@aifabrix/builder 2.32.2 → 2.33.0

package/lib/commands/auth-status.js

@@ -0,0 +1,261 @@
+/**
+ * AI Fabrix Builder - Auth Status Command
+ *
+ * Displays authentication status for the current controller and environment
+ *
+ * @fileoverview Authentication status command implementation
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+const config = require('../core/config');
+const { getConfig } = config;
+const { getOrRefreshDeviceToken } = require('../utils/token-manager');
+const { getAuthUser } = require('../api/auth.api');
+const { resolveControllerUrl } = require('../utils/controller-url');
+
+/**
+ * Format expiration date for display
+ * @param {string} expiresAt - ISO 8601 expiration timestamp
+ * @returns {string} Formatted expiration string
+ */
+function formatExpiration(expiresAt) {
+  if (!expiresAt) {
+    return 'Unknown';
+  }
+  try {
+    const date = new Date(expiresAt);
+    return date.toISOString();
+  } catch {
+    return expiresAt;
+  }
+}
+
+/**
+ * Check and validate device token
+ * @async
+ * @param {string} controllerUrl - Controller URL
+ * @returns {Promise<Object|null>} Token validation result or null
+ */
+async function checkDeviceToken(controllerUrl) {
+  const deviceToken = await getOrRefreshDeviceToken(controllerUrl);
+  if (!deviceToken || !deviceToken.token) {
+    return null;
+  }
+
+  try {
+    const authConfig = { type: 'bearer', token: deviceToken.token };
+    // Use getAuthUser instead of validateToken - it's more reliable and tests actual API access
+    const { getAuthUser } = require('../api/auth.api');
+    const response = await getAuthUser(controllerUrl, authConfig);
+
+    if (response.success && response.data) {
+      return {
+        type: 'Device Token',
+        token: deviceToken.token,
+        authenticated: response.data.authenticated !== false,
+        user: response.data.user,
+        expiresAt: deviceToken.expiresAt
+      };
+    }
+
+    return {
+      type: 'Device Token',
+      token: deviceToken.token,
+      authenticated: false,
+      error: response.error || response.formattedError || 'Token validation failed'
+    };
+  } catch (error) {
+    return {
+      type: 'Device Token',
+      token: deviceToken.token,
+      authenticated: false,
+      error: error.message || 'Token validation error'
+    };
+  }
+}
+
+/**
+ * Decrypt token if encrypted
+ * @async
+ * @param {string} token - Token to decrypt
+ * @returns {Promise<string>} Decrypted token
+ */
+async function decryptTokenIfNeeded(token) {
+  const { decryptToken, isTokenEncrypted } = require('../utils/token-encryption');
+  const encryptionKey = await config.getSecretsEncryptionKey();
+
+  if (encryptionKey && isTokenEncrypted(token)) {
+    return await decryptToken(token, encryptionKey);
+  }
+  return token;
+}
+
+/**
+ * Validate client token and return result
+ * @async
+ * @param {string} token - Token to validate
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} environment - Environment key
+ * @param {string} appName - Application name
+ * @param {string} expiresAt - Token expiration
+ * @returns {Promise<Object>} Token validation result
+ */
+async function validateClientToken(token, controllerUrl, environment, appName, expiresAt) {
+  try {
+    const authConfig = { type: 'bearer', token: token };
+    // Use getAuthUser instead of validateToken - it's more reliable and tests actual API access
+    const response = await getAuthUser(controllerUrl, authConfig);
+
+    if (response.success && response.data) {
+      return {
+        type: 'Client Token',
+        token: token,
+        authenticated: response.data.authenticated !== false,
+        user: response.data.user,
+        expiresAt: expiresAt,
+        appName: appName
+      };
+    }
+
+    return {
+      type: 'Client Token',
+      token: token,
+      authenticated: false,
+      error: response.error || response.formattedError || 'Token validation failed',
