@aifabrix/builder 2.1.6 → 2.2.0

package/lib/utils/deployment-errors.js

@@ -0,0 +1,90 @@
+/**
+ * Deployment Error Handling Utilities
+ *
+ * Handles deployment errors with security-aware messages and audit logging.
+ *
+ * @fileoverview Deployment error handling functions
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const auditLogger = require('../audit-logger');
+const { parseErrorResponse } = require('./api-error-handler');
+
+/**
+ * Handles deployment errors with security-aware messages
+ *
+ * @param {Error} error - Error to handle
+ * @returns {Object} Structured error information
+ */
+function handleDeploymentError(error) {
+  const safeError = {
+    message: error.message,
+    code: error.code || 'UNKNOWN',
+    timeout: error.code === 'ECONNABORTED',
+    status: error.status || error.response?.status,
+    data: error.data || error.response?.data
+  };
+
+  // Mask sensitive information in error messages
+  safeError.message = auditLogger.maskSensitiveData(safeError.message);
+
+  return safeError;
+}
+
+/**
+ * Unified error handler for deployment errors
+ * Handles audit logging, error formatting, and user-friendly messages
+ * @param {Error} error - Error object
+ * @param {string} appName - Application name for audit logging
+ * @param {string} url - Controller URL for audit logging
+ * @param {boolean} [alreadyLogged=false] - Whether error has already been logged
+ * @throws {Error} User-friendly error message
+ */
+async function handleDeploymentErrors(error, appName, url, alreadyLogged = false) {
+  // Log to audit log if not already logged
+  if (!alreadyLogged) {
+    try {
+      await auditLogger.logDeploymentFailure(appName, url, error);
+    } catch (logError) {
+      // Don't fail if audit logging fails, but log to console
+      // eslint-disable-next-line no-console
+      console.error(`[AUDIT LOG ERROR] Failed to log deployment failure: ${logError.message}`);
+    }
+  }
+
+  const safeError = handleDeploymentError(error);
+
+  // Extract error data from axios response
+  let errorData = safeError.data;
+  if (error.response && error.response.data !== undefined) {
+    errorData = error.response.data;
+  }
+
+  // Ensure errorData is not undefined before parsing
+  // If errorData is undefined, use the error message instead
+  const errorResponse = errorData !== undefined ? errorData : safeError.message;
+
+  // Determine if this is a network error
+  const isNetworkError = safeError.code === 'ECONNREFUSED' ||
+    safeError.code === 'ENOTFOUND' ||
+    safeError.code === 'ECONNABORTED' ||
+    safeError.timeout;
+
+  // Parse error using error handler
+  const parsedError = parseErrorResponse(errorResponse, safeError.status || 0, isNetworkError);
+
+  // Throw clean error message (without emoji) - CLI will format it
+  const formattedError = new Error(parsedError.message);
+  formattedError.formatted = parsedError.formatted;
+  formattedError.status = safeError.status;
+  formattedError.data = parsedError.data;
+  formattedError._logged = true; // Mark as logged to prevent double-logging
+  throw formattedError;
+}
+
+module.exports = {
+  handleDeploymentError,
+  handleDeploymentErrors
+};
+

package/lib/utils/deployment-validation.js

@@ -0,0 +1,60 @@
+/**
+ * Deployment Validation Utilities
+ *
+ * Validates deployment configuration inputs with ISO 27001 security measures.
+ *
+ * @fileoverview Deployment validation functions
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * Validates and sanitizes controller URL
+ * Enforces HTTPS-only communication for security
+ *
+ * @param {string} url - Controller URL to validate
+ * @throws {Error} If URL is invalid or uses HTTP
+ */
+function validateControllerUrl(url) {
+  if (!url || typeof url !== 'string') {
+    throw new Error('Controller URL is required and must be a string');
+  }
+
+  // Must use HTTPS for security (allow http://localhost for local development)
+  if (!url.startsWith('https://') && !url.startsWith('http://localhost')) {
+    throw new Error('Controller URL must use HTTPS (https://) or http://localhost');
+  }
+
+  // Basic URL format validation
+  const urlPattern = /^(https?):\/\/[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(localhost)?(:[0-9]+)?(\/.*)?$/;
+  if (!urlPattern.test(url)) {
+    throw new Error('Invalid controller URL format');
+  }
+
+  // Remove trailing slash if present
+  return url.replace(/\/$/, '');
+}
+
+/**
+ * Validates environment key
+ * @param {string} envKey - Environment key to validate
+ * @throws {Error} If environment key is invalid
+ */
+function validateEnvironmentKey(envKey) {
+  if (!envKey || typeof envKey !== 'string') {
+    throw new Error('Environment key is required and must be a string');
+  }
+
+  const validEnvironments = ['miso', 'dev', 'tst', 'pro'];
+  if (!validEnvironments.includes(envKey.toLowerCase())) {
+    throw new Error(`Invalid environment key: ${envKey}. Must be one of: ${validEnvironments.join(', ')}`);
+  }
+
+  return envKey.toLowerCase();
+}
+
+module.exports = {
+  validateControllerUrl,
+  validateEnvironmentKey
+};
+

package/lib/utils/dev-config.js

@@ -0,0 +1,83 @@
+/**
+ * Developer Configuration Utilities
+ *
+ * This module provides utilities for calculating developer-specific ports
+ * based on developer ID. Ports are offset by (developer-id * 100).
+ *
+ * @fileoverview Developer configuration and port calculation utilities
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * Base ports for infrastructure and applications
+ * These are the default ports before any developer offset
+ */
+const BASE_PORTS = {
+  app: 3000,
+  postgres: 5432,
+  redis: 6379,
+  pgadmin: 5050,
+  redisCommander: 8081
+};
+
+/**
+ * Calculates developer-specific ports based on developer ID
+ * Formula: basePort + (developerId * 100)
+ * Developer ID: 0 = default infra (base ports), > 0 = developer-specific (offset ports)
+ *
+ * @function getDevPorts
+ * @param {number} developerId - Developer ID (0 = default infra, 1, 2, 3, etc. = developer-specific)
+ * @returns {Object} Object with calculated ports for all services
+ *
+ * @example
+ * const ports = getDevPorts(0); // Default infra
+ * // Returns: { app: 3000, postgres: 5432, redis: 6379, pgadmin: 5050, redisCommander: 8081 }
+ * const ports = getDevPorts(1); // Developer-specific
+ * // Returns: { app: 3100, postgres: 5532, redis: 6479, pgadmin: 5150, redisCommander: 8181 }
+ */
+function getDevPorts(developerId) {
+  // Validate type first - must be a number
+  if (typeof developerId !== 'number') {
+    throw new Error('Developer ID must be a positive number');
+  }
+
+  // Handle NaN, undefined, null - throw error (don't default)
+  if (isNaN(developerId) || developerId === undefined || developerId === null) {
+    throw new Error('Developer ID must be a positive number');
+  }
+
+  if (developerId < 0 || !Number.isInteger(developerId)) {
+    throw new Error('Developer ID must be a positive number');
+  }
+
+  // Developer ID 0 = default infra (base ports, no offset)
+  if (developerId === 0) {
+    return { ...BASE_PORTS };
+  }
+
+  // Developer ID > 0 = developer-specific (add offset)
+  const offset = developerId * 100;
+
+  return {
+    app: BASE_PORTS.app + offset,
+    postgres: BASE_PORTS.postgres + offset,
+    redis: BASE_PORTS.redis + offset,
+    pgadmin: BASE_PORTS.pgadmin + offset,
+    redisCommander: BASE_PORTS.redisCommander + offset
+  };
+}
+
+/**
+ * Gets base ports (for reference/documentation)
+ * @returns {Object} Base ports object
+ */
+function getBasePorts() {
+  return { ...BASE_PORTS };
+}
+
+module.exports = {
+  getDevPorts,
+  getBasePorts
+};
+

package/lib/utils/env-template.js

@@ -15,14 +15,15 @@ const chalk = require('chalk');
 const logger = require('../utils/logger');
 
 /**
- * Updates env.template to add MISO_CLIENTID and MISO_CLIENTSECRET entries
+ * Updates env.template to add MISO_CLIENTID, MISO_CLIENTSECRET, and MISO_CONTROLLER_URL entries
  * @async
  * @param {string} appKey - Application key
  * @param {string} clientIdKey - Secret key for client ID (e.g., 'myapp-client-idKeyVault')
  * @param {string} clientSecretKey - Secret key for client secret (e.g., 'myapp-client-secretKeyVault')
+ * @param {string} controllerUrl - Controller URL (e.g., 'http://localhost:3010' or 'https://controller.aifabrix.ai')
  * @returns {Promise<void>} Resolves when template is updated
  */
-async function updateEnvTemplate(appKey, clientIdKey, clientSecretKey) {
+async function updateEnvTemplate(appKey, clientIdKey, clientSecretKey, controllerUrl) {
   const envTemplatePath = path.join(process.cwd(), 'builder', appKey, 'env.template');
 
   if (!fsSync.existsSync(envTemplatePath)) {
@@ -33,19 +34,39 @@ async function updateEnvTemplate(appKey, clientIdKey, clientSecretKey) {
   try {
     let content = await fs.readFile(envTemplatePath, 'utf8');
 
-    // Check if MISO_CLIENTID already exists
+    // Check if entries already exist
     const hasClientId = /^MISO_CLIENTID\s*=/m.test(content);
     const hasClientSecret = /^MISO_CLIENTSECRET\s*=/m.test(content);
+    const hasControllerUrl = /^MISO_CONTROLLER_URL\s*=/m.test(content);
 
-    if (hasClientId && hasClientSecret) {
-      // Update existing entries
+    // Update existing entries
+    if (hasClientId) {
       content = content.replace(/^MISO_CLIENTID\s*=.*$/m, `MISO_CLIENTID=kv://${clientIdKey}`);
+    }
+
+    if (hasClientSecret) {
       content = content.replace(/^MISO_CLIENTSECRET\s*=.*$/m, `MISO_CLIENTSECRET=kv://${clientSecretKey}`);
-    } else {
-      // Add new section if not present
+    }
+
+    if (hasControllerUrl) {
+      content = content.replace(/^MISO_CONTROLLER_URL\s*=.*$/m, `MISO_CONTROLLER_URL=${controllerUrl}`);
+    }
+
+    // Add missing entries
+    if (!hasClientId || !hasClientSecret || !hasControllerUrl) {
+      const missingEntries = [];
+      if (!hasClientId) {
+        missingEntries.push(`MISO_CLIENTID=kv://${clientIdKey}`);
+      }
+      if (!hasClientSecret) {
+        missingEntries.push(`MISO_CLIENTSECRET=kv://${clientSecretKey}`);
+      }
+      if (!hasControllerUrl) {
+        missingEntries.push(`MISO_CONTROLLER_URL=${controllerUrl}`);
+      }
+
       const misoSection = `# MISO Application Client Credentials (per application)
-MISO_CLIENTID=kv://${clientIdKey}
-MISO_CLIENTSECRET=kv://${clientSecretKey}
+${missingEntries.join('\n')}
 `;
 
       // Try to find a good place to insert (after last section or at end)
@@ -60,7 +81,6 @@ MISO_CLIENTSECRET=kv://${clientSecretKey}
     }
 
     await fs.writeFile(envTemplatePath, content, 'utf8');
-    logger.log(chalk.green(`✓ Updated env.template for ${appKey}`));
   } catch (error) {
     logger.warn(chalk.yellow(`⚠️  Could not update env.template: ${error.message}`));
   }

package/lib/utils/health-check.js

@@ -9,6 +9,7 @@
  */
 
 const http = require('http');
+const net = require('net');
 const chalk = require('chalk');
 const { exec } = require('child_process');
 const { promisify } = require('util');
@@ -300,8 +301,24 @@ async function waitForHealthCheck(appName, timeout = 90, port = null, config = n
   throw new Error(`Health check timeout after ${timeout} seconds`);
 }
 
+/**
+ * Checks if port is available
+ * @param {number} port - Port number to check
+ * @returns {Promise<boolean>} True if port is available
+ */
+async function checkPortAvailable(port) {
+  return new Promise((resolve) => {
+    const server = net.createServer();
+    server.listen(port, () => {
+      server.close(() => resolve(true));
+    });
+    server.on('error', () => resolve(false));
+  });
+}
+
 module.exports = {
   waitForHealthCheck,
-  checkHealthEndpoint
+  checkHealthEndpoint,
+  checkPortAvailable
 };
 

package/lib/utils/infra-containers.js

@@ -0,0 +1,101 @@
+/**
+ * Infrastructure Container Utilities
+ *
+ * This module provides helper functions for finding and checking
+ * infrastructure containers. Used by the main infra.js module.
+ *
+ * @fileoverview Container utilities for infrastructure management
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const { exec } = require('child_process');
+const { promisify } = require('util');
+const config = require('../config');
+
+const execAsync = promisify(exec);
+
+/**
+ * Finds container by name pattern
+ * @private
+ * @async
+ * @param {string} serviceName - Service name
+ * @param {number} [devId] - Developer ID (optional, will be loaded from config if not provided)
+ * @returns {Promise<string|null>} Container name or null if not found
+ */
+async function findContainer(serviceName, devId = null) {
+  try {
+    const developerId = devId || await config.getDeveloperId();
+    // Dev 0: aifabrix-{serviceName}, Dev > 0: aifabrix-dev{id}-{serviceName}
+    const containerNamePattern = developerId === 0
+      ? `aifabrix-${serviceName}`
+      : `aifabrix-dev${developerId}-${serviceName}`;
+    let { stdout } = await execAsync(`docker ps --filter "name=${containerNamePattern}" --format "{{.Names}}"`);
+    let containerName = stdout.trim();
+    if (!containerName) {
+      // Fallback to old naming patterns for backward compatibility
+      ({ stdout } = await execAsync(`docker ps --filter "name=infra-${serviceName}" --format "{{.Names}}"`));
+      containerName = stdout.trim();
+      if (!containerName) {
+        ({ stdout } = await execAsync(`docker ps --filter "name=aifabrix-${serviceName}" --format "{{.Names}}"`));
+        containerName = stdout.trim();
+      }
+    }
+    return containerName;
+  } catch (error) {
+    return null;
+  }
+}
+
+/**
+ * Checks health status for a service with health checks
+ * @private
+ * @async
+ * @param {string} serviceName - Service name
+ * @param {number} [devId] - Developer ID (optional, will be loaded from config if not provided)
+ * @returns {Promise<string>} Health status
+ */
+async function checkServiceWithHealthCheck(serviceName, devId = null) {
+  try {
+    const containerName = await findContainer(serviceName, devId);
+    if (!containerName) {
+      return 'unknown';
+    }
+    const { stdout } = await execAsync(`docker inspect --format='{{.State.Health.Status}}' ${containerName}`);
+    const status = stdout.trim().replace(/['"]/g, '');
+    // Accept both 'healthy' and 'starting' as healthy (starting means it's initializing)
+    return (status === 'healthy' || status === 'starting') ? 'healthy' : status;
+  } catch (error) {
+    return 'unknown';
+  }
+}
+
+/**
+ * Checks health status for a service without health checks
+ * @private
+ * @async
+ * @param {string} serviceName - Service name
+ * @param {number} [devId] - Developer ID (optional, will be loaded from config if not provided)
+ * @returns {Promise<string>} Health status
+ */
+async function checkServiceWithoutHealthCheck(serviceName, devId = null) {
+  try {
+    const containerName = await findContainer(serviceName, devId);
+    if (!containerName) {
+      return 'unknown';
+    }
+    const { stdout } = await execAsync(`docker inspect --format='{{.State.Status}}' ${containerName}`);
+    const status = stdout.trim().replace(/['"]/g, '');
+    // Treat 'running' or 'healthy' as 'healthy' for services without health checks
+    return (status === 'running' || status === 'healthy') ? 'healthy' : 'unhealthy';
+  } catch (error) {
+    return 'unknown';
+  }
+}
+
+module.exports = {
+  findContainer,
+  checkServiceWithHealthCheck,
+  checkServiceWithoutHealthCheck
+};
+

package/lib/utils/local-secrets.js

@@ -12,7 +12,6 @@ const fs = require('fs');
 const path = require('path');
 const yaml = require('js-yaml');
 const os = require('os');
-const chalk = require('chalk');
 const logger = require('../utils/logger');
 
 /**
@@ -76,7 +75,6 @@ async function saveLocalSecret(key, value) {
   });
 
   fs.writeFileSync(secretsPath, yamlContent, { mode: 0o600 });
-  logger.log(chalk.green(`✓ Saved secret ${key} to ${secretsPath}`));
 }
 
 /**

package/lib/utils/secrets-path.js

@@ -54,26 +54,30 @@ function resolveSecretsPath(secretsPath) {
 }
 
 /**
- * Determines the actual secrets file path that loadSecrets would use
+ * Determines the actual secrets file paths that loadSecrets would use
  * Mirrors the cascading lookup logic from loadSecrets
  * @function getActualSecretsPath
  * @param {string} [secretsPath] - Path to secrets file (optional)
  * @param {string} [appName] - Application name (optional, for variables.yaml lookup)
- * @returns {string} Actual secrets file path that would be used
+ * @returns {Object} Object with userPath and buildPath (if configured)
+ * @returns {string} returns.userPath - User's secrets file path (~/.aifabrix/secrets.local.yaml)
+ * @returns {string|null} returns.buildPath - App's build.secrets file path (if configured in variables.yaml)
  */
 function getActualSecretsPath(secretsPath, appName) {
   // If explicit path provided, use it (backward compatibility)
   if (secretsPath) {
-    return resolveSecretsPath(secretsPath);
+    const resolvedPath = resolveSecretsPath(secretsPath);
+    return {
+      userPath: resolvedPath,
+      buildPath: null
+    };
   }
 
   // Cascading lookup: user's file first
   const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
-  if (fs.existsSync(userSecretsPath)) {
-    return userSecretsPath;
-  }
 
-  // Then check build.secrets from variables.yaml if appName provided
+  // Check build.secrets from variables.yaml if appName provided
+  let buildSecretsPath = null;
   if (appName) {
     const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
     if (fs.existsSync(variablesPath)) {
@@ -82,29 +86,22 @@ function getActualSecretsPath(secretsPath, appName) {
         const variables = yaml.load(variablesContent);
 
         if (variables?.build?.secrets) {
-          const buildSecretsPath = path.resolve(
+          buildSecretsPath = path.resolve(
             path.dirname(variablesPath),
             variables.build.secrets
           );
-
-          if (fs.existsSync(buildSecretsPath)) {
-            return buildSecretsPath;
-          }
         }
       } catch (error) {
-        // Ignore errors, continue to next check
+        // Ignore errors, continue
       }
     }
   }
 
-  // If still no secrets found, try default location
-  const defaultPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
-  if (fs.existsSync(defaultPath)) {
-    return defaultPath;
-  }
-
-  // Return user's file path as default (even if it doesn't exist) for error messages
-  return userSecretsPath;
+  // Return both paths (even if files don't exist) for error messages
+  return {
+    userPath: userSecretsPath,
+    buildPath: buildSecretsPath
+  };
 }
 
 module.exports = {