npm - @aifabrix/builder - Versions diffs - 2.3.6 → 2.5.0 - Mend

@aifabrix/builder 2.3.6 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/README.md +3 -0
package/lib/app-down.js +123 -0
package/lib/app.js +4 -2
package/lib/build.js +19 -13
package/lib/cli.js +52 -9
package/lib/config.js +83 -8
package/lib/env-reader.js +3 -2
package/lib/generator.js +0 -9
package/lib/infra.js +30 -3
package/lib/schema/application-schema.json +0 -15
package/lib/schema/env-config.yaml +8 -8
package/lib/secrets.js +167 -253
package/lib/templates.js +10 -18
package/lib/utils/api-error-handler.js +182 -147
package/lib/utils/api.js +144 -354
package/lib/utils/build-copy.js +6 -13
package/lib/utils/compose-generator.js +2 -1
package/lib/utils/device-code.js +349 -0
package/lib/utils/env-config-loader.js +102 -0
package/lib/utils/env-copy.js +131 -0
package/lib/utils/env-endpoints.js +209 -0
package/lib/utils/env-map.js +116 -0
package/lib/utils/env-ports.js +60 -0
package/lib/utils/environment-checker.js +39 -6
package/lib/utils/image-name.js +49 -0
package/lib/utils/paths.js +40 -18
package/lib/utils/secrets-generator.js +3 -3
package/lib/utils/secrets-helpers.js +359 -0
package/lib/utils/secrets-path.js +24 -71
package/lib/utils/secrets-url.js +38 -0
package/lib/utils/secrets-utils.js +0 -41
package/lib/utils/variable-transformer.js +0 -9
package/package.json +1 -1
package/templates/applications/README.md.hbs +9 -5
package/templates/applications/miso-controller/env.template +1 -1
package/templates/infra/compose.yaml +4 -0
package/templates/infra/compose.yaml.hbs +9 -4

package/lib/utils/secrets-helpers.js ADDED Viewed

@@ -0,0 +1,359 @@
+/**
+ * Secrets helper utilities
+ *
+ * @fileoverview Helper functions for secrets and env processing
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+'use strict';
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+const config = require('../config');
+const { buildHostnameToServiceMap, resolveUrlPort } = require('./secrets-utils');
+const devConfig = require('../utils/dev-config');
+const { rewriteInfraEndpoints, getEnvHosts } = require('./env-endpoints');
+const { loadEnvConfig } = require('./env-config-loader');
+const { processEnvVariables } = require('./env-copy');
+const { updateContainerPortInEnvFile } = require('./env-ports');
+/**
+ * Interpolate ${VAR} occurrences with values from envVars map
+ * @function interpolateEnvVars
+ * @param {string} content - Text content
+ * @param {Object} envVars - Map of variable name to value
+ * @returns {string} Interpolated content
+ */
+function interpolateEnvVars(content, envVars) {
+  return content.replace(/\$\{([A-Z_]+)\}/g, (match, envVar) => {
+    return envVars[envVar] || match;
+  });
+}
+/**
+ * Collect missing kv:// secrets referenced in content
+ * @function collectMissingSecrets
+ * @param {string} content - Text content
+ * @param {Object} secrets - Available secrets
+ * @returns {string[]} Array of missing kv://<key> references
+ */
+function collectMissingSecrets(content, secrets) {
+  const kvPattern = /kv:\/\/([a-zA-Z0-9-_]+)/g;
+  const missing = [];
+  let match;
+  while ((match = kvPattern.exec(content)) !== null) {
+    const secretKey = match[1];
+    if (!(secretKey in secrets)) {
+      missing.push(`kv://${secretKey}`);
+    }
+  }
+  return missing;
+}
+/**
+ * Format secrets file info for error message
+ * @function formatMissingSecretsFileInfo
+ * @param {Object|string|null} secretsFilePaths - Paths or single string path
+ * @returns {string} Formatted file info suffix for error message
+ */
+function formatMissingSecretsFileInfo(secretsFilePaths) {
+  if (!secretsFilePaths) {
+    return '';
+  }
+  if (typeof secretsFilePaths === 'string') {
+    return `\n\nSecrets file location: ${secretsFilePaths}`;
+  }
+  if (typeof secretsFilePaths === 'object' && secretsFilePaths.userPath) {
+    const paths = [secretsFilePaths.userPath];
+    if (secretsFilePaths.buildPath) {
+      paths.push(secretsFilePaths.buildPath);
+    }
+    return `\n\nSecrets file location: ${paths.join(' and ')}`;
+  }
+  return '';
+}
+/**
+ * Replace kv:// references with actual values, after also interpolating any ${VAR} within secret values
+ * @function replaceKvInContent
+ * @param {string} content - Text content containing kv:// references
+ * @param {Object} secrets - Secrets map
+ * @param {Object} envVars - Environment variables map for nested interpolation
+ * @returns {string} Content with kv:// references replaced
+ */
+function replaceKvInContent(content, secrets, envVars) {
+  const kvPattern = /kv:\/\/([a-zA-Z0-9-_]+)/g;
+  return content.replace(kvPattern, (match, secretKey) => {
+    let value = secrets[secretKey];
+    if (typeof value === 'string') {
+      value = value.replace(/\$\{([A-Z_]+)\}/g, (m, envVar) => {
+        return envVars[envVar] || m;
+      });
+    }
+    return value;
+  });
+}
+/**
+ * Resolve service ports inside URLs for docker environment (.env content)
+ * @async
+ * @function resolveServicePortsInEnvContent
+ * @param {string} envContent - .env content
+ * @param {string} environment - Environment name
+ * @returns {Promise<string>} Updated content
+ */
+async function resolveServicePortsInEnvContent(envContent, environment) {
+  if (environment !== 'docker') {
+    return envContent;
+  }
+  const envConfig = await loadEnvConfig();
+  const dockerHosts = envConfig.environments.docker || {};
+  const hostnameToService = buildHostnameToServiceMap(dockerHosts);
+  const urlPattern = /(https?:\/\/)([a-zA-Z0-9-]+):(\d+)([^\s\n]*)?/g;
+  return envContent.replace(urlPattern, (match, protocol, hostname, port, urlPath = '') => {
+    return resolveUrlPort(protocol, hostname, port, urlPath || '', hostnameToService);
+  });
+}
+/**
+ * Load env.template content from disk
+ * @function loadEnvTemplate
+ * @param {string} templatePath - Path to env.template
+ * @returns {string} Template content
+ * @throws {Error} If template not found
+ */
+function loadEnvTemplate(templatePath) {
+  if (!fs.existsSync(templatePath)) {
+    throw new Error(`env.template not found: ${templatePath}`);
+  }
+  return fs.readFileSync(templatePath, 'utf8');
+}
+/**
+ * Adjust infra-related ports in resolved .env content for local environment
+ * Follows flow: getEnvHosts() → config.yaml override → variables.yaml override → developer-id adjustment
+ * @async
+ * @function adjustLocalEnvPortsInContent
+ * @param {string} envContent - Resolved .env content
+ * @param {string} [variablesPath] - Path to variables.yaml (to read build.localPort)
+ * @returns {Promise<string>} Updated content with local ports
+ */
+async function adjustLocalEnvPortsInContent(envContent, variablesPath) {
+  // Get developer-id for port adjustment
+  const devId = await config.getDeveloperId();
+  let devIdNum = 0;
+  if (devId !== null && devId !== undefined) {
+    const parsed = parseInt(devId, 10);
+    if (!Number.isNaN(parsed)) {
+      devIdNum = parsed;
+    }
+  }
+  // Step 1: Get base config from env-config.yaml (includes user env-config file if configured)
+  let localEnv = await getEnvHosts('local');
+  // Step 2: Apply config.yaml → environments.local override (if exists)
+  try {
+    const os = require('os');
+    const cfgPath = path.join(os.homedir(), '.aifabrix', 'config.yaml');
+    if (fs.existsSync(cfgPath)) {
+      const cfgContent = fs.readFileSync(cfgPath, 'utf8');
+      const cfg = yaml.load(cfgContent) || {};
+      if (cfg && cfg.environments && cfg.environments.local) {
+        localEnv = { ...localEnv, ...cfg.environments.local };
+      }
+    }
+  } catch {
+    // Ignore config.yaml read errors, continue with env-config values
+  }
+  // Step 3: Get PORT value following override chain
+  // Start with env-config value, override with variables.yaml build.localPort, then port
+  let baseAppPort = null;
+  if (localEnv.PORT !== undefined && localEnv.PORT !== null) {
+    const portVal = typeof localEnv.PORT === 'number' ? localEnv.PORT : parseInt(localEnv.PORT, 10);
+    if (!Number.isNaN(portVal)) {
+      baseAppPort = portVal;
+    }
+  }
+  // Override with variables.yaml → build.localPort (if exists)
+  if (variablesPath && fs.existsSync(variablesPath)) {
+    try {
+      const variablesContent = fs.readFileSync(variablesPath, 'utf8');
+      const variables = yaml.load(variablesContent);
+      const localPort = variables?.build?.localPort;
+      if (typeof localPort === 'number' && localPort > 0) {
+        baseAppPort = localPort;
+      } else if (baseAppPort === null || baseAppPort === undefined) {
+        // Fallback to variables.yaml → port if baseAppPort still not set
+        baseAppPort = variables?.port || 3000;
+      }
+    } catch {
+      // Fallback to reading from env content if variables.yaml read fails
+      if (baseAppPort === null || baseAppPort === undefined) {
+        const portMatch = envContent.match(/^PORT\s*=\s*(\d+)/m);
+        baseAppPort = portMatch ? parseInt(portMatch[1], 10) : 3000;
+      }
+    }
+  } else {
+    // Fallback if variablesPath not provided
+    if (baseAppPort === null || baseAppPort === undefined) {
+      const portMatch = envContent.match(/^PORT\s*=\s*(\d+)/m);
+      baseAppPort = portMatch ? parseInt(portMatch[1], 10) : 3000;
+    }
+  }
+  // Step 4: Apply developer-id adjustment: finalPort = basePort + (developerId * 100)
+  const appPort = devIdNum === 0 ? baseAppPort : (baseAppPort + (devIdNum * 100));
+  // Step 5: Get infra service ports from config and apply developer-id adjustment
+  // All infra ports (REDIS_PORT, DB_PORT, etc.) come from localEnv and get developer-id adjustment
+  const getInfraPort = (portKey, defaultValue) => {
+    let port = defaultValue;
+    if (localEnv[portKey] !== undefined && localEnv[portKey] !== null) {
+      const portVal = typeof localEnv[portKey] === 'number' ? localEnv[portKey] : parseInt(localEnv[portKey], 10);
+      if (!Number.isNaN(portVal)) {
+        port = portVal;
+      }
+    }
+    // Apply developer-id adjustment (infra ports are similar to docker)
+    return devIdNum === 0 ? port : (port + (devIdNum * 100));
+  };
+  // Get default ports from devConfig as last resort fallback
+  const basePorts = devConfig.getBasePorts();
+  const redisPort = getInfraPort('REDIS_PORT', basePorts.redis);
+  const dbPort = getInfraPort('DB_PORT', basePorts.postgres);
+  // Update .env content
+  let updated = envContent;
+  // Update PORT
+  if (/^PORT\s*=.*$/m.test(updated)) {
+    updated = updated.replace(/^PORT\s*=\s*.*$/m, `PORT=${appPort}`);
+  } else {
+    updated = `${updated}\nPORT=${appPort}\n`;
+  }
+  // Update DATABASE_PORT
+  if (/^DATABASE_PORT\s*=.*$/m.test(updated)) {
+    updated = updated.replace(/^DATABASE_PORT\s*=\s*.*$/m, `DATABASE_PORT=${dbPort}`);
+  }
+  // Update localhost URLs that point to the base app port to the dev-specific app port
+  const localhostUrlPattern = /(https?:\/\/localhost:)(\d+)(\b[^ \n]*)?/g;
+  updated = updated.replace(localhostUrlPattern, (match, prefix, portNum, rest = '') => {
+    const num = parseInt(portNum, 10);
+    if (num === baseAppPort) {
+      return `${prefix}${appPort}${rest || ''}`;
+    }
+    return match;
+  });
+  // Rewrite infra endpoints using env-config mapping for local context
+  // This handles REDIS_HOST, REDIS_PORT, REDIS_URL, DB_HOST, etc.
+  updated = await rewriteInfraEndpoints(updated, 'local', { redis: redisPort, postgres: dbPort });
+  return updated;
+}
+/**
+ * Read a YAML file and return parsed object
+ * @function readYamlAtPath
+ * @param {string} filePath - Absolute file path
+ * @returns {Object} Parsed YAML object
+ */
+function readYamlAtPath(filePath) {
+  const content = fs.readFileSync(filePath, 'utf8');
+  return yaml.load(content);
+}
+/**
+ * Apply canonical secrets path override if configured and file exists
+ * @async
+ * @function applyCanonicalSecretsOverride
+ * @param {Object} currentSecrets - Current secrets map
+ * @returns {Promise<Object>} Possibly overridden secrets
+ */
+async function applyCanonicalSecretsOverride(currentSecrets) {
+  let mergedSecrets = currentSecrets || {};
+  try {
+    const canonicalPath = await config.getSecretsPath();
+    if (canonicalPath) {
+      const resolvedCanonical = path.isAbsolute(canonicalPath)
+        ? canonicalPath
+        : path.resolve(process.cwd(), canonicalPath);
+      if (fs.existsSync(resolvedCanonical)) {
+        const configSecrets = readYamlAtPath(resolvedCanonical);
+        // Apply canonical secrets as a fallback source:
+        // - Do NOT override any existing keys from user/build
+        // - Add only missing keys from canonical path
+        if (configSecrets && typeof configSecrets === 'object') {
+          const result = { ...configSecrets, ...mergedSecrets };
+          mergedSecrets = result;
+        }
+      }
+    }
+  } catch {
+    // ignore and fall through
+  }
+  return mergedSecrets;
+}
+/**
+ * Ensure secrets map is non-empty or throw a friendly guidance error
+ * @function ensureNonEmptySecrets
+ * @param {Object} secrets - Secrets map
+ * @throws {Error} If secrets is empty
+ */
+function ensureNonEmptySecrets(secrets) {
+  if (Object.keys(secrets || {}).length === 0) {
+    throw new Error('No secrets file found. Please create ~/.aifabrix/secrets.local.yaml or configure build.secrets in variables.yaml');
+  }
+}
+/**
+ * Validate secrets against the env template, returning missing refs
+ * @function validateSecrets
+ * @param {string} envTemplate - Environment template content
+ * @param {Object} secrets - Available secrets
+ * @returns {Object} Validation result
+ */
+function validateSecrets(envTemplate, secrets) {
+  const kvPattern = /kv:\/\/([a-zA-Z0-9-_]+)/g;
+  const missing = [];
+  let match;
+  while ((match = kvPattern.exec(envTemplate)) !== null) {
+    const secretKey = match[1];
+    if (!(secretKey in secrets)) {
+      missing.push(`kv://${secretKey}`);
+    }
+  }
+  return {
+    valid: missing.length === 0,
+    missing
+  };
+}
+module.exports = {
+  loadEnvConfig,
+  interpolateEnvVars,
+  collectMissingSecrets,
+  formatMissingSecretsFileInfo,
+  replaceKvInContent,
+  resolveServicePortsInEnvContent,
+  loadEnvTemplate,
+  processEnvVariables,
+  updateContainerPortInEnvFile,
+  adjustLocalEnvPortsInContent,
+  readYamlAtPath,
+  applyCanonicalSecretsOverride,
+  ensureNonEmptySecrets,
+  validateSecrets,
+  rewriteInfraEndpoints,
+  getEnvHosts
+};

package/lib/utils/secrets-path.js CHANGED Viewed

@@ -9,66 +9,42 @@
  * @version 2.0.0
  */
-const fs = require('fs');
 const path = require('path');
-const os = require('os');
-const yaml = require('js-yaml');
 const config = require('../config');
 const paths = require('./paths');
 /**
- * Resolves secrets file path (backward compatibility)
- * Checks common locations if path is not provided
+ * Resolves secrets file path when an explicit path is provided.
+ * If not provided, returns default fallback under <home>/secrets.yaml.
  * @function resolveSecretsPath
  * @param {string} [secretsPath] - Path to secrets file (optional)
  * @returns {string} Resolved secrets file path
  */
 function resolveSecretsPath(secretsPath) {
-  let resolvedPath = secretsPath;
-  if (!resolvedPath) {
-    // Check common locations for secrets.local.yaml
-    const commonLocations = [
-      path.join(process.cwd(), '..', 'aifabrix-setup', 'secrets.local.yaml'),
-      path.join(process.cwd(), '..', '..', 'aifabrix-setup', 'secrets.local.yaml'),
-      path.join(process.cwd(), 'secrets.local.yaml'),
-      path.join(process.cwd(), '..', 'secrets.local.yaml'),
-      path.join(paths.getAifabrixHome(), 'secrets.yaml')
-    ];
-    // Find first existing file
-    for (const location of commonLocations) {
-      if (fs.existsSync(location)) {
-        resolvedPath = location;
-        break;
-      }
-    }
-    // If none found, use default location
-    if (!resolvedPath) {
-      resolvedPath = path.join(paths.getAifabrixHome(), 'secrets.yaml');
-    }
-  } else if (secretsPath.startsWith('..')) {
-    resolvedPath = path.resolve(process.cwd(), secretsPath);
+  if (secretsPath && secretsPath.startsWith('..')) {
+    return path.resolve(process.cwd(), secretsPath);
   }
-  return resolvedPath;
+  if (secretsPath) {
+    return secretsPath;
+  }
+  // Default fallback
+  return path.join(paths.getAifabrixHome(), 'secrets.yaml');
 }
 /**
  * Determines the actual secrets file paths that loadSecrets would use
  * Mirrors the cascading lookup logic from loadSecrets
- * Checks config.yaml for general secrets-path as fallback
+ * Uses config.yaml for default secrets path as fallback
  *
  * @async
  * @function getActualSecretsPath
  * @param {string} [secretsPath] - Path to secrets file (optional)
- * @param {string} [appName] - Application name (optional, for variables.yaml lookup)
+ * @param {string} [_appName] - Application name (optional, for backward compatibility, unused)
  * @returns {Promise<Object>} Object with userPath and buildPath (if configured)
  * @returns {string} returns.userPath - User's secrets file path (~/.aifabrix/secrets.local.yaml)
- * @returns {string|null} returns.buildPath - App's build.secrets file path (if configured in variables.yaml or config.yaml)
+ * @returns {string|null} returns.buildPath - App's secrets file path (if configured in config.yaml)
  */
-async function getActualSecretsPath(secretsPath, appName) {
+async function getActualSecretsPath(secretsPath, _appName) {
   // If explicit path provided, use it (backward compatibility)
   if (secretsPath) {
     const resolvedPath = resolveSecretsPath(secretsPath);
@@ -78,43 +54,20 @@ async function getActualSecretsPath(secretsPath, appName) {
     };
   }
-  // Cascading lookup: user's file first
-  const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
+  // Cascading lookup: user's file first (under configured home)
+  const userSecretsPath = path.join(paths.getAifabrixHome(), 'secrets.local.yaml');
-  // Check build.secrets from variables.yaml if appName provided
+  // Check config.yaml for canonical secrets path
   let buildSecretsPath = null;
-  if (appName) {
-    const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
-    if (fs.existsSync(variablesPath)) {
-      try {
-        const variablesContent = fs.readFileSync(variablesPath, 'utf8');
-        const variables = yaml.load(variablesContent);
-        if (variables?.build?.secrets) {
-          buildSecretsPath = path.resolve(
-            path.dirname(variablesPath),
-            variables.build.secrets
-          );
-        }
-      } catch (error) {
-        // Ignore errors, continue
-      }
-    }
-  }
-  // If no build.secrets found in variables.yaml, check config.yaml for general secrets-path
-  if (!buildSecretsPath) {
-    try {
-      const generalSecretsPath = await config.getSecretsPath();
-      if (generalSecretsPath) {
-        // Resolve relative paths from current working directory
-        buildSecretsPath = path.isAbsolute(generalSecretsPath)
-          ? generalSecretsPath
-          : path.resolve(process.cwd(), generalSecretsPath);
-      }
-    } catch (error) {
-      // Ignore errors, continue
+  try {
+    const canonicalSecretsPath = await config.getAifabrixSecretsPath();
+    if (canonicalSecretsPath) {
+      buildSecretsPath = path.isAbsolute(canonicalSecretsPath)
+        ? canonicalSecretsPath
+        : path.resolve(process.cwd(), canonicalSecretsPath);
     }
+  } catch (error) {
+    // Ignore errors, continue
   }
   // Return both paths (even if files don't exist) for error messages

package/lib/utils/secrets-url.js ADDED Viewed

@@ -0,0 +1,38 @@
+/**
+ * URL and service port resolution utilities
+ *
+ * @fileoverview Resolve ports in URLs using env-config and service maps (docker context)
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+'use strict';
+const { buildHostnameToServiceMap, resolveUrlPort } = require('./secrets-utils');
+const { loadEnvConfig } = require('./env-config-loader');
+/**
+ * Resolve service ports inside URLs for docker environment (.env content)
+ * @async
+ * @function resolveServicePortsInEnvContent
+ * @param {string} envContent - .env content
+ * @param {string} environment - Environment name
+ * @returns {Promise<string>} Updated content
+ */
+async function resolveServicePortsInEnvContent(envContent, environment) {
+  if (environment !== 'docker') {
+    return envContent;
+  }
+  const envConfig = await loadEnvConfig();
+  const dockerHosts = envConfig.environments.docker || {};
+  const hostnameToService = buildHostnameToServiceMap(dockerHosts);
+  const urlPattern = /(https?:\/\/)([a-zA-Z0-9-]+):(\d+)([^\s\n]*)?/g;
+  return envContent.replace(urlPattern, (match, protocol, hostname, port, urlPath = '') => {
+    return resolveUrlPort(protocol, hostname, port, urlPath || '', hostnameToService);
+  });
+}
+module.exports = {
+  resolveServicePortsInEnvContent
+};

package/lib/utils/secrets-utils.js CHANGED Viewed

@@ -71,46 +71,6 @@ function loadUserSecrets() {
   }
 }
-/**
- * Loads build secrets from variables.yaml and merges with existing secrets
- * @async
- * @function loadBuildSecrets
- * @param {Object} mergedSecrets - Existing secrets to merge with
- * @param {string} appName - Application name
- * @returns {Promise<Object>} Merged secrets object
- */
-async function loadBuildSecrets(mergedSecrets, appName) {
-  const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
-  if (!fs.existsSync(variablesPath)) {
-    return mergedSecrets;
-  }
-  try {
-    const variablesContent = fs.readFileSync(variablesPath, 'utf8');
-    const variables = yaml.load(variablesContent);
-    if (variables?.build?.secrets) {
-      const buildSecretsPath = path.resolve(
-        path.dirname(variablesPath),
-        variables.build.secrets
-      );
-      const buildSecrets = await loadSecretsFromFile(buildSecretsPath);
-      // Merge: user's file takes priority, but use build.secrets for missing/empty values
-      for (const [key, value] of Object.entries(buildSecrets)) {
-        if (!(key in mergedSecrets) || !mergedSecrets[key] || mergedSecrets[key] === '') {
-          mergedSecrets[key] = value;
-        }
-      }
-    }
-  } catch (error) {
-    logger.warn(`Warning: Could not load build.secrets from variables.yaml: ${error.message}`);
-  }
-  return mergedSecrets;
-}
 /**
  * Loads default secrets from ~/.aifabrix/secrets.yaml
  * @function loadDefaultSecrets
@@ -198,7 +158,6 @@ function resolveUrlPort(protocol, hostname, port, urlPath, hostnameToService) {
 module.exports = {
   loadSecretsFromFile,
   loadUserSecrets,
-  loadBuildSecrets,
   loadDefaultSecrets,
   buildHostnameToServiceMap,
   resolveUrlPort

package/lib/utils/variable-transformer.js CHANGED Viewed

@@ -142,9 +142,6 @@ function validateBuildConfig(build) {
   if (build.envOutputPath) {
     buildConfig.envOutputPath = build.envOutputPath;
   }
-  if (build.secrets !== null && build.secrets !== undefined && build.secrets !== '') {
-    buildConfig.secrets = build.secrets;
-  }
   if (build.localPort) {
     buildConfig.localPort = build.localPort;
   }
@@ -176,12 +173,6 @@ function validateDeploymentConfig(deployment) {
   if (deployment.controllerUrl && deployment.controllerUrl.trim() !== '' && /^https:\/\/.*$/.test(deployment.controllerUrl)) {
     deploymentConfig.controllerUrl = deployment.controllerUrl;
   }
-  if (deployment.clientId && deployment.clientId.trim() !== '' && /^[a-z0-9-]+$/.test(deployment.clientId)) {
-    deploymentConfig.clientId = deployment.clientId;
-  }
-  if (deployment.clientSecret && deployment.clientSecret.trim() !== '' && /^(kv:\/\/.*|.+)$/.test(deployment.clientSecret)) {
-    deploymentConfig.clientSecret = deployment.clientSecret;
-  }
   return Object.keys(deploymentConfig).length > 0 ? deploymentConfig : null;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.3.6",
+  "version": "2.5.0",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {

package/templates/applications/README.md.hbs CHANGED Viewed

@@ -47,7 +47,8 @@ docker logs aifabrix-{{appName}} -f
 **Stop:**
 ```bash
-docker stop aifabrix-{{appName}}
+aifabrix down {{appName}}
+# aifabrix down {{appName}} --volumes   # also remove data volume
 ```
 ### 4. Deploy to Azure
@@ -86,6 +87,7 @@ aifabrix app rotate-secret {{appName}} --environment dev
 # Development
 aifabrix build {{appName}}                        # Build app
 aifabrix run {{appName}}                          # Run locally
+aifabrix down {{appName}} [--volumes]             # Stop app (optionally remove volume)
 aifabrix dockerfile {{appName}} --force           # Generate Dockerfile
 aifabrix resolve {{appName}}                      # Generate .env file
@@ -148,11 +150,13 @@ aifabrix login --method credentials --app {{appName}} --environment dev
 aifabrix login --method credentials --app {{appName}} --client-id $CLIENT_ID --client-secret $CLIENT_SECRET --environment dev
 ```
-### Environment Variables
+### Configuration
-```bash
-export AIFABRIX_HOME=/custom/path
-export AIFABRIX_SECRETS=/path/to/secrets.yaml
+Set overrides in `~/.aifabrix/config.yaml`:
+```yaml
+aifabrix-home: "/custom/path"
+aifabrix-secrets: "/path/to/secrets.yaml"
 ```
 ---

package/templates/applications/miso-controller/env.template CHANGED Viewed

@@ -107,7 +107,7 @@ MOCK=true
 ENCRYPTION_KEY=kv://secrets-encryptionKeyVault
 # JWT Configuration (for client token generation)
-JWT_SECRET=kv://miso-controller-jwt-secretKeyVault
+JWT_SECRET=kv://miso-controller-jwt-secretKeyVaultKeyVault
 # When API_KEY is set, a matching Bearer token bypasses OAuth2 validation
 API_KEY=kv://miso-controller-api-key-secretKeyVault

package/templates/infra/compose.yaml CHANGED Viewed

@@ -54,6 +54,8 @@ services:
       PGADMIN_CONFIG_SERVER_MODE: 'False'
     ports:
       - "5050:80"
+    volumes:
+      - pgadmin_data:/var/lib/pgadmin
     restart: unless-stopped
     depends_on:
       postgres:
@@ -84,6 +86,8 @@ volumes:
     driver: local
   redis_data:
     driver: local
+  pgadmin_data:
+    driver: local
 networks:
   infra_aifabrix-network: