@aifabrix/builder 2.3.0 → 2.3.2

package/lib/config.js

@@ -35,10 +35,24 @@ async function getConfig() {
       config = {};
     }
 
-    // Ensure developerId defaults to 0 if not set
-    if (typeof config['developer-id'] === 'undefined') {
-      config['developer-id'] = 0;
+    // Ensure developer-id exists as a digit-only string (default "0") and validate
+    const DEV_ID_DIGITS_REGEX = /^[0-9]+$/;
+    if (typeof config['developer-id'] === 'undefined' || config['developer-id'] === null) {
+      config['developer-id'] = '0';
+    } else if (typeof config['developer-id'] === 'number') {
+      // Convert numeric to string to preserve type consistency
+      if (config['developer-id'] < 0 || !Number.isFinite(config['developer-id'])) {
+        throw new Error(`Invalid developer-id value: "${config['developer-id']}". Must be a non-negative digit string.`);
+      }
+      config['developer-id'] = String(config['developer-id']);
+    } else if (typeof config['developer-id'] === 'string') {
+      if (!DEV_ID_DIGITS_REGEX.test(config['developer-id'])) {
+        throw new Error(`Invalid developer-id value: "${config['developer-id']}". Must contain only digits 0-9.`);
+      }
+    } else {
+      throw new Error(`Invalid developer-id value type: ${typeof config['developer-id']}. Must be a non-negative digit string.`);
     }
+
     // Ensure environment defaults to 'dev' if not set
     if (typeof config.environment === 'undefined') {
       config.environment = 'dev';
@@ -51,15 +65,15 @@ async function getConfig() {
     if (typeof config.device !== 'object' || config.device === null) {
       config.device = {};
     }
-    // Cache developer ID as property for easy access (use nullish coalescing to allow 0)
-    cachedDeveloperId = config['developer-id'] !== undefined ? config['developer-id'] : 0;
+    // Cache developer ID as property for easy access (string, default "0")
+    cachedDeveloperId = config['developer-id'] !== undefined ? config['developer-id'] : '0';
     return config;
   } catch (error) {
     if (error.code === 'ENOENT') {
-      // Default developer ID is 0, default environment is 'dev'
-      cachedDeveloperId = 0;
+      // Default developer ID is "0", default environment is 'dev'
+      cachedDeveloperId = '0';
       return {
-        'developer-id': 0,
+        'developer-id': '0',
         environment: 'dev',
         environments: {},
         device: {}
@@ -80,7 +94,8 @@ async function saveConfig(data) {
     await fs.mkdir(CONFIG_DIR, { recursive: true });
 
     // Set secure permissions
-    const configContent = yaml.dump(data);
+    // Force quotes to ensure numeric-like strings (e.g., "01") remain strings in YAML
+    const configContent = yaml.dump(data, { forceQuotes: true });
     // Write file first
     await fs.writeFile(CONFIG_FILE, configContent, {
       mode: 0o600,
@@ -117,7 +132,7 @@ async function clearConfig() {
  * Get developer ID from configuration
  * Loads config if not already cached, then returns cached developer ID
  * Developer ID: 0 = default infra, > 0 = developer-specific
- * @returns {Promise<number>} Developer ID (defaults to 0)
+ * @returns {Promise<string>} Developer ID as string (defaults to "0")
  */
 async function getDeveloperId() {
   // Always reload from file to ensure we have the latest value
@@ -130,21 +145,33 @@ async function getDeveloperId() {
 
 /**
  * Set developer ID in configuration
- * @param {number} developerId - Developer ID to set (0 = default infra, > 0 = developer-specific)
+ * @param {number|string} developerId - Developer ID to set (digit-only string preserved, or number). "0" = default infra, > "0" = developer-specific
  * @returns {Promise<void>}
  */
 async function setDeveloperId(developerId) {
-  if (typeof developerId !== 'number' || developerId < 0) {
-    throw new Error('Developer ID must be a non-negative number (0 = default infra, > 0 = developer-specific)');
+  const DEV_ID_DIGITS_REGEX = /^[0-9]+$/;
+  let devIdString;
+  if (typeof developerId === 'number') {
+    if (!Number.isFinite(developerId) || developerId < 0) {
+      throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
+    }
+    devIdString = String(developerId);
+  } else if (typeof developerId === 'string') {
+    if (!DEV_ID_DIGITS_REGEX.test(developerId)) {
+      throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
+    }
+    devIdString = developerId;
+  } else {
+    throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
   }
   // Clear cache first to ensure we get fresh data from file
   cachedDeveloperId = null;
   // Read file directly to avoid any caching issues
   const config = await getConfig();
   // Update developer ID
-  config['developer-id'] = developerId;
+  config['developer-id'] = devIdString;
   // Update cache before saving
-  cachedDeveloperId = developerId;
+  cachedDeveloperId = devIdString;
   // Save the entire config object to ensure all fields are preserved
   await saveConfig(config);
   // Verify the file was saved correctly by reading it back
@@ -154,8 +181,10 @@ async function setDeveloperId(developerId) {
   // Read file again with fresh file handle to avoid OS caching
   const savedContent = await fs.readFile(CONFIG_FILE, 'utf8');
   const savedConfig = yaml.load(savedContent);
-  if (savedConfig['developer-id'] !== developerId) {
-    throw new Error(`Failed to save developer ID: expected ${developerId}, got ${savedConfig['developer-id']}. File content: ${savedContent.substring(0, 200)}`);
+  // YAML may parse numbers as numbers, so convert to string for comparison
+  const savedDevIdString = String(savedConfig['developer-id']);
+  if (savedDevIdString !== devIdString) {
+    throw new Error(`Failed to save developer ID: expected ${devIdString}, got ${savedDevIdString}. File content: ${savedContent.substring(0, 200)}`);
   }
   // Clear the cache to force reload from file on next getDeveloperId() call
   // This ensures we get the value that was actually saved to disk
@@ -288,7 +317,7 @@ async function saveClientToken(environment, appName, controllerUrl, token, expir
 /**
  * Initialize and load developer ID
  * Call this to ensure developerId is loaded and cached
- * @returns {Promise<number>} Developer ID
+ * @returns {Promise<string>} Developer ID (string)
  */
 async function loadDeveloperId() {
   if (cachedDeveloperId === null) {
@@ -379,7 +408,7 @@ const exportsObj = {
 // Developer ID: 0 = default infra, > 0 = developer-specific
 Object.defineProperty(exportsObj, 'developerId', {
   get() {
-    return cachedDeveloperId !== null ? cachedDeveloperId : 0; // Default to 0 if not loaded yet
+    return cachedDeveloperId !== null ? cachedDeveloperId : '0'; // Default to "0" if not loaded yet
   },
   enumerable: true,
   configurable: true

package/lib/infra.js

@@ -28,21 +28,23 @@ const execAsync = promisify(exec);
 /**
  * Gets infrastructure directory name based on developer ID
  * Dev 0: infra (no dev-0 suffix), Dev > 0: infra-dev{id}
- * @param {number} devId - Developer ID
+ * @param {number|string} devId - Developer ID
  * @returns {string} Infrastructure directory name
  */
 function getInfraDirName(devId) {
-  return devId === 0 ? 'infra' : `infra-dev${devId}`;
+  const idNum = typeof devId === 'string' ? parseInt(devId, 10) : devId;
+  return idNum === 0 ? 'infra' : `infra-dev${devId}`;
 }
 
 /**
  * Gets Docker Compose project name based on developer ID
  * Dev 0: infra (no dev-0 suffix), Dev > 0: infra-dev{id}
- * @param {number} devId - Developer ID
+ * @param {number|string} devId - Developer ID
  * @returns {string} Docker Compose project name
  */
 function getInfraProjectName(devId) {
-  return devId === 0 ? 'infra' : `infra-dev${devId}`;
+  const idNum = typeof devId === 'string' ? parseInt(devId, 10) : devId;
+  return idNum === 0 ? 'infra' : `infra-dev${devId}`;
 }
 
 // Wrapper to support cwd option
@@ -96,7 +98,10 @@ async function startInfra(developerId = null) {
 
   // Get developer ID from parameter or config
   const devId = developerId || await config.getDeveloperId();
-  const ports = devConfig.getDevPorts(devId);
+  // Convert to number for getDevPorts (it expects numbers)
+  const devIdNum = typeof devId === 'string' ? parseInt(devId, 10) : devId;
+  const ports = devConfig.getDevPorts(devIdNum);
+  const idNum = devIdNum;
 
   // Load compose template (Handlebars)
   const templatePath = path.join(__dirname, '..', 'templates', 'infra', 'compose.yaml.hbs');
@@ -116,7 +121,7 @@ async function startInfra(developerId = null) {
   const templateContent = fs.readFileSync(templatePath, 'utf8');
   const template = handlebars.compile(templateContent);
   // Dev 0: infra-aifabrix-network, Dev > 0: infra-dev{id}-aifabrix-network
-  const networkName = devId === 0 ? 'infra-aifabrix-network' : `infra-dev${devId}-aifabrix-network`;
+  const networkName = idNum === 0 ? 'infra-aifabrix-network' : `infra-dev${devId}-aifabrix-network`;
   const composeContent = template({
     devId: devId,
     postgresPort: ports.postgres,
@@ -261,7 +266,9 @@ async function checkInfraHealth(devId = null) {
  */
 async function getInfraStatus() {
   const devId = await config.getDeveloperId();
-  const ports = devConfig.getDevPorts(devId);
+  // Convert string developer ID to number for getDevPorts
+  const devIdNum = parseInt(devId, 10);
+  const ports = devConfig.getDevPorts(devIdNum);
   const services = {
     postgres: { port: ports.postgres, url: `localhost:${ports.postgres}` },
     redis: { port: ports.redis, url: `localhost:${ports.redis}` },

package/lib/secrets.js

@@ -357,7 +357,9 @@ async function generateEnvFile(appName, secretsPath, environment = 'local', forc
   // For local environment, update infrastructure ports to use dev-specific ports
   if (environment === 'local') {
     const devId = await config.getDeveloperId();
-    const ports = devConfig.getDevPorts(devId);
+    // Convert string developer ID to number for getDevPorts
+    const devIdNum = parseInt(devId, 10);
+    const ports = devConfig.getDevPorts(devIdNum);
 
     // Update DATABASE_PORT if present
     resolved = resolved.replace(/^DATABASE_PORT\s*=\s*.*$/m, `DATABASE_PORT=${ports.postgres}`);

package/lib/utils/build-copy.js

@@ -22,7 +22,7 @@ const os = require('os');
  * @async
  * @function copyBuilderToDevDirectory
  * @param {string} appName - Application name
- * @param {number} developerId - Developer ID
+ * @param {number|string} developerId - Developer ID
  * @returns {Promise<string>} Path to developer-specific directory
  * @throws {Error} If copying fails
  *
@@ -39,7 +39,8 @@ async function copyBuilderToDevDirectory(appName, developerId) {
   }
 
   // Get base directory (applications or applications-dev-{id})
-  const baseDir = developerId === 0
+  const idNum = typeof developerId === 'string' ? parseInt(developerId, 10) : developerId;
+  const baseDir = idNum === 0
     ? path.join(os.homedir(), '.aifabrix', 'applications')
     : path.join(os.homedir(), '.aifabrix', `applications-dev-${developerId}`);
 
@@ -64,7 +65,7 @@ async function copyBuilderToDevDirectory(appName, developerId) {
   await fs.mkdir(devDir, { recursive: true });
 
   // Copy files based on developer ID
-  if (developerId === 0) {
+  if (idNum === 0) {
     // Dev 0: Copy contents from builder/{appName}/ directly to applications/
     await copyDirectory(builderPath, devDir);
   } else {
@@ -112,11 +113,12 @@ async function copyDirectory(sourceDir, targetDir) {
 /**
  * Gets developer-specific directory path for an application
  * @param {string} appName - Application name
- * @param {number} developerId - Developer ID
+ * @param {number|string} developerId - Developer ID
  * @returns {string} Path to developer-specific directory
  */
 function getDevDirectory(appName, developerId) {
-  if (developerId === 0) {
+  const idNum = typeof developerId === 'string' ? parseInt(developerId, 10) : developerId;
+  if (idNum === 0) {
     // Dev 0: all apps go directly to applications/ (no subdirectory)
     return path.join(os.homedir(), '.aifabrix', 'applications');
   }

package/lib/utils/compose-generator.js

@@ -307,12 +307,13 @@ async function generateDockerCompose(appName, appConfig, options) {
 
   // Get developer ID and network name
   const devId = await config.getDeveloperId();
+  const idNum = typeof devId === 'string' ? parseInt(devId, 10) : devId;
   // Dev 0: infra-aifabrix-network (no dev-0 suffix)
   // Dev > 0: infra-dev{id}-aifabrix-network
-  const networkName = devId === 0 ? 'infra-aifabrix-network' : `infra-dev${devId}-aifabrix-network`;
+  const networkName = idNum === 0 ? 'infra-aifabrix-network' : `infra-dev${devId}-aifabrix-network`;
   // Dev 0: aifabrix-{appName} (no dev-0 suffix)
   // Dev > 0: aifabrix-dev{id}-{appName}
-  const containerName = devId === 0 ? `aifabrix-${appName}` : `aifabrix-dev${devId}-${appName}`;
+  const containerName = idNum === 0 ? `aifabrix-${appName}` : `aifabrix-dev${devId}-${appName}`;
 
   const serviceConfig = buildServiceConfig(appName, appConfig, port);
   const volumesConfig = buildVolumesConfig(appName);

package/lib/utils/dev-config.js

@@ -27,7 +27,7 @@ const BASE_PORTS = {
  * Developer ID: 0 = default infra (base ports), > 0 = developer-specific (offset ports)
  *
  * @function getDevPorts
- * @param {number} developerId - Developer ID (0 = default infra, 1, 2, 3, etc. = developer-specific)
+ * @param {number} developerId - Developer ID (0 = default infra, 1, 2, 3, etc. = developer-specific). Must be a number.
  * @returns {Object} Object with calculated ports for all services
  *
  * @example
@@ -37,27 +37,28 @@ const BASE_PORTS = {
  * // Returns: { app: 3100, postgres: 5532, redis: 6479, pgadmin: 5150, redisCommander: 8181 }
  */
 function getDevPorts(developerId) {
-  // Validate type first - must be a number
+  // Only accept numbers, reject strings and other types
   if (typeof developerId !== 'number') {
     throw new Error('Developer ID must be a positive number');
   }
 
-  // Handle NaN, undefined, null - throw error (don't default)
-  if (isNaN(developerId) || developerId === undefined || developerId === null) {
+  // Handle invalids
+  if (developerId === undefined || developerId === null || Number.isNaN(developerId)) {
     throw new Error('Developer ID must be a positive number');
   }
-
   if (developerId < 0 || !Number.isInteger(developerId)) {
     throw new Error('Developer ID must be a positive number');
   }
 
+  const idNum = developerId;
+
   // Developer ID 0 = default infra (base ports, no offset)
-  if (developerId === 0) {
+  if (idNum === 0) {
     return { ...BASE_PORTS };
   }
 
   // Developer ID > 0 = developer-specific (add offset)
-  const offset = developerId * 100;
+  const offset = idNum * 100;
 
   return {
     app: BASE_PORTS.app + offset,

package/lib/utils/infra-containers.js

@@ -20,14 +20,15 @@ const execAsync = promisify(exec);
  * @private
  * @async
  * @param {string} serviceName - Service name
- * @param {number} [devId] - Developer ID (optional, will be loaded from config if not provided)
+ * @param {number|string} [devId] - Developer ID (optional, will be loaded from config if not provided)
  * @returns {Promise<string|null>} Container name or null if not found
  */
 async function findContainer(serviceName, devId = null) {
   try {
     const developerId = devId || await config.getDeveloperId();
+    const idNum = typeof developerId === 'string' ? parseInt(developerId, 10) : developerId;
     // Dev 0: aifabrix-{serviceName}, Dev > 0: aifabrix-dev{id}-{serviceName}
-    const containerNamePattern = developerId === 0
+    const containerNamePattern = idNum === 0
       ? `aifabrix-${serviceName}`
       : `aifabrix-dev${developerId}-${serviceName}`;
     let { stdout } = await execAsync(`docker ps --filter "name=${containerNamePattern}" --format "{{.Names}}"`);

