@aifabrix/builder 2.22.1 → 2.31.0

package/lib/commands/login.js

@@ -320,6 +320,48 @@ function buildScope(offline, customScope) {
   return defaultScope;
 }
 
+/**
+ * Validate device code API response
+ * @param {Object} deviceCodeApiResponse - API response
+ * @throws {Error} If response is invalid
+ */
+function validateDeviceCodeResponse(deviceCodeApiResponse) {
+  if (!deviceCodeApiResponse) {
+    throw new Error('Device code flow initiation returned no response');
+  }
+
+  if (!deviceCodeApiResponse.success) {
+    const errorMessage = deviceCodeApiResponse.formattedError ||
+                        deviceCodeApiResponse.error ||
+                        'Device code flow initiation failed';
+    const error = new Error(errorMessage);
+    if (deviceCodeApiResponse.formattedError) {
+      error.formattedError = deviceCodeApiResponse.formattedError;
+    }
+    throw error;
+  }
+
+  if (!deviceCodeApiResponse.data) {
+    throw new Error('Device code flow initiation returned no data');
+  }
+}
+
+/**
+ * Convert API response to device code format
+ * @param {Object} apiResponse - API response data
+ * @returns {Object} Device code response in snake_case format
+ */
+function convertDeviceCodeResponse(apiResponse) {
+  const deviceCodeData = apiResponse.data || apiResponse;
+  return {
+    device_code: deviceCodeData.deviceCode || deviceCodeData.device_code,
+    user_code: deviceCodeData.userCode || deviceCodeData.user_code,
+    verification_uri: deviceCodeData.verificationUri || deviceCodeData.verification_uri,
+    expires_in: deviceCodeData.expiresIn || deviceCodeData.expires_in || 600,
+    interval: deviceCodeData.interval || 5
+  };
+}
+
 /**
  * Handle device code flow login
  * @async
@@ -343,39 +385,11 @@ async function handleDeviceCodeLogin(controllerUrl, environment, offline, scope)
     const deviceCodeApiResponse = await initiateDeviceCodeFlow(controllerUrl, envKey, requestScope);
 
     // Validate response structure
-    if (!deviceCodeApiResponse) {
-      throw new Error('Device code flow initiation returned no response');
-    }
-
-    // Check if API call was successful
-    if (!deviceCodeApiResponse.success) {
-      const errorMessage = deviceCodeApiResponse.formattedError ||
-                          deviceCodeApiResponse.error ||
-                          'Device code flow initiation failed';
-      const error = new Error(errorMessage);
-      // Preserve formattedError for better error display
-      if (deviceCodeApiResponse.formattedError) {
-        error.formattedError = deviceCodeApiResponse.formattedError;
-      }
-      throw error;
-    }
-
-    // Handle API response format: { success: boolean, data: DeviceCodeResponse }
-    if (!deviceCodeApiResponse.data) {
-      throw new Error('Device code flow initiation returned no data');
-    }
+    validateDeviceCodeResponse(deviceCodeApiResponse);
 
+    // Convert API response to device code format
     const apiResponse = deviceCodeApiResponse.data;
-    const deviceCodeData = apiResponse.data || apiResponse;
-
-    // Convert camelCase from API to snake_case for compatibility with existing code
-    const deviceCodeResponse = {
-      device_code: deviceCodeData.deviceCode || deviceCodeData.device_code,
-      user_code: deviceCodeData.userCode || deviceCodeData.user_code,
-      verification_uri: deviceCodeData.verificationUri || deviceCodeData.verification_uri,
-      expires_in: deviceCodeData.expiresIn || deviceCodeData.expires_in || 600,
-      interval: deviceCodeData.interval || 5
-    };
+    const deviceCodeResponse = convertDeviceCodeResponse(apiResponse);
 
     displayDeviceCodeInfo(deviceCodeResponse.user_code, deviceCodeResponse.verification_uri, logger, chalk);
 

package/lib/commands/logout.js

@@ -0,0 +1,181 @@
+/**
+ * AI Fabrix Builder - Logout Command
+ *
+ * Handles clearing authentication tokens from config.yaml
+ * Supports clearing all tokens or specific tokens based on options
+ *
+ * @fileoverview Logout command implementation for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const chalk = require('chalk');
+const {
+  clearDeviceToken,
+  clearAllDeviceTokens,
+  clearClientToken,
+  clearAllClientTokens,
+  clearClientTokensForEnvironment,
+  normalizeControllerUrl
+} = require('../config');
+const logger = require('../utils/logger');
+const os = require('os');
+const path = require('path');
+
+/**
+ * Validate environment key format
+ * @param {string} envKey - Environment key to validate
+ * @throws {Error} If environment key format is invalid
+ */
+function validateEnvironmentKey(envKey) {
+  if (!/^[a-z0-9-_]+$/i.test(envKey)) {
+    throw new Error('Environment key must contain only letters, numbers, hyphens, and underscores');
+  }
+}
+
+/**
+ * Validate controller URL format
+ * @param {string} url - Controller URL to validate
+ * @throws {Error} If URL format is invalid
+ */
+function validateControllerUrl(url) {
+  if (!url || typeof url !== 'string' || url.trim().length === 0) {
+    throw new Error('Controller URL is required and must be a non-empty string');
+  }
+  const normalized = normalizeControllerUrl(url);
+  // Check for valid URL format: http:// or https:// followed by valid hostname
+  // Hostname should be localhost or contain at least one dot (domain)
+  try {
+    const urlObj = new URL(normalized);
+    const hostname = urlObj.hostname;
+    // Allow localhost or hostnames with at least one dot (domain)
+    if (hostname !== 'localhost' && !hostname.includes('.')) {
+      throw new Error('Controller URL must be a valid HTTP or HTTPS URL');
+    }
+  } catch (urlError) {
+    throw new Error('Controller URL must be a valid HTTP or HTTPS URL');
+  }
+}
+
+/**
+ * Clear device tokens based on options
+ * @async
+ * @param {Object} options - Logout options
+ * @returns {Promise<number>} Number of device tokens cleared
+ */
+async function clearDeviceTokens(options) {
+  if (options.controller) {
+    // Clear specific controller device token
+    const cleared = await clearDeviceToken(options.controller);
+    if (cleared) {
+      logger.log(chalk.green(`✓ Cleared device token for controller: ${options.controller}`));
+      return 1;
+    }
+    logger.log(chalk.gray(`  No device token found for controller: ${options.controller}`));
+    return 0;
+  }
+
+  if (!options.environment && !options.app) {
+    // Clear all device tokens (only when no environment/app specified)
+    const cleared = await clearAllDeviceTokens();
+    if (cleared > 0) {
+      logger.log(chalk.green(`✓ Cleared ${cleared} device token(s)`));
+    } else {
+      logger.log(chalk.gray('  No device tokens found'));
+    }
+    return cleared;
+  }
+
+  return 0;
+}
+
+/**
+ * Clear client tokens based on options
+ * @async
+ * @param {Object} options - Logout options
+ * @returns {Promise<number>} Number of client tokens cleared
+ */
+async function clearClientTokens(options) {
+  if (options.app && options.environment) {
+    // Clear specific app token in environment
+    const cleared = await clearClientToken(options.environment, options.app);
+    if (cleared) {
+      logger.log(chalk.green(`✓ Cleared client token for app '${options.app}' in environment '${options.environment}'`));
+      return 1;
+    }
+    logger.log(chalk.gray(`  No client token found for app '${options.app}' in environment '${options.environment}'`));
+    return 0;
+  }
+
+  if (options.environment && !options.app) {
+    // Clear all client tokens for environment
+    const cleared = await clearClientTokensForEnvironment(options.environment);
+    if (cleared > 0) {
+      logger.log(chalk.green(`✓ Cleared ${cleared} client token(s) for environment '${options.environment}'`));
+    } else {
+      logger.log(chalk.gray(`  No client tokens found for environment '${options.environment}'`));
+    }
+    return cleared;
+  }
+
+  if (!options.controller && !options.environment && !options.app) {
+    // Clear all client tokens (only when no specific options specified)
+    const cleared = await clearAllClientTokens();
+    if (cleared > 0) {
+      logger.log(chalk.green(`✓ Cleared ${cleared} client token(s)`));
+    } else {
+      logger.log(chalk.gray('  No client tokens found'));
+    }
+    return cleared;
+  }
+
+  return 0;
+}
+
+/**
+ * Handle logout command action
+ * @async
+ * @function handleLogout
+ * @param {Object} options - Logout options
+ * @param {string} [options.controller] - Clear device tokens for specific controller
+ * @param {string} [options.environment] - Clear client tokens for specific environment
+ * @param {string} [options.app] - Clear client tokens for specific app (requires --environment)
+ * @returns {Promise<void>} Resolves when logout completes
+ * @throws {Error} If logout fails or options are invalid
+ */
+async function handleLogout(options) {
+  const configPath = path.join(os.homedir(), '.aifabrix', 'config.yaml');
+  logger.log(chalk.blue('\n🔓 Clearing authentication tokens...\n'));
+
+  // Validate options
+  if (options.app && !options.environment) {
+    throw new Error('--app requires --environment option');
+  }
+
+  if ('controller' in options && options.controller !== undefined && options.controller !== null) {
+    validateControllerUrl(options.controller);
+  }
+
+  if ('environment' in options && options.environment !== undefined && options.environment !== null) {
+    validateEnvironmentKey(options.environment);
+  }
+
+  // Clear device tokens
+  const deviceTokensCleared = await clearDeviceTokens(options);
+
+  // Clear client tokens
+  const clientTokensCleared = await clearClientTokens(options);
+
+  // Summary
+  const totalCleared = deviceTokensCleared + clientTokensCleared;
+  if (totalCleared > 0) {
+    logger.log(chalk.green('\n✅ Successfully cleared tokens!'));
+    logger.log(chalk.gray(`Config file: ${configPath}\n`));
+  } else {
+    logger.log(chalk.yellow('\n⚠️  No tokens found to clear'));
+    logger.log(chalk.gray(`Config file: ${configPath}\n`));
+  }
+}
+
+module.exports = { handleLogout };
+

package/lib/commands/secrets-set.js

@@ -10,11 +10,11 @@
  */
 
 const path = require('path');
-const os = require('os');
 const chalk = require('chalk');
 const logger = require('../utils/logger');
 const { getAifabrixSecretsPath } = require('../config');
 const { saveLocalSecret, saveSecret } = require('../utils/local-secrets');
+const pathsUtil = require('../utils/paths');
 
 /**
  * Handle secrets set command action
@@ -61,7 +61,7 @@ async function handleSecretsSet(key, value, options) {
   } else {
     // Save to user secrets file
     await saveLocalSecret(key, value);
-    const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
+    const userSecretsPath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
     logger.log(chalk.green(`✓ Secret '${key}' saved to user secrets file: ${userSecretsPath}`));
   }
 }

package/lib/commands/secure.js

@@ -11,7 +11,6 @@
 
 const fs = require('fs');
 const path = require('path');
-const os = require('os');
 const yaml = require('js-yaml');
 const inquirer = require('inquirer');
 const chalk = require('chalk');
@@ -19,6 +18,7 @@ const logger = require('../utils/logger');
 const { setSecretsEncryptionKey, getSecretsEncryptionKey } = require('../config');
 const { validateEncryptionKey } = require('../utils/secrets-encryption');
 const { encryptYamlValues } = require('../utils/yaml-preserve');
+const pathsUtil = require('../utils/paths');
 
 /**
  * Finds all secrets.local.yaml files to encrypt
@@ -32,7 +32,7 @@ async function findSecretsFiles() {
   const files = [];
 
   // User's secrets file
-  const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
+  const userSecretsPath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
   if (fs.existsSync(userSecretsPath)) {
     files.push({ path: userSecretsPath, type: 'user' });
   }
@@ -120,20 +120,12 @@ async function promptForEncryptionKey() {
 }
 
 /**
- * Handle secure command action
- * Sets encryption key and encrypts all secrets files
- *
+ * Get encryption key from options or prompt user
  * @async
- * @function handleSecure
  * @param {Object} options - Command options
- * @param {string} [options.secretsEncryption] - Encryption key (optional, will prompt if not provided)
- * @returns {Promise<void>} Resolves when encryption completes
- * @throws {Error} If encryption fails
+ * @returns {Promise<string>} Encryption key
  */
-async function handleSecure(options) {
-  logger.log(chalk.blue('\n🔐 Securing secrets files...\n'));
-
-  // Get or prompt for encryption key
+async function getEncryptionKey(options) {
   let encryptionKey = options.secretsEncryption || options['secrets-encryption'];
   if (!encryptionKey) {
     // Check if key already exists in config
@@ -164,19 +156,17 @@ async function handleSecure(options) {
     await setSecretsEncryptionKey(encryptionKey);
     logger.log(chalk.green('✓ Encryption key saved to config.yaml'));
   }
+  return encryptionKey;
+}
 
-  // Find all secrets files
-  const secretsFiles = await findSecretsFiles();
-
-  if (secretsFiles.length === 0) {
-    logger.log(chalk.yellow('⚠️  No secrets files found to encrypt'));
-    logger.log(chalk.gray('   Create ~/.aifabrix/secrets.local.yaml or configure aifabrix-secrets in config.yaml'));
-    return;
-  }
-
-  logger.log(chalk.gray(`Found ${secretsFiles.length} secrets file(s) to process:\n`));
-
-  // Encrypt each file
+/**
+ * Process and encrypt all secrets files
+ * @async
+ * @param {Array} secretsFiles - Array of secrets file objects
+ * @param {string} encryptionKey - Encryption key
+ * @returns {Promise<Object>} Object with totalEncrypted and totalValues
+ */
+async function processSecretsFiles(secretsFiles, encryptionKey) {
   let totalEncrypted = 0;
   let totalValues = 0;
 
@@ -197,11 +187,56 @@ async function handleSecure(options) {
     }
   }
 
+  return { totalEncrypted, totalValues };
+}
+
+/**
+ * Display encryption summary
+ * @param {number} filesCount - Number of files processed
+ * @param {number} totalEncrypted - Number of values encrypted
+ * @param {number} totalValues - Total number of values
+ */
+function displayEncryptionSummary(filesCount, totalEncrypted, totalValues) {
   logger.log(chalk.green('\n✅ Encryption complete!'));
-  logger.log(chalk.gray(`   Files processed: ${secretsFiles.length}`));
+  logger.log(chalk.gray(`   Files processed: ${filesCount}`));
   logger.log(chalk.gray(`   Values encrypted: ${totalEncrypted} of ${totalValues} total`));
   logger.log(chalk.gray('   Encryption key stored in: ~/.aifabrix/config.yaml\n'));
 }
 
+/**
+ * Handle secure command action
+ * Sets encryption key and encrypts all secrets files
+ *
+ * @async
+ * @function handleSecure
+ * @param {Object} options - Command options
+ * @param {string} [options.secretsEncryption] - Encryption key (optional, will prompt if not provided)
+ * @returns {Promise<void>} Resolves when encryption completes
+ * @throws {Error} If encryption fails
+ */
+async function handleSecure(options) {
+  logger.log(chalk.blue('\n🔐 Securing secrets files...\n'));
+
+  // Get or prompt for encryption key
+  const encryptionKey = await getEncryptionKey(options);
+
+  // Find all secrets files
+  const secretsFiles = await findSecretsFiles();
+
+  if (secretsFiles.length === 0) {
+    logger.log(chalk.yellow('⚠️  No secrets files found to encrypt'));
+    logger.log(chalk.gray('   Create ~/.aifabrix/secrets.local.yaml or configure aifabrix-secrets in config.yaml'));
+    return;
+  }
+
+  logger.log(chalk.gray(`Found ${secretsFiles.length} secrets file(s) to process:\n`));
+
+  // Process and encrypt all files
+  const { totalEncrypted, totalValues } = await processSecretsFiles(secretsFiles, encryptionKey);
+
+  // Display summary
+  displayEncryptionSummary(secretsFiles.length, totalEncrypted, totalValues);
+}
+
 module.exports = { handleSecure };
 

package/lib/config.js

@@ -47,6 +47,71 @@ function normalizeControllerUrl(url) {
   return normalized;
 }
 
+/**
+ * Validate and normalize developer ID
+ * @param {*} developerId - Developer ID value (can be string, number, undefined, or null)
+ * @returns {string} Normalized developer ID as string
+ * @throws {Error} If developer ID is invalid
+ */
+function validateAndNormalizeDeveloperId(developerId) {
+  const DEV_ID_DIGITS_REGEX = /^[0-9]+$/;
+
+  if (typeof developerId === 'undefined' || developerId === null) {
+    return '0';
+  }
+
+  if (typeof developerId === 'number') {
+    if (developerId < 0 || !Number.isFinite(developerId)) {
+      throw new Error(`Invalid developer-id value: "${developerId}". Must be a non-negative digit string.`);
+    }
+    return String(developerId);
+  }
+
+  if (typeof developerId === 'string') {
+    if (!DEV_ID_DIGITS_REGEX.test(developerId)) {
+      throw new Error(`Invalid developer-id value: "${developerId}". Must contain only digits 0-9.`);
+    }
+    return developerId;
+  }
+
+  throw new Error(`Invalid developer-id value type: ${typeof developerId}. Must be a non-negative digit string.`);
+}
+
+/**
+ * Ensure default config values exist
+ * @param {Object} config - Configuration object
+ * @returns {Object} Config with defaults applied
+ */
+function applyConfigDefaults(config) {
+  // Ensure environment defaults to 'dev' if not set
+  if (typeof config.environment === 'undefined') {
+    config.environment = 'dev';
+  }
+  // Ensure environments object exists
+  if (typeof config.environments !== 'object' || config.environments === null) {
+    config.environments = {};
+  }
+  // Ensure device object exists at root level
+  if (typeof config.device !== 'object' || config.device === null) {
+    config.device = {};
+  }
+  return config;
+}
+
+/**
+ * Get default config when file doesn't exist
+ * @returns {Object} Default configuration
+ */
+function getDefaultConfig() {
+  cachedDeveloperId = '0';
+  return {
+    'developer-id': '0',
+    environment: 'dev',
+    environments: {},
+    device: {}
+  };
+}
+
 async function getConfig() {
   try {
     const configContent = await fs.readFile(RUNTIME_CONFIG_FILE, 'utf8');
@@ -57,49 +122,18 @@ async function getConfig() {
       config = {};
     }
 
-    // Ensure developer-id exists as a digit-only string (default "0") and validate
-    const DEV_ID_DIGITS_REGEX = /^[0-9]+$/;
-    if (typeof config['developer-id'] === 'undefined' || config['developer-id'] === null) {
-      config['developer-id'] = '0';
-    } else if (typeof config['developer-id'] === 'number') {
-      // Convert numeric to string to preserve type consistency
-      if (config['developer-id'] < 0 || !Number.isFinite(config['developer-id'])) {
-        throw new Error(`Invalid developer-id value: "${config['developer-id']}". Must be a non-negative digit string.`);
-      }
-      config['developer-id'] = String(config['developer-id']);
-    } else if (typeof config['developer-id'] === 'string') {
-      if (!DEV_ID_DIGITS_REGEX.test(config['developer-id'])) {
-        throw new Error(`Invalid developer-id value: "${config['developer-id']}". Must contain only digits 0-9.`);
-      }
-    } else {
-      throw new Error(`Invalid developer-id value type: ${typeof config['developer-id']}. Must be a non-negative digit string.`);
-    }
+    // Validate and normalize developer ID
+    config['developer-id'] = validateAndNormalizeDeveloperId(config['developer-id']);
+
+    // Apply defaults
+    config = applyConfigDefaults(config);
 
-    // Ensure environment defaults to 'dev' if not set
-    if (typeof config.environment === 'undefined') {
-      config.environment = 'dev';
-    }
-    // Ensure environments object exists
-    if (typeof config.environments !== 'object' || config.environments === null) {
-      config.environments = {};
-    }
-    // Ensure device object exists at root level
-    if (typeof config.device !== 'object' || config.device === null) {
-      config.device = {};
-    }
     // Cache developer ID as property for easy access (string, default "0")
     cachedDeveloperId = config['developer-id'] !== undefined ? config['developer-id'] : '0';
     return config;
   } catch (error) {
     if (error.code === 'ENOENT') {
-      // Default developer ID is "0", default environment is 'dev'
-      cachedDeveloperId = '0';
-      return {
-        'developer-id': '0',
-        environment: 'dev',
-        environments: {},
-        device: {}
-      };
+      return getDefaultConfig();
     }
     throw new Error(`Failed to read config: ${error.message}`);
   }
@@ -344,14 +378,14 @@ Object.defineProperty(exportsObj, 'developerId', {
 
 // Token management functions - created after dependencies are defined
 const { createTokenManagementFunctions } = require('./utils/config-tokens');
-const tokenFunctions = createTokenManagementFunctions(
-  getConfig,
-  saveConfig,
-  getSecretsEncryptionKey,
-  encryptTokenValue,
-  decryptTokenValue,
-  require('./utils/token-encryption').isTokenEncrypted
-);
+const tokenFunctions = createTokenManagementFunctions({
+  getConfigFn: getConfig,
+  saveConfigFn: saveConfig,
+  getSecretsEncryptionKeyFn: getSecretsEncryptionKey,
+  encryptTokenValueFn: encryptTokenValue,
+  decryptTokenValueFn: decryptTokenValue,
+  isTokenEncryptedFn: require('./utils/token-encryption').isTokenEncrypted
+});
 Object.assign(exportsObj, tokenFunctions);
 
 // Path configuration functions - created after getConfig/saveConfig are defined