@aifabrix/builder 2.1.7 → 2.2.0

package/lib/utils/api.js

@@ -10,6 +10,29 @@
  * @version 2.0.0
  */
 
+const { parseErrorResponse } = require('./api-error-handler');
+const auditLogger = require('../audit-logger');
+
+/**
+ * Logs API request performance metrics and errors to audit log
+ * @param {string} url - API endpoint URL
+ * @param {Object} options - Fetch options
+ * @param {number} statusCode - HTTP status code
+ * @param {number} duration - Request duration in milliseconds
+ * @param {boolean} success - Whether the request was successful
+ * @param {Object} errorInfo - Error information (if failed)
+ */
+async function logApiPerformance(url, options, statusCode, duration, success, errorInfo = {}) {
+  // Log all API calls (both success and failure) to audit log for troubleshooting
+  // This helps track what API calls were made when errors occur
+  try {
+    await auditLogger.logApiCall(url, options, statusCode, duration, success, errorInfo);
+  } catch (logError) {
+    // Don't fail the API call if audit logging fails
+    // Silently continue - audit logging should never break functionality
+  }
+}
+
 /**
  * Make an API call with proper error handling
  * @param {string} url - API endpoint URL
@@ -17,25 +40,45 @@
  * @returns {Promise<Object>} Response object with success flag
  */
 async function makeApiCall(url, options = {}) {
+  const startTime = Date.now();
+
   try {
     const response = await fetch(url, options);
+    const duration = Date.now() - startTime;
 
     if (!response.ok) {
       const errorText = await response.text();
-      let errorMessage;
+      let errorData;
       try {
-        const errorJson = JSON.parse(errorText);
-        errorMessage = errorJson.error || errorJson.message || 'Unknown error';
+        errorData = JSON.parse(errorText);
       } catch {
-        errorMessage = errorText || `HTTP ${response.status}: ${response.statusText}`;
+        errorData = errorText || `HTTP ${response.status}: ${response.statusText}`;
       }
+
+      // Parse error using error handler
+      const parsedError = parseErrorResponse(errorData, response.status, false);
+
+      // Log error to audit log
+      await logApiPerformance(url, options, response.status, duration, false, {
+        errorType: parsedError.type,
+        errorMessage: parsedError.message,
+        errorData: parsedError.data,
+        correlationId: parsedError.data?.correlationId
+      });
+
       return {
         success: false,
-        error: errorMessage,
+        error: parsedError.message,
+        errorData: parsedError.data,
+        errorType: parsedError.type,
+        formattedError: parsedError.formatted,
         status: response.status
       };
     }
 
+    // Log successful API call to audit log
+    await logApiPerformance(url, options, response.status, duration, true);
+
     const contentType = response.headers.get('content-type');
     if (contentType && contentType.includes('application/json')) {
       const data = await response.json();
@@ -54,16 +97,48 @@ async function makeApiCall(url, options = {}) {
     };
 
   } catch (error) {
+    const duration = Date.now() - startTime;
+
+    // Parse network error using error handler
+    const parsedError = parseErrorResponse(error.message, 0, true);
+
+    // Log network error to audit log
+    await logApiPerformance(url, options, 0, duration, false, {
+      errorType: parsedError.type,
+      errorMessage: parsedError.message,
+      network: true
+    });
+
     return {
       success: false,
-      error: error.message,
+      error: parsedError.message,
+      errorData: parsedError.data,
+      errorType: parsedError.type,
+      formattedError: parsedError.formatted,
       network: true
     };
   }
 }
 
+/**
+ * Extract controller URL from API endpoint URL
+ * @param {string} url - Full API endpoint URL
+ * @returns {string} Controller base URL
+ */
+function extractControllerUrl(url) {
+  try {
+    const urlObj = new URL(url);
+    return `${urlObj.protocol}//${urlObj.host}`;
+  } catch {
+    // If URL parsing fails, try to extract manually
+    const match = url.match(/^(https?:\/\/[^/]+)/);
+    return match ? match[1] : url;
+  }
+}
+
 /**
  * Make an authenticated API call with bearer token
+ * Automatically refreshes device token on 401 errors if refresh token is available
  * @param {string} url - API endpoint URL
  * @param {Object} options - Fetch options
  * @param {string} token - Bearer token
@@ -79,33 +154,63 @@ async function authenticatedApiCall(url, options = {}, token) {
     headers['Authorization'] = `Bearer ${token}`;
   }
 
-  return makeApiCall(url, {
+  const response = await makeApiCall(url, {
     ...options,
     headers
   });
+
+  // Handle 401 errors with automatic token refresh for device tokens
+  if (!response.success && response.status === 401) {
+    try {
+      // Extract controller URL from request URL
+      const controllerUrl = extractControllerUrl(url);
+
+      // Try to get and refresh device token
+      const { getOrRefreshDeviceToken } = require('./token-manager');
+      const refreshedToken = await getOrRefreshDeviceToken(controllerUrl);
+
+      if (refreshedToken && refreshedToken.token) {
+        // Retry request with new token
+        headers['Authorization'] = `Bearer ${refreshedToken.token}`;
+        return makeApiCall(url, {
+          ...options,
+          headers
+        });
+      }
+    } catch (refreshError) {
+      // Refresh failed, return original 401 error
+      // This allows the caller to handle the authentication error
+    }
+  }
+
+  return response;
 }
 
 /**
  * Parses device code response from API
+ * Matches OpenAPI DeviceCodeResponse schema (camelCase)
  * @function parseDeviceCodeResponse
  * @param {Object} response - API response object
  * @returns {Object} Parsed device code response
  * @throws {Error} If response is invalid
  */
 function parseDeviceCodeResponse(response) {
+  // OpenAPI spec: { success: boolean, data: DeviceCodeResponse, timestamp: string }
   const apiResponse = response.data;
   const responseData = apiResponse.data || apiResponse;
 
-  const deviceCode = responseData.deviceCode || responseData.device_code;
-  const userCode = responseData.userCode || responseData.user_code;
-  const verificationUri = responseData.verificationUri || responseData.verification_uri;
-  const expiresIn = responseData.expiresIn || responseData.expires_in || 600;
+  // OpenAPI spec uses camelCase: deviceCode, userCode, verificationUri, expiresIn, interval
+  const deviceCode = responseData.deviceCode;
+  const userCode = responseData.userCode;
+  const verificationUri = responseData.verificationUri;
+  const expiresIn = responseData.expiresIn || 600;
   const interval = responseData.interval || 5;
 
   if (!deviceCode || !userCode || !verificationUri) {
     throw new Error('Invalid device code response: missing required fields');
   }
 
+  // Return in snake_case for internal consistency (used by existing code)
   return {
     device_code: deviceCode,
     user_code: userCode,
@@ -122,7 +227,7 @@ function parseDeviceCodeResponse(response) {
  * @async
  * @function initiateDeviceCodeFlow
  * @param {string} controllerUrl - Base URL of the controller
- * @param {string} environment - Environment key (e.g., 'dev', 'tst', 'pro')
+ * @param {string} environment - Environment key (e.g., 'miso', 'dev', 'tst', 'pro')
  * @returns {Promise<Object>} Device code response with device_code, user_code, verification_uri, expires_in, interval
  * @throws {Error} If initiation fails
  */
@@ -162,11 +267,13 @@ function checkTokenExpiration(startTime, expiresIn) {
 
 /**
  * Parses token response from API
+ * Matches OpenAPI DeviceCodeTokenResponse schema (camelCase)
  * @function parseTokenResponse
  * @param {Object} response - API response object
  * @returns {Object|null} Parsed token response or null if pending
  */
 function parseTokenResponse(response) {
+  // OpenAPI spec: { success: boolean, data: DeviceCodeTokenResponse, timestamp: string }
   const apiResponse = response.data;
   const responseData = apiResponse.data || apiResponse;
 
@@ -175,14 +282,16 @@ function parseTokenResponse(response) {
     return null;
   }
 
-  const accessToken = responseData.accessToken || responseData.access_token;
-  const refreshToken = responseData.refreshToken || responseData.refresh_token;
-  const expiresIn = responseData.expiresIn || responseData.expires_in || 3600;
+  // OpenAPI spec uses camelCase: accessToken, refreshToken, expiresIn
+  const accessToken = responseData.accessToken;
+  const refreshToken = responseData.refreshToken;
+  const expiresIn = responseData.expiresIn || 3600;
 
   if (!accessToken) {
     throw new Error('Invalid token response: missing accessToken');
   }
 
+  // Return in snake_case for internal consistency (used by existing code)
   return {
     access_token: accessToken,
     refresh_token: refreshToken,
@@ -319,11 +428,51 @@ function displayDeviceCodeInfo(userCode, verificationUri, logger, chalk) {
   logger.log(chalk.gray('Waiting for approval...'));
 }
 
+/**
+ * Refresh device code access token using refresh token
+ * Uses OpenAPI /api/v1/auth/login/device/refresh endpoint
+ *
+ * @async
+ * @function refreshDeviceToken
+ * @param {string} controllerUrl - Base URL of the controller
+ * @param {string} refreshToken - Refresh token from previous authentication
+ * @returns {Promise<Object>} Token response with access_token, refresh_token, expires_in
+ * @throws {Error} If refresh fails or refresh token is invalid/expired
+ */
+async function refreshDeviceToken(controllerUrl, refreshToken) {
+  if (!refreshToken || typeof refreshToken !== 'string') {
+    throw new Error('Refresh token is required');
+  }
+
+  const url = `${controllerUrl}/api/v1/auth/login/device/refresh`;
+  const response = await makeApiCall(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json'
+    },
+    body: JSON.stringify({ refreshToken })
+  });
+
+  if (!response.success) {
+    const errorMsg = response.error || 'Unknown error';
+    throw new Error(`Failed to refresh token: ${errorMsg}`);
+  }
+
+  // Parse response using existing parseTokenResponse function
+  const tokenResponse = parseTokenResponse(response);
+  if (!tokenResponse) {
+    throw new Error('Invalid refresh token response');
+  }
+
+  return tokenResponse;
+}
+
 module.exports = {
   makeApiCall,
   authenticatedApiCall,
   initiateDeviceCodeFlow,
   pollDeviceCodeToken,
-  displayDeviceCodeInfo
+  displayDeviceCodeInfo,
+  refreshDeviceToken
 };
 

package/lib/utils/auth-headers.js

@@ -0,0 +1,84 @@
+/**
+ * AI Fabrix Builder Authentication Headers Utilities
+ *
+ * Creates authentication headers for API requests
+ *
+ * @fileoverview Authentication header utilities for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * Creates authentication headers using Bearer token
+ *
+ * @param {string} token - Authentication token
+ * @returns {Object} Headers object with authentication
+ * @throws {Error} If token is missing
+ */
+function createBearerTokenHeaders(token) {
+  if (!token) {
+    throw new Error('Authentication token is required');
+  }
+  return {
+    'Authorization': `Bearer ${token}`
+  };
+}
+
+/**
+ * Creates authentication headers for Client Credentials flow (legacy support)
+ *
+ * @param {string} clientId - Application client ID
+ * @param {string} clientSecret - Application client secret
+ * @returns {Object} Headers object with authentication
+ * @throws {Error} If credentials are missing
+ */
+function createClientCredentialsHeaders(clientId, clientSecret) {
+  if (!clientId || !clientSecret) {
+    throw new Error('Client ID and Client Secret are required for authentication');
+  }
+  return {
+    'x-client-id': clientId,
+    'x-client-secret': clientSecret
+  };
+}
+
+/**
+ * Creates authentication headers based on auth configuration
+ * Supports both Bearer token and client credentials authentication
+ *
+ * @param {Object} authConfig - Authentication configuration
+ * @param {string} authConfig.type - Auth type: 'bearer' or 'credentials'
+ * @param {string} [authConfig.token] - Bearer token (for type 'bearer')
+ * @param {string} [authConfig.clientId] - Client ID (for type 'credentials')
+ * @param {string} [authConfig.clientSecret] - Client secret (for type 'credentials')
+ * @returns {Object} Headers object with authentication
+ * @throws {Error} If auth config is invalid
+ */
+function createAuthHeaders(authConfig) {
+  if (!authConfig || !authConfig.type) {
+    throw new Error('Authentication configuration is required');
+  }
+
+  if (authConfig.type === 'bearer') {
+    if (!authConfig.token) {
+      throw new Error('Bearer token is required for bearer authentication');
+    }
+    return createBearerTokenHeaders(authConfig.token);
+  }
+
+  if (authConfig.type === 'credentials') {
+    if (!authConfig.clientId || !authConfig.clientSecret) {
+      throw new Error('Client ID and Client Secret are required for credentials authentication');
+    }
+    return createClientCredentialsHeaders(authConfig.clientId, authConfig.clientSecret);
+  }
+
+  throw new Error(`Invalid authentication type: ${authConfig.type}. Must be 'bearer' or 'credentials'`);
+}
+
+module.exports = {
+  createBearerTokenHeaders,
+  createClientCredentialsHeaders,
+  createAuthHeaders
+};
+

package/lib/utils/build-copy.js

@@ -0,0 +1,144 @@
+/**
+ * Build Copy Utilities
+ *
+ * This module handles copying builder files to developer-specific
+ * directories for isolated builds. Ensures each developer has their
+ * own build directory to prevent conflicts.
+ *
+ * @fileoverview Build copy utilities for developer isolation
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const fs = require('fs').promises;
+const fsSync = require('fs');
+const path = require('path');
+const os = require('os');
+
+/**
+ * Copies all files from builder directory to developer-specific directory
+ * Preserves directory structure and skips hidden files
+ *
+ * @async
+ * @function copyBuilderToDevDirectory
+ * @param {string} appName - Application name
+ * @param {number} developerId - Developer ID
+ * @returns {Promise<string>} Path to developer-specific directory
+ * @throws {Error} If copying fails
+ *
+ * @example
+ * const devPath = await copyBuilderToDevDirectory('myapp', 1);
+ * // Returns: '~/.aifabrix/applications-dev-1/myapp-dev-1'
+ */
+async function copyBuilderToDevDirectory(appName, developerId) {
+  const builderPath = path.join(process.cwd(), 'builder', appName);
+
+  // Ensure builder directory exists
+  if (!fsSync.existsSync(builderPath)) {
+    throw new Error(`Builder directory not found: ${builderPath}\nRun 'aifabrix create ${appName}' first`);
+  }
+
+  // Get base directory (applications or applications-dev-{id})
+  const baseDir = developerId === 0
+    ? path.join(os.homedir(), '.aifabrix', 'applications')
+    : path.join(os.homedir(), '.aifabrix', `applications-dev-${developerId}`);
+
+  // Clear base directory before copying (delete all files)
+  if (fsSync.existsSync(baseDir)) {
+    const entries = await fs.readdir(baseDir);
+    for (const entry of entries) {
+      const entryPath = path.join(baseDir, entry);
+      const stats = await fs.stat(entryPath);
+      if (stats.isDirectory()) {
+        await fs.rm(entryPath, { recursive: true, force: true });
+      } else {
+        await fs.unlink(entryPath);
+      }
+    }
+  }
+
+  // Get target directory using getDevDirectory()
+  const devDir = getDevDirectory(appName, developerId);
+
+  // Create target directory
+  await fs.mkdir(devDir, { recursive: true });
+
+  // Copy files based on developer ID
+  if (developerId === 0) {
+    // Dev 0: Copy contents from builder/{appName}/ directly to applications/
+    await copyDirectory(builderPath, devDir);
+  } else {
+    // Dev > 0: Copy builder/{appName}/ to applications-dev-{id}/{appName}-dev-{id}/
+    await copyDirectory(builderPath, devDir);
+  }
+
+  return devDir;
+}
+
+/**
+ * Recursively copies directory contents
+ * @async
+ * @param {string} sourceDir - Source directory
+ * @param {string} targetDir - Target directory
+ * @throws {Error} If copying fails
+ */
+async function copyDirectory(sourceDir, targetDir) {
+  // Ensure target directory exists
+  await fs.mkdir(targetDir, { recursive: true });
+
+  const entries = await fs.readdir(sourceDir);
+
+  for (const entry of entries) {
+    // Skip hidden files and directories (but allow .env, .gitignore, etc.)
+    if (entry.startsWith('.') && entry !== '.env' && entry !== '.gitignore') {
+      continue;
+    }
+
+    const sourcePath = path.join(sourceDir, entry);
+    const targetPath = path.join(targetDir, entry);
+
+    const stats = await fs.stat(sourcePath);
+
+    if (stats.isDirectory()) {
+      // Recursively copy subdirectories
+      await copyDirectory(sourcePath, targetPath);
+    } else if (stats.isFile()) {
+      // Copy file
+      await fs.copyFile(sourcePath, targetPath);
+    }
+  }
+}
+
+/**
+ * Gets developer-specific directory path for an application
+ * @param {string} appName - Application name
+ * @param {number} developerId - Developer ID
+ * @returns {string} Path to developer-specific directory
+ */
+function getDevDirectory(appName, developerId) {
+  if (developerId === 0) {
+    // Dev 0: all apps go directly to applications/ (no subdirectory)
+    return path.join(os.homedir(), '.aifabrix', 'applications');
+  }
+  // Dev > 0: apps go to applications-dev-{id}/{appName}-dev-{id}/
+  return path.join(os.homedir(), '.aifabrix', `applications-dev-${developerId}`, `${appName}-dev-${developerId}`);
+
+}
+
+/**
+ * Checks if developer-specific directory exists
+ * @param {string} appName - Application name
+ * @param {number} developerId - Developer ID
+ * @returns {boolean} True if directory exists
+ */
+function devDirectoryExists(appName, developerId) {
+  const devDir = getDevDirectory(appName, developerId);
+  return fsSync.existsSync(devDir);
+}
+
+module.exports = {
+  copyBuilderToDevDirectory,
+  getDevDirectory,
+  devDirectoryExists
+};
+

package/lib/utils/cli-utils.js

@@ -30,6 +30,19 @@ function validateCommand(_command, _options) {
  */
 function formatError(error) {
   const messages = [];
+
+  // If error has formatted message (from API error handler), use it directly
+  if (error.formatted) {
+    // Split formatted message into lines and add proper indentation
+    const lines = error.formatted.split('\n');
+    lines.forEach(line => {
+      if (line.trim()) {
+        messages.push(`   ${line}`);
+      }
+    });
+    return messages;
+  }
+
   const errorMsg = error.message || '';
 
   // Check for specific error patterns first (most specific to least specific)
@@ -61,6 +74,14 @@ function formatError(error) {
   } else if (errorMsg.includes('Registry URL is required')) {
     messages.push('   Registry URL is required.');
     messages.push('   Provide via --registry flag or configure in variables.yaml under image.registry');
+  } else if (errorMsg.includes('Deployment failed after')) {
+    // Handle deployment retry errors - extract the actual error message
+    const match = errorMsg.match(/Deployment failed after \d+ attempts: (.+)/);
+    if (match) {
+      messages.push(`   ${match[1]}`);
+    } else {
+      messages.push(`   ${errorMsg}`);
+    }
   } else {
     messages.push(`   ${errorMsg}`);
   }

package/lib/utils/compose-generator.js

@@ -13,6 +13,8 @@ const fsSync = require('fs');
 const fs = require('fs').promises;
 const path = require('path');
 const handlebars = require('handlebars');
+const config = require('../config');
+const buildCopy = require('./build-copy');
 
 // Register Handlebars helper for quoting PostgreSQL identifiers
 // PostgreSQL requires identifiers with hyphens or special characters to be quoted
@@ -39,14 +41,27 @@ handlebars.registerHelper('pgUser', (dbName) => {
 
 // Helper to generate old user name format (for migration - drops old users with hyphens)
 // This is used to drop legacy users that were created with hyphens before the fix
+// Returns unquoted name (quotes should be added in template where needed)
 handlebars.registerHelper('pgUserOld', (dbName) => {
   if (!dbName) {
     return '';
   }
   // Old format: database name + _user (preserving hyphens)
   const userName = `${String(dbName)}_user`;
-  // Return SafeString to prevent HTML escaping
-  return new handlebars.SafeString(`"${userName.replace(/"/g, '""')}"`);
+  // Return unquoted name - template will add quotes where needed
+  return new handlebars.SafeString(userName);
+});
+
+// Helper to generate unquoted PostgreSQL user name (for SQL WHERE clauses)
+// Returns the user name without quotes for use in SQL queries
+handlebars.registerHelper('pgUserName', (dbName) => {
+  if (!dbName) {
+    return '';
+  }
+  // Replace hyphens with underscores in user name
+  const userName = `${String(dbName).replace(/-/g, '_')}_user`;
+  // Return unquoted name for SQL queries
+  return new handlebars.SafeString(userName);
 });
 
 /**
@@ -144,8 +159,9 @@ function buildRequiresConfig(config) {
  * @returns {Object} Service configuration
  */
 function buildServiceConfig(appName, config, port) {
-  // Container port: build.containerPort > config.port
-  const containerPortValue = config.build?.containerPort || config.port || port;
+  // Container port: build.containerPort > config.port (NEVER use host port parameter)
+  // Container port should remain unchanged regardless of developer ID
+  const containerPortValue = config.build?.containerPort || config.port || 3000;
 
   // Host port: use port parameter (already calculated from CLI --port or config.port in generateDockerCompose)
   // Note: build.localPort is ONLY used for .env file PORT variable (for local PC dev), NOT for Docker Compose
@@ -277,24 +293,34 @@ async function readDatabasePasswords(envPath, databases, appKey) {
 /**
  * Generates Docker Compose configuration from template
  * @param {string} appName - Application name
- * @param {Object} config - Application configuration
+ * @param {Object} appConfig - Application configuration
  * @param {Object} options - Run options
  * @returns {Promise<string>} Generated compose content
  */
-async function generateDockerCompose(appName, config, options) {
-  const language = config.build?.language || config.language || 'typescript';
+async function generateDockerCompose(appName, appConfig, options) {
+  const language = appConfig.build?.language || appConfig.language || 'typescript';
   const template = loadDockerComposeTemplate(language);
 
   // Use options.port if provided, otherwise use config.port
   // (localPort will be handled in buildServiceConfig)
-  const port = options.port || config.port || 3000;
-
-  const serviceConfig = buildServiceConfig(appName, config, port);
+  const port = options.port || appConfig.port || 3000;
+
+  // Get developer ID and network name
+  const devId = await config.getDeveloperId();
+  // Dev 0: infra-aifabrix-network (no dev-0 suffix)
+  // Dev > 0: infra-dev{id}-aifabrix-network
+  const networkName = devId === 0 ? 'infra-aifabrix-network' : `infra-dev${devId}-aifabrix-network`;
+  // Dev 0: aifabrix-{appName} (no dev-0 suffix)
+  // Dev > 0: aifabrix-dev{id}-{appName}
+  const containerName = devId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${devId}-${appName}`;
+
+  const serviceConfig = buildServiceConfig(appName, appConfig, port);
   const volumesConfig = buildVolumesConfig(appName);
-  const networksConfig = buildNetworksConfig(config);
+  const networksConfig = buildNetworksConfig(appConfig);
 
-  // Get absolute path to .env file for docker-compose
-  const envFilePath = path.join(process.cwd(), 'builder', appName, '.env');
+  // Get absolute path to .env file for docker-compose (use dev-specific directory)
+  const devDir = buildCopy.getDevDirectory(appName, devId);
+  const envFilePath = path.join(devDir, '.env');
   const envFileAbsolutePath = envFilePath.replace(/\\/g, '/'); // Use forward slashes for Docker
 
   // Read database passwords from .env file
@@ -306,7 +332,10 @@ async function generateDockerCompose(appName, config, options) {
     ...volumesConfig,
     ...networksConfig,
     envFile: envFileAbsolutePath,
-    databasePasswords: databasePasswords
+    databasePasswords: databasePasswords,
+    devId: devId,
+    networkName: networkName,
+    containerName: containerName
   };
 
   return template(templateData);