@aifabrix/builder 2.1.7 → 2.3.0

package/lib/app-run.js

@@ -12,7 +12,6 @@
 const fs = require('fs').promises;
 const fsSync = require('fs');
 const path = require('path');
-const net = require('net');
 const chalk = require('chalk');
 const yaml = require('js-yaml');
 const { exec } = require('child_process');
@@ -20,8 +19,10 @@ const { promisify } = require('util');
 const validator = require('./validator');
 const infra = require('./infra');
 const secrets = require('./secrets');
+const config = require('./config');
+const buildCopy = require('./utils/build-copy');
 const logger = require('./utils/logger');
-const { waitForHealthCheck } = require('./utils/health-check');
+const { waitForHealthCheck, checkPortAvailable } = require('./utils/health-check');
 const composeGenerator = require('./utils/compose-generator');
 
 const execAsync = promisify(exec);
@@ -59,24 +60,27 @@ async function checkImageExists(imageName, tag = 'latest', debug = false) {
 /**
  * Checks if container is already running
  * @param {string} appName - Application name
+ * @param {number} developerId - Developer ID (0 = default infra, > 0 = developer-specific)
  * @param {boolean} [debug=false] - Enable debug logging
  * @returns {Promise<boolean>} True if container is running
  */
-async function checkContainerRunning(appName, debug = false) {
+async function checkContainerRunning(appName, developerId, debug = false) {
   try {
-    const cmd = `docker ps --filter "name=aifabrix-${appName}" --format "{{.Names}}"`;
+    // Dev 0: aifabrix-{appName} (no dev-0 suffix), Dev > 0: aifabrix-dev{id}-{appName}
+    const containerName = developerId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${developerId}-${appName}`;
+    const cmd = `docker ps --filter "name=${containerName}" --format "{{.Names}}"`;
     if (debug) {
       logger.log(chalk.gray(`[DEBUG] Executing: ${cmd}`));
     }
     const { stdout } = await execAsync(cmd);
-    const isRunning = stdout.trim() === `aifabrix-${appName}`;
+    const isRunning = stdout.trim() === containerName;
     if (debug) {
-      logger.log(chalk.gray(`[DEBUG] Container aifabrix-${appName} running: ${isRunning}`));
+      logger.log(chalk.gray(`[DEBUG] Container ${containerName} running: ${isRunning}`));
       if (isRunning) {
         // Get container status details
-        const statusCmd = `docker ps --filter "name=aifabrix-${appName}" --format "{{.Status}}"`;
+        const statusCmd = `docker ps --filter "name=${containerName}" --format "{{.Status}}"`;
         const { stdout: status } = await execAsync(statusCmd);
-        const portsCmd = `docker ps --filter "name=aifabrix-${appName}" --format "{{.Ports}}"`;
+        const portsCmd = `docker ps --filter "name=${containerName}" --format "{{.Ports}}"`;
         const { stdout: ports } = await execAsync(portsCmd);
         logger.log(chalk.gray(`[DEBUG] Container status: ${status.trim()}`));
         logger.log(chalk.gray(`[DEBUG] Container ports: ${ports.trim()}`));
@@ -94,56 +98,36 @@ async function checkContainerRunning(appName, debug = false) {
 /**
  * Stops and removes existing container
  * @param {string} appName - Application name
+ * @param {number} developerId - Developer ID (0 = default infra, > 0 = developer-specific)
  * @param {boolean} [debug=false] - Enable debug logging
  */
-async function stopAndRemoveContainer(appName, debug = false) {
+async function stopAndRemoveContainer(appName, developerId, debug = false) {
   try {
-    logger.log(chalk.yellow(`Stopping existing container aifabrix-${appName}...`));
-    const stopCmd = `docker stop aifabrix-${appName}`;
+    // Dev 0: aifabrix-{appName} (no dev-0 suffix), Dev > 0: aifabrix-dev{id}-{appName}
+    const containerName = developerId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${developerId}-${appName}`;
+    logger.log(chalk.yellow(`Stopping existing container ${containerName}...`));
+    const stopCmd = `docker stop ${containerName}`;
     if (debug) {
       logger.log(chalk.gray(`[DEBUG] Executing: ${stopCmd}`));
     }
     await execAsync(stopCmd);
-    const rmCmd = `docker rm aifabrix-${appName}`;
+    const rmCmd = `docker rm ${containerName}`;
     if (debug) {
       logger.log(chalk.gray(`[DEBUG] Executing: ${rmCmd}`));
     }
     await execAsync(rmCmd);
-    logger.log(chalk.green(`✓ Container aifabrix-${appName} stopped and removed`));
+    logger.log(chalk.green(`✓ Container ${containerName} stopped and removed`));
   } catch (error) {
     if (debug) {
       logger.log(chalk.gray(`[DEBUG] Stop/remove container error: ${error.message}`));
     }
     // Container might not exist, which is fine
-    logger.log(chalk.gray(`Container aifabrix-${appName} was not running`));
+    // Dev 0: aifabrix-{appName} (no dev-0 suffix), Dev > 0: aifabrix-dev{id}-{appName}
+    const containerName = developerId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${developerId}-${appName}`;
+    logger.log(chalk.gray(`Container ${containerName} was not running`));
   }
 }
 
-/**
- * Checks if port is available
- * @param {number} port - Port number to check
- * @returns {Promise<boolean>} True if port is available
- */
-async function checkPortAvailable(port) {
-  return new Promise((resolve) => {
-    const server = net.createServer();
-    server.listen(port, () => {
-      server.close(() => resolve(true));
-    });
-    server.on('error', () => resolve(false));
-  });
-}
-
-/**
- * Extracts image name from configuration (same logic as build.js)
- * @param {Object} config - Application configuration
- * @param {string} appName - Application name (fallback)
- * @returns {string} Image name
- */
-function getImageName(config, appName) {
-  return composeGenerator.getImageName(config, appName);
-}
-
 /**
  * Validates app name and loads configuration
  * @async
@@ -230,7 +214,7 @@ async function validateAppConfiguration(appName) {
  */
 async function checkPrerequisites(appName, config, debug = false) {
   // Extract image name from configuration (same logic as build process)
-  const imageName = getImageName(config, appName);
+  const imageName = composeGenerator.getImageName(config, appName);
   const imageTag = config.image?.tag || 'latest';
   const fullImageName = `${imageName}:${imageTag}`;
 
@@ -261,19 +245,28 @@ async function checkPrerequisites(appName, config, debug = false) {
   }
   logger.log(chalk.green('✓ Infrastructure is running'));
 }
-
 /**
  * Prepares environment: ensures .env file and generates Docker Compose
  * @async
  * @param {string} appName - Application name
- * @param {Object} config - Application configuration
+ * @param {Object} appConfig - Application configuration
  * @param {Object} options - Run options
  * @returns {Promise<string>} Path to generated compose file
  */
-async function prepareEnvironment(appName, config, options) {
+async function prepareEnvironment(appName, appConfig, options) {
+  // Get developer ID and dev-specific directory
+  const developerId = await config.getDeveloperId();
+  const devDir = buildCopy.getDevDirectory(appName, developerId);
+
+  // Ensure dev directory exists (should exist from build, but check anyway)
+  if (!fsSync.existsSync(devDir)) {
+    await buildCopy.copyBuilderToDevDirectory(appName, developerId);
+  }
+
   // Ensure .env file exists with 'docker' environment context (for running in Docker)
-  const envPath = path.join(process.cwd(), 'builder', appName, '.env');
-  if (!fsSync.existsSync(envPath)) {
+  // Generate in builder directory first, then copy to dev directory
+  const builderEnvPath = path.join(process.cwd(), 'builder', appName, '.env');
+  if (!fsSync.existsSync(builderEnvPath)) {
     logger.log(chalk.yellow('Generating .env file from template...'));
     await secrets.generateEnvFile(appName, null, 'docker');
   } else {
@@ -282,8 +275,14 @@ async function prepareEnvironment(appName, config, options) {
     await secrets.generateEnvFile(appName, null, 'docker');
   }
 
+  // Copy .env to dev directory
+  const devEnvPath = path.join(devDir, '.env');
+  if (fsSync.existsSync(builderEnvPath)) {
+    await fs.copyFile(builderEnvPath, devEnvPath);
+  }
+
   // Also ensure .env file in apps/ directory is updated (for Docker build context)
-  const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
+  const variablesPath = path.join(devDir, 'variables.yaml');
   if (fsSync.existsSync(variablesPath)) {
     const variablesContent = fsSync.readFileSync(variablesPath, 'utf8');
     const variables = yaml.load(variablesContent);
@@ -292,14 +291,28 @@ async function prepareEnvironment(appName, config, options) {
       // The generateEnvFile already copies to apps/, but ensure it's using docker context
       logger.log(chalk.blue('Ensuring .env file in apps/ directory is updated for Docker...'));
       await secrets.generateEnvFile(appName, null, 'docker');
+      // Copy .env to dev directory again after regeneration
+      if (fsSync.existsSync(builderEnvPath)) {
+        await fs.copyFile(builderEnvPath, devEnvPath);
+      }
     }
   }
 
   // Generate Docker Compose configuration
   logger.log(chalk.blue('Generating Docker Compose configuration...'));
-  const composeContent = await composeGenerator.generateDockerCompose(appName, config, options);
-  // Write compose file to temporary location
-  const tempComposePath = path.join(process.cwd(), 'builder', appName, 'docker-compose.yaml');
+  const composeOptions = { ...options };
+  if (!composeOptions.port) {
+    const basePort = appConfig.port || 3000;
+    composeOptions.port = developerId === 0 ? basePort : basePort + (developerId * 100);
+  }
+  const composeContent = await composeGenerator.generateDockerCompose(appName, appConfig, composeOptions);
+
+  // Write compose file to dev-specific directory (devDir already defined above)
+  // Ensure dev directory exists (should exist from build, but check anyway)
+  if (!fsSync.existsSync(devDir)) {
+    await buildCopy.copyBuilderToDevDirectory(appName, developerId);
+  }
+  const tempComposePath = path.join(devDir, 'docker-compose.yaml');
   await fs.writeFile(tempComposePath, composeContent);
 
   return tempComposePath;
@@ -346,48 +359,41 @@ async function startContainer(appName, composePath, port, config = null, debug =
     logger.log(chalk.gray(`[DEBUG] Compose file: ${composePath}`));
   }
   await execAsync(composeCmd, { env });
-  logger.log(chalk.green(`✓ Container aifabrix-${appName} started`));
-
+  // Dev 0: aifabrix-{appName} (no dev-0 suffix), Dev > 0: aifabrix-dev{id}-{appName}
+  const containerName = config.developerId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${config.developerId}-${appName}`;
+  logger.log(chalk.green(`✓ Container ${containerName} started`));
   if (debug) {
     // Get container status after start
-    const statusCmd = `docker ps --filter "name=aifabrix-${appName}" --format "{{.Status}}"`;
+    const statusCmd = `docker ps --filter "name=${containerName}" --format "{{.Status}}"`;
     const { stdout: status } = await execAsync(statusCmd);
-    const portsCmd = `docker ps --filter "name=aifabrix-${appName}" --format "{{.Ports}}"`;
+    const portsCmd = `docker ps --filter "name=${containerName}" --format "{{.Ports}}"`;
     const { stdout: ports } = await execAsync(portsCmd);
     logger.log(chalk.gray(`[DEBUG] Container status: ${status.trim()}`));
     logger.log(chalk.gray(`[DEBUG] Container ports: ${ports.trim()}`));
   }
 
-  // Wait for health check using host port
-  // Port is the host port (CLI --port or config.port, NOT localPort)
+  // Wait for health check using host port (CLI --port or dev-specific port, NOT localPort)
   const healthCheckPath = config?.healthCheck?.path || '/health';
   logger.log(chalk.blue(`Waiting for application to be healthy at http://localhost:${port}${healthCheckPath}...`));
   await waitForHealthCheck(appName, 90, port, config, debug);
 }
-
 /**
  * Displays run status after successful start
  * @param {string} appName - Application name
  * @param {number} port - Application port
- * @param {Object} config - Application configuration
+ * @param {Object} config - Application configuration (with developerId property)
  */
-function displayRunStatus(appName, port, config) {
+async function displayRunStatus(appName, port, config) {
+  // Dev 0: aifabrix-{appName} (no dev-0 suffix), Dev > 0: aifabrix-dev{id}-{appName}
+  const containerName = config.developerId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${config.developerId}-${appName}`;
   const healthCheckPath = config?.healthCheck?.path || '/health';
   const healthCheckUrl = `http://localhost:${port}${healthCheckPath}`;
 
   logger.log(chalk.green(`\n✓ App running at http://localhost:${port}`));
   logger.log(chalk.blue(`Health check: ${healthCheckUrl}`));
-  logger.log(chalk.gray(`Container: aifabrix-${appName}`));
+  logger.log(chalk.gray(`Container: ${containerName}`));
 }
 
-/**
- * Waits for container health check to pass
- * @param {string} appName - Application name
- * @param {number} timeout - Timeout in seconds
- * @param {number} port - Application port (optional, will be detected if not provided)
- * @param {Object} config - Application configuration (optional)
- */
-
 /**
  * Runs the application locally using Docker
  * Starts container with proper port mapping and environment
@@ -415,47 +421,56 @@ async function runApp(appName, options = {}) {
 
   try {
     // Validate app name and load configuration
-    const config = await validateAppConfiguration(appName);
+    const appConfig = await validateAppConfiguration(appName);
+
+    // Load developer ID once from config module - it's now cached and available as config.developerId
+    // Developer ID: 0 = default infra, > 0 = developer-specific
+    const developerId = await config.getDeveloperId(); // Load and cache developer ID
+    appConfig.developerId = developerId; // Use developer ID in config
+
     if (debug) {
-      logger.log(chalk.gray(`[DEBUG] Configuration loaded: port=${config.port || 'default'}, healthCheck.path=${config.healthCheck?.path || '/health'}`));
+      logger.log(chalk.gray(`[DEBUG] Configuration loaded: port=${appConfig.port || 'default'}, healthCheck.path=${appConfig.healthCheck?.path || '/health'}, developerId=${appConfig.developerId}`));
     }
 
     // Check prerequisites: image and infrastructure
-    await checkPrerequisites(appName, config, debug);
+    await checkPrerequisites(appName, appConfig, debug);
 
     // Check if container is already running
-    const containerRunning = await checkContainerRunning(appName, debug);
+    const containerRunning = await checkContainerRunning(appName, appConfig.developerId, debug);
     if (containerRunning) {
-      logger.log(chalk.yellow(`Container aifabrix-${appName} is already running`));
-      await stopAndRemoveContainer(appName, debug);
+      // Dev 0: aifabrix-{appName} (no dev-0 suffix), Dev > 0: aifabrix-dev{id}-{appName}
+      const containerName = appConfig.developerId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${appConfig.developerId}-${appName}`;
+      logger.log(chalk.yellow(`Container ${containerName} is already running`));
+      await stopAndRemoveContainer(appName, appConfig.developerId, debug);
     }
 
-    // Check port availability
-    // Host port: CLI --port if provided, otherwise port from variables.yaml (NOT localPort)
-    const port = options.port || config.port || 3000;
+    // Calculate host port: use dev-specific port offset if not overridden
+    // IMPORTANT: Container port (for Dockerfile) stays unchanged from appConfig.port
+    const basePort = appConfig.port || 3000;
+    const hostPort = options.port || (appConfig.developerId === 0 ? basePort : basePort + (appConfig.developerId * 100));
     if (debug) {
-      logger.log(chalk.gray(`[DEBUG] Port selection: ${port} (${options.port ? 'CLI override' : config.port ? 'config.port' : 'default'})`));
+      logger.log(chalk.gray(`[DEBUG] Host port: ${hostPort} (${options.port ? 'CLI override' : 'dev-specific'}), Container port: ${appConfig.build?.containerPort || appConfig.port || 3000} (unchanged)`));
     }
-    const portAvailable = await checkPortAvailable(port);
+    const portAvailable = await checkPortAvailable(hostPort);
     if (debug) {
-      logger.log(chalk.gray(`[DEBUG] Port ${port} available: ${portAvailable}`));
+      logger.log(chalk.gray(`[DEBUG] Port ${hostPort} available: ${portAvailable}`));
     }
     if (!portAvailable) {
-      throw new Error(`Port ${port} is already in use. Try --port <alternative>`);
+      throw new Error(`Port ${hostPort} is already in use. Try --port <alternative>`);
     }
 
     // Prepare environment: ensure .env file and generate Docker Compose
-    const tempComposePath = await prepareEnvironment(appName, config, options);
+    const tempComposePath = await prepareEnvironment(appName, appConfig, options);
     if (debug) {
       logger.log(chalk.gray(`[DEBUG] Compose file generated: ${tempComposePath}`));
     }
 
     try {
       // Start container and wait for health check
-      await startContainer(appName, tempComposePath, port, config, debug);
+      await startContainer(appName, tempComposePath, hostPort, appConfig, debug);
 
       // Display success message
-      displayRunStatus(appName, port, config);
+      await displayRunStatus(appName, hostPort, appConfig);
 
     } catch (error) {
       // Keep the compose file for debugging - don't delete on error
@@ -474,7 +489,6 @@ async function runApp(appName, options = {}) {
     throw new Error(`Failed to run application: ${error.message}`);
   }
 }
-
 module.exports = {
   runApp,
   checkImageExists,

package/lib/app.js

@@ -22,6 +22,7 @@ const { validateAppName, pushApp } = require('./app-push');
 const { generateDockerfileForApp } = require('./app-dockerfile');
 const { loadTemplateVariables, updateTemplateVariables, mergeTemplateVariables } = require('./utils/template-helpers');
 const logger = require('./utils/logger');
+const auditLogger = require('./audit-logger');
 
 /**
  * Displays success message after app creation
@@ -288,6 +289,18 @@ async function createApp(appName, options = {}) {
 
     await handleGitHubWorkflows(options, config);
     displaySuccessMessage(appName, config, envConversionMessage, options.app);
+
+    // Log application creation for audit trail
+    await auditLogger.logApplicationCreation(appName, {
+      language: config.language,
+      port: config.port,
+      database: config.database,
+      redis: config.redis,
+      storage: config.storage,
+      authentication: config.authentication,
+      template: options.template,
+      api: null // Local operation, no API involved
+    });
   } catch (error) {
     throw new Error(`Failed to create application: ${error.message}`);
   }

package/lib/audit-logger.js

@@ -11,6 +11,46 @@
 
 /* eslint-disable no-console */
 
+const fs = require('fs').promises;
+const path = require('path');
+const os = require('os');
+
+// Audit log file path (in user's home directory for compliance)
+let auditLogPath = null;
+
+/**
+ * Gets the audit log file path
+ * Creates .aifabrix directory in user's home if it doesn't exist
+ * @returns {Promise<string>} Path to audit log file
+ */
+async function getAuditLogPath() {
+  if (auditLogPath) {
+    return auditLogPath;
+  }
+
+  const homeDir = os.homedir();
+  const aifabrixDir = path.join(homeDir, '.aifabrix');
+
+  try {
+    await fs.mkdir(aifabrixDir, { recursive: true });
+  } catch (error) {
+    // If we can't create the directory, fall back to current directory
+    const fallbackDir = path.join(process.cwd(), '.aifabrix');
+    try {
+      await fs.mkdir(fallbackDir, { recursive: true });
+      auditLogPath = path.join(fallbackDir, 'audit.log');
+      return auditLogPath;
+    } catch {
+      // Last resort: use temp directory
+      auditLogPath = path.join(os.tmpdir(), 'aifabrix-audit.log');
+      return auditLogPath;
+    }
+  }
+
+  auditLogPath = path.join(aifabrixDir, 'audit.log');
+  return auditLogPath;
+}
+
 /**
  * Masks sensitive data in strings
  * Prevents secrets, keys, and passwords from appearing in logs
@@ -62,25 +102,45 @@ function createAuditEntry(level, message, metadata = {}) {
   };
 
   // Mask sensitive metadata
+  // Only include non-null, non-undefined values to avoid cluttering logs
   for (const [key, value] of Object.entries(metadata)) {
-    entry.metadata[key] = maskSensitiveData(
-      typeof value === 'string' ? value : JSON.stringify(value)
-    );
+    // Skip null and undefined values to keep logs clean
+    if (value !== null && value !== undefined) {
+      entry.metadata[key] = maskSensitiveData(
+        typeof value === 'string' ? value : JSON.stringify(value)
+      );
+    }
   }
 
   return entry;
 }
 
 /**
- * Logs audit entry to console (structured JSON format)
+ * Logs audit entry to file (structured JSON format)
+ * Only prints to console if AUDIT_LOG_CONSOLE environment variable is set
  *
  * @param {string} level - Log level
  * @param {string} message - Log message
  * @param {Object} metadata - Additional metadata
  */
-function auditLog(level, message, metadata) {
+async function auditLog(level, message, metadata) {
   const entry = createAuditEntry(level, message, metadata);
-  console.log(JSON.stringify(entry));
+  const logLine = JSON.stringify(entry) + '\n';
+
+  // Write to audit log file (for ISO 27001 compliance)
+  try {
+    const logPath = await getAuditLogPath();
+    await fs.appendFile(logPath, logLine, 'utf8');
+  } catch (writeError) {
+    // If file write fails, fall back to console.error (but don't show audit log)
+    // This ensures we don't lose audit trail even if file system fails
+    console.error(`[AUDIT LOG ERROR] Failed to write audit log: ${writeError.message}`);
+  }
+
+  // Only print to console if explicitly requested (for debugging/compliance review)
+  if (process.env.AUDIT_LOG_CONSOLE === 'true' || process.env.AUDIT_LOG_CONSOLE === '1') {
+    console.log(logLine.trim());
+  }
 }
 
 /**
@@ -90,14 +150,21 @@ function auditLog(level, message, metadata) {
  * @param {string} controllerUrl - Controller URL
  * @param {Object} options - Deployment options
  */
-function logDeploymentAttempt(appName, controllerUrl, options = {}) {
-  auditLog('AUDIT', 'Deployment initiated', {
+async function logDeploymentAttempt(appName, controllerUrl, options = {}) {
+  const metadata = {
     action: 'deploy',
     appName,
     controllerUrl,
     environment: options.environment || 'unknown',
     timestamp: Date.now()
-  });
+  };
+
+  // Only include api field if it's provided and not null
+  if (options.api !== undefined && options.api !== null) {
+    metadata.api = options.api;
+  }
+
+  await auditLog('AUDIT', 'Deployment initiated', metadata);
 }
 
 /**
@@ -107,8 +174,8 @@ function logDeploymentAttempt(appName, controllerUrl, options = {}) {
  * @param {string} deploymentId - Deployment ID
  * @param {string} controllerUrl - Controller URL
  */
-function logDeploymentSuccess(appName, deploymentId, controllerUrl) {
-  auditLog('AUDIT', 'Deployment succeeded', {
+async function logDeploymentSuccess(appName, deploymentId, controllerUrl) {
+  await auditLog('AUDIT', 'Deployment succeeded', {
     action: 'deploy',
     appName,
     deploymentId,
@@ -125,8 +192,8 @@ function logDeploymentSuccess(appName, deploymentId, controllerUrl) {
  * @param {string} controllerUrl - Controller URL
  * @param {Error} error - Error that occurred
  */
-function logDeploymentFailure(appName, controllerUrl, error) {
-  auditLog('ERROR', 'Deployment failed', {
+async function logDeploymentFailure(appName, controllerUrl, error) {
+  await auditLog('ERROR', 'Deployment failed', {
     action: 'deploy',
     appName,
     controllerUrl,
@@ -143,8 +210,8 @@ function logDeploymentFailure(appName, controllerUrl, error) {
  * @param {string} event - Security event name
  * @param {Object} details - Event details
  */
-function logSecurityEvent(event, details = {}) {
-  auditLog('AUDIT', `Security event: ${event}`, {
+async function logSecurityEvent(event, details = {}) {
+  await auditLog('AUDIT', `Security event: ${event}`, {
     eventType: 'security',
     event,
     ...details,
@@ -152,12 +219,125 @@ function logSecurityEvent(event, details = {}) {
   });
 }
 
+/**
+ * Logs application creation event
+ * Tracks when new applications are created for audit trail
+ *
+ * @param {string} appName - Application name
+ * @param {Object} options - Creation options
+ */
+async function logApplicationCreation(appName, options = {}) {
+  const metadata = {
+    action: 'create',
+    appName,
+    language: options.language || 'unknown',
+    port: options.port || 'unknown',
+    hasDatabase: options.database || false,
+    hasRedis: options.redis || false,
+    hasStorage: options.storage || false,
+    hasAuthentication: options.authentication || false,
+    template: options.template || null,
+    timestamp: Date.now()
+  };
+
+  // Only include api field if it's provided and not null
+  // For local operations (create), api is typically null
+  if (options.api !== undefined && options.api !== null) {
+    metadata.api = options.api;
+  }
+
+  await auditLog('AUDIT', 'Application created', metadata);
+}
+
+/**
+ * Logs API call attempt with full details for audit trail
+ * Logs both successful and failed API calls for troubleshooting
+ *
+ * @param {string} url - API endpoint URL
+ * @param {Object} options - Fetch options (method, headers, etc.)
+ * @param {number} statusCode - HTTP status code
+ * @param {number} duration - Request duration in milliseconds
+ * @param {boolean} success - Whether the request was successful
+ * @param {Object} errorInfo - Error information (if failed)
+ */
+async function logApiCall(url, options, statusCode, duration, success, errorInfo = {}) {
+  const method = options.method || 'GET';
+  const path = extractPathFromUrl(url);
+
+  // Extract controller URL from full URL
+  let controllerUrl = 'unknown';
+  try {
+    const urlObj = new URL(url);
+    controllerUrl = `${urlObj.protocol}//${urlObj.host}`;
+  } catch {
+    // If URL parsing fails, use the original URL
+    controllerUrl = url;
+  }
+
+  const metadata = {
+    action: 'api_call',
+    method,
+    path,
+    url: maskSensitiveData(url),
+    controllerUrl: maskSensitiveData(controllerUrl),
+    statusCode,
+    duration,
+    success,
+    timestamp: Date.now()
+  };
+
+  // Add error details if request failed
+  if (!success) {
+    metadata.errorType = errorInfo.errorType || 'unknown';
+    metadata.errorMessage = errorInfo.errorMessage || 'Unknown error';
+
+    // Include correlation ID if available
+    if (errorInfo.correlationId) {
+      metadata.correlationId = errorInfo.correlationId;
+    }
+
+    // Include error data (masked) if available
+    if (errorInfo.errorData) {
+      const errorDataStr = typeof errorInfo.errorData === 'string'
+        ? errorInfo.errorData
+        : JSON.stringify(errorInfo.errorData);
+      metadata.errorData = maskSensitiveData(errorDataStr);
+    }
+  }
+
+  // Log as ERROR for failed requests, INFO for successful ones
+  const level = success ? 'INFO' : 'ERROR';
+  const message = success
+    ? `API call succeeded: ${method} ${path}`
+    : `API call failed: ${method} ${path} (${statusCode})`;
+
+  await auditLog(level, message, metadata);
+}
+
+/**
+ * Extracts path and query string from full URL
+ * @param {string} url - Full URL
+ * @returns {string} Path with query string
+ */
+function extractPathFromUrl(url) {
+  try {
+    const urlObj = new URL(url);
+    return urlObj.pathname + urlObj.search;
+  } catch {
+    // If URL parsing fails, try to extract path manually
+    const match = url.match(/https?:\/\/[^/]+(\/.*)/);
+    return match ? match[1] : url;
+  }
+}
+
 module.exports = {
   auditLog,
   logDeploymentAttempt,
   logDeploymentSuccess,
   logDeploymentFailure,
   logSecurityEvent,
+  logApplicationCreation,
+  logApiCall,
   maskSensitiveData,
   createAuditEntry
 };