@aifabrix/builder 2.32.2 → 2.32.3

package/lib/api/index.js

@@ -97,7 +97,8 @@ class ApiClient {
     }
 
     if (this.authConfig.type === 'bearer' || this.authConfig.type === 'client-token') {
-      return await authenticatedApiCall(url, { method: 'GET', headers }, this.authConfig.token);
+      // Pass full authConfig to enable proper token refresh using controller URL
+      return await authenticatedApiCall(url, { method: 'GET', headers }, this.authConfig);
     }
 
     return await makeApiCall(url, { method: 'GET', headers });
@@ -141,7 +142,8 @@ class ApiClient {
     }
 
     if (this.authConfig.type === 'bearer' || this.authConfig.type === 'client-token') {
-      return await authenticatedApiCall(url, requestOptions, this.authConfig.token);
+      // Pass full authConfig to enable proper token refresh using controller URL
+      return await authenticatedApiCall(url, requestOptions, this.authConfig);
     }
 
     return await makeApiCall(url, requestOptions);
@@ -170,7 +172,8 @@ class ApiClient {
     }
 
     if (this.authConfig.type === 'bearer' || this.authConfig.type === 'client-token') {
-      return await authenticatedApiCall(url, requestOptions, this.authConfig.token);
+      // Pass full authConfig to enable proper token refresh using controller URL
+      return await authenticatedApiCall(url, requestOptions, this.authConfig);
     }
 
     return await makeApiCall(url, requestOptions);
@@ -199,7 +202,8 @@ class ApiClient {
     }
 
     if (this.authConfig.type === 'bearer' || this.authConfig.type === 'client-token') {
-      return await authenticatedApiCall(url, requestOptions, this.authConfig.token);
+      // Pass full authConfig to enable proper token refresh using controller URL
+      return await authenticatedApiCall(url, requestOptions, this.authConfig);
     }
 
     return await makeApiCall(url, requestOptions);
@@ -223,7 +227,8 @@ class ApiClient {
     };
 
     if (this.authConfig.type === 'bearer' || this.authConfig.type === 'client-token') {
-      return await authenticatedApiCall(url, requestOptions, this.authConfig.token);
+      // Pass full authConfig to enable proper token refresh using controller URL
+      return await authenticatedApiCall(url, requestOptions, this.authConfig);
     }
 
     return await makeApiCall(url, requestOptions);

package/lib/api/wizard.api.js

@@ -8,42 +8,72 @@ const { ApiClient } = require('./index');
 const { uploadFile } = require('../utils/file-upload');
 
 /**
- * Select wizard mode
- * POST /api/v1/wizard/mode-selection
+ * Create wizard session
+ * POST /api/v1/wizard/sessions
  * @async
- * @function selectMode
+ * @function createWizardSession
  * @param {string} dataplaneUrl - Dataplane base URL
  * @param {Object} authConfig - Authentication configuration
  * @param {string} mode - Wizard mode ('create-system' | 'add-datasource')
- * @returns {Promise<Object>} Mode selection response
+ * @param {string} [systemId] - Existing system ID (required when mode='add-datasource')
+ * @returns {Promise<Object>} Session creation response with sessionId
  * @throws {Error} If request fails
  */
-async function selectMode(dataplaneUrl, authConfig, mode) {
+async function createWizardSession(dataplaneUrl, authConfig, mode, systemId = null) {
   const client = new ApiClient(dataplaneUrl, authConfig);
-  return await client.post('/api/v1/wizard/mode-selection', {
-    body: { mode }
+  const body = { mode };
+  if (systemId) {
+    body.systemId = systemId;
+  }
+  return await client.post('/api/v1/wizard/sessions', {
+    body
   });
 }
 
 /**
- * Select wizard source
- * POST /api/v1/wizard/source-selection
+ * Get wizard session
+ * GET /api/v1/wizard/sessions/{sessionId}
  * @async
- * @function selectSource
+ * @function getWizardSession
  * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {string} sessionId - Session ID
  * @param {Object} authConfig - Authentication configuration
- * @param {string} sourceType - Source type ('openapi-file' | 'openapi-url' | 'mcp-server' | 'known-platform')
- * @param {string} [sourceData] - Source data (file path, URL, etc.)
- * @returns {Promise<Object>} Source selection response
+ * @returns {Promise<Object>} Session state response
  * @throws {Error} If request fails
  */
-async function selectSource(dataplaneUrl, authConfig, sourceType, sourceData) {
+async function getWizardSession(dataplaneUrl, sessionId, authConfig) {
   const client = new ApiClient(dataplaneUrl, authConfig);
-  return await client.post('/api/v1/wizard/source-selection', {
-    body: {
-      sourceType,
-      sourceData
-    }
+  return await client.get(`/api/v1/wizard/sessions/${sessionId}`);
+}
+
+/**
+ * Update wizard session
+ * PATCH /api/v1/wizard/sessions/{sessionId}
+ * @async
+ * @function updateWizardSession
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {string} sessionId - Session ID
+ * @param {Object} authConfig - Authentication configuration
+ * @param {Object} updateData - Session update data
+ * @param {number} [updateData.currentStep] - Current wizard step (0-6)
+ * @param {string} [updateData.credentialIdOrKey] - Selected credential ID or key
+ * @param {Object} [updateData.openapiSpec] - Parsed OpenAPI specification
+ * @param {string} [updateData.mcpServerUrl] - MCP server URL
+ * @param {Array} [updateData.detectedTypes] - Detected API types
+ * @param {string} [updateData.selectedType] - Selected API type
+ * @param {string} [updateData.intent] - User intent
+ * @param {string} [updateData.fieldOnboardingLevel] - Field onboarding level
+ * @param {boolean} [updateData.enableOpenAPIGeneration] - Enable OpenAPI generation
+ * @param {Object} [updateData.systemConfig] - Generated system configuration
+ * @param {Object} [updateData.datasourceConfig] - Generated datasource configuration
+ * @param {Object} [updateData.validationResults] - Validation results
+ * @returns {Promise<Object>} Updated session state response
+ * @throws {Error} If request fails
+ */
+async function updateWizardSession(dataplaneUrl, sessionId, authConfig, updateData) {
+  const client = new ApiClient(dataplaneUrl, authConfig);
+  return await client.patch(`/api/v1/wizard/sessions/${sessionId}`, {
+    body: updateData
   });
 }
 
@@ -165,8 +195,9 @@ async function getDeploymentDocs(dataplaneUrl, authConfig, systemKey) {
 }
 
 module.exports = {
-  selectMode,
-  selectSource,
+  createWizardSession,
+  getWizardSession,
+  updateWizardSession,
   parseOpenApi,
   detectType,
   generateConfig,

package/lib/app/list.js

@@ -126,14 +126,35 @@ async function findDeviceTokenFromConfig(deviceConfig) {
   return null;
 }
 
+/**
+ * Format URL and port for display
+ * @param {Object} app - Application object
+ * @returns {string} Formatted URL and port string
+ */
+function formatUrlAndPort(app) {
+  const url = app.url || app.dataplaneUrl || app.dataplane?.url || app.configuration?.dataplaneUrl || null;
+  const port = app.port || app.configuration?.port || null;
+
+  const parts = [];
+  if (url) {
+    parts.push(`URL: ${chalk.blue(url)}`);
+  }
+  if (port) {
+    parts.push(`Port: ${chalk.blue(port)}`);
+  }
+
+  return parts.length > 0 ? ` (${parts.join(', ')})` : '';
+}
+
 /**
  * Display applications list
  * @param {Array} applications - Array of application objects
  * @param {string} environment - Environment name or key
+ * @param {string} controllerUrl - Controller URL
  */
-function displayApplications(applications, environment) {
+function displayApplications(applications, environment, controllerUrl) {
   const environmentName = environment || 'miso';
-  const header = `Applications in ${environmentName} environment`;
+  const header = `Applications in ${environmentName} environment (${controllerUrl})`;
 
   if (applications.length === 0) {
     logger.log(chalk.bold(`\n📱 ${header}:\n`));
@@ -144,7 +165,8 @@ function displayApplications(applications, environment) {
   logger.log(chalk.bold(`\n📱 ${header}:\n`));
   applications.forEach((app) => {
     const hasPipeline = app.configuration?.pipeline?.isActive ? '✓' : '✗';
-    logger.log(`${hasPipeline} ${chalk.cyan(app.key)} - ${app.displayName} (${app.status || 'unknown'})`);
+    const urlAndPort = formatUrlAndPort(app);
+    logger.log(`${hasPipeline} ${chalk.cyan(app.key)} - ${app.displayName} (${app.status || 'unknown'})${urlAndPort}`);
   });
   logger.log('');
 }
@@ -152,23 +174,19 @@ function displayApplications(applications, environment) {
 /**
  * Try to get device token from controller URL
  * @async
- * @param {string} controllerUrl - Controller URL
- * @returns {Promise<Object|null>} Object with token and controllerUrl, or null
+ * @param {string} controllerUrl - Controller URL (explicitly provided by user)
+ * @returns {Promise<Object|null>} Object with token and controllerUrl, or null if token not found
+ * @throws {Error} If authentication/refresh fails
  */
 async function tryGetTokenFromController(controllerUrl) {
-  try {
-    const normalizedUrl = normalizeControllerUrl(controllerUrl);
-    const deviceToken = await getOrRefreshDeviceToken(normalizedUrl);
-    if (deviceToken && deviceToken.token) {
-      return {
-        token: deviceToken.token,
-        actualControllerUrl: deviceToken.controller || normalizedUrl
-      };
-    }
-  } catch (error) {
-    logger.error(chalk.red(`❌ Failed to authenticate with controller: ${controllerUrl}`));
-    logger.error(chalk.gray(`Error: ${error.message}`));
-    process.exit(1);
+  const normalizedUrl = normalizeControllerUrl(controllerUrl);
+  const deviceToken = await getOrRefreshDeviceToken(normalizedUrl);
+  if (deviceToken && deviceToken.token) {
+    // Always use the provided controller URL (normalized) to ensure we use the exact URL the user specified
+    return {
+      token: deviceToken.token,
+      actualControllerUrl: normalizedUrl
+    };
   }
   return null;
 }
@@ -215,25 +233,36 @@ function validateAuthToken(token, actualControllerUrl, controllerUrl) {
 /**
  * Get authentication token for listing applications
  * @async
- * @param {string} [controllerUrl] - Optional controller URL
+ * @param {string} [controllerUrl] - Optional controller URL (if provided, must use this specific URL)
  * @param {Object} config - Configuration object
  * @returns {Promise<Object>} Object with token and actualControllerUrl
  * @throws {Error} If authentication fails
  */
 async function getListAuthToken(controllerUrl, config) {
-  // Try to get token from controller URL first
-  let authResult = null;
+  // If controller URL is explicitly provided, use only that URL (no fallback)
   if (controllerUrl) {
-    authResult = await tryGetTokenFromController(controllerUrl);
+    const authResult = await tryGetTokenFromController(controllerUrl);
+    if (!authResult || !authResult.token) {
+      // No token found for explicitly provided controller URL
+      logger.error(chalk.red(`❌ No authentication token found for controller: ${controllerUrl}`));
+      logger.error(chalk.gray('Please login to this controller using: aifabrix login'));
+      process.exit(1);
+      // Return to prevent further execution in tests where process.exit is mocked
+      return { token: null, actualControllerUrl: null };
+    }
+    return validateAuthToken(authResult.token, authResult.actualControllerUrl, controllerUrl);
   }
 
-  // If no token yet, try to find device token from config
-  if (!authResult && config.device) {
-    authResult = await tryGetTokenFromConfig(config.device);
+  // If no controller URL provided, try to find device token from config
+  if (config.device) {
+    const authResult = await tryGetTokenFromConfig(config.device);
+    if (authResult && authResult.token) {
+      return validateAuthToken(authResult.token, authResult.actualControllerUrl, null);
+    }
   }
 
-  // Validate and return token or exit
-  return validateAuthToken(authResult?.token || null, authResult?.actualControllerUrl || null, controllerUrl);
+  // No token found anywhere
+  return validateAuthToken(null, null, null);
 }
 
 /**
@@ -271,12 +300,17 @@ async function listApplications(options) {
   const controllerUrl = options.controller || null;
   const { token, actualControllerUrl } = await getListAuthToken(controllerUrl, config);
 
+  // Check if authentication succeeded (may be null after process.exit in tests)
+  if (!token || !actualControllerUrl) {
+    return;
+  }
+
   // Use centralized API client
   const authConfig = { type: 'bearer', token: token };
   try {
     const response = await listEnvironmentApplications(actualControllerUrl, options.environment, authConfig);
     const applications = handleListResponse(response, actualControllerUrl);
-    displayApplications(applications, options.environment);
+    displayApplications(applications, options.environment, actualControllerUrl);
   } catch (error) {
     logger.error(chalk.red(`❌ Failed to list applications from controller: ${actualControllerUrl}`));
     logger.error(chalk.gray(`Error: ${error.message}`));

package/lib/app/prompts.js

@@ -9,6 +9,7 @@
  */
 
 const inquirer = require('inquirer');
+const { getDefaultControllerUrl } = require('../utils/controller-url');
 
 /**
  * Builds basic questions (port, language)
@@ -223,10 +224,11 @@ function buildExternalSystemQuestions(options, appName) {
 
 /**
  * Builds workflow questions (GitHub, Controller)
+ * @async
  * @param {Object} options - Provided options
- * @returns {Array} Array of question objects
+ * @returns {Promise<Array>} Array of question objects
  */
-function buildWorkflowQuestions(options) {
+async function buildWorkflowQuestions(options) {
   const questions = [];
 
   // GitHub workflows
@@ -255,11 +257,13 @@ function buildWorkflowQuestions(options) {
   if (!options.controllerUrl && options.controller &&
       !Object.prototype.hasOwnProperty.call(options, 'controllerUrl')) {
     const misoHost = process.env.MISO_HOST || 'localhost';
+    const defaultControllerUrl = await getDefaultControllerUrl();
+    const defaultUrl = defaultControllerUrl.replace('http://localhost:', `http://${misoHost}:`);
     questions.push({
       type: 'input',
       name: 'controllerUrl',
       message: 'Enter Controller URL:',
-      default: `http://${misoHost}:3000`,
+      default: defaultUrl,
       when: (answers) => answers.controller === true
     });
   }
@@ -424,14 +428,14 @@ async function promptForOptions(appName, options) {
     // For external type, prompt for external system configuration
     questions = [
       ...buildExternalSystemQuestions(options, appName),
-      ...buildWorkflowQuestions(options)
+      ...(await buildWorkflowQuestions(options))
     ];
   } else {
     // For regular apps, use standard prompts
     questions = [
       ...buildBasicQuestions(options, appType),
       ...buildServiceQuestions(options, appType),
-      ...buildWorkflowQuestions(options)
+      ...(await buildWorkflowQuestions(options))
     ];
   }
 

package/lib/app/rotate-secret.js

@@ -152,7 +152,8 @@ function displayRotationResults(appKey, environment, credentials, apiUrl, messag
   logger.log(chalk.green('✅ Secret rotated successfully!\n'));
   logger.log(chalk.bold('📋 Application Details:'));
   logger.log(`   Key:         ${appKey}`);
-  logger.log(`   Environment: ${environment}\n`);
+  logger.log(`   Environment: ${environment}`);
+  logger.log(`   Controller:  ${apiUrl}\n`);
 
   logger.log(chalk.bold.yellow('🔑 NEW CREDENTIALS:'));
   logger.log(chalk.yellow(`   Client ID:     ${credentials.clientId}`));

package/lib/cli.js

@@ -22,6 +22,7 @@ const logger = require('./utils/logger');
 const { validateCommand, handleCommandError } = require('./utils/cli-utils');
 const { handleLogin } = require('./commands/login');
 const { handleLogout } = require('./commands/logout');
+const { handleAuthStatus } = require('./commands/auth-status');
 const { handleSecure } = require('./commands/secure');
 const { handleSecretsSet } = require('./commands/secrets-set');
 
@@ -32,14 +33,14 @@ const { handleSecretsSet } = require('./commands/secrets-set');
 function setupAuthCommands(program) {
   program.command('login')
     .description('Authenticate with Miso Controller')
-    .option('-c, --controller <url>', 'Controller URL', 'http://localhost:3000')
-    .option('-m, --method <method>', 'Authentication method (device|credentials)')
+    .option('-c, --controller <url>', 'Controller URL (default: calculated based on developer ID: http://localhost:${3000 + (developerId * 100)})')
+    .option('-m, --method <method>', 'Authentication method (device|credentials)', 'device')
     .option('-a, --app <app>', 'Application name (required for credentials method, reads from secrets.local.yaml)')
     .option('--client-id <id>', 'Client ID (for credentials method, overrides secrets.local.yaml)')
     .option('--client-secret <secret>', 'Client Secret (for credentials method, overrides secrets.local.yaml)')
     .option('-e, --environment <env>', 'Environment key (updates root-level environment in config.yaml, e.g., miso, dev, tst, pro)')
-    .option('--offline', 'Request offline token (adds offline_access scope, device flow only)')
-    .option('--scope <scopes>', 'Custom OAuth2 scope string (device flow only, default: "openid profile email")')
+    .option('--online', 'Request online-only token (excludes offline_access scope, device flow only)')
+    .option('--scope <scopes>', 'Custom OAuth2 scope string (device flow only, default: "openid profile email offline_access")')
     .action(async(options) => {
       try {
         await handleLogin(options);
@@ -62,6 +63,34 @@ function setupAuthCommands(program) {
         process.exit(1);
       }
     });
+
+  const authStatusHandler = async(options) => {
+    try {
+      await handleAuthStatus(options);
+    } catch (error) {
+      handleCommandError(error, 'auth status');
+      process.exit(1);
+    }
+  };
+
+  // Use nested command pattern for multi-word commands (like environment deploy)
+  const auth = program
+    .command('auth')
+    .description('Authentication commands');
+
+  auth
+    .command('status')
+    .description('Display authentication status for current controller and environment')
+    .option('-c, --controller <url>', 'Check status for specific controller (uses developer ID-based default if not provided)')
+    .option('-e, --environment <env>', 'Check status for specific environment')
+    .action(authStatusHandler);
+
+  // Alias: status (register as separate command since Commander.js doesn't support multi-word aliases)
+  program.command('status')
+    .description('Display authentication status (alias for auth status)')
+    .option('-c, --controller <url>', 'Check status for specific controller (uses developer ID-based default if not provided)')
+    .option('-e, --environment <env>', 'Check status for specific environment')
+    .action(authStatusHandler);
 }
 
 /**