package/lib/utils/yaml-preserve.js

@@ -0,0 +1,214 @@
+/**
+ * AI Fabrix Builder YAML Preservation Utilities
+ *
+ * This module provides line-by-line YAML parsing that preserves comments,
+ * formatting, and structure while encrypting values.
+ *
+ * @fileoverview YAML preservation utilities for secure command
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const { encryptSecret, isEncrypted } = require('./secrets-encryption');
+
+/**
+ * Checks if a string value represents a YAML primitive (number, boolean, null)
+ * When parsing line-by-line, these appear as strings but should not be encrypted
+ *
+ * @function isYamlPrimitive
+ * @param {string} value - Value to check
+ * @returns {boolean} True if value is a YAML primitive
+ */
+function isYamlPrimitive(value) {
+  const trimmed = value.trim();
+
+  // Check for null
+  if (trimmed === 'null' || trimmed === '~' || trimmed === '') {
+    return true;
+  }
+
+  // Check for boolean
+  if (trimmed === 'true' || trimmed === 'false' || trimmed === 'True' || trimmed === 'False' ||
+      trimmed === 'TRUE' || trimmed === 'FALSE' || trimmed === 'yes' || trimmed === 'no' ||
+      trimmed === 'Yes' || trimmed === 'No' || trimmed === 'YES' || trimmed === 'NO' ||
+      trimmed === 'on' || trimmed === 'off' || trimmed === 'On' || trimmed === 'Off' ||
+      trimmed === 'ON' || trimmed === 'OFF') {
+    return true;
+  }
+
+  // Check for number (integer or float, with optional sign)
+  if (/^[+-]?\d+$/.test(trimmed) || /^[+-]?\d*\.\d+([eE][+-]?\d+)?$/.test(trimmed) ||
+      /^[+-]?\.\d+([eE][+-]?\d+)?$/.test(trimmed) || /^0x[0-9a-fA-F]+$/.test(trimmed) ||
+      /^0o[0-7]+$/.test(trimmed) || /^0b[01]+$/.test(trimmed)) {
+    return true;
+  }
+
+  // Check for YAML special values
+  if (trimmed === '.inf' || trimmed === '.Inf' || trimmed === '.INF' ||
+      trimmed === '-.inf' || trimmed === '-.Inf' || trimmed === '-.INF' ||
+      trimmed === '.nan' || trimmed === '.NaN' || trimmed === '.NAN') {
+    return true;
+  }
+
+  return false;
+}
+
+/**
+ * Checks if a value should be encrypted
+ * URLs (http:// and https://) are not encrypted as they are not secrets
+ * YAML primitives (numbers, booleans, null) are not encrypted
+ *
+ * @function shouldEncryptValue
+ * @param {string} value - Value to check
+ * @returns {boolean} True if value should be encrypted
+ */
+function shouldEncryptValue(value) {
+  if (typeof value !== 'string') {
+    return false;
+  }
+
+  const trimmed = value.trim();
+
+  // Skip empty or whitespace-only values
+  if (trimmed.length === 0) {
+    return false;
+  }
+
+  // Skip YAML primitives (numbers, booleans, null)
+  if (isYamlPrimitive(trimmed)) {
+    return false;
+  }
+
+  // Skip already encrypted values
+  if (isEncrypted(trimmed)) {
+    return false;
+  }
+
+  // Skip URLs - they are not secrets
+  if (trimmed.startsWith('http://') || trimmed.startsWith('https://')) {
+    return false;
+  }
+
+  return true;
+}
+
+/**
+ * Extracts value from YAML line, handling quotes
+ * Removes quotes but remembers if they were present
+ *
+ * @function extractValue
+ * @param {string} valuePart - The value portion of a YAML line
+ * @returns {Object} Object with value and quote info
+ */
+function extractValue(valuePart) {
+  const trimmed = valuePart.trim();
+
+  // Check for quoted strings
+  if ((trimmed.startsWith('"') && trimmed.endsWith('"')) ||
+      (trimmed.startsWith('\'') && trimmed.endsWith('\''))) {
+    const quote = trimmed[0];
+    const unquoted = trimmed.slice(1, -1);
+    return { value: unquoted, quoted: true, quoteChar: quote };
+  }
+
+  return { value: trimmed, quoted: false, quoteChar: null };
+}
+
+/**
+ * Formats value back with quotes if needed
+ *
+ * @function formatValue
+ * @param {string} value - Value to format
+ * @param {boolean} quoted - Whether value was originally quoted
+ * @param {string|null} quoteChar - Original quote character
+ * @returns {string} Formatted value
+ */
+function formatValue(value, quoted, quoteChar) {
+  if (quoted && quoteChar) {
+    return `${quoteChar}${value}${quoteChar}`;
+  }
+  return value;
+}
+
+/**
+ * Encrypts YAML values while preserving comments and formatting
+ * Processes file line-by-line to maintain structure
+ *
+ * @function encryptYamlValues
+ * @param {string} content - Original YAML file content
+ * @param {string} encryptionKey - Encryption key
+ * @returns {Object} Object with encrypted content and statistics
+ * @returns {string} returns.content - Encrypted YAML content
+ * @returns {number} returns.encrypted - Count of encrypted values
+ * @returns {number} returns.total - Total count of values processed
+ *
+ * @example
+ * const result = encryptYamlValues(yamlContent, encryptionKey);
+ * // Returns: { content: '...', encrypted: 5, total: 10 }
+ */
+function encryptYamlValues(content, encryptionKey) {
+  const lines = content.split(/\r?\n/);
+  const encryptedLines = [];
+  let encryptedCount = 0;
+  let totalCount = 0;
+
+  // Pattern to match key-value pairs with optional comments
+  // Matches: indentation, key, colon, value, optional whitespace, optional comment
+  // Handles: key: value, key: "value", key: value # comment, etc.
+  const kvPattern = /^(\s*)([^#:\n]+?):\s*(.+?)(\s*)(#.*)?$/;
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const trimmed = line.trim();
+
+    // Preserve empty lines and comment-only lines
+    if (trimmed === '' || trimmed.startsWith('#')) {
+      encryptedLines.push(line);
+      continue;
+    }
+
+    // Try to match key-value pattern
+    const match = line.match(kvPattern);
+    if (match) {
+      totalCount++;
+      const [, indent, key, valuePart, trailingWhitespace, comment] = match;
+
+      // Extract value (handle quotes)
+      const { value, quoted, quoteChar } = extractValue(valuePart);
+
+      // Check if value should be encrypted
+      if (shouldEncryptValue(value)) {
+        // Encrypt the value
+        const encryptedValue = encryptSecret(value, encryptionKey);
+        const formattedValue = formatValue(encryptedValue, quoted, quoteChar);
+
+        // Reconstruct line with encrypted value
+        const encryptedLine = `${indent}${key}: ${formattedValue}${trailingWhitespace}${comment || ''}`;
+        encryptedLines.push(encryptedLine);
+        encryptedCount++;
+      } else {
+        // Keep original line (already encrypted, URL, or non-string)
+        encryptedLines.push(line);
+      }
+    } else {
+      // Line doesn't match pattern (multiline value, complex structure, etc.)
+      // Preserve as-is
+      encryptedLines.push(line);
+    }
+  }
+
+  return {
+    content: encryptedLines.join('\n'),
+    encrypted: encryptedCount,
+    total: totalCount
+  };
+}
+
+module.exports = {
+  encryptYamlValues,
+  shouldEncryptValue,
+  isYamlPrimitive,
+  extractValue,
+  formatValue
+};
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.3.0",
+  "version": "2.3.2",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {