@aifabrix/builder 2.32.1 → 2.32.3

package/lib/commands/auth-status.js

@@ -0,0 +1,262 @@
+/**
+ * AI Fabrix Builder - Auth Status Command
+ *
+ * Displays authentication status for the current controller and environment
+ *
+ * @fileoverview Authentication status command implementation
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+const config = require('../core/config');
+const { getConfig, getCurrentEnvironment } = config;
+const { getOrRefreshDeviceToken } = require('../utils/token-manager');
+const { getAuthUser } = require('../api/auth.api');
+const { resolveControllerUrl } = require('../utils/controller-url');
+
+/**
+ * Format expiration date for display
+ * @param {string} expiresAt - ISO 8601 expiration timestamp
+ * @returns {string} Formatted expiration string
+ */
+function formatExpiration(expiresAt) {
+  if (!expiresAt) {
+    return 'Unknown';
+  }
+  try {
+    const date = new Date(expiresAt);
+    return date.toISOString();
+  } catch {
+    return expiresAt;
+  }
+}
+
+/**
+ * Check and validate device token
+ * @async
+ * @param {string} controllerUrl - Controller URL
+ * @returns {Promise<Object|null>} Token validation result or null
+ */
+async function checkDeviceToken(controllerUrl) {
+  const deviceToken = await getOrRefreshDeviceToken(controllerUrl);
+  if (!deviceToken || !deviceToken.token) {
+    return null;
+  }
+
+  try {
+    const authConfig = { type: 'bearer', token: deviceToken.token };
+    // Use getAuthUser instead of validateToken - it's more reliable and tests actual API access
+    const { getAuthUser } = require('../api/auth.api');
+    const response = await getAuthUser(controllerUrl, authConfig);
+
+    if (response.success && response.data) {
+      return {
+        type: 'Device Token',
+        token: deviceToken.token,
+        authenticated: response.data.authenticated !== false,
+        user: response.data.user,
+        expiresAt: deviceToken.expiresAt
+      };
+    }
+
+    return {
+      type: 'Device Token',
+      token: deviceToken.token,
+      authenticated: false,
+      error: response.error || response.formattedError || 'Token validation failed'
+    };
+  } catch (error) {
+    return {
+      type: 'Device Token',
+      token: deviceToken.token,
+      authenticated: false,
+      error: error.message || 'Token validation error'
+    };
+  }
+}
+
+/**
+ * Decrypt token if encrypted
+ * @async
+ * @param {string} token - Token to decrypt
+ * @returns {Promise<string>} Decrypted token
+ */
+async function decryptTokenIfNeeded(token) {
+  const { decryptToken, isTokenEncrypted } = require('../utils/token-encryption');
+  const encryptionKey = await config.getSecretsEncryptionKey();
+
+  if (encryptionKey && isTokenEncrypted(token)) {
+    return await decryptToken(token, encryptionKey);
+  }
+  return token;
+}
+
+/**
+ * Validate client token and return result
+ * @async
+ * @param {string} token - Token to validate
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} environment - Environment key
+ * @param {string} appName - Application name
+ * @param {string} expiresAt - Token expiration
+ * @returns {Promise<Object>} Token validation result
+ */
+async function validateClientToken(token, controllerUrl, environment, appName, expiresAt) {
+  try {
+    const authConfig = { type: 'bearer', token: token };
+    // Use getAuthUser instead of validateToken - it's more reliable and tests actual API access
+    const response = await getAuthUser(controllerUrl, authConfig);
+
+    if (response.success && response.data) {
+      return {
+        type: 'Client Token',
+        token: token,
+        authenticated: response.data.authenticated !== false,
+        user: response.data.user,
+        expiresAt: expiresAt,
+        appName: appName
+      };
+    }
+
+    return {
+      type: 'Client Token',
+      token: token,
+      authenticated: false,
+      error: response.error || response.formattedError || 'Token validation failed',
+      appName: appName
+    };
+  } catch (error) {
+    return {
+      type: 'Client Token',
+      token: '***',
+      authenticated: false,
+      error: error.message || 'Token validation error',
+      appName: appName
+    };
+  }
+}
+
+/**
+ * Check and validate client token
+ * @async
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} environment - Environment key
+ * @returns {Promise<Object|null>} Token validation result or null
+ */
+async function checkClientToken(controllerUrl, environment) {
+  const configData = await getConfig();
+  const environments = configData.environments || {};
+  const envConfig = environments[environment];
+
+  if (!envConfig || !envConfig.clients) {
+    return null;
+  }
+
+  for (const [appName, tokenData] of Object.entries(envConfig.clients)) {
+    if (tokenData.controller === controllerUrl && tokenData.token) {
+      const token = await decryptTokenIfNeeded(tokenData.token);
+      return await validateClientToken(token, controllerUrl, environment, appName, tokenData.expiresAt);
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Display user information
+ * @param {Object} user - User object
+ */
+function displayUserInfo(user) {
+  if (!user) {
+    return;
+  }
+
+  logger.log('');
+  logger.log(chalk.bold('User Information:'));
+  if (user.email) {
+    logger.log(`  Email: ${chalk.cyan(user.email)}`);
+  }
+  if (user.username) {
+    logger.log(`  Username: ${chalk.cyan(user.username)}`);
+  }
+  if (user.id) {
+    logger.log(`  ID: ${chalk.gray(user.id)}`);
+  }
+}
+
+/**
+ * Display token information
+ * @param {Object} tokenInfo - Token information
+ */
+function displayTokenInfo(tokenInfo) {
+  const statusIcon = tokenInfo.authenticated ? chalk.green('✓') : chalk.red('✗');
+  const statusText = tokenInfo.authenticated ? 'Authenticated' : 'Not authenticated';
+
+  logger.log(`Status: ${statusIcon} ${statusText}`);
+  logger.log(`Token Type: ${chalk.cyan(tokenInfo.type)}`);
+
+  if (tokenInfo.appName) {
+    logger.log(`Application: ${chalk.cyan(tokenInfo.appName)}`);
+  }
+
+  if (tokenInfo.expiresAt) {
+    logger.log(`Expires: ${chalk.gray(formatExpiration(tokenInfo.expiresAt))}`);
+  }
+
+  if (tokenInfo.error) {
+    logger.log(`Error: ${chalk.red(tokenInfo.error)}`);
+  }
+
+  displayUserInfo(tokenInfo.user);
+}
+
+/**
+ * Display authentication status
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} environment - Environment key
+ * @param {Object|null} tokenInfo - Token information
+ */
+function displayStatus(controllerUrl, environment, tokenInfo) {
+  logger.log(chalk.bold('\n🔐 Authentication Status\n'));
+  logger.log(`Controller: ${chalk.cyan(controllerUrl)}`);
+  logger.log(`Environment: ${chalk.cyan(environment || 'Not specified')}\n`);
+
+  if (!tokenInfo) {
+    logger.log(`Status: ${chalk.red('✗ Not authenticated')}`);
+    logger.log(`Token Type: ${chalk.gray('None')}\n`);
+    logger.log(chalk.yellow('💡 Run "aifabrix login" to authenticate\n'));
+    return;
+  }
+
+  displayTokenInfo(tokenInfo);
+  logger.log('');
+}
+
+/**
+ * Handle auth status command
+ * @async
+ * @function handleAuthStatus
+ * @param {Object} options - Command options
+ * @param {string} [options.controller] - Controller URL (uses developer ID-based default if not provided)
+ * @param {string} [options.environment] - Environment key (uses current environment from config if not provided)
+ * @returns {Promise<void>} Resolves when status is displayed
+ */
+async function handleAuthStatus(options) {
+  const configData = await getConfig();
+  const controllerUrl = await resolveControllerUrl(options, configData);
+  const environment = options.environment || await getCurrentEnvironment() || 'dev';
+
+  // Check device token first (preferred)
+  let tokenInfo = await checkDeviceToken(controllerUrl);
+
+  // If no device token, check client token
+  if (!tokenInfo) {
+    tokenInfo = await checkClientToken(controllerUrl, environment);
+  }
+
+  displayStatus(controllerUrl, environment, tokenInfo);
+}
+
+module.exports = { handleAuthStatus };