+      appName: appName
+    };
+  } catch (error) {
+    return {
+      type: 'Client Token',
+      token: '***',
+      authenticated: false,
+      error: error.message || 'Token validation error',
+      appName: appName
+    };
+  }
+}
+
+/**
+ * Check and validate client token
+ * @async
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} environment - Environment key
+ * @returns {Promise<Object|null>} Token validation result or null
+ */
+async function checkClientToken(controllerUrl, environment) {
+  const configData = await getConfig();
+  const environments = configData.environments || {};
+  const envConfig = environments[environment];
+
+  if (!envConfig || !envConfig.clients) {
+    return null;
+  }
+
+  for (const [appName, tokenData] of Object.entries(envConfig.clients)) {
+    if (tokenData.controller === controllerUrl && tokenData.token) {
+      const token = await decryptTokenIfNeeded(tokenData.token);
+      return await validateClientToken(token, controllerUrl, environment, appName, tokenData.expiresAt);
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Display user information
+ * @param {Object} user - User object
+ */
+function displayUserInfo(user) {
+  if (!user) {
+    return;
+  }
+
+  logger.log('');
+  logger.log(chalk.bold('User Information:'));
+  if (user.email) {
+    logger.log(`  Email: ${chalk.cyan(user.email)}`);
+  }
+  if (user.username) {
+    logger.log(`  Username: ${chalk.cyan(user.username)}`);
+  }
+  if (user.id) {
+    logger.log(`  ID: ${chalk.gray(user.id)}`);
+  }
+}
+
+/**
+ * Display token information
+ * @param {Object} tokenInfo - Token information
+ */
+function displayTokenInfo(tokenInfo) {
+  const statusIcon = tokenInfo.authenticated ? chalk.green('✓') : chalk.red('✗');
+  const statusText = tokenInfo.authenticated ? 'Authenticated' : 'Not authenticated';
+
+  logger.log(`Status: ${statusIcon} ${statusText}`);
+  logger.log(`Token Type: ${chalk.cyan(tokenInfo.type)}`);
+
+  if (tokenInfo.appName) {
+    logger.log(`Application: ${chalk.cyan(tokenInfo.appName)}`);
+  }
+
+  if (tokenInfo.expiresAt) {
+    logger.log(`Expires: ${chalk.gray(formatExpiration(tokenInfo.expiresAt))}`);
+  }
+
+  if (tokenInfo.error) {
+    logger.log(`Error: ${chalk.red(tokenInfo.error)}`);
+  }
+
+  displayUserInfo(tokenInfo.user);
+}
+
+/**
+ * Display authentication status
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} environment - Environment key
+ * @param {Object|null} tokenInfo - Token information
+ */
+function displayStatus(controllerUrl, environment, tokenInfo) {
+  logger.log(chalk.bold('\n🔐 Authentication Status\n'));
+  logger.log(`Controller: ${chalk.cyan(controllerUrl)}`);
+  logger.log(`Environment: ${chalk.cyan(environment || 'Not specified')}\n`);
+
+  if (!tokenInfo) {
+    logger.log(`Status: ${chalk.red('✗ Not authenticated')}`);
+    logger.log(`Token Type: ${chalk.gray('None')}\n`);
+    logger.log(chalk.yellow('💡 Run "aifabrix login" to authenticate\n'));
+    return;
+  }
+
+  displayTokenInfo(tokenInfo);
+  logger.log('');
+}
+
+/**
+ * Handle auth status command
+ * Controller and environment come from config.yaml (set via aifabrix login or aifabrix auth config).
+ * @async
+ * @function handleAuthStatus
+ * @param {Object} _options - Command options (unused; controller/environment from config only)
+ * @returns {Promise<void>} Resolves when status is displayed
+ */
+async function handleAuthStatus(_options) {
+  const { resolveEnvironment } = require('../core/config');
+  const controllerUrl = await resolveControllerUrl();
+  const environment = await resolveEnvironment();
+
+  // Check device token first (preferred)
+  let tokenInfo = await checkDeviceToken(controllerUrl);
+
+  // If no device token, check client token
+  if (!tokenInfo) {
+    tokenInfo = await checkClientToken(controllerUrl, environment);
+  }
+
+  displayStatus(controllerUrl, environment, tokenInfo);
+}
+
+module.exports = { handleAuthStatus };

package/lib/commands/datasource.js

@@ -50,11 +50,10 @@ function setupDatasourceCommands(program) {
   // List command
   datasource
     .command('list')
-    .description('List datasources from environment')
-    .requiredOption('-e, --environment <env>', 'Environment ID or key')
-    .action(async(options) => {
+    .description('List datasources from environment (uses environment from config.yaml)')
+    .action(async() => {
       try {
-        await listDatasources(options);
+        await listDatasources({});
       } catch (error) {
         logger.error(chalk.red('❌ Failed to list datasources:'), error.message);
         process.exit(1);
@@ -78,8 +77,6 @@ function setupDatasourceCommands(program) {
   datasource
     .command('deploy <myapp> <file>')
     .description('Deploy datasource to dataplane')
-    .requiredOption('--controller <url>', 'Controller URL')
-    .requiredOption('-e, --environment <env>', 'Environment (miso, dev, tst, pro)')
     .action(async(myapp, file, options) => {
       try {
         await deployDatasource(myapp, file, options);

package/lib/commands/login-credentials.js

@@ -54,7 +54,7 @@ async function promptForCredentials(clientId, clientSecret) {
       message: 'Client ID:',
       default: clientId || '',
       validate: (input) => {
-        const value = input.trim();
+        const value = input ? input.trim() : '';
         if (!value || value.length === 0) {
           return 'Client ID is required';
         }
@@ -68,7 +68,7 @@ async function promptForCredentials(clientId, clientSecret) {
       default: clientSecret || '',
       mask: '*',
       validate: (input) => {
-        const value = input.trim();
+        const value = input ? input.trim() : '';
         if (!value || value.length === 0) {
           return 'Client Secret is required';
         }
@@ -78,8 +78,8 @@ async function promptForCredentials(clientId, clientSecret) {
   ]);
 
   return {
-    clientId: credentials.clientId.trim(),
-    clientSecret: credentials.clientSecret.trim()
+    clientId: (credentials.clientId || '').trim(),
+    clientSecret: (credentials.clientSecret || '').trim()
   };
 }
 

package/lib/commands/login-device.js

@@ -11,7 +11,7 @@
 const inquirer = require('inquirer');
 const chalk = require('chalk');
 const ora = require('ora');
-const { setCurrentEnvironment, saveDeviceToken } = require('../core/config');
+const { setCurrentEnvironment, saveDeviceToken, setControllerUrl } = require('../core/config');
 const { initiateDeviceCodeFlow } = require('../api/auth.api');
 const { pollDeviceCodeToken, displayDeviceCodeInfo } = require('../utils/api');
 const logger = require('../utils/logger');
@@ -68,6 +68,30 @@ async function saveDeviceLoginConfig(controllerUrl, token, refreshToken, expires
   await saveDeviceToken(controllerUrl, token, refreshToken, expiresAt);
 }
 
+/**
+ * Save token configuration and display success message
+ * @async
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} token - Access token
+ * @param {string} refreshToken - Refresh token
+ * @param {string} expiresAt - Token expiration time
+ * @param {string} envKey - Environment key
+ * @returns {Promise<void>}
+ */
+async function saveTokenAndDisplaySuccess(controllerUrl, token, refreshToken, expiresAt, envKey) {
+  await saveDeviceLoginConfig(controllerUrl, token, refreshToken, expiresAt);
+  await setControllerUrl(controllerUrl);
+  if (envKey) {
+    await setCurrentEnvironment(envKey);
+  }
+  logger.log(chalk.green('\n✅ Successfully logged in!'));
+  logger.log(chalk.gray(`Controller: ${controllerUrl}`));
+  if (envKey) {
+    logger.log(chalk.gray(`Environment: ${envKey}`));
+  }
+  logger.log(chalk.gray('Token stored securely in ~/.aifabrix/config.yaml\n'));
+}
+
 /**
  * Poll for device code token and save configuration
  * @async
@@ -105,23 +129,8 @@ async function pollAndSaveDeviceCodeToken(controllerUrl, deviceCode, interval, e
     const refreshToken = tokenResponse.refresh_token;
     const expiresAt = new Date(Date.now() + (tokenResponse.expires_in * 1000)).toISOString();
 
-    // Save device token at root level (controller-specific, not environment-specific)
-    await saveDeviceLoginConfig(controllerUrl, token, refreshToken, expiresAt);
-
-    // Still set current environment if provided (for other purposes)
-    if (envKey) {
-      await setCurrentEnvironment(envKey);
-    }
-
-    logger.log(chalk.green('\n✅ Successfully logged in!'));
-    logger.log(chalk.gray(`Controller: ${controllerUrl}`));
-    if (envKey) {
-      logger.log(chalk.gray(`Environment: ${envKey}`));
-    }
-    logger.log(chalk.gray('Token stored securely in ~/.aifabrix/config.yaml\n'));
-
+    await saveTokenAndDisplaySuccess(controllerUrl, token, refreshToken, expiresAt, envKey);
     return { token, environment: envKey };
-
   } catch (pollError) {
     spinner.fail('Authentication failed');
     throw pollError;
@@ -130,27 +139,32 @@ async function pollAndSaveDeviceCodeToken(controllerUrl, deviceCode, interval, e
 
 /**
  * Build scope string from options
- * @param {boolean} [offline] - Whether to request offline_access
+ * @param {boolean} [online] - Whether to exclude offline_access (default: false, meaning offline tokens are default)
  * @param {string} [customScope] - Custom scope string
  * @returns {string} Scope string
  */
-function buildScope(offline, customScope) {
+function buildScope(online, customScope) {
   const defaultScope = 'openid profile email';
 
   if (customScope) {
-    // If custom scope provided, use it and optionally add offline_access
-    if (offline && !customScope.includes('offline_access')) {
+    // If custom scope provided, use it as-is
+    // If --online flag is used and scope contains offline_access, remove it
+    if (online && customScope.includes('offline_access')) {
+      return customScope.replace(/\s*offline_access\s*/g, ' ').trim().replace(/\s+/g, ' ');
+    }
+    // If not --online and scope doesn't have offline_access, add it (default behavior)
+    if (!online && !customScope.includes('offline_access')) {
       return `${customScope} offline_access`;
     }
     return customScope;
   }
 
-  // Default scope with optional offline_access
-  if (offline) {
-    return `${defaultScope} offline_access`;
+  // Default scope: include offline_access unless --online is specified
+  if (online) {
+    return defaultScope;
   }
 
-  return defaultScope;
+  return `${defaultScope} offline_access`;
 }
 
 /**
@@ -200,16 +214,16 @@ function convertDeviceCodeResponse(apiResponse) {
  * @async
  * @param {string} controllerUrl - Controller URL
  * @param {string} [environment] - Environment key from options
- * @param {boolean} [offline] - Whether to request offline_access scope
+ * @param {boolean} [online] - Whether to exclude offline_access scope (default: false, meaning offline tokens are default)
  * @param {string} [scope] - Custom scope string
  * @returns {Promise<{token: string, environment: string}>} Token and environment
  */
-async function handleDeviceCodeLogin(controllerUrl, environment, offline, scope) {
+async function handleDeviceCodeLogin(controllerUrl, environment, online, scope) {
   const envKey = await getEnvironmentKey(environment);
-  const requestScope = buildScope(offline, scope);
+  const requestScope = buildScope(online, scope);
 
   logger.log(chalk.blue('\n📱 Initiating device code flow...\n'));
-  if (offline) {
+  if (!online && requestScope.includes('offline_access')) {
     logger.log(chalk.gray(`Requesting offline token (scope: ${requestScope})\n`));
   }
 

package/lib/commands/login.js

@@ -11,10 +11,11 @@
 
 const inquirer = require('inquirer');
 const chalk = require('chalk');
-const { setCurrentEnvironment, saveClientToken } = require('../core/config');
+const { setCurrentEnvironment, saveClientToken, setControllerUrl } = require('../core/config');
 const logger = require('../utils/logger');
 const { handleCredentialsLogin } = require('./login-credentials');
 const { handleDeviceCodeLogin } = require('./login-device');
+const { resolveControllerUrl } = require('../utils/controller-url');
 
 /**
  * Determine and validate authentication method
@@ -61,8 +62,8 @@ async function saveCredentialsLoginConfig(controllerUrl, token, expiresAt, envir
  * @async
  * @function handleLogin
  * @param {Object} options - Login options
- * @param {string} [options.controller] - Controller URL (default: 'http://localhost:3000')
- * @param {string} [options.method] - Authentication method ('device' or 'credentials')
+ * @param {string} [options.controller] - Controller URL (default: from config, device tokens, or developer ID)
+ * @param {string} [options.method] - Authentication method ('device' or 'credentials', default: 'device')
  * @param {string} [options.app] - Application name (for credentials method, reads from secrets.local.yaml)
  * @param {string} [options.clientId] - Client ID (for credentials method, overrides secrets.local.yaml)
  * @param {string} [options.clientSecret] - Client Secret (for credentials method, overrides secrets.local.yaml)
@@ -71,13 +72,20 @@ async function saveCredentialsLoginConfig(controllerUrl, token, expiresAt, envir
  * @throws {Error} If login fails
  */
 /**
- * Normalizes and logs controller URL
+ * Resolves and logs controller URL from --controller, config, device tokens, or developer-ID default
+ * @async
  * @function normalizeControllerUrl
  * @param {Object} options - Login options
- * @returns {string} Normalized controller URL
+ * @returns {Promise<string>} Normalized controller URL
  */
-function normalizeControllerUrl(options) {
-  const controllerUrl = (options.controller || options.url || 'http://localhost:3000').replace(/\/$/, '');
+async function normalizeControllerUrl(options) {
+  let controllerUrl = options.controller || options.url;
+  if (!controllerUrl) {
+    controllerUrl = await resolveControllerUrl();
+  }
+  controllerUrl = String(controllerUrl).replace(/\/+$/, '');
+  // Save controller URL to config
+  await setControllerUrl(controllerUrl);
   logger.log(chalk.gray(`Controller URL: ${controllerUrl}`));
   return controllerUrl;
 }
@@ -108,8 +116,8 @@ async function handleEnvironmentConfig(options) {
  * @param {Object} options - Login options
  */
 function validateScopeOptions(method, options) {
-  if (method === 'credentials' && (options.offline || options.scope)) {
-    logger.log(chalk.yellow('⚠️  Warning: --offline and --scope options are only available for device flow'));
+  if (method === 'credentials' && (options.online || options.scope)) {
+    logger.log(chalk.yellow('⚠️  Warning: --online and --scope options are only available for device flow'));
     logger.log(chalk.gray('   These options will be ignored for credentials method\n'));
   }
 }
@@ -137,17 +145,18 @@ async function handleCredentialsLoginFlow(controllerUrl, environment, options) {
  * @async
  * @function handleDeviceCodeLoginFlow
  * @param {string} controllerUrl - Controller URL
+ * @param {string} environment - Resolved environment key (from config or -e/--environment)
  * @param {Object} options - Login options
  * @returns {Promise<{token: string, environment: string}>} Login result
  */
-async function handleDeviceCodeLoginFlow(controllerUrl, options) {
-  return await handleDeviceCodeLogin(controllerUrl, options.environment, options.offline, options.scope);
+async function handleDeviceCodeLoginFlow(controllerUrl, environment, options) {
+  return await handleDeviceCodeLogin(controllerUrl, environment, options.online, options.scope);
 }
 
 async function handleLogin(options) {
   logger.log(chalk.blue('\n🔐 Logging in to Miso Controller...\n'));
 
-  const controllerUrl = normalizeControllerUrl(options);
+  const controllerUrl = await normalizeControllerUrl(options);
   const environment = await handleEnvironmentConfig(options);
   const method = await determineAuthMethod(options.method);
 
@@ -156,7 +165,7 @@ async function handleLogin(options) {
   if (method === 'credentials') {
     await handleCredentialsLoginFlow(controllerUrl, environment, options);
   } else if (method === 'device') {
-    await handleDeviceCodeLoginFlow(controllerUrl, options);
+    await handleDeviceCodeLoginFlow(controllerUrl, environment, options);
     return; // Early return for device flow (already saved config)
   }
 

package/lib/commands/wizard-config-normalizer.js

@@ -0,0 +1,92 @@
+/**
+ * @fileoverview Normalize wizard-generated configs before validation
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const ENTITY_TYPE_FALLBACK = 'record-storage';
+const VALID_ENTITY_TYPES = new Set([
+  'document-storage',
+  'documentStorage',
+  'vector-store',
+  'vectorStore',
+  'record-storage',
+  'recordStorage',
+  'message-service',
+  'messageService',
+  'none'
+]);
+const VALID_PORTAL_FIELDS = new Set(['text', 'textarea', 'select', 'json', 'boolean', 'number']);
+
+/**
+ * Normalize system config fields to schema constraints
+ * @function normalizeSystemConfig
+ * @param {Object} systemConfig - External system config
+ * @returns {Object} Normalized config
+ */
+function normalizeSystemConfig(systemConfig) {
+  if (!systemConfig || typeof systemConfig !== 'object') {
+    return systemConfig;
+  }
+  if (typeof systemConfig.description === 'string' && systemConfig.description.length > 500) {
+    systemConfig.description = systemConfig.description.slice(0, 500);
+  }
+  return systemConfig;
+}
+
+/**
+ * Normalize datasource config fields to schema constraints
+ * @function normalizeDatasourceConfig
+ * @param {Object} datasourceConfig - Datasource config
+ * @returns {Object} Normalized config
+ */
+function normalizeDatasourceConfig(datasourceConfig) {
+  if (!datasourceConfig || typeof datasourceConfig !== 'object') {
+    return datasourceConfig;
+  }
+  if (datasourceConfig.entityType && !VALID_ENTITY_TYPES.has(datasourceConfig.entityType)) {
+    datasourceConfig.entityType = ENTITY_TYPE_FALLBACK;
+  }
+  if (Array.isArray(datasourceConfig.portalInput)) {
+    datasourceConfig.portalInput = datasourceConfig.portalInput.filter(item => {
+      if (!item || typeof item !== 'object') {
+        return false;
+      }
+      if (!item.name || !item.field || !item.label) {
+        return false;
+      }
+      return VALID_PORTAL_FIELDS.has(item.field);
+    });
+  }
+  if (datasourceConfig.execution?.cip?.operations) {
+    for (const operation of Object.values(datasourceConfig.execution.cip.operations)) {
+      if (!operation || !Array.isArray(operation.steps)) {
+        continue;
+      }
+      for (const step of operation.steps) {
+        if (step?.output?.mode && step.output.mode !== 'records') {
+          step.output.mode = 'records';
+        }
+      }
+    }
+  }
+  return datasourceConfig;
+}
+
+/**
+ * Normalize system and datasource configs
+ * @function normalizeWizardConfigs
+ * @param {Object} systemConfig - System config
+ * @param {Object|Object[]} datasourceConfigs - Datasource config(s)
+ * @returns {{ systemConfig: Object, datasourceConfigs: Object[] }} Normalized configs
+ */
+function normalizeWizardConfigs(systemConfig, datasourceConfigs) {
+  const normalizedSystem = normalizeSystemConfig(systemConfig);
+  const configs = Array.isArray(datasourceConfigs) ? datasourceConfigs : [datasourceConfigs];
+  const normalizedDatasources = configs.map(normalizeDatasourceConfig);
+  return { systemConfig: normalizedSystem, datasourceConfigs: normalizedDatasources };
+}
+
+module.exports = {
+  normalizeWizardConfigs
+};