@aifabrix/builder 2.31.0 → 2.32.1

package/lib/utils/schema-loader.js

@@ -186,7 +186,8 @@ function detectFromRequiredFields(parsed) {
  * @returns {string|null} Schema type or null if not detected
  */
 function detectFromDatasourceFields(parsed) {
-  if (parsed.systemKey && parsed.entityKey && parsed.fieldMappings) {
+  // Support both entityType (new) and entityKey (old) for backward compatibility during migration
+  if (parsed.systemKey && (parsed.entityType || parsed.entityKey) && parsed.fieldMappings) {
     return 'external-datasource';
   }
   return null;
@@ -237,10 +238,17 @@ function detectFromFilename(filePath) {
  * const type = detectSchemaType('./hubspot.json');
  * // Returns: 'external-system'
  */
-function detectSchemaType(filePath, content) {
+/**
+ * Reads and parses file content
+ * @function readAndParseFileContent
+ * @param {string} filePath - File path
+ * @param {string|undefined} content - Optional file content
+ * @returns {Object} Parsed JSON object
+ * @throws {Error} If file not found or invalid JSON
+ */
+function readAndParseFileContent(filePath, content) {
   let fileContent = content;
 
-  // Read file if content not provided
   if (!fileContent) {
     if (!fs.existsSync(filePath)) {
       throw new Error(`File not found: ${filePath}`);
@@ -248,35 +256,44 @@ function detectSchemaType(filePath, content) {
     fileContent = fs.readFileSync(filePath, 'utf8');
   }
 
-  // Try to parse JSON
-  let parsed;
   try {
-    parsed = JSON.parse(fileContent);
+    return JSON.parse(fileContent);
   } catch (error) {
     throw new Error(`Invalid JSON in file: ${error.message}`);
   }
+}
 
-  // Try different detection methods in order
-  const idType = detectFromId(parsed);
-  if (idType) return idType;
-
-  const titleType = detectFromTitle(parsed);
-  if (titleType) return titleType;
-
-  const requiredFieldsType = detectFromRequiredFields(parsed);
-  if (requiredFieldsType) return requiredFieldsType;
-
-  const datasourceType = detectFromDatasourceFields(parsed);
-  if (datasourceType) return datasourceType;
-
-  const applicationType = detectFromApplicationFields(parsed);
-  if (applicationType) return applicationType;
+/**
+ * Tries detection methods in order
+ * @function tryDetectionMethods
+ * @param {Object} parsed - Parsed JSON object
+ * @param {string} filePath - File path
+ * @returns {string|null} Detected type or null
+ */
+function tryDetectionMethods(parsed, filePath) {
+  const detectionMethods = [
+    () => detectFromId(parsed),
+    () => detectFromTitle(parsed),
+    () => detectFromRequiredFields(parsed),
+    () => detectFromDatasourceFields(parsed),
+    () => detectFromApplicationFields(parsed),
+    () => detectFromFilename(filePath)
+  ];
+
+  for (const method of detectionMethods) {
+    const result = method();
+    if (result) {
+      return result;
+    }
+  }
 
-  const filenameType = detectFromFilename(filePath);
-  if (filenameType) return filenameType;
+  return null;
+}
 
-  // Default to application if cannot determine
-  return 'application';
+function detectSchemaType(filePath, content) {
+  const parsed = readAndParseFileContent(filePath, content);
+  const detectedType = tryDetectionMethods(parsed, filePath);
+  return detectedType || 'application';
 }
 
 module.exports = {

package/lib/utils/schema-resolver.js

@@ -28,56 +28,66 @@ const { detectAppType } = require('./paths');
  * const basePath = await resolveSchemaBasePath('myapp');
  * // Returns: '/path/to/builder/myapp/schemas'
  */
-async function resolveSchemaBasePath(appName) {
-  if (!appName || typeof appName !== 'string') {
-    throw new Error('App name is required and must be a string');
-  }
-
-  // Detect app type and get correct path (integration or builder)
-  const { appPath } = await detectAppType(appName);
+/**
+ * Loads and validates variables.yaml
+ * @async
+ * @function loadAndValidateVariablesForSchema
+ * @param {string} appName - Application name
+ * @param {string} appPath - Application path
+ * @returns {Promise<Object>} Variables object
+ * @throws {Error} If file not found or invalid
+ */
+async function loadAndValidateVariablesForSchema(appName, appPath) {
   const variablesPath = path.join(appPath, 'variables.yaml');
-
   if (!fs.existsSync(variablesPath)) {
     throw new Error(`variables.yaml not found: ${variablesPath}`);
   }
 
   const content = fs.readFileSync(variablesPath, 'utf8');
-  let variables;
-
   try {
-    variables = yaml.load(content);
+    return yaml.load(content);
   } catch (error) {
     throw new Error(`Invalid YAML syntax in variables.yaml: ${error.message}`);
   }
+}
 
-  // Check if externalIntegration block exists
+/**
+ * Validates externalIntegration block
+ * @function validateExternalIntegrationBlock
+ * @param {Object} variables - Variables object
+ * @param {string} appName - Application name
+ * @returns {string} Schema base path
+ * @throws {Error} If block is missing or invalid
+ */
+function validateExternalIntegrationBlock(variables, appName) {
   if (!variables.externalIntegration) {
     throw new Error(`externalIntegration block not found in variables.yaml for app: ${appName}`);
   }
-
   if (!variables.externalIntegration.schemaBasePath) {
     throw new Error(`schemaBasePath not found in externalIntegration block for app: ${appName}`);
   }
+  return variables.externalIntegration.schemaBasePath;
+}
 
-  const schemaBasePath = variables.externalIntegration.schemaBasePath;
+/**
+ * Resolves and validates schema base path
+ * @function resolveAndValidateSchemaPath
+ * @param {string} schemaBasePath - Schema base path from config
+ * @param {string} variablesPath - Path to variables.yaml
+ * @returns {string} Resolved and validated path
+ * @throws {Error} If path is invalid
+ */
+function resolveAndValidateSchemaPath(schemaBasePath, variablesPath) {
   const variablesDir = path.dirname(variablesPath);
+  let resolvedPath = path.isAbsolute(schemaBasePath)
+    ? schemaBasePath
+    : path.resolve(variablesDir, schemaBasePath);
 
-  // Resolve path (absolute or relative to variables.yaml location)
-  let resolvedPath;
-  if (path.isAbsolute(schemaBasePath)) {
-    resolvedPath = schemaBasePath;
-  } else {
-    resolvedPath = path.resolve(variablesDir, schemaBasePath);
-  }
-
-  // Normalize path
   resolvedPath = path.normalize(resolvedPath);
 
-  // Validate path exists
   if (!fs.existsSync(resolvedPath)) {
     throw new Error(`Schema base path does not exist: ${resolvedPath}`);
   }
-
   if (!fs.statSync(resolvedPath).isDirectory()) {
     throw new Error(`Schema base path is not a directory: ${resolvedPath}`);
   }
@@ -85,6 +95,19 @@ async function resolveSchemaBasePath(appName) {
   return resolvedPath;
 }
 
+async function resolveSchemaBasePath(appName) {
+  if (!appName || typeof appName !== 'string') {
+    throw new Error('App name is required and must be a string');
+  }
+
+  const { appPath } = await detectAppType(appName);
+  const variables = await loadAndValidateVariablesForSchema(appName, appPath);
+  const schemaBasePath = validateExternalIntegrationBlock(variables, appName);
+  const variablesPath = path.join(appPath, 'variables.yaml');
+
+  return resolveAndValidateSchemaPath(schemaBasePath, variablesPath);
+}
+
 /**
  * Resolves all external system and datasource files from application configuration
  * Returns array of file paths with metadata
@@ -102,13 +125,69 @@ async function resolveSchemaBasePath(appName) {
  * //   { path: '/path/to/hubspot-deal.json', type: 'datasource', fileName: 'hubspot-deal.json' }
  * // ]
  */
-async function resolveExternalFiles(appName) {
-  if (!appName || typeof appName !== 'string') {
-    throw new Error('App name is required and must be a string');
+/**
+ * Resolves a single external file
+ * @function resolveSingleExternalFile
+ * @param {string} schemaBasePath - Schema base path
+ * @param {string} fileName - File name
+ * @param {string} type - File type ('system' or 'datasource')
+ * @returns {Object} Resolved file object
+ * @throws {Error} If file not found
+ */
+function resolveSingleExternalFile(schemaBasePath, fileName, type) {
+  const filePath = path.join(schemaBasePath, fileName);
+  const normalizedPath = path.normalize(filePath);
+
+  if (!fs.existsSync(normalizedPath)) {
+    throw new Error(`External ${type} file not found: ${normalizedPath}`);
   }
 
-  // Detect app type and get correct path (integration or builder)
-  const { appPath } = await detectAppType(appName);
+  return {
+    path: normalizedPath,
+    type: type,
+    fileName: fileName
+  };
+}
+
+/**
+ * Resolves system files
+ * @function resolveSystemFiles
+ * @param {string} schemaBasePath - Schema base path
+ * @param {string[]} systemFiles - Array of system file names
+ * @returns {Object[]} Array of resolved file objects
+ */
+function resolveSystemFiles(schemaBasePath, systemFiles) {
+  if (!systemFiles || !Array.isArray(systemFiles)) {
+    return [];
+  }
+
+  return systemFiles.map(fileName => resolveSingleExternalFile(schemaBasePath, fileName, 'system'));
+}
+
+/**
+ * Resolves datasource files
+ * @function resolveDatasourceFiles
+ * @param {string} schemaBasePath - Schema base path
+ * @param {string[]} datasourceFiles - Array of datasource file names
+ * @returns {Object[]} Array of resolved file objects
+ */
+function resolveDatasourceFiles(schemaBasePath, datasourceFiles) {
+  if (!datasourceFiles || !Array.isArray(datasourceFiles)) {
+    return [];
+  }
+
+  return datasourceFiles.map(fileName => resolveSingleExternalFile(schemaBasePath, fileName, 'datasource'));
+}
+
+/**
+ * Loads and validates variables.yaml
+ * @async
+ * @function loadAndValidateVariables
+ * @param {string} appPath - Application path
+ * @returns {Promise<Object>} Variables object
+ * @throws {Error} If file not found or invalid
+ */
+async function loadAndValidateVariables(appPath) {
   const variablesPath = path.join(appPath, 'variables.yaml');
 
   if (!fs.existsSync(variablesPath)) {
@@ -116,60 +195,30 @@ async function resolveExternalFiles(appName) {
   }
 
   const content = fs.readFileSync(variablesPath, 'utf8');
-  let variables;
-
   try {
-    variables = yaml.load(content);
+    return yaml.load(content);
   } catch (error) {
     throw new Error(`Invalid YAML syntax in variables.yaml: ${error.message}`);
   }
+}
 
-  // Check if externalIntegration block exists
-  if (!variables.externalIntegration) {
-    return []; // No external integration, return empty array
+async function resolveExternalFiles(appName) {
+  if (!appName || typeof appName !== 'string') {
+    throw new Error('App name is required and must be a string');
   }
 
-  // Resolve schema base path
-  const schemaBasePath = await resolveSchemaBasePath(appName);
-  const resolvedFiles = [];
-
-  // Resolve systems files
-  if (variables.externalIntegration.systems && Array.isArray(variables.externalIntegration.systems)) {
-    for (const systemFile of variables.externalIntegration.systems) {
-      const systemPath = path.join(schemaBasePath, systemFile);
-      const normalizedPath = path.normalize(systemPath);
-
-      if (!fs.existsSync(normalizedPath)) {
-        throw new Error(`External system file not found: ${normalizedPath}`);
-      }
-
-      resolvedFiles.push({
-        path: normalizedPath,
-        type: 'system',
-        fileName: systemFile
-      });
-    }
-  }
+  const { appPath } = await detectAppType(appName);
+  const variables = await loadAndValidateVariables(appPath);
 
-  // Resolve datasources files
-  if (variables.externalIntegration.dataSources && Array.isArray(variables.externalIntegration.dataSources)) {
-    for (const datasourceFile of variables.externalIntegration.dataSources) {
-      const datasourcePath = path.join(schemaBasePath, datasourceFile);
-      const normalizedPath = path.normalize(datasourcePath);
-
-      if (!fs.existsSync(normalizedPath)) {
-        throw new Error(`External datasource file not found: ${normalizedPath}`);
-      }
-
-      resolvedFiles.push({
-        path: normalizedPath,
-        type: 'datasource',
-        fileName: datasourceFile
-      });
-    }
+  if (!variables.externalIntegration) {
+    return [];
   }
 
-  return resolvedFiles;
+  const schemaBasePath = await resolveSchemaBasePath(appName);
+  const systemFiles = resolveSystemFiles(schemaBasePath, variables.externalIntegration.systems);
+  const datasourceFiles = resolveDatasourceFiles(schemaBasePath, variables.externalIntegration.dataSources);
+
+  return [...systemFiles, ...datasourceFiles];
 }
 
 module.exports = {

package/lib/utils/secrets-encryption.js

@@ -131,48 +131,85 @@ function encryptSecret(value, key) {
  * const decrypted = decryptSecret('secure://<iv>:<ciphertext>:<authTag>', 'a1b2c3...');
  * // Returns: 'my-secret'
  */
-function decryptSecret(encryptedValue, key) {
+/**
+ * Validates encrypted value format
+ * @function validateEncryptedValueFormat
+ * @param {string} encryptedValue - Encrypted value
+ * @throws {Error} If format is invalid
+ */
+function validateEncryptedValueFormat(encryptedValue) {
   if (!encryptedValue || typeof encryptedValue !== 'string') {
     throw new Error('Encrypted value is required and must be a string');
   }
-
   if (!encryptedValue.startsWith('secure://')) {
     throw new Error('Encrypted value must start with secure:// prefix');
   }
+}
 
-  const keyBuffer = normalizeKey(key);
-
-  // Remove secure:// prefix
+/**
+ * Parses encrypted value parts
+ * @function parseEncryptedValueParts
+ * @param {string} encryptedValue - Encrypted value
+ * @returns {Object} Object with ivBase64, ciphertext, and authTagBase64
+ * @throws {Error} If format is invalid
+ */
+function parseEncryptedValueParts(encryptedValue) {
   const parts = encryptedValue.substring(9).split(':');
   if (parts.length !== 3) {
     throw new Error('Invalid encrypted value format. Expected: secure://<iv>:<ciphertext>:<authTag>');
   }
+  return {
+    ivBase64: parts[0],
+    ciphertext: parts[1],
+    authTagBase64: parts[2]
+  };
+}
 
-  const [ivBase64, ciphertext, authTagBase64] = parts;
-
-  try {
-    // Decode IV and auth tag
-    const iv = Buffer.from(ivBase64, 'base64');
-    const authTag = Buffer.from(authTagBase64, 'base64');
+/**
+ * Validates IV and auth tag lengths
+ * @function validateDecryptionComponents
+ * @param {Buffer} iv - Initialization vector
+ * @param {Buffer} authTag - Authentication tag
+ * @throws {Error} If lengths are invalid
+ */
+function validateDecryptionComponents(iv, authTag) {
+  if (iv.length !== IV_LENGTH) {
+    throw new Error(`Invalid IV length: expected ${IV_LENGTH} bytes, got ${iv.length}`);
+  }
+  if (authTag.length !== AUTH_TAG_LENGTH) {
+    throw new Error(`Invalid auth tag length: expected ${AUTH_TAG_LENGTH} bytes, got ${authTag.length}`);
+  }
+}
 
-    // Validate lengths
-    if (iv.length !== IV_LENGTH) {
-      throw new Error(`Invalid IV length: expected ${IV_LENGTH} bytes, got ${iv.length}`);
-    }
+/**
+ * Performs decryption
+ * @function performDecryption
+ * @param {Buffer} keyBuffer - Key buffer
+ * @param {Buffer} iv - Initialization vector
+ * @param {string} ciphertext - Ciphertext
+ * @param {Buffer} authTag - Authentication tag
+ * @returns {string} Decrypted plaintext
+ */
+function performDecryption(keyBuffer, iv, ciphertext, authTag) {
+  const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv);
+  decipher.setAuthTag(authTag);
+  let plaintext = decipher.update(ciphertext, 'base64', 'utf8');
+  plaintext += decipher.final('utf8');
+  return plaintext;
+}
 
-    if (authTag.length !== AUTH_TAG_LENGTH) {
-      throw new Error(`Invalid auth tag length: expected ${AUTH_TAG_LENGTH} bytes, got ${authTag.length}`);
-    }
+function decryptSecret(encryptedValue, key) {
+  validateEncryptedValueFormat(encryptedValue);
 
-    // Create decipher
-    const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv);
-    decipher.setAuthTag(authTag);
+  const keyBuffer = normalizeKey(key);
+  const { ivBase64, ciphertext, authTagBase64 } = parseEncryptedValueParts(encryptedValue);
 
-    // Decrypt
-    let plaintext = decipher.update(ciphertext, 'base64', 'utf8');
-    plaintext += decipher.final('utf8');
+  try {
+    const iv = Buffer.from(ivBase64, 'base64');
+    const authTag = Buffer.from(authTagBase64, 'base64');
 
-    return plaintext;
+    validateDecryptionComponents(iv, authTag);
+    return performDecryption(keyBuffer, iv, ciphertext, authTag);
   } catch (error) {
     // Don't expose sensitive details in error messages
     if (error.message.includes('Unsupported state') || error.message.includes('bad decrypt')) {