@aifabrix/builder 2.1.6 → 2.1.7

package/lib/secrets.js

@@ -23,6 +23,13 @@ const {
   resolveSecretsPath,
   getActualSecretsPath
 } = require('./utils/secrets-path');
+const {
+  loadUserSecrets,
+  loadBuildSecrets,
+  loadDefaultSecrets,
+  buildHostnameToServiceMap,
+  resolveUrlPort
+} = require('./utils/secrets-utils');
 
 /**
  * Loads environment configuration for docker/local context
@@ -34,35 +41,6 @@ function loadEnvConfig() {
   return yaml.load(content);
 }
 
-/**
- * Loads secrets from file with cascading lookup support
- * First checks ~/.aifabrix/secrets.local.yaml, then build.secrets from variables.yaml
- *
- * @async
- * @function loadSecretsFromFile
- * @param {string} filePath - Path to secrets file
- * @returns {Promise<Object>} Loaded secrets object or empty object if file doesn't exist
- */
-async function loadSecretsFromFile(filePath) {
-  if (!fs.existsSync(filePath)) {
-    return {};
-  }
-
-  try {
-    const content = fs.readFileSync(filePath, 'utf8');
-    const secrets = yaml.load(content);
-
-    if (!secrets || typeof secrets !== 'object') {
-      return {};
-    }
-
-    return secrets;
-  } catch (error) {
-    logger.warn(`Warning: Could not read secrets file ${filePath}: ${error.message}`);
-    return {};
-  }
-}
-
 /**
  * Loads secrets with cascading lookup
  * Supports both user secrets (~/.aifabrix/secrets.local.yaml) and project overrides
@@ -98,76 +76,16 @@ async function loadSecrets(secretsPath, appName) {
   }
 
   // Cascading lookup: user's file first
-  const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
-  let mergedSecrets;
-  if (fs.existsSync(userSecretsPath)) {
-    try {
-      const content = fs.readFileSync(userSecretsPath, 'utf8');
-      const secrets = yaml.load(content);
-      if (!secrets || typeof secrets !== 'object') {
-        throw new Error(`Invalid secrets file format: ${userSecretsPath}`);
-      }
-      mergedSecrets = secrets;
-    } catch (error) {
-      // If it's a format error, throw it; otherwise log warning and continue
-      if (error.message.includes('Invalid secrets file format')) {
-        throw error;
-      }
-      logger.warn(`Warning: Could not read secrets file ${userSecretsPath}: ${error.message}`);
-      mergedSecrets = {};
-    }
-  } else {
-    mergedSecrets = {};
-  }
+  let mergedSecrets = loadUserSecrets();
 
   // Then check build.secrets from variables.yaml if appName provided
   if (appName) {
-    const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
-    if (fs.existsSync(variablesPath)) {
-      try {
-        const variablesContent = fs.readFileSync(variablesPath, 'utf8');
-        const variables = yaml.load(variablesContent);
-
-        if (variables?.build?.secrets) {
-          const buildSecretsPath = path.resolve(
-            path.dirname(variablesPath),
-            variables.build.secrets
-          );
-
-          const buildSecrets = await loadSecretsFromFile(buildSecretsPath);
-
-          // Merge: user's file takes priority, but use build.secrets for missing/empty values
-          for (const [key, value] of Object.entries(buildSecrets)) {
-            if (!(key in mergedSecrets) || !mergedSecrets[key] || mergedSecrets[key] === '') {
-              mergedSecrets[key] = value;
-            }
-          }
-        }
-      } catch (error) {
-        logger.warn(`Warning: Could not load build.secrets from variables.yaml: ${error.message}`);
-      }
-    }
+    mergedSecrets = await loadBuildSecrets(mergedSecrets, appName);
   }
 
   // If still no secrets found, try default location
   if (Object.keys(mergedSecrets).length === 0) {
-    const defaultPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
-    if (fs.existsSync(defaultPath)) {
-      try {
-        const content = fs.readFileSync(defaultPath, 'utf8');
-        const secrets = yaml.load(content);
-        if (!secrets || typeof secrets !== 'object') {
-          throw new Error(`Invalid secrets file format: ${defaultPath}`);
-        }
-        mergedSecrets = secrets;
-      } catch (error) {
-        // If it's a format error, throw it; otherwise log warning
-        if (error.message.includes('Invalid secrets file format')) {
-          throw error;
-        }
-        logger.warn(`Warning: Could not read secrets file ${defaultPath}: ${error.message}`);
-      }
-    }
+    mergedSecrets = loadDefaultSecrets();
   }
 
   // If still empty, throw error
@@ -187,7 +105,9 @@ async function loadSecrets(secretsPath, appName) {
  * @param {string} envTemplate - Environment template content
  * @param {Object} secrets - Secrets object from loadSecrets()
  * @param {string} [environment='local'] - Environment context (docker/local)
- * @param {string} [secretsFilePath] - Path to secrets file (for error messages)
+ * @param {Object|string|null} [secretsFilePaths] - Paths object with userPath and buildPath, or string path (for backward compatibility)
+ * @param {string} [secretsFilePaths.userPath] - User's secrets file path
+ * @param {string|null} [secretsFilePaths.buildPath] - App's build.secrets file path (if configured)
  * @returns {Promise<string>} Resolved environment content
  * @throws {Error} If kv:// reference cannot be resolved
  *
@@ -195,7 +115,7 @@ async function loadSecrets(secretsPath, appName) {
  * const resolved = await resolveKvReferences(template, secrets, 'local');
  * // Returns: 'DATABASE_URL=postgresql://user:pass@localhost:5432/db'
  */
-async function resolveKvReferences(envTemplate, secrets, environment = 'local', secretsFilePath = null) {
+async function resolveKvReferences(envTemplate, secrets, environment = 'local', secretsFilePaths = null) {
   const envConfig = loadEnvConfig();
   const envVars = envConfig.environments[environment] || envConfig.environments.local;
 
@@ -216,7 +136,20 @@ async function resolveKvReferences(envTemplate, secrets, environment = 'local',
   }
 
   if (missingSecrets.length > 0) {
-    const fileInfo = secretsFilePath ? `\n\nSecrets file location: ${secretsFilePath}` : '';
+    let fileInfo = '';
+    if (secretsFilePaths) {
+      // Handle backward compatibility: if it's a string, use it as-is
+      if (typeof secretsFilePaths === 'string') {
+        fileInfo = `\n\nSecrets file location: ${secretsFilePaths}`;
+      } else if (typeof secretsFilePaths === 'object' && secretsFilePaths.userPath) {
+        // New format: show both paths if buildPath is configured
+        const paths = [secretsFilePaths.userPath];
+        if (secretsFilePaths.buildPath) {
+          paths.push(secretsFilePaths.buildPath);
+        }
+        fileInfo = `\n\nSecrets file location: ${paths.join(' and ')}`;
+      }
+    }
     throw new Error(`Missing secrets: ${missingSecrets.join(', ')}${fileInfo}`);
   }
 
@@ -235,6 +168,36 @@ async function resolveKvReferences(envTemplate, secrets, environment = 'local',
   return resolved;
 }
 
+/**
+ * Resolves service ports in URLs within .env content for Docker environment
+ * Replaces ports in URLs with containerPort from service's variables.yaml
+ *
+ * @function resolveServicePortsInEnvContent
+ * @param {string} envContent - Resolved .env file content
+ * @param {string} environment - Environment context (docker/local)
+ * @returns {string} Content with resolved ports
+ */
+function resolveServicePortsInEnvContent(envContent, environment) {
+  // Only process docker environment
+  if (environment !== 'docker') {
+    return envContent;
+  }
+
+  const envConfig = loadEnvConfig();
+  const dockerHosts = envConfig.environments.docker || {};
+  const hostnameToService = buildHostnameToServiceMap(dockerHosts);
+
+  // Pattern to match URLs: http://hostname:port or https://hostname:port
+  // Matches: protocol://hostname:port/path?query
+  // Captures: protocol, hostname, port, and optional path/query
+  // Note: [^\s\n]* matches any non-whitespace characters except newline (stops at end of line)
+  const urlPattern = /(https?:\/\/)([a-zA-Z0-9-]+):(\d+)([^\s\n]*)?/g;
+
+  return envContent.replace(urlPattern, (match, protocol, hostname, port, urlPath = '') => {
+    return resolveUrlPort(protocol, hostname, port, urlPath || '', hostnameToService);
+  });
+}
+
 /**
  * Loads environment template from file
  * @function loadEnvTemplate
@@ -324,15 +287,21 @@ async function generateEnvFile(appName, secretsPath, environment = 'local', forc
 
   const template = loadEnvTemplate(templatePath);
 
-  // Resolve secrets path to show in error messages (use actual path that loadSecrets would use)
-  const resolvedSecretsPath = getActualSecretsPath(secretsPath, appName);
+  // Resolve secrets paths to show in error messages (use actual paths that loadSecrets would use)
+  const secretsPaths = getActualSecretsPath(secretsPath, appName);
 
   if (force) {
-    await generateMissingSecrets(template, resolvedSecretsPath);
+    // Use userPath for generating missing secrets (priority file)
+    await generateMissingSecrets(template, secretsPaths.userPath);
   }
 
   const secrets = await loadSecrets(secretsPath, appName);
-  const resolved = await resolveKvReferences(template, secrets, environment, resolvedSecretsPath);
+  let resolved = await resolveKvReferences(template, secrets, environment, secretsPaths);
+
+  // Resolve service ports in URLs for docker environment
+  if (environment === 'docker') {
+    resolved = resolveServicePortsInEnvContent(resolved, environment);
+  }
 
   fs.writeFileSync(envPath, resolved, { mode: 0o600 });
 

package/lib/utils/secrets-path.js

@@ -54,26 +54,30 @@ function resolveSecretsPath(secretsPath) {
 }
 
 /**
- * Determines the actual secrets file path that loadSecrets would use
+ * Determines the actual secrets file paths that loadSecrets would use
  * Mirrors the cascading lookup logic from loadSecrets
  * @function getActualSecretsPath
  * @param {string} [secretsPath] - Path to secrets file (optional)
  * @param {string} [appName] - Application name (optional, for variables.yaml lookup)
- * @returns {string} Actual secrets file path that would be used
+ * @returns {Object} Object with userPath and buildPath (if configured)
+ * @returns {string} returns.userPath - User's secrets file path (~/.aifabrix/secrets.local.yaml)
+ * @returns {string|null} returns.buildPath - App's build.secrets file path (if configured in variables.yaml)
  */
 function getActualSecretsPath(secretsPath, appName) {
   // If explicit path provided, use it (backward compatibility)
   if (secretsPath) {
-    return resolveSecretsPath(secretsPath);
+    const resolvedPath = resolveSecretsPath(secretsPath);
+    return {
+      userPath: resolvedPath,
+      buildPath: null
+    };
   }
 
   // Cascading lookup: user's file first
   const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
-  if (fs.existsSync(userSecretsPath)) {
-    return userSecretsPath;
-  }
 
-  // Then check build.secrets from variables.yaml if appName provided
+  // Check build.secrets from variables.yaml if appName provided
+  let buildSecretsPath = null;
   if (appName) {
     const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
     if (fs.existsSync(variablesPath)) {
@@ -82,29 +86,22 @@ function getActualSecretsPath(secretsPath, appName) {
         const variables = yaml.load(variablesContent);
 
         if (variables?.build?.secrets) {
-          const buildSecretsPath = path.resolve(
+          buildSecretsPath = path.resolve(
             path.dirname(variablesPath),
             variables.build.secrets
           );
-
-          if (fs.existsSync(buildSecretsPath)) {
-            return buildSecretsPath;
-          }
         }
       } catch (error) {
-        // Ignore errors, continue to next check
+        // Ignore errors, continue
       }
     }
   }
 
-  // If still no secrets found, try default location
-  const defaultPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
-  if (fs.existsSync(defaultPath)) {
-    return defaultPath;
-  }
-
-  // Return user's file path as default (even if it doesn't exist) for error messages
-  return userSecretsPath;
+  // Return both paths (even if files don't exist) for error messages
+  return {
+    userPath: userSecretsPath,
+    buildPath: buildSecretsPath
+  };
 }
 
 module.exports = {

package/lib/utils/secrets-utils.js

@@ -0,0 +1,206 @@
+/**
+ * AI Fabrix Builder Secrets Utilities
+ *
+ * This module provides utility functions for loading and processing secrets.
+ * Helper functions for secrets.js module.
+ *
+ * @fileoverview Secrets utility functions for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+const os = require('os');
+const logger = require('./logger');
+
+/**
+ * Loads secrets from file with cascading lookup support
+ * First checks ~/.aifabrix/secrets.local.yaml, then build.secrets from variables.yaml
+ *
+ * @async
+ * @function loadSecretsFromFile
+ * @param {string} filePath - Path to secrets file
+ * @returns {Promise<Object>} Loaded secrets object or empty object if file doesn't exist
+ */
+async function loadSecretsFromFile(filePath) {
+  if (!fs.existsSync(filePath)) {
+    return {};
+  }
+
+  try {
+    const content = fs.readFileSync(filePath, 'utf8');
+    const secrets = yaml.load(content);
+
+    if (!secrets || typeof secrets !== 'object') {
+      return {};
+    }
+
+    return secrets;
+  } catch (error) {
+    logger.warn(`Warning: Could not read secrets file ${filePath}: ${error.message}`);
+    return {};
+  }
+}
+
+/**
+ * Loads user secrets from ~/.aifabrix/secrets.local.yaml
+ * @function loadUserSecrets
+ * @returns {Object} Loaded secrets object or empty object
+ */
+function loadUserSecrets() {
+  const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
+  if (!fs.existsSync(userSecretsPath)) {
+    return {};
+  }
+
+  try {
+    const content = fs.readFileSync(userSecretsPath, 'utf8');
+    const secrets = yaml.load(content);
+    if (!secrets || typeof secrets !== 'object') {
+      throw new Error(`Invalid secrets file format: ${userSecretsPath}`);
+    }
+    return secrets;
+  } catch (error) {
+    if (error.message.includes('Invalid secrets file format')) {
+      throw error;
+    }
+    logger.warn(`Warning: Could not read secrets file ${userSecretsPath}: ${error.message}`);
+    return {};
+  }
+}
+
+/**
+ * Loads build secrets from variables.yaml and merges with existing secrets
+ * @async
+ * @function loadBuildSecrets
+ * @param {Object} mergedSecrets - Existing secrets to merge with
+ * @param {string} appName - Application name
+ * @returns {Promise<Object>} Merged secrets object
+ */
+async function loadBuildSecrets(mergedSecrets, appName) {
+  const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
+  if (!fs.existsSync(variablesPath)) {
+    return mergedSecrets;
+  }
+
+  try {
+    const variablesContent = fs.readFileSync(variablesPath, 'utf8');
+    const variables = yaml.load(variablesContent);
+
+    if (variables?.build?.secrets) {
+      const buildSecretsPath = path.resolve(
+        path.dirname(variablesPath),
+        variables.build.secrets
+      );
+
+      const buildSecrets = await loadSecretsFromFile(buildSecretsPath);
+
+      // Merge: user's file takes priority, but use build.secrets for missing/empty values
+      for (const [key, value] of Object.entries(buildSecrets)) {
+        if (!(key in mergedSecrets) || !mergedSecrets[key] || mergedSecrets[key] === '') {
+          mergedSecrets[key] = value;
+        }
+      }
+    }
+  } catch (error) {
+    logger.warn(`Warning: Could not load build.secrets from variables.yaml: ${error.message}`);
+  }
+
+  return mergedSecrets;
+}
+
+/**
+ * Loads default secrets from ~/.aifabrix/secrets.yaml
+ * @function loadDefaultSecrets
+ * @returns {Object} Loaded secrets object or empty object
+ */
+function loadDefaultSecrets() {
+  const defaultPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
+  if (!fs.existsSync(defaultPath)) {
+    return {};
+  }
+
+  try {
+    const content = fs.readFileSync(defaultPath, 'utf8');
+    const secrets = yaml.load(content);
+    if (!secrets || typeof secrets !== 'object') {
+      throw new Error(`Invalid secrets file format: ${defaultPath}`);
+    }
+    return secrets;
+  } catch (error) {
+    if (error.message.includes('Invalid secrets file format')) {
+      throw error;
+    }
+    logger.warn(`Warning: Could not read secrets file ${defaultPath}: ${error.message}`);
+    return {};
+  }
+}
+
+/**
+ * Builds a map of hostname to service name from environment config
+ * @function buildHostnameToServiceMap
+ * @param {Object} dockerHosts - Docker environment hosts configuration
+ * @returns {Object} Map of hostname to service name
+ */
+function buildHostnameToServiceMap(dockerHosts) {
+  const hostnameToService = {};
+  for (const [key, hostname] of Object.entries(dockerHosts)) {
+    if (key.endsWith('_HOST')) {
+      // Use hostname directly as service name (e.g., 'keycloak', 'miso-controller')
+      hostnameToService[hostname] = hostname;
+    }
+  }
+  return hostnameToService;
+}
+
+/**
+ * Resolves port for a single URL by looking up service's variables.yaml
+ * @function resolveUrlPort
+ * @param {string} protocol - URL protocol (http:// or https://)
+ * @param {string} hostname - Service hostname
+ * @param {string} port - Current port
+ * @param {string} urlPath - URL path and query string
+ * @param {Object} hostnameToService - Map of hostname to service name
+ * @returns {string} URL with resolved port
+ */
+function resolveUrlPort(protocol, hostname, port, urlPath, hostnameToService) {
+  const serviceName = hostnameToService[hostname];
+  if (!serviceName) {
+    // Not a service hostname, keep original
+    return `${protocol}${hostname}:${port}${urlPath}`;
+  }
+
+  // Try to load service's variables.yaml
+  const serviceVariablesPath = path.join(process.cwd(), 'builder', serviceName, 'variables.yaml');
+  if (!fs.existsSync(serviceVariablesPath)) {
+    // Service variables.yaml not found, keep original port
+    return `${protocol}${hostname}:${port}${urlPath}`;
+  }
+
+  try {
+    const variablesContent = fs.readFileSync(serviceVariablesPath, 'utf8');
+    const variables = yaml.load(variablesContent);
+
+    // Get containerPort or fall back to port
+    const containerPort = variables?.build?.containerPort || variables?.port || port;
+
+    // Replace port in URL
+    return `${protocol}${hostname}:${containerPort}${urlPath}`;
+  } catch (error) {
+    // Error loading variables.yaml, keep original port
+    logger.warn(`Warning: Could not load variables.yaml for service ${serviceName}: ${error.message}`);
+    return `${protocol}${hostname}:${port}${urlPath}`;
+  }
+}
+
+module.exports = {
+  loadSecretsFromFile,
+  loadUserSecrets,
+  loadBuildSecrets,
+  loadDefaultSecrets,
+  buildHostnameToServiceMap,
+  resolveUrlPort
+};
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.1.6",
+  "version": "2.1.7",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {