets.local.yaml
+    const commonLocations = [
+      path.join(process.cwd(), '..', 'aifabrix-setup', 'secrets.local.yaml'),
+      path.join(process.cwd(), '..', '..', 'aifabrix-setup', 'secrets.local.yaml'),
+      path.join(process.cwd(), 'secrets.local.yaml'),
+      path.join(process.cwd(), '..', 'secrets.local.yaml'),
+      path.join(os.homedir(), '.aifabrix', 'secrets.yaml')
+    ];
+    // Find first existing file
+    for (const location of commonLocations) {
+      if (fs.existsSync(location)) {
+        resolvedPath = location;
+        break;
+      }
+    }
+    // If none found, use default location
+    if (!resolvedPath) {
+      resolvedPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
+    }
+  } else if (secretsPath.startsWith('..')) {
+    resolvedPath = path.resolve(process.cwd(), secretsPath);
+  }
+  return resolvedPath;
+}
+/**
+ * Determines the actual secrets file path that loadSecrets would use
+ * Mirrors the cascading lookup logic from loadSecrets
+ * @function getActualSecretsPath
+ * @param {string} [secretsPath] - Path to secrets file (optional)
+ * @param {string} [appName] - Application name (optional, for variables.yaml lookup)
+ * @returns {string} Actual secrets file path that would be used
+ */
+function getActualSecretsPath(secretsPath, appName) {
+  // If explicit path provided, use it (backward compatibility)
+  if (secretsPath) {
+    return resolveSecretsPath(secretsPath);
+  }
+  // Cascading lookup: user's file first
+  const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
+  if (fs.existsSync(userSecretsPath)) {
+    return userSecretsPath;
+  }
+  // Then check build.secrets from variables.yaml if appName provided
+  if (appName) {
+    const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
+    if (fs.existsSync(variablesPath)) {
+      try {
+        const variablesContent = fs.readFileSync(variablesPath, 'utf8');
+        const variables = yaml.load(variablesContent);
+        if (variables?.build?.secrets) {
+          const buildSecretsPath = path.resolve(
+            path.dirname(variablesPath),
+            variables.build.secrets
+          );
+          if (fs.existsSync(buildSecretsPath)) {
+            return buildSecretsPath;
+          }
+        }
+      } catch (error) {
+        // Ignore errors, continue to next check
+      }
+    }
+  }
+  // If still no secrets found, try default location
+  const defaultPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
+  if (fs.existsSync(defaultPath)) {
+    return defaultPath;
+  }
+  // Return user's file path as default (even if it doesn't exist) for error messages
+  return userSecretsPath;
+}
+module.exports = {
+  resolveSecretsPath,
+  getActualSecretsPath
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.1.4",
+  "version": "2.1.6",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {

package/templates/applications/keycloak/Dockerfile CHANGED Viewed

@@ -1,7 +1,7 @@
 # Keycloak Identity and Access Management with Custom Themes
-# This Dockerfile extends Keycloak 24.0 with custom themes
+# This Dockerfile extends Keycloak 26.4 with custom themes
-FROM quay.io/keycloak/keycloak:24.0
+FROM quay.io/keycloak/keycloak:26.4
 # Set working directory
 WORKDIR /opt/keycloak
@@ -21,9 +21,10 @@ RUN if [ -d "/tmp/build-context/themes" ] && [ "$(ls -A /tmp/build-context/theme
     fi && \
     rm -rf /tmp/build-context
-# Build Keycloak with health checks enabled
+# Build Keycloak with health checks enabled (similar to Keycloak 24.0)
 # This enables the /health, /health/live, /health/ready, and /health/started endpoints
-RUN /opt/keycloak/bin/kc.sh build --health-enabled=true
+# Expose health endpoints on main HTTP port (like 24.0) instead of management port
+RUN /opt/keycloak/bin/kc.sh build --health-enabled=true --http-management-health-enabled=false
 # Switch back to keycloak user
 USER keycloak

package/templates/applications/keycloak/env.template CHANGED Viewed

@@ -15,8 +15,13 @@ KC_HTTP_ENABLED=true
 # HEALTH CHECK CONFIGURATION
 # =============================================================================
 # Enable health check endpoints: /health, /health/live, /health/ready, /health/started
+# Keycloak 26.4.0+: Health endpoints are exposed on main HTTP(S) port (8080) by default
+# Set http-management-health-enabled=false to expose on main port instead of management port
 KC_HEALTH_ENABLED=true
+# Expose health endpoints on main HTTP port (like Keycloak 24.0)
+# Set to false to expose on main port instead of management port (9000)
+KC_HTTP_MANAGEMENT_HEALTH_ENABLED=false
 # =============================================================================
 # DATABASE CONFIGURATION