package/lib/commands/login-device.js

@@ -130,27 +130,32 @@ async function pollAndSaveDeviceCodeToken(controllerUrl, deviceCode, interval, e
 
 /**
  * Build scope string from options
- * @param {boolean} [offline] - Whether to request offline_access
+ * @param {boolean} [online] - Whether to exclude offline_access (default: false, meaning offline tokens are default)
  * @param {string} [customScope] - Custom scope string
  * @returns {string} Scope string
  */
-function buildScope(offline, customScope) {
+function buildScope(online, customScope) {
   const defaultScope = 'openid profile email';
 
   if (customScope) {
-    // If custom scope provided, use it and optionally add offline_access
-    if (offline && !customScope.includes('offline_access')) {
+    // If custom scope provided, use it as-is
+    // If --online flag is used and scope contains offline_access, remove it
+    if (online && customScope.includes('offline_access')) {
+      return customScope.replace(/\s*offline_access\s*/g, ' ').trim().replace(/\s+/g, ' ');
+    }
+    // If not --online and scope doesn't have offline_access, add it (default behavior)
+    if (!online && !customScope.includes('offline_access')) {
       return `${customScope} offline_access`;
     }
     return customScope;
   }
 
-  // Default scope with optional offline_access
-  if (offline) {
-    return `${defaultScope} offline_access`;
+  // Default scope: include offline_access unless --online is specified
+  if (online) {
+    return defaultScope;
   }
 
-  return defaultScope;
+  return `${defaultScope} offline_access`;
 }
 
 /**
@@ -200,16 +205,16 @@ function convertDeviceCodeResponse(apiResponse) {
  * @async
  * @param {string} controllerUrl - Controller URL
  * @param {string} [environment] - Environment key from options
- * @param {boolean} [offline] - Whether to request offline_access scope
+ * @param {boolean} [online] - Whether to exclude offline_access scope (default: false, meaning offline tokens are default)
  * @param {string} [scope] - Custom scope string
  * @returns {Promise<{token: string, environment: string}>} Token and environment
  */
-async function handleDeviceCodeLogin(controllerUrl, environment, offline, scope) {
+async function handleDeviceCodeLogin(controllerUrl, environment, online, scope) {
   const envKey = await getEnvironmentKey(environment);
-  const requestScope = buildScope(offline, scope);
+  const requestScope = buildScope(online, scope);
 
   logger.log(chalk.blue('\n📱 Initiating device code flow...\n'));
-  if (offline) {
+  if (!online && requestScope.includes('offline_access')) {
     logger.log(chalk.gray(`Requesting offline token (scope: ${requestScope})\n`));
   }
 

package/lib/commands/login.js

@@ -15,6 +15,7 @@ const { setCurrentEnvironment, saveClientToken } = require('../core/config');
 const logger = require('../utils/logger');
 const { handleCredentialsLogin } = require('./login-credentials');
 const { handleDeviceCodeLogin } = require('./login-device');
+const { getDefaultControllerUrl } = require('../utils/controller-url');
 
 /**
  * Determine and validate authentication method
@@ -61,8 +62,8 @@ async function saveCredentialsLoginConfig(controllerUrl, token, expiresAt, envir
  * @async
  * @function handleLogin
  * @param {Object} options - Login options
- * @param {string} [options.controller] - Controller URL (default: 'http://localhost:3000')
- * @param {string} [options.method] - Authentication method ('device' or 'credentials')
+ * @param {string} [options.controller] - Controller URL (default: calculated based on developer ID, e.g., 'http://localhost:3000' for dev ID 0, 'http://localhost:3100' for dev ID 1)
+ * @param {string} [options.method] - Authentication method ('device' or 'credentials', default: 'device')
  * @param {string} [options.app] - Application name (for credentials method, reads from secrets.local.yaml)
  * @param {string} [options.clientId] - Client ID (for credentials method, overrides secrets.local.yaml)
  * @param {string} [options.clientSecret] - Client Secret (for credentials method, overrides secrets.local.yaml)
@@ -72,12 +73,18 @@ async function saveCredentialsLoginConfig(controllerUrl, token, expiresAt, envir
  */
 /**
  * Normalizes and logs controller URL
+ * Calculates default URL based on developer ID if not provided
+ * @async
  * @function normalizeControllerUrl
  * @param {Object} options - Login options
- * @returns {string} Normalized controller URL
+ * @returns {Promise<string>} Normalized controller URL
  */
-function normalizeControllerUrl(options) {
-  const controllerUrl = (options.controller || options.url || 'http://localhost:3000').replace(/\/$/, '');
+async function normalizeControllerUrl(options) {
+  let controllerUrl = options.controller || options.url;
+  if (!controllerUrl) {
+    controllerUrl = await getDefaultControllerUrl();
+  }
+  controllerUrl = controllerUrl.replace(/\/$/, '');
   logger.log(chalk.gray(`Controller URL: ${controllerUrl}`));
   return controllerUrl;
 }
@@ -108,8 +115,8 @@ async function handleEnvironmentConfig(options) {
  * @param {Object} options - Login options
  */
 function validateScopeOptions(method, options) {
-  if (method === 'credentials' && (options.offline || options.scope)) {
-    logger.log(chalk.yellow('⚠️  Warning: --offline and --scope options are only available for device flow'));
+  if (method === 'credentials' && (options.online || options.scope)) {
+    logger.log(chalk.yellow('⚠️  Warning: --online and --scope options are only available for device flow'));
     logger.log(chalk.gray('   These options will be ignored for credentials method\n'));
   }
 }
@@ -141,13 +148,13 @@ async function handleCredentialsLoginFlow(controllerUrl, environment, options) {
  * @returns {Promise<{token: string, environment: string}>} Login result
  */
 async function handleDeviceCodeLoginFlow(controllerUrl, options) {
-  return await handleDeviceCodeLogin(controllerUrl, options.environment, options.offline, options.scope);
+  return await handleDeviceCodeLogin(controllerUrl, options.environment, options.online, options.scope);
 }
 
 async function handleLogin(options) {
   logger.log(chalk.blue('\n🔐 Logging in to Miso Controller...\n'));
 
-  const controllerUrl = normalizeControllerUrl(options);
+  const controllerUrl = await normalizeControllerUrl(options);
   const environment = await handleEnvironmentConfig(options);
   const method = await determineAuthMethod(options.method);
 

package/lib/commands/wizard.js

@@ -10,11 +10,12 @@ const path = require('path');
 const fs = require('fs').promises;
 const logger = require('../utils/logger');
 const config = require('../core/config');
-const { getDeploymentAuth } = require('../utils/token-manager');
+const { getDeviceOnlyAuth } = require('../utils/token-manager');
 const { getDataplaneUrl } = require('../datasource/deploy');
+const { resolveControllerUrl } = require('../utils/controller-url');
 const {
-  selectMode,
-  selectSource,
+  createWizardSession,
+  updateWizardSession,
   parseOpenApi,
   detectType,
   generateConfig,
@@ -44,29 +45,23 @@ const { generateWizardFiles } = require('../generator/wizard');
  * @throws {Error} If validation fails
  */
 async function validateAndCheckAppDirectory(appName) {
-  // Validate app name
   if (!/^[a-z0-9-_]+$/.test(appName)) {
     throw new Error('Application name must contain only lowercase letters, numbers, hyphens, and underscores');
   }
-
-  // Check if app directory already exists
   const appPath = path.join(process.cwd(), 'integration', appName);
   try {
     await fs.access(appPath);
-    const { overwrite } = await require('inquirer').prompt([
-      {
-        type: 'confirm',
-        name: 'overwrite',
-        message: `Directory ${appPath} already exists. Overwrite?`,
-        default: false
-      }
-    ]);
+    const { overwrite } = await require('inquirer').prompt([{
+      type: 'confirm',
+      name: 'overwrite',
+      message: `Directory ${appPath} already exists. Overwrite?`,
+      default: false
+    }]);
     if (!overwrite) {
       logger.log(chalk.yellow('Wizard cancelled.'));
       return false;
     }
   } catch (error) {
-    // Directory doesn't exist, continue
     if (error.code !== 'ENOENT') {
       throw error;
     }
@@ -75,37 +70,48 @@ async function validateAndCheckAppDirectory(appName) {
 }
 
 /**
- * Handle mode selection step
+ * Handle mode selection step - create wizard session
  * @async
  * @function handleModeSelection
  * @param {string} dataplaneUrl - Dataplane URL
  * @param {Object} authConfig - Authentication configuration
- * @returns {Promise<string>} Selected mode
+ * @returns {Promise<Object>} Object with mode and sessionId
  * @throws {Error} If mode selection fails
  */
 async function handleModeSelection(dataplaneUrl, authConfig) {
   logger.log(chalk.blue('\n📋 Step 1: Mode Selection'));
   const mode = await promptForMode();
-  const modeResponse = await selectMode(dataplaneUrl, authConfig, mode);
-  if (!modeResponse.success) {
-    throw new Error(`Mode selection failed: ${modeResponse.error || modeResponse.formattedError}`);
+  const sessionResponse = await createWizardSession(dataplaneUrl, authConfig, mode);
+  if (!sessionResponse.success || !sessionResponse.data) {
+    const errorMsg = sessionResponse.formattedError ||
+                     sessionResponse.error ||
+                     sessionResponse.errorData?.detail ||
+                     sessionResponse.message ||
+                     (sessionResponse.status ? `HTTP ${sessionResponse.status}` : 'Unknown error');
+    throw new Error(`Failed to create wizard session: ${errorMsg}`);
+  }
+  const sessionId = sessionResponse.data.data?.sessionId || sessionResponse.data.sessionId;
+  if (!sessionId) {
+    throw new Error('Session ID not found in response');
   }
-  return mode;
+  return { mode, sessionId };
 }
 
 /**
- * Handle source selection step
+ * Handle source selection step - update wizard session
  * @async
  * @function handleSourceSelection
  * @param {string} dataplaneUrl - Dataplane URL
+ * @param {string} sessionId - Wizard session ID
  * @param {Object} authConfig - Authentication configuration
  * @returns {Promise<Object>} Object with sourceType and sourceData
  * @throws {Error} If source selection fails
  */
-async function handleSourceSelection(dataplaneUrl, authConfig) {
+async function handleSourceSelection(dataplaneUrl, sessionId, authConfig) {
   logger.log(chalk.blue('\n📋 Step 2: Source Selection'));
   const sourceType = await promptForSourceType();
   let sourceData = null;
+  const updateData = { currentStep: 1 };
 
   if (sourceType === 'openapi-file') {
     const filePath = await promptForOpenApiFile();
@@ -113,17 +119,19 @@ async function handleSourceSelection(dataplaneUrl, authConfig) {
   } else if (sourceType === 'openapi-url') {
     const url = await promptForOpenApiUrl();
     sourceData = url;
+    updateData.openapiSpec = null; // Will be set after parsing
   } else if (sourceType === 'mcp-server') {
     const mcpDetails = await promptForMcpServer();
     sourceData = JSON.stringify(mcpDetails);
+    updateData.mcpServerUrl = mcpDetails.url || null;
   } else if (sourceType === 'known-platform') {
     const platform = await promptForKnownPlatform();
     sourceData = platform;
   }
 
-  const sourceResponse = await selectSource(dataplaneUrl, authConfig, sourceType, sourceData);
-  if (!sourceResponse.success) {
-    throw new Error(`Source selection failed: ${sourceResponse.error || sourceResponse.formattedError}`);
+  const updateResponse = await updateWizardSession(dataplaneUrl, sessionId, authConfig, updateData);
+  if (!updateResponse.success) {
+    throw new Error(`Source selection failed: ${updateResponse.error || updateResponse.formattedError}`);
   }
 
   return { sourceType, sourceData };
@@ -379,11 +387,11 @@ async function handleFileSaving(appName, systemConfig, datasourceConfigs, system
  * @throws {Error} If wizard flow fails
  */
 async function executeWizardFlow(appName, dataplaneUrl, authConfig) {
-  // Step 1: Mode Selection
-  const mode = await handleModeSelection(dataplaneUrl, authConfig);
+  // Step 1: Mode Selection - Create wizard session
+  const { mode, sessionId } = await handleModeSelection(dataplaneUrl, authConfig);
 
-  // Step 2: Source Selection
-  const { sourceType, sourceData } = await handleSourceSelection(dataplaneUrl, authConfig);
+  // Step 2: Source Selection - Update session
+  const { sourceType, sourceData } = await handleSourceSelection(dataplaneUrl, sessionId, authConfig);
 
   // Step 3: Parse OpenAPI (if applicable)
   const openApiSpec = await handleOpenApiParsing(dataplaneUrl, authConfig, sourceType, sourceData);
@@ -430,30 +438,25 @@ async function executeWizardFlow(appName, dataplaneUrl, authConfig) {
  * @throws {Error} If wizard fails
  */
 async function handleWizard(options = {}) {
-  try {
-    logger.log(chalk.blue('\n🧙 AI Fabrix External System Wizard\n'));
+  logger.log(chalk.blue('\n🧙 AI Fabrix External System Wizard\n'));
 
-    // Get or prompt for app name
-    let appName = options.app;
-    if (!appName) {
-      appName = await promptForAppName();
-    }
+  // Get or prompt for app name
+  let appName = options.app;
+  if (!appName) {
+    appName = await promptForAppName();
+  }
 
-    // Validate app name and check directory
-    const shouldContinue = await validateAndCheckAppDirectory(appName);
-    if (!shouldContinue) {
-      return;
-    }
+  // Validate app name and check directory
+  const shouldContinue = await validateAndCheckAppDirectory(appName);
+  if (!shouldContinue) {
+    return;
+  }
 
-    // Get dataplane URL and authentication
-    const { dataplaneUrl, authConfig } = await setupDataplaneAndAuth(options, appName);
+  // Get dataplane URL and authentication
+  const { dataplaneUrl, authConfig } = await setupDataplaneAndAuth(options, appName);
 
-    // Execute wizard flow
-    await executeWizardFlow(appName, dataplaneUrl, authConfig);
-  } catch (error) {
-    logger.error(chalk.red(`\n❌ Wizard failed: ${error.message}`));
-    throw error;
-  }
+  // Execute wizard flow
+  await executeWizardFlow(appName, dataplaneUrl, authConfig);
 }
 
 /**
@@ -468,29 +471,20 @@ async function handleWizard(options = {}) {
 async function setupDataplaneAndAuth(options, appName) {
   const configData = await config.getConfig();
   const environment = options.environment || 'dev';
-  const controllerUrl = options.controller || configData.deployment?.controllerUrl || 'http://localhost:3000';
+  const controllerUrl = await resolveControllerUrl(options, configData);
+  // Wizard requires device token authentication (user-level), not client credentials
+  const authConfig = await getDeviceOnlyAuth(controllerUrl);
 
-  // Get dataplane URL (either from option or from controller)
   let dataplaneUrl = options.dataplane;
   if (!dataplaneUrl) {
-    // Get authentication first
-    const authConfig = await getDeploymentAuth(controllerUrl, environment, appName);
-    if (!authConfig.token && !authConfig.clientId) {
-      throw new Error('Authentication required. Run "aifabrix login" or "aifabrix app register" first.');
-    }
-
-    // Get dataplane URL from controller
     logger.log(chalk.blue('🌐 Getting dataplane URL from controller...'));
-    dataplaneUrl = await getDataplaneUrl(controllerUrl, appName, environment, authConfig);
-    logger.log(chalk.green(`✓ Dataplane URL: ${dataplaneUrl}`));
-
-    return { dataplaneUrl, authConfig };
-  }
-
-  // If dataplane URL provided directly, still need auth
-  const authConfig = await getDeploymentAuth(controllerUrl, environment, appName);
-  if (!authConfig.token && !authConfig.clientId) {
-    throw new Error('Authentication required. Run "aifabrix login" or "aifabrix app register" first.');
+    try {
+      dataplaneUrl = await getDataplaneUrl(controllerUrl, 'dataplane', environment, authConfig);
+      logger.log(chalk.green(`✓ Dataplane URL: ${dataplaneUrl}`));
+    } catch (error) {
+      const example = `aifabrix wizard -a ${appName} --dataplane https://dataplane.example.com -e ${environment} -c ${controllerUrl}`;
+      throw new Error(`${error.message}\n\n💡 For new applications, provide the dataplane URL using:\n   --dataplane <dataplane-url>\n\n   Example: ${example}`);
+    }
   }
 
   return { dataplaneUrl, authConfig };

package/lib/datasource/deploy.js

@@ -40,9 +40,12 @@ async function getDataplaneUrl(controllerUrl, appKey, environment, authConfig) {
   }
 
   // Extract dataplane URL from application response
-  // This is a placeholder - actual response structure may vary
+  // Try multiple possible locations for the URL
   const application = response.data.data || response.data;
-  const dataplaneUrl = application.dataplaneUrl || application.dataplane?.url || application.configuration?.dataplaneUrl;
+  const dataplaneUrl = application.url ||
+    application.dataplaneUrl ||
+    application.dataplane?.url ||
+    application.configuration?.dataplaneUrl;
 
   if (!dataplaneUrl) {
     logger.error(chalk.red('❌ Dataplane URL not found in application response'));

package/lib/external-system/deploy.js

@@ -25,6 +25,7 @@ const logger = require('../utils/logger');
 const { getDataplaneUrl } = require('../datasource/deploy');
 const { detectAppType } = require('../utils/paths');
 const { generateExternalSystemApplicationSchema } = require('../generator/external');
+const { resolveControllerUrl } = require('../utils/controller-url');
 const {
   loadVariablesYaml,
   validateSystemFiles,
@@ -109,7 +110,7 @@ async function prepareDeploymentConfig(appName, options) {
 
   const config = await getConfig();
   const environment = options.environment || 'dev';
-  const controllerUrl = options.controller || config.deployment?.controllerUrl || 'http://localhost:3000';
+  const controllerUrl = await resolveControllerUrl(options, config);
   const authConfig = await getDeploymentAuth(controllerUrl, environment, appName);
 
   if (!authConfig.token && !authConfig.clientId) {
@@ -245,7 +246,7 @@ async function prepareDeploymentFiles(appName, options) {
 
   const config = await getConfig();
   const environment = options.environment || 'dev';
-  const controllerUrl = options.controller || config.deployment?.controllerUrl || 'http://localhost:3000';
+  const controllerUrl = await resolveControllerUrl(options, config);
   const authConfig = await getDeploymentAuth(controllerUrl, environment, appName);
 
   if (!authConfig.token && !authConfig.clientId) {