@aifabrix/builder 2.32.2 → 2.33.0

package/lib/validation/wizard-config-validator.js

@@ -0,0 +1,267 @@
+/**
+ * @fileoverview Wizard configuration validator for wizard.yaml files
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const fs = require('fs').promises;
+const path = require('path');
+const yaml = require('js-yaml');
+const Ajv = require('ajv');
+const wizardConfigSchema = require('../schema/wizard-config.schema.json');
+
+/**
+ * Resolve environment variable references in a value
+ * Supports ${VAR_NAME} syntax
+ * @function resolveEnvVar
+ * @param {string} value - Value that may contain env var references
+ * @returns {string} Resolved value
+ */
+function resolveEnvVar(value) {
+  if (typeof value !== 'string') {
+    return value;
+  }
+  return value.replace(/\$\{([^}]+)\}/g, (match, varName) => {
+    const envValue = process.env[varName];
+    if (envValue === undefined) {
+      throw new Error(`Environment variable '${varName}' is not defined`);
+    }
+    return envValue;
+  });
+}
+
+/**
+ * Recursively resolve environment variables in an object
+ * @function resolveEnvVarsInObject
+ * @param {Object} obj - Object to process
+ * @returns {Object} Object with resolved env vars
+ */
+function resolveEnvVarsInObject(obj) {
+  if (obj === null || obj === undefined) {
+    return obj;
+  }
+  if (typeof obj === 'string') {
+    return resolveEnvVar(obj);
+  }
+  if (Array.isArray(obj)) {
+    return obj.map(item => resolveEnvVarsInObject(item));
+  }
+  if (typeof obj === 'object') {
+    const result = {};
+    for (const [key, value] of Object.entries(obj)) {
+      result[key] = resolveEnvVarsInObject(value);
+    }
+    return result;
+  }
+  return obj;
+}
+
+/**
+ * Format AJV validation errors into user-friendly messages
+ * @function formatValidationErrors
+ * @param {Object[]} errors - AJV validation errors
+ * @returns {string[]} Formatted error messages
+ */
+function formatValidationErrors(errors) {
+  if (!errors || errors.length === 0) {
+    return [];
+  }
+  return errors.map(error => {
+    const path = error.instancePath || '/';
+    const message = error.message || 'Unknown validation error';
+    if (error.keyword === 'required') {
+      return `Missing required field: ${error.params.missingProperty}`;
+    }
+    if (error.keyword === 'enum') {
+      return `${path}: ${message}. Allowed values: ${error.params.allowedValues.join(', ')}`;
+    }
+    if (error.keyword === 'pattern') {
+      return `${path}: ${message}`;
+    }
+    if (error.keyword === 'additionalProperties') {
+      return `${path}: Unknown property '${error.params.additionalProperty}'`;
+    }
+    return `${path}: ${message}`;
+  });
+}
+
+/**
+ * Load and parse wizard.yaml file
+ * @async
+ * @function loadWizardConfig
+ * @param {string} configPath - Path to wizard.yaml file
+ * @returns {Promise<Object>} Parsed configuration object
+ * @throws {Error} If file cannot be read or parsed
+ */
+async function loadWizardConfig(configPath) {
+  const resolvedPath = path.resolve(configPath);
+  try {
+    await fs.access(resolvedPath);
+    const content = await fs.readFile(resolvedPath, 'utf8');
+    const config = yaml.load(content);
+    if (!config || typeof config !== 'object') {
+      throw new Error('Configuration file is empty or invalid');
+    }
+    return config;
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      throw new Error(`Configuration file not found: ${resolvedPath}`);
+    }
+    if (error.name === 'YAMLException') {
+      throw new Error(`Invalid YAML syntax: ${error.message}`);
+    }
+    throw error;
+  }
+}
+
+/**
+ * Validate wizard configuration against schema
+ * @function validateWizardConfigSchema
+ * @param {Object} config - Configuration object to validate
+ * @returns {Object} Validation result with valid flag and errors
+ */
+function validateWizardConfigSchema(config) {
+  const ajv = new Ajv({ allErrors: true, strict: false });
+  const validate = ajv.compile(wizardConfigSchema);
+  const valid = validate(config);
+  return {
+    valid,
+    errors: valid ? [] : formatValidationErrors(validate.errors)
+  };
+}
+
+/**
+ * Validate file path exists (for openapi-file source type)
+ * @function validateFilePath
+ * @param {string} filePath - Path to validate
+ * @param {string} basePath - Base path for relative paths
+ * @returns {Promise<Object>} Validation result with valid flag and errors
+ */
+async function validateFilePath(filePath, basePath) {
+  const baseDir = path.resolve(basePath);
+  const resolvedPath = path.isAbsolute(filePath)
+    ? path.resolve(filePath)
+    : path.resolve(baseDir, filePath);
+  if (!path.isAbsolute(filePath)) {
+    const baseWithSep = baseDir.endsWith(path.sep) ? baseDir : `${baseDir}${path.sep}`;
+    if (!resolvedPath.startsWith(baseWithSep)) {
+      return {
+        valid: false,
+        errors: [`OpenAPI file path must be within: ${baseDir}`]
+      };
+    }
+  }
+  try {
+    await fs.access(resolvedPath);
+  } catch (error) {
+    return {
+      valid: false,
+      errors: [`OpenAPI file not found: ${resolvedPath}`]
+    };
+  }
+  return { valid: true, errors: [] };
+}
+
+/**
+ * Validate schema and resolve environment variables
+ * @function validateSchemaAndResolveEnvVars
+ * @param {Object} config - Configuration object
+ * @param {boolean} shouldResolveEnvVars - Whether to resolve env vars
+ * @returns {Object} Result with valid flag, errors, and config
+ */
+function validateSchemaAndResolveEnvVars(config, shouldResolveEnvVars) {
+  if (shouldResolveEnvVars) {
+    try {
+      config = resolveEnvVarsInObject(config);
+    } catch (error) {
+      return { valid: false, errors: [error.message], config };
+    }
+  }
+  const schemaResult = validateWizardConfigSchema(config);
+  if (!schemaResult.valid) {
+    return { valid: false, errors: schemaResult.errors, config };
+  }
+  return { valid: true, errors: [], config };
+}
+
+/**
+ * Perform additional semantic validations
+ * @function performSemanticValidations
+ * @param {Object} config - Configuration object
+ * @param {string} configPath - Path to config file
+ * @param {boolean} validateFilePaths - Whether to validate file paths
+ * @returns {Promise<Object>} Validation result with errors array
+ */
+async function performSemanticValidations(config, configPath, validateFilePaths) {
+  const errors = [];
+  if (validateFilePaths && config.source?.type === 'openapi-file' && config.source?.filePath) {
+    const basePath = path.dirname(path.resolve(configPath));
+    const fileResult = await validateFilePath(config.source.filePath, basePath);
+    if (!fileResult.valid) {
+      errors.push(...fileResult.errors);
+    }
+  }
+  if (config.mode === 'add-datasource' && !config.systemIdOrKey) {
+    errors.push('\'systemIdOrKey\' is required when mode is \'add-datasource\'');
+  }
+  return errors;
+}
+
+/**
+ * Validate wizard configuration with all checks
+ * @async
+ * @function validateWizardConfig
+ * @param {string} configPath - Path to wizard.yaml file
+ * @param {Object} [options] - Validation options
+ * @param {boolean} [options.resolveEnvVars=true] - Whether to resolve env vars
+ * @param {boolean} [options.validateFilePaths=true] - Whether to validate file paths
+ * @returns {Promise<Object>} Validation result with valid flag, errors, and config
+ */
+async function validateWizardConfig(configPath, options = {}) {
+  const { resolveEnvVars: shouldResolveEnvVars = true, validateFilePaths = true } = options;
+  let config;
+  try {
+    config = await loadWizardConfig(configPath);
+  } catch (error) {
+    return { valid: false, errors: [error.message], config: null };
+  }
+  const schemaResult = validateSchemaAndResolveEnvVars(config, shouldResolveEnvVars);
+  if (!schemaResult.valid) {
+    return schemaResult;
+  }
+  config = schemaResult.config;
+  const errors = await performSemanticValidations(config, configPath, validateFilePaths);
+  return { valid: errors.length === 0, errors, config };
+}
+
+/**
+ * Display validation results to console
+ * @function displayValidationResults
+ * @param {Object} result - Validation result
+ * @param {boolean} result.valid - Whether validation passed
+ * @param {string[]} result.errors - Array of error messages
+ */
+function displayValidationResults(result) {
+  const chalk = require('chalk');
+  if (result.valid) {
+    // eslint-disable-next-line no-console
+    console.log(chalk.green('Wizard configuration is valid'));
+  } else {
+    // eslint-disable-next-line no-console
+    console.log(chalk.red('✗ Wizard configuration validation failed:'));
+    result.errors.forEach(error => {
+      // eslint-disable-next-line no-console
+      console.log(chalk.red(`  - ${error}`));
+    });
+  }
+}
+
+module.exports = {
+  loadWizardConfig,
+  validateWizardConfig,
+  validateWizardConfigSchema,
+  resolveEnvVar,
+  resolveEnvVarsInObject,
+  formatValidationErrors,
+  displayValidationResults
+};

package/package.json

@@ -1,13 +1,15 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.32.2",
+  "version": "2.33.0",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {
-    "aifabrix": "bin/aifabrix.js"
+    "aifabrix": "bin/aifabrix.js",
+    "aifx": "bin/aifabrix.js"
   },
   "scripts": {
     "test": "node tests/scripts/test-wrapper.js",
+    "test:ci": "bash tests/scripts/ci-simulate.sh",
     "test:coverage": "jest --config jest.config.coverage.js --coverage --runInBand",
     "test:coverage:nyc": "nyc --reporter=text --reporter=lcov --reporter=html jest --config jest.config.coverage.js --runInBand",
     "test:watch": "jest --watch",

package/templates/applications/README.md.hbs

@@ -18,11 +18,11 @@ npm install -g @aifabrix/builder
 # Check your environment
 aifabrix doctor
 
-# Login to controller
-aifabrix login --method device --environment dev --offline --controller http://localhost:3000
+# Login to controller (offline tokens are default; sets controller and environment in config)
+aifabrix login --method device --environment dev --controller http://localhost:3000
 
-# Register your application (gets you credentials automatically)
-aifabrix app register {{appName}} --environment dev
+# Register your application (gets you credentials; uses controller and environment from config)
+aifabrix app register {{appName}}
 ```
 
 ### 3. Build & Run Locally
@@ -38,7 +38,7 @@ aifabrix resolve {{appName}}
 aifabrix run {{appName}}
 ```
 
-**Access your app:** http://localhost:{{port}}
+**Access your app:** http://localhost:{{localPort}}
 
 **View logs:**
 ```bash
@@ -60,8 +60,8 @@ aifabrix build {{appName}} --tag v1.0.0
 # Push to registry
 aifabrix push {{appName}} --registry {{registry}} --tag "v1.0.0,latest"
 
-# Deploy to miso-controller
-aifabrix deploy {{appName}} --controller https://controller.aifabrix.ai --environment dev
+# Deploy (controller and environment from config; set via aifabrix login or aifabrix auth config)
+aifabrix deploy {{appName}}
 ```
 
 ---
@@ -74,7 +74,7 @@ After registering your app, you automatically get credentials in your secret fil
 
 **Rotate credentials if needed:**
 ```bash
-aifabrix app rotate-secret {{appName}} --environment dev
+aifabrix app rotate-secret {{appName}}
 ```
 
 ---
@@ -95,12 +95,12 @@ aifabrix resolve {{appName}}                      # Generate .env file
 aifabrix json {{appName}}                         # Preview deployment JSON
 aifabrix genkey {{appName}}                       # Generate deployment key
 aifabrix push {{appName}} --registry {{registry}} # Push to ACR
-aifabrix deploy {{appName}} --controller <url>    # Deploy to Azure
+aifabrix deploy {{appName}}                       # Deploy (controller/env from config)
 
 # Management
-aifabrix app register {{appName}} --environment dev
-aifabrix app list --environment dev
-aifabrix app rotate-secret {{appName}} --environment dev
+aifabrix app register {{appName}}
+aifabrix app list
+aifabrix app rotate-secret {{appName}}
 
 # Utilities
 aifabrix doctor                                   # Check environment
@@ -119,7 +119,7 @@ aifabrix build {{appName}} --language typescript  # Override language detection
 ### Run Options
 
 ```bash
-aifabrix run {{appName}} --port {{port}}          # Custom port
+aifabrix run {{appName}} --port {{localPort}}   # Override local port
 aifabrix run {{appName}} --debug                  # Debug output
 ```
 
@@ -133,8 +133,8 @@ aifabrix push {{appName}} --registry {{registry}} --tag "v1.0.0,latest,stable"
 ### Deploy Options
 
 ```bash
-aifabrix deploy {{appName}} --controller <url> --environment dev
-aifabrix deploy {{appName}} --controller <url> --environment dev --no-poll
+aifabrix deploy {{appName}}                       # Uses controller and environment from config
+aifabrix deploy {{appName}} --no-poll             # Deploy without polling for status
 ```
 
 ### Login Methods
@@ -159,13 +159,15 @@ aifabrix-home: "/custom/path"
 aifabrix-secrets: "/path/to/secrets.yaml"
 ```
 
+Controller URL and environment (for `deploy`, `app register`, etc.) are set via `aifabrix login` or `aifabrix auth config --set-controller <url> --set-environment <env>`.
+
 ---
 
 ## Troubleshooting
 
 - **"Docker not running"** → Start Docker Desktop
 - **"Not logged in"** → Run `aifabrix login` first
-- **"Port already in use"** → Use `--port` flag or change `build.localPort` in `variables.yaml` (default: {{port}})
+- **"Port already in use"** → Use `aifabrix run {{appName}} --port <port>` or set `build.localPort` in `variables.yaml` (default: {{localPort}})
 - **"Authentication failed"** → Run `aifabrix login` again
 - **"Build fails"** → Check Docker is running and `aifabrix-secrets` in `config.yaml` is configured correctly
 - **"Can't connect"** → Verify infrastructure is running{{#if hasDatabase}} and PostgreSQL is accessible{{/if}}
@@ -203,4 +205,4 @@ aifabrix genkey {{appName}}
 
 ---
 
-**Application**: {{appName}} | **Port**: {{port}} | **Registry**: {{registry}} | **Image**: {{imageName}}:latest
+**Application**: {{appName}} | **Port**: {{localPort}} | **Registry**: {{registry}} | **Image**: {{imageName}}:latest

package/templates/applications/miso-controller/env.template

@@ -21,7 +21,7 @@ ONBOARDING_INFRASTRUCTURE_NAME=
 # Password for the initial administrator user (username: admin)
 ONBOARDING_ADMIN_PASSWORD=kv://miso-controller-admin-passwordKeyVault
 
-# Optional admin email for onboarding (default: admin@aifabrix.ai)
+# Optional admin email for onboarding (default: admin@aifabrix.dev)
 ONBOARDING_ADMIN_EMAIL=kv://miso-controller-admin-emailKeyVault
 
 # =============================================================================

package/templates/applications/miso-controller/rbac.yaml

@@ -2,37 +2,37 @@ roles:
   - name: 'AI Fabrix Platform Admin'
     value: 'aifabrix-platform-admin'
     description: 'Full platform infrastructure management and enterprise controller access'
-    Groups: ['AI-Fabrix-Platform-Admins']
+    groups: ['AI-Fabrix-Platform-Admins']
 
   - name: 'AI Fabrix Security Admin'
     value: 'aifabrix-security-admin'
     description: 'Security and compliance management for enterprise controller'
-    Groups: ['AI-Fabrix-Security-Admins']
+    groups: ['AI-Fabrix-Security-Admins']
 
   - name: 'AI Fabrix Infrastructure Admin'
     value: 'aifabrix-infrastructure-admin'
     description: 'Infrastructure deployment and management across environments'
-    Groups: ['AI-Fabrix-Infrastructure-Admins']
+    groups: ['AI-Fabrix-Infrastructure-Admins']
 
   - name: 'AI Fabrix Deployment Admin'
     value: 'aifabrix-deployment-admin'
     description: 'Application deployment orchestration and environment management'
-    Groups: ['AI-Fabrix-Deployment-Admins']
+    groups: ['AI-Fabrix-Deployment-Admins']
 
   - name: 'AI Fabrix Compliance Admin'
     value: 'aifabrix-compliance-admin'
     description: 'ISO 27001 compliance monitoring and audit management'
-    Groups: ['AI-Fabrix-Compliance-Admins']
+    groups: ['AI-Fabrix-Compliance-Admins']
 
   - name: 'AI Fabrix Developer'
     value: 'aifabrix-developer'
     description: 'Developer access to deploy applications via GitHub Actions'
-    Groups: ['AI-Fabrix-Developers']
+    groups: ['AI-Fabrix-Developers']
 
   - name: 'AI Fabrix Observer'
     value: 'aifabrix-observer'
     description: 'Read-only access to monitoring, logs, and compliance reports'
-    Groups: ['AI-Fabrix-Observers']
+    groups: ['AI-Fabrix-Observers']
 
 permissions:
   # Service User Management

package/templates/external-system/README.md.hbs

@@ -0,0 +1,99 @@
+# {{displayName}}
+
+{{description}}
+
+## System Information
+
+- **System Key**: `{{systemKey}}`
+- **System Type**: `{{systemType}}`
+- **Datasources**: {{datasourceCount}}
+
+## Files
+
+- `variables.yaml` – Application configuration with `app` and `externalIntegration` blocks
+- `{{systemKey}}-system.json` – External system definition (authentication, OpenAPI/MCP, RBAC)
+{{#each datasources}}
+- `{{fileName}}` – Datasource: {{displayName}}
+{{/each}}
+- `env.template` – Environment variables template (secrets, API keys)
+- `{{systemKey}}-deploy.json` – Deployment manifest (generated by `aifabrix json`)
+
+Optional: `rbac.yaml` – Roles and permissions merged into the system when present.
+
+## Quick Start
+
+### 1. Create External System
+
+```bash
+aifabrix create {{appName}} --type external
+```
+
+Or use the interactive wizard:
+
+```bash
+aifabrix wizard --app {{appName}}
+```
+
+### 2. Configure Authentication and Datasources
+
+Edit files in `integration/{{appName}}/`:
+
+- **Authentication**: `{{systemKey}}-system.json` (auth type, credentials placeholders)
+- **Field mappings**: `{{systemKey}}-datasource-*.json` (dimensions, attributes, operations)
+
+### 3. Validate Configuration
+
+```bash
+aifabrix validate {{appName}} --type external
+```
+
+### 4. Generate Deployment Manifest
+
+```bash
+aifabrix json {{appName}} --type external
+```
+
+This creates `{{systemKey}}-deploy.json` in `integration/{{appName}}/`.
+
+### 5. Deploy
+
+Controller URL and environment are read from config. Configure and log in first:
+
+```bash
+aifabrix auth config --set-controller <url> --set-environment dev
+aifabrix login
+```
+
+Then deploy:
+
+```bash
+aifabrix deploy {{appName}}
+```
+
+## Testing
+
+### Unit Tests (Local Validation, No API)
+
+```bash
+aifabrix test {{appName}}
+```
+
+### Integration Tests (Via Dataplane)
+
+```bash
+aifabrix test-integration {{appName}}
+```
+
+## Deployment
+
+Deploy via miso-controller pipeline (same as regular apps). Auth and controller come from `aifabrix login` and `aifabrix auth config`:
+
+```bash
+aifabrix deploy {{appName}}
+```
+
+## Troubleshooting
+
+- **Validation errors**: Run `aifabrix validate {{appName}} --type external` to see schema and manifest errors.
+- **Deployment / auth**: Run `aifabrix auth config --set-controller <url> --set-environment <env>` and `aifabrix login` before `aifabrix deploy`.
+- **File not found**: Run commands from the project root (where `package.json` and `integration/` live).

package/templates/external-system/external-system.json.hbs

@@ -39,7 +39,7 @@
       "name": "{{name}}",
       "value": "{{value}}",
       "description": "{{description}}"{{#if Groups}},
-      "Groups": [{{#each Groups}}"{{this}}"{{#unless @last}}, {{/unless}}{{/each}}]{{/if}}
+      "groups": [{{#each Groups}}"{{this}}"{{#unless @last}}, {{/unless}}{{/each}}]{{/if}}
     }{{#unless @last}},{{/unless}}
     {{/each}}
   ]{{/if}}{{#if permissions}},

package/templates/infra/compose.yaml.hbs

@@ -96,6 +96,41 @@ services:
     networks:
       - {{networkName}}
 
+{{#if traefik.enabled}}
+  # Traefik Reverse Proxy
+  traefik:
+    image: traefik:v3.6
+    container_name: {{#if (eq devId 0)}}aifabrix-traefik{{else}}aifabrix-dev{{devId}}-traefik{{/if}}
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network={{networkName}}"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+{{#if traefik.certStore}}
+{{#if traefik.certFile}}
+      - "--certificatesstores.{{traefik.certStore}}.defaultcertificate.certfile={{traefik.certFile}}"
+{{/if}}
+{{#if traefik.keyFile}}
+      - "--certificatesstores.{{traefik.certStore}}.defaultcertificate.keyfile={{traefik.keyFile}}"
+{{/if}}
+{{/if}}
+    ports:
+      - "{{traefikHttpPort}}:80"
+      - "{{traefikHttpsPort}}:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+{{#if traefik.certFile}}
+      - {{traefik.certFile}}:{{traefik.certFile}}:ro
+{{/if}}
+{{#if traefik.keyFile}}
+      - {{traefik.keyFile}}:{{traefik.keyFile}}:ro
+{{/if}}
+    networks:
+      - {{networkName}}
+    restart: unless-stopped
+{{/if}}
+
 volumes:
   {{#if (eq devId 0)}}postgres_data{{else}}dev{{devId}}_postgres_data{{/if}}:
     name: {{#if (eq devId 0)}}infra_postgres_data{{else}}infra_dev{{devId}}_postgres_data{{/if}}

package/templates/python/docker-compose.hbs

@@ -6,6 +6,32 @@ services:
   {{app.key}}:
     image: {{image.name}}:{{image.tag}}
     container_name: {{containerName}}
+    {{#if traefik.enabled}}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.{{app.key}}.rule=Host(`{{traefik.host}}`) && PathPrefix(`{{traefik.path}}`)"
+      {{#if traefik.tls}}
+      - "traefik.http.routers.{{app.key}}.entrypoints=websecure"
+      - "traefik.http.routers.{{app.key}}.tls=true"
+      {{#if traefik.certStore}}
+      - "traefik.http.routers.{{app.key}}.tls.certstore={{traefik.certStore}}"
+      {{/if}}
+      {{else}}
+      - "traefik.http.routers.{{app.key}}.entrypoints=web"
+      {{/if}}
+      - "traefik.http.services.{{app.key}}.loadbalancer.server.port={{containerPort}}"
+      {{#unless (eq traefik.path "/")}}
+      - "traefik.http.middlewares.{{app.key}}-stripprefix.stripprefix.prefixes={{traefik.path}}"
+      - "traefik.http.routers.{{app.key}}.middlewares={{app.key}}-stripprefix"
+      {{/unless}}
+    {{/if}}
+    {{#if traefik.enabled}}
+    {{#unless (eq traefik.path "/")}}
+    environment:
+      - BASE_PATH={{traefik.path}}
+      - X_FORWARDED_PREFIX={{traefik.path}}
+    {{/unless}}
+    {{/if}}
     env_file:
       - {{envFile}}
     ports:

package/templates/typescript/docker-compose.hbs

@@ -6,6 +6,32 @@ services:
   {{app.key}}:
     image: {{image.name}}:{{image.tag}}
     container_name: {{containerName}}
+    {{#if traefik.enabled}}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.{{app.key}}.rule=Host(`{{traefik.host}}`) && PathPrefix(`{{traefik.path}}`)"
+      {{#if traefik.tls}}
+      - "traefik.http.routers.{{app.key}}.entrypoints=websecure"
+      - "traefik.http.routers.{{app.key}}.tls=true"
+      {{#if traefik.certStore}}
+      - "traefik.http.routers.{{app.key}}.tls.certstore={{traefik.certStore}}"
+      {{/if}}
+      {{else}}
+      - "traefik.http.routers.{{app.key}}.entrypoints=web"
+      {{/if}}
+      - "traefik.http.services.{{app.key}}.loadbalancer.server.port={{containerPort}}"
+      {{#unless (eq traefik.path "/")}}
+      - "traefik.http.middlewares.{{app.key}}-stripprefix.stripprefix.prefixes={{traefik.path}}"
+      - "traefik.http.routers.{{app.key}}.middlewares={{app.key}}-stripprefix"
+      {{/unless}}
+    {{/if}}
+    {{#if traefik.enabled}}
+    {{#unless (eq traefik.path "/")}}
+    environment:
+      - BASE_PATH={{traefik.path}}
+      - X_FORWARDED_PREFIX={{traefik.path}}
+    {{/unless}}
+    {{/if}}
     env_file:
       - {{envFile}}
     ports: