@aifabrix/builder 2.1.7 → 2.3.0

package/lib/utils/compose-generator.js

@@ -13,6 +13,8 @@ const fsSync = require('fs');
 const fs = require('fs').promises;
 const path = require('path');
 const handlebars = require('handlebars');
+const config = require('../config');
+const buildCopy = require('./build-copy');
 
 // Register Handlebars helper for quoting PostgreSQL identifiers
 // PostgreSQL requires identifiers with hyphens or special characters to be quoted
@@ -39,14 +41,27 @@ handlebars.registerHelper('pgUser', (dbName) => {
 
 // Helper to generate old user name format (for migration - drops old users with hyphens)
 // This is used to drop legacy users that were created with hyphens before the fix
+// Returns unquoted name (quotes should be added in template where needed)
 handlebars.registerHelper('pgUserOld', (dbName) => {
   if (!dbName) {
     return '';
   }
   // Old format: database name + _user (preserving hyphens)
   const userName = `${String(dbName)}_user`;
-  // Return SafeString to prevent HTML escaping
-  return new handlebars.SafeString(`"${userName.replace(/"/g, '""')}"`);
+  // Return unquoted name - template will add quotes where needed
+  return new handlebars.SafeString(userName);
+});
+
+// Helper to generate unquoted PostgreSQL user name (for SQL WHERE clauses)
+// Returns the user name without quotes for use in SQL queries
+handlebars.registerHelper('pgUserName', (dbName) => {
+  if (!dbName) {
+    return '';
+  }
+  // Replace hyphens with underscores in user name
+  const userName = `${String(dbName).replace(/-/g, '_')}_user`;
+  // Return unquoted name for SQL queries
+  return new handlebars.SafeString(userName);
 });
 
 /**
@@ -144,8 +159,9 @@ function buildRequiresConfig(config) {
  * @returns {Object} Service configuration
  */
 function buildServiceConfig(appName, config, port) {
-  // Container port: build.containerPort > config.port
-  const containerPortValue = config.build?.containerPort || config.port || port;
+  // Container port: build.containerPort > config.port (NEVER use host port parameter)
+  // Container port should remain unchanged regardless of developer ID
+  const containerPortValue = config.build?.containerPort || config.port || 3000;
 
   // Host port: use port parameter (already calculated from CLI --port or config.port in generateDockerCompose)
   // Note: build.localPort is ONLY used for .env file PORT variable (for local PC dev), NOT for Docker Compose
@@ -277,36 +293,61 @@ async function readDatabasePasswords(envPath, databases, appKey) {
 /**
  * Generates Docker Compose configuration from template
  * @param {string} appName - Application name
- * @param {Object} config - Application configuration
+ * @param {Object} appConfig - Application configuration
  * @param {Object} options - Run options
  * @returns {Promise<string>} Generated compose content
  */
-async function generateDockerCompose(appName, config, options) {
-  const language = config.build?.language || config.language || 'typescript';
+async function generateDockerCompose(appName, appConfig, options) {
+  const language = appConfig.build?.language || appConfig.language || 'typescript';
   const template = loadDockerComposeTemplate(language);
 
   // Use options.port if provided, otherwise use config.port
   // (localPort will be handled in buildServiceConfig)
-  const port = options.port || config.port || 3000;
-
-  const serviceConfig = buildServiceConfig(appName, config, port);
+  const port = options.port || appConfig.port || 3000;
+
+  // Get developer ID and network name
+  const devId = await config.getDeveloperId();
+  // Dev 0: infra-aifabrix-network (no dev-0 suffix)
+  // Dev > 0: infra-dev{id}-aifabrix-network
+  const networkName = devId === 0 ? 'infra-aifabrix-network' : `infra-dev${devId}-aifabrix-network`;
+  // Dev 0: aifabrix-{appName} (no dev-0 suffix)
+  // Dev > 0: aifabrix-dev{id}-{appName}
+  const containerName = devId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${devId}-${appName}`;
+
+  const serviceConfig = buildServiceConfig(appName, appConfig, port);
   const volumesConfig = buildVolumesConfig(appName);
-  const networksConfig = buildNetworksConfig(config);
+  const networksConfig = buildNetworksConfig(appConfig);
 
-  // Get absolute path to .env file for docker-compose
-  const envFilePath = path.join(process.cwd(), 'builder', appName, '.env');
+  // Get absolute path to .env file for docker-compose (use dev-specific directory)
+  const devDir = buildCopy.getDevDirectory(appName, devId);
+  const envFilePath = path.join(devDir, '.env');
   const envFileAbsolutePath = envFilePath.replace(/\\/g, '/'); // Use forward slashes for Docker
 
-  // Read database passwords from .env file
+  // Read database passwords from .env file only if database is required
   const databases = networksConfig.databases || [];
-  const databasePasswords = await readDatabasePasswords(envFilePath, databases, appName);
+  const requiresDatabase = serviceConfig.requiresDatabase || false;
+  let databasePasswords;
+
+  if (requiresDatabase || databases.length > 0) {
+    // Only read passwords if database is actually required
+    databasePasswords = await readDatabasePasswords(envFilePath, databases, appName);
+  } else {
+    // Return empty passwords when database is not required
+    databasePasswords = {
+      map: {},
+      array: []
+    };
+  }
 
   const templateData = {
     ...serviceConfig,
     ...volumesConfig,
     ...networksConfig,
     envFile: envFileAbsolutePath,
-    databasePasswords: databasePasswords
+    databasePasswords: databasePasswords,
+    devId: devId,
+    networkName: networkName,
+    containerName: containerName
   };
 
   return template(templateData);

package/lib/utils/deployment-errors.js

@@ -0,0 +1,90 @@
+/**
+ * Deployment Error Handling Utilities
+ *
+ * Handles deployment errors with security-aware messages and audit logging.
+ *
+ * @fileoverview Deployment error handling functions
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const auditLogger = require('../audit-logger');
+const { parseErrorResponse } = require('./api-error-handler');
+
+/**
+ * Handles deployment errors with security-aware messages
+ *
+ * @param {Error} error - Error to handle
+ * @returns {Object} Structured error information
+ */
+function handleDeploymentError(error) {
+  const safeError = {
+    message: error.message,
+    code: error.code || 'UNKNOWN',
+    timeout: error.code === 'ECONNABORTED',
+    status: error.status || error.response?.status,
+    data: error.data || error.response?.data
+  };
+
+  // Mask sensitive information in error messages
+  safeError.message = auditLogger.maskSensitiveData(safeError.message);
+
+  return safeError;
+}
+
+/**
+ * Unified error handler for deployment errors
+ * Handles audit logging, error formatting, and user-friendly messages
+ * @param {Error} error - Error object
+ * @param {string} appName - Application name for audit logging
+ * @param {string} url - Controller URL for audit logging
+ * @param {boolean} [alreadyLogged=false] - Whether error has already been logged
+ * @throws {Error} User-friendly error message
+ */
+async function handleDeploymentErrors(error, appName, url, alreadyLogged = false) {
+  // Log to audit log if not already logged
+  if (!alreadyLogged) {
+    try {
+      await auditLogger.logDeploymentFailure(appName, url, error);
+    } catch (logError) {
+      // Don't fail if audit logging fails, but log to console
+      // eslint-disable-next-line no-console
+      console.error(`[AUDIT LOG ERROR] Failed to log deployment failure: ${logError.message}`);
+    }
+  }
+
+  const safeError = handleDeploymentError(error);
+
+  // Extract error data from axios response
+  let errorData = safeError.data;
+  if (error.response && error.response.data !== undefined) {
+    errorData = error.response.data;
+  }
+
+  // Ensure errorData is not undefined before parsing
+  // If errorData is undefined, use the error message instead
+  const errorResponse = errorData !== undefined ? errorData : safeError.message;
+
+  // Determine if this is a network error
+  const isNetworkError = safeError.code === 'ECONNREFUSED' ||
+    safeError.code === 'ENOTFOUND' ||
+    safeError.code === 'ECONNABORTED' ||
+    safeError.timeout;
+
+  // Parse error using error handler
+  const parsedError = parseErrorResponse(errorResponse, safeError.status || 0, isNetworkError);
+
+  // Throw clean error message (without emoji) - CLI will format it
+  const formattedError = new Error(parsedError.message);
+  formattedError.formatted = parsedError.formatted;
+  formattedError.status = safeError.status;
+  formattedError.data = parsedError.data;
+  formattedError._logged = true; // Mark as logged to prevent double-logging
+  throw formattedError;
+}
+
+module.exports = {
+  handleDeploymentError,
+  handleDeploymentErrors
+};
+

package/lib/utils/deployment-validation.js

@@ -0,0 +1,60 @@
+/**
+ * Deployment Validation Utilities
+ *
+ * Validates deployment configuration inputs with ISO 27001 security measures.
+ *
+ * @fileoverview Deployment validation functions
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * Validates and sanitizes controller URL
+ * Enforces HTTPS-only communication for security
+ *
+ * @param {string} url - Controller URL to validate
+ * @throws {Error} If URL is invalid or uses HTTP
+ */
+function validateControllerUrl(url) {
+  if (!url || typeof url !== 'string') {
+    throw new Error('Controller URL is required and must be a string');
+  }
+
+  // Must use HTTPS for security (allow http://localhost for local development)
+  if (!url.startsWith('https://') && !url.startsWith('http://localhost')) {
+    throw new Error('Controller URL must use HTTPS (https://) or http://localhost');
+  }
+
+  // Basic URL format validation
+  const urlPattern = /^(https?):\/\/[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(localhost)?(:[0-9]+)?(\/.*)?$/;
+  if (!urlPattern.test(url)) {
+    throw new Error('Invalid controller URL format');
+  }
+
+  // Remove trailing slash if present
+  return url.replace(/\/$/, '');
+}
+
+/**
+ * Validates environment key
+ * @param {string} envKey - Environment key to validate
+ * @throws {Error} If environment key is invalid
+ */
+function validateEnvironmentKey(envKey) {
+  if (!envKey || typeof envKey !== 'string') {
+    throw new Error('Environment key is required and must be a string');
+  }
+
+  const validEnvironments = ['miso', 'dev', 'tst', 'pro'];
+  if (!validEnvironments.includes(envKey.toLowerCase())) {
+    throw new Error(`Invalid environment key: ${envKey}. Must be one of: ${validEnvironments.join(', ')}`);
+  }
+
+  return envKey.toLowerCase();
+}
+
+module.exports = {
+  validateControllerUrl,
+  validateEnvironmentKey
+};
+

package/lib/utils/dev-config.js

@@ -0,0 +1,83 @@
+/**
+ * Developer Configuration Utilities
+ *
+ * This module provides utilities for calculating developer-specific ports
+ * based on developer ID. Ports are offset by (developer-id * 100).
+ *
+ * @fileoverview Developer configuration and port calculation utilities
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * Base ports for infrastructure and applications
+ * These are the default ports before any developer offset
+ */
+const BASE_PORTS = {
+  app: 3000,
+  postgres: 5432,
+  redis: 6379,
+  pgadmin: 5050,
+  redisCommander: 8081
+};
+
+/**
+ * Calculates developer-specific ports based on developer ID
+ * Formula: basePort + (developerId * 100)
+ * Developer ID: 0 = default infra (base ports), > 0 = developer-specific (offset ports)
+ *
+ * @function getDevPorts
+ * @param {number} developerId - Developer ID (0 = default infra, 1, 2, 3, etc. = developer-specific)
+ * @returns {Object} Object with calculated ports for all services
+ *
+ * @example
+ * const ports = getDevPorts(0); // Default infra
+ * // Returns: { app: 3000, postgres: 5432, redis: 6379, pgadmin: 5050, redisCommander: 8081 }
+ * const ports = getDevPorts(1); // Developer-specific
+ * // Returns: { app: 3100, postgres: 5532, redis: 6479, pgadmin: 5150, redisCommander: 8181 }
+ */
+function getDevPorts(developerId) {
+  // Validate type first - must be a number
+  if (typeof developerId !== 'number') {
+    throw new Error('Developer ID must be a positive number');
+  }
+
+  // Handle NaN, undefined, null - throw error (don't default)
+  if (isNaN(developerId) || developerId === undefined || developerId === null) {
+    throw new Error('Developer ID must be a positive number');
+  }
+
+  if (developerId < 0 || !Number.isInteger(developerId)) {
+    throw new Error('Developer ID must be a positive number');
+  }
+
+  // Developer ID 0 = default infra (base ports, no offset)
+  if (developerId === 0) {
+    return { ...BASE_PORTS };
+  }
+
+  // Developer ID > 0 = developer-specific (add offset)
+  const offset = developerId * 100;
+
+  return {
+    app: BASE_PORTS.app + offset,
+    postgres: BASE_PORTS.postgres + offset,
+    redis: BASE_PORTS.redis + offset,
+    pgadmin: BASE_PORTS.pgadmin + offset,
+    redisCommander: BASE_PORTS.redisCommander + offset
+  };
+}
+
+/**
+ * Gets base ports (for reference/documentation)
+ * @returns {Object} Base ports object
+ */
+function getBasePorts() {
+  return { ...BASE_PORTS };
+}
+
+module.exports = {
+  getDevPorts,
+  getBasePorts
+};
+

package/lib/utils/docker-build.js

@@ -78,6 +78,30 @@ async function executeDockerBuild(imageName, dockerfilePath, contextPath, tag) {
     spinner: 'dots'
   }).start();
 
+  // Ensure paths are absolute and normalized
+  const fsSync = require('fs');
+  const path = require('path');
+
+  dockerfilePath = path.resolve(dockerfilePath);
+  contextPath = path.resolve(contextPath);
+
+  // Validate paths exist (skip in test environments)
+  const isTestEnv = process.env.NODE_ENV === 'test' ||
+                    process.env.JEST_WORKER_ID !== undefined ||
+                    typeof jest !== 'undefined';
+
+  if (!isTestEnv) {
+    if (!fsSync.existsSync(dockerfilePath)) {
+      spinner.fail('Build failed');
+      throw new Error(`Dockerfile not found: ${dockerfilePath}`);
+    }
+
+    if (!fsSync.existsSync(contextPath)) {
+      spinner.fail('Build failed');
+      throw new Error(`Build context path does not exist: ${contextPath}`);
+    }
+  }
+
   return new Promise((resolve, reject) => {
     // Use spawn for streaming output
     const dockerProcess = spawn('docker', [

package/lib/utils/env-template.js

@@ -15,14 +15,15 @@ const chalk = require('chalk');
 const logger = require('../utils/logger');
 
 /**
- * Updates env.template to add MISO_CLIENTID and MISO_CLIENTSECRET entries
+ * Updates env.template to add MISO_CLIENTID, MISO_CLIENTSECRET, and MISO_CONTROLLER_URL entries
  * @async
  * @param {string} appKey - Application key
  * @param {string} clientIdKey - Secret key for client ID (e.g., 'myapp-client-idKeyVault')
  * @param {string} clientSecretKey - Secret key for client secret (e.g., 'myapp-client-secretKeyVault')
+ * @param {string} controllerUrl - Controller URL (e.g., 'http://localhost:3010' or 'https://controller.aifabrix.ai')
  * @returns {Promise<void>} Resolves when template is updated
  */
-async function updateEnvTemplate(appKey, clientIdKey, clientSecretKey) {
+async function updateEnvTemplate(appKey, clientIdKey, clientSecretKey, controllerUrl) {
   const envTemplatePath = path.join(process.cwd(), 'builder', appKey, 'env.template');
 
   if (!fsSync.existsSync(envTemplatePath)) {
@@ -33,19 +34,39 @@ async function updateEnvTemplate(appKey, clientIdKey, clientSecretKey) {
   try {
     let content = await fs.readFile(envTemplatePath, 'utf8');
 
-    // Check if MISO_CLIENTID already exists
+    // Check if entries already exist
     const hasClientId = /^MISO_CLIENTID\s*=/m.test(content);
     const hasClientSecret = /^MISO_CLIENTSECRET\s*=/m.test(content);
+    const hasControllerUrl = /^MISO_CONTROLLER_URL\s*=/m.test(content);
 
-    if (hasClientId && hasClientSecret) {
-      // Update existing entries
+    // Update existing entries
+    if (hasClientId) {
       content = content.replace(/^MISO_CLIENTID\s*=.*$/m, `MISO_CLIENTID=kv://${clientIdKey}`);
+    }
+
+    if (hasClientSecret) {
       content = content.replace(/^MISO_CLIENTSECRET\s*=.*$/m, `MISO_CLIENTSECRET=kv://${clientSecretKey}`);
-    } else {
-      // Add new section if not present
+    }
+
+    if (hasControllerUrl) {
+      content = content.replace(/^MISO_CONTROLLER_URL\s*=.*$/m, `MISO_CONTROLLER_URL=${controllerUrl}`);
+    }
+
+    // Add missing entries
+    if (!hasClientId || !hasClientSecret || !hasControllerUrl) {
+      const missingEntries = [];
+      if (!hasClientId) {
+        missingEntries.push(`MISO_CLIENTID=kv://${clientIdKey}`);
+      }
+      if (!hasClientSecret) {
+        missingEntries.push(`MISO_CLIENTSECRET=kv://${clientSecretKey}`);
+      }
+      if (!hasControllerUrl) {
+        missingEntries.push(`MISO_CONTROLLER_URL=${controllerUrl}`);
+      }
+
       const misoSection = `# MISO Application Client Credentials (per application)
-MISO_CLIENTID=kv://${clientIdKey}
-MISO_CLIENTSECRET=kv://${clientSecretKey}
+${missingEntries.join('\n')}
 `;
 
       // Try to find a good place to insert (after last section or at end)
@@ -60,7 +81,6 @@ MISO_CLIENTSECRET=kv://${clientSecretKey}
     }
 
     await fs.writeFile(envTemplatePath, content, 'utf8');
-    logger.log(chalk.green(`✓ Updated env.template for ${appKey}`));
   } catch (error) {
     logger.warn(chalk.yellow(`⚠️  Could not update env.template: ${error.message}`));
   }

package/lib/utils/health-check.js

@@ -9,6 +9,7 @@
  */
 
 const http = require('http');
+const net = require('net');
 const chalk = require('chalk');
 const { exec } = require('child_process');
 const { promisify } = require('util');
@@ -300,8 +301,24 @@ async function waitForHealthCheck(appName, timeout = 90, port = null, config = n
   throw new Error(`Health check timeout after ${timeout} seconds`);
 }
 
+/**
+ * Checks if port is available
+ * @param {number} port - Port number to check
+ * @returns {Promise<boolean>} True if port is available
+ */
+async function checkPortAvailable(port) {
+  return new Promise((resolve) => {
+    const server = net.createServer();
+    server.listen(port, () => {
+      server.close(() => resolve(true));
+    });
+    server.on('error', () => resolve(false));
+  });
+}
+
 module.exports = {
   waitForHealthCheck,
-  checkHealthEndpoint
+  checkHealthEndpoint,
+  checkPortAvailable
 };
 

package/lib/utils/infra-containers.js

@@ -0,0 +1,101 @@
+/**
+ * Infrastructure Container Utilities
+ *
+ * This module provides helper functions for finding and checking
+ * infrastructure containers. Used by the main infra.js module.
+ *
+ * @fileoverview Container utilities for infrastructure management
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const { exec } = require('child_process');
+const { promisify } = require('util');
+const config = require('../config');
+
+const execAsync = promisify(exec);
+
+/**
+ * Finds container by name pattern
+ * @private
+ * @async
+ * @param {string} serviceName - Service name
+ * @param {number} [devId] - Developer ID (optional, will be loaded from config if not provided)
+ * @returns {Promise<string|null>} Container name or null if not found
+ */
+async function findContainer(serviceName, devId = null) {
+  try {
+    const developerId = devId || await config.getDeveloperId();
+    // Dev 0: aifabrix-{serviceName}, Dev > 0: aifabrix-dev{id}-{serviceName}
+    const containerNamePattern = developerId === 0
+      ? `aifabrix-${serviceName}`
+      : `aifabrix-dev${developerId}-${serviceName}`;
+    let { stdout } = await execAsync(`docker ps --filter "name=${containerNamePattern}" --format "{{.Names}}"`);
+    let containerName = stdout.trim();
+    if (!containerName) {
+      // Fallback to old naming patterns for backward compatibility
+      ({ stdout } = await execAsync(`docker ps --filter "name=infra-${serviceName}" --format "{{.Names}}"`));
+      containerName = stdout.trim();
+      if (!containerName) {
+        ({ stdout } = await execAsync(`docker ps --filter "name=aifabrix-${serviceName}" --format "{{.Names}}"`));
+        containerName = stdout.trim();
+      }
+    }
+    return containerName;
+  } catch (error) {
+    return null;
+  }
+}
+
+/**
+ * Checks health status for a service with health checks
+ * @private
+ * @async
+ * @param {string} serviceName - Service name
+ * @param {number} [devId] - Developer ID (optional, will be loaded from config if not provided)
+ * @returns {Promise<string>} Health status
+ */
+async function checkServiceWithHealthCheck(serviceName, devId = null) {
+  try {
+    const containerName = await findContainer(serviceName, devId);
+    if (!containerName) {
+      return 'unknown';
+    }
+    const { stdout } = await execAsync(`docker inspect --format='{{.State.Health.Status}}' ${containerName}`);
+    const status = stdout.trim().replace(/['"]/g, '');
+    // Accept both 'healthy' and 'starting' as healthy (starting means it's initializing)
+    return (status === 'healthy' || status === 'starting') ? 'healthy' : status;
+  } catch (error) {
+    return 'unknown';
+  }
+}
+
+/**
+ * Checks health status for a service without health checks
+ * @private
+ * @async
+ * @param {string} serviceName - Service name
+ * @param {number} [devId] - Developer ID (optional, will be loaded from config if not provided)
+ * @returns {Promise<string>} Health status
+ */
+async function checkServiceWithoutHealthCheck(serviceName, devId = null) {
+  try {
+    const containerName = await findContainer(serviceName, devId);
+    if (!containerName) {
+      return 'unknown';
+    }
+    const { stdout } = await execAsync(`docker inspect --format='{{.State.Status}}' ${containerName}`);
+    const status = stdout.trim().replace(/['"]/g, '');
+    // Treat 'running' or 'healthy' as 'healthy' for services without health checks
+    return (status === 'running' || status === 'healthy') ? 'healthy' : 'unhealthy';
+  } catch (error) {
+    return 'unknown';
+  }
+}
+
+module.exports = {
+  findContainer,
+  checkServiceWithHealthCheck,
+  checkServiceWithoutHealthCheck
+};
+

package/lib/utils/local-secrets.js

@@ -12,7 +12,6 @@ const fs = require('fs');
 const path = require('path');
 const yaml = require('js-yaml');
 const os = require('os');
-const chalk = require('chalk');
 const logger = require('../utils/logger');
 
 /**
@@ -76,7 +75,6 @@ async function saveLocalSecret(key, value) {
   });
 
   fs.writeFileSync(secretsPath, yamlContent, { mode: 0o600 });
-  logger.log(chalk.green(`✓ Saved secret ${key} to ${secretsPath}`));
 }
 
 /**