@aifabrix/builder 2.32.3 → 2.33.1

package/lib/core/secrets.js

@@ -44,6 +44,7 @@ const {
 } = require('../utils/secrets-utils');
 const { decryptSecret, isEncrypted } = require('../utils/secrets-encryption');
 const pathsUtil = require('../utils/paths');
+const { getContainerPortFromPath } = require('../utils/port-resolver');
 
 /**
  * Generates a canonical secret name from an environment variable key.
@@ -253,26 +254,6 @@ function applyDockerEnvOverride(dockerEnv) {
   return dockerEnv;
 }
 
-/**
- * Gets container port from variables.yaml
- * @function getContainerPortFromVariables
- * @param {string} variablesPath - Path to variables.yaml
- * @returns {number|null} Container port or null
- */
-function getContainerPortFromVariables(variablesPath) {
-  if (!variablesPath || !fs.existsSync(variablesPath)) {
-    return null;
-  }
-  try {
-    const variablesContent = fs.readFileSync(variablesPath, 'utf8');
-    const variables = yaml.load(variablesContent);
-    // Use containerPort if specified, otherwise use base port (no developer-id offset)
-    return variables?.build?.containerPort || variables?.port || null;
-  } catch {
-    return null;
-  }
-}
-
 /**
  * Gets container port from docker environment config
  * @function getContainerPortFromDockerEnv
@@ -305,7 +286,7 @@ async function updatePortForDocker(resolved, variablesPath) {
   dockerEnv = applyDockerEnvOverride(dockerEnv);
 
   // Step 3: Get PORT value for container (should be container port, NOT host port)
-  let containerPort = getContainerPortFromVariables(variablesPath);
+  let containerPort = getContainerPortFromPath(variablesPath);
   if (containerPort === null) {
     containerPort = getContainerPortFromDockerEnv(dockerEnv);
   }
@@ -454,7 +435,7 @@ async function generateAdminSecretsEnv(secretsPath) {
 
   const adminSecrets = `# Infrastructure Admin Credentials
 POSTGRES_PASSWORD=${postgresPassword}
-PGADMIN_DEFAULT_EMAIL=admin@aifabrix.ai
+PGADMIN_DEFAULT_EMAIL=admin@aifabrix.dev
 PGADMIN_DEFAULT_PASSWORD=${postgresPassword}
 REDIS_HOST=local:redis:6379:0:
 REDIS_COMMANDER_USER=admin

package/lib/core/templates-env.js

@@ -104,7 +104,7 @@ function buildMonitoringEnv(config) {
   }
 
   return {
-    'MISO_CONTROLLER_URL': config.controllerUrl || 'https://controller.aifabrix.ai',
+    'MISO_CONTROLLER_URL': config.controllerUrl || 'https://controller.aifabrix.dev',
     'MISO_ENVIRONMENT': 'dev',
     'MISO_CLIENTID': 'kv://miso-controller-client-idKeyVault',
     'MISO_CLIENTSECRET': 'kv://miso-controller-client-secretKeyVault',

package/lib/datasource/deploy.js

@@ -48,9 +48,10 @@ async function getDataplaneUrl(controllerUrl, appKey, environment, authConfig) {
     application.configuration?.dataplaneUrl;
 
   if (!dataplaneUrl) {
-    logger.error(chalk.red('❌ Dataplane URL not found in application response'));
-    logger.error(chalk.gray('\nApplication response:'));
-    logger.error(chalk.gray(JSON.stringify(application, null, 2)));
+    const appType = application.configuration?.type || application.type;
+    if (appType === 'external') {
+      throw new Error('Dataplane URL not found for external system. Provide --dataplane <url>.');
+    }
     throw new Error('Dataplane URL not found in application configuration');
   }
 
@@ -64,19 +65,13 @@ async function getDataplaneUrl(controllerUrl, appKey, environment, authConfig) {
  * @param {Object} options - Options
  * @throws {Error} If validation fails
  */
-function validateDeploymentInputs(appKey, filePath, options) {
+function validateDeploymentInputs(appKey, filePath) {
   if (!appKey || typeof appKey !== 'string') {
     throw new Error('Application key is required');
   }
   if (!filePath || typeof filePath !== 'string') {
     throw new Error('File path is required');
   }
-  if (!options.controller) {
-    throw new Error('Controller URL is required (--controller)');
-  }
-  if (!options.environment) {
-    throw new Error('Environment is required (-e, --environment)');
-  }
 }
 
 /**
@@ -112,18 +107,38 @@ async function validateAndLoadDatasourceFile(filePath) {
  * @param {string} controllerUrl - Controller URL
  * @param {string} environment - Environment key
  * @param {string} appKey - Application key
+ * @param {Object} [options] - Options
+ * @param {string} [options.dataplane] - Dataplane URL override
  * @returns {Promise<Object>} Object with authConfig and dataplaneUrl
  */
 async function setupDeploymentAuth(controllerUrl, environment, appKey) {
+  const { resolveDataplaneUrl } = require('../utils/dataplane-resolver');
   logger.log(chalk.blue('🔐 Getting authentication...'));
   const authConfig = await getDeploymentAuth(controllerUrl, environment, appKey);
   logger.log(chalk.green('✓ Authentication successful'));
 
-  logger.log(chalk.blue('🌐 Getting dataplane URL from controller...'));
-  const dataplaneUrl = await getDataplaneUrl(controllerUrl, appKey, environment, authConfig);
-  logger.log(chalk.green(`✓ Dataplane URL: ${dataplaneUrl}`));
+  logger.log(chalk.blue('🌐 Resolving dataplane URL...'));
+  let dataplaneUrl;
+  try {
+    dataplaneUrl = await resolveDataplaneUrl(controllerUrl, environment, authConfig);
+    logger.log(chalk.green(`✓ Dataplane URL: ${dataplaneUrl}`));
+  } catch (error) {
+    logger.error(chalk.red('❌ Failed to resolve dataplane URL:'), error.message);
+    logger.error(chalk.gray('\nThe dataplane URL is automatically discovered from the controller.'));
+    logger.error(chalk.gray('If discovery fails, ensure you are logged in and the controller is accessible:'));
+    logger.error(chalk.gray('   aifabrix login'));
+    throw error;
+  }
+
+  // Validate dataplane URL
+  if (!dataplaneUrl || !dataplaneUrl.trim()) {
+    logger.error(chalk.red('❌ Dataplane URL is empty.'));
+    logger.error(chalk.gray('The dataplane URL could not be discovered from the controller.'));
+    logger.error(chalk.gray('Ensure the dataplane service is registered in the controller.'));
+    throw new Error('Dataplane URL is empty');
+  }
 
-  return { authConfig, dataplaneUrl };
+  return { authConfig, dataplaneUrl: dataplaneUrl.trim() };
 }
 
 /**
@@ -145,6 +160,17 @@ async function publishDatasourceToDataplane(dataplaneUrl, systemKey, authConfig,
     const formattedError = publishResponse.formattedError || formatApiError(publishResponse);
     logger.error(chalk.red('❌ Publish failed:'));
     logger.error(formattedError);
+
+    // Show dataplane URL and endpoint information
+    if (publishResponse.errorData && publishResponse.errorData.endpointUrl) {
+      logger.error(chalk.gray(`\nEndpoint URL: ${publishResponse.errorData.endpointUrl}`));
+    } else if (dataplaneUrl) {
+      logger.error(chalk.gray(`\nDataplane URL: ${dataplaneUrl}`));
+      logger.error(chalk.gray(`System Key: ${systemKey}`));
+    }
+
+    logger.error(chalk.gray('\nFull response for debugging:'));
+    logger.error(chalk.gray(JSON.stringify(publishResponse, null, 2)));
     throw new Error(`Dataplane publish failed: ${formattedError}`);
   }
 
@@ -165,20 +191,30 @@ function displayDeploymentResults(datasourceConfig, systemKey, environment) {
 }
 
 /**
- * Deploys datasource to dataplane
+ * Deploys datasource to dataplane.
+ * Controller and environment come from config.yaml (set via aifabrix login or aifabrix auth config).
  *
  * @async
  * @function deployDatasource
  * @param {string} appKey - Application key
  * @param {string} filePath - Path to datasource JSON file
- * @param {Object} options - Deployment options
- * @param {string} options.controller - Controller URL
- * @param {string} options.environment - Environment key
+ * @param {Object} [_options] - Deployment options (reserved)
  * @returns {Promise<Object>} Deployment result
  * @throws {Error} If deployment fails
  */
-async function deployDatasource(appKey, filePath, options) {
-  validateDeploymentInputs(appKey, filePath, options);
+async function deployDatasource(appKey, filePath, _options) {
+  const { resolveControllerUrl } = require('../utils/controller-url');
+  const { resolveEnvironment } = require('../core/config');
+  const { displayCommandHeader } = require('../utils/command-header');
+
+  validateDeploymentInputs(appKey, filePath);
+
+  // Resolve controller and environment from config
+  const controllerUrl = await resolveControllerUrl();
+  const environment = await resolveEnvironment();
+
+  // Display command header
+  displayCommandHeader(controllerUrl, environment);
 
   logger.log(chalk.blue('📋 Deploying datasource...\n'));
 
@@ -192,19 +228,19 @@ async function deployDatasource(appKey, filePath, options) {
   }
 
   // Setup authentication and get dataplane URL
-  const { authConfig, dataplaneUrl } = await setupDeploymentAuth(options.controller, options.environment, appKey);
+  const { authConfig, dataplaneUrl } = await setupDeploymentAuth(controllerUrl, environment, appKey);
 
   // Publish to dataplane
   await publishDatasourceToDataplane(dataplaneUrl, systemKey, authConfig, datasourceConfig);
 
   // Display results
-  displayDeploymentResults(datasourceConfig, systemKey, options.environment);
+  displayDeploymentResults(datasourceConfig, systemKey, environment);
 
   return {
     success: true,
     datasourceKey: datasourceConfig.key,
     systemKey: systemKey,
-    environment: options.environment,
+    environment: environment,
     dataplaneUrl: dataplaneUrl
   };
 }

package/lib/datasource/list.js

@@ -1,7 +1,8 @@
 /**
  * Datasource List Command
  *
- * Lists datasources from an environment via controller API.
+ * Lists datasources from an environment via dataplane API.
+ * Gets dataplane URL from controller, then lists datasources from dataplane.
  *
  * @fileoverview Datasource listing for AI Fabrix Builder
  * @author AI Fabrix Team
@@ -9,9 +10,10 @@
  */
 
 const chalk = require('chalk');
-const { getConfig } = require('../core/config');
+const { getConfig, resolveEnvironment } = require('../core/config');
 const { getOrRefreshDeviceToken } = require('../utils/token-manager');
-const { listEnvironmentDatasources } = require('../api/environments.api');
+const { listDatasources: listDatasourcesFromDataplane } = require('../api/datasources-core.api');
+const { resolveDataplaneUrl } = require('../utils/dataplane-resolver');
 const { formatApiError } = require('../utils/api-error-handler');
 const logger = require('../utils/logger');
 
@@ -103,14 +105,19 @@ function extractDatasources(response) {
  * @function displayDatasources
  * @param {Array} datasources - Array of datasource objects
  * @param {string} environment - Environment key
+ * @param {string} dataplaneUrl - Dataplane URL for header display
  */
-function displayDatasources(datasources, environment) {
+function displayDatasources(datasources, environment, dataplaneUrl) {
+  const environmentName = environment || 'dev';
+  const header = `Datasources in ${environmentName} environment${dataplaneUrl ? ` (${dataplaneUrl})` : ''}`;
+
   if (datasources.length === 0) {
-    logger.log(chalk.yellow(`\nNo datasources found in environment: ${environment}`));
+    logger.log(chalk.bold(`\n📋 ${header}:\n`));
+    logger.log(chalk.gray('  No datasources found in this environment.\n'));
     return;
   }
 
-  logger.log(chalk.blue(`\n📋 Datasources in environment: ${environment}\n`));
+  logger.log(chalk.bold(`\n📋 ${header}:\n`));
   logger.log(chalk.gray('Key'.padEnd(30) + 'Display Name'.padEnd(30) + 'System Key'.padEnd(20) + 'Version'.padEnd(15) + 'Status'));
   logger.log(chalk.gray('-'.repeat(120)));
 
@@ -130,8 +137,7 @@ function displayDatasources(datasources, environment) {
  *
  * @async
  * @function listDatasources
- * @param {Object} options - Command options
- * @param {string} options.environment - Environment ID or key
+ * @param {Object} _options - Command options (unused, kept for compatibility)
  * @throws {Error} If listing fails
  */
 /**
@@ -170,7 +176,7 @@ async function getDeviceTokenFromConfig(config) {
  * @param {string|null} controllerUrl - Controller URL
  */
 function validateDatasourceListingAuth(token, controllerUrl) {
-  if (!token || !controllerUrl) {
+  if (!token || !controllerUrl || (typeof controllerUrl === 'string' && !controllerUrl.trim())) {
     logger.error(chalk.red('❌ Not logged in. Run: aifabrix login'));
     logger.error(chalk.gray('   Use device code flow: aifabrix login --method device --controller <url>'));
     process.exit(1);
@@ -182,37 +188,120 @@ function validateDatasourceListingAuth(token, controllerUrl) {
  * @function handleDatasourceApiError
  * @param {Object} response - API response
  */
-function handleDatasourceApiError(response) {
+function handleDatasourceApiError(response, dataplaneUrl = null) {
   const formattedError = response.formattedError || formatApiError(response);
   logger.error(formattedError);
+
+  // Show endpoint URL from error data if available (more specific than dataplane URL)
+  if (response.errorData && response.errorData.endpointUrl) {
+    logger.error(chalk.gray(`\nEndpoint URL: ${response.errorData.endpointUrl}`));
+  } else if (response.errorData && response.errorData.controllerUrl) {
+    logger.error(chalk.gray(`\nDataplane URL: ${response.errorData.controllerUrl}`));
+  } else if (dataplaneUrl) {
+    logger.error(chalk.gray(`\nDataplane URL: ${dataplaneUrl}`));
+  }
+
   logger.error(chalk.gray('\nFull response for debugging:'));
   logger.error(chalk.gray(JSON.stringify(response, null, 2)));
   process.exit(1);
 }
 
-async function listDatasources(options) {
+/**
+ * Validates and trims controller URL
+ * @function validateControllerUrl
+ * @param {string} controllerUrl - Controller URL to validate
+ * @returns {string} Trimmed controller URL
+ */
+function validateControllerUrl(controllerUrl) {
+  const trimmed = controllerUrl.trim();
+  if (!trimmed) {
+    logger.error(chalk.red('❌ Controller URL is empty.'));
+    logger.error(chalk.gray(`   Controller URL from config: ${JSON.stringify(controllerUrl)}`));
+    logger.error(chalk.gray('   Run: aifabrix login --method device --controller <url>'));
+    process.exit(1);
+  }
+  return trimmed;
+}
+
+/**
+ * Resolves and validates dataplane URL from controller
+ * @async
+ * @function resolveAndValidateDataplaneUrl
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} environment - Environment key
+ * @param {Object} authConfig - Authentication configuration
+ * @returns {Promise<string>} Validated dataplane URL
+ */
+async function resolveAndValidateDataplaneUrl(controllerUrl, environment, authConfig) {
+  let dataplaneUrl;
+  try {
+    // discoverDataplaneUrl already logs progress and success messages
+    dataplaneUrl = await resolveDataplaneUrl(controllerUrl, environment, authConfig);
+  } catch (error) {
+    logger.error(chalk.red('❌ Failed to resolve dataplane URL:'), error.message);
+    logger.error(chalk.gray('\nThe dataplane URL is automatically discovered from the controller.'));
+    logger.error(chalk.gray('If discovery fails, ensure you are logged in and the controller is accessible:'));
+    logger.error(chalk.gray('   aifabrix login'));
+    process.exit(1);
+    // eslint-disable-next-line no-unreachable
+    throw error; // Never reached in production, but needed for tests when process.exit is mocked
+  }
+
+  if (!dataplaneUrl || typeof dataplaneUrl !== 'string' || !dataplaneUrl.trim()) {
+    logger.error(chalk.red('❌ Dataplane URL is empty.'));
+    logger.error(chalk.gray('The dataplane URL could not be discovered from the controller.'));
+    logger.error(chalk.gray('Ensure the dataplane service is registered in the controller.'));
+    process.exit(1);
+    // eslint-disable-next-line no-unreachable
+    throw new Error('Dataplane URL is empty'); // Never reached in production, but needed for tests
+  }
+
+  return dataplaneUrl.trim();
+}
+
+/**
+ * Sets up authentication configuration for dataplane API calls
+ * @function setupAuthConfig
+ * @param {string} token - Authentication token
+ * @param {string} controllerUrl - Controller URL
+ * @returns {Object} Authentication configuration
+ */
+function setupAuthConfig(token, controllerUrl) {
+  return {
+    type: 'bearer',
+    token: token,
+    controller: controllerUrl
+  };
+}
+
+async function listDatasources(_options) {
   const config = await getConfig();
 
+  // Resolve environment from config.yaml (no flags)
+  const environment = await resolveEnvironment();
+
   // Try to get device token
   const authInfo = await getDeviceTokenFromConfig(config);
   validateDatasourceListingAuth(authInfo?.token, authInfo?.controllerUrl);
 
-  // Call controller API using centralized API client
-  // Note: validateDatasourceListingAuth will exit if auth is missing, so this check is defensive
   if (!authInfo || !authInfo.token || !authInfo.controllerUrl) {
-    validateDatasourceListingAuth(null, null); // This will exit
-    return; // Never reached, but satisfies linter
+    validateDatasourceListingAuth(null, null);
+    return;
   }
-  const authConfig = { type: 'bearer', token: authInfo.token };
-  const response = await listEnvironmentDatasources(authInfo.controllerUrl, options.environment, authConfig);
+
+  const controllerUrl = validateControllerUrl(authInfo.controllerUrl);
+  const authConfig = setupAuthConfig(authInfo.token, controllerUrl);
+  const dataplaneUrl = await resolveAndValidateDataplaneUrl(controllerUrl, environment, authConfig);
+
+  const response = await listDatasourcesFromDataplane(dataplaneUrl, authConfig);
 
   if (!response.success || !response.data) {
-    handleDatasourceApiError(response);
+    handleDatasourceApiError(response, dataplaneUrl);
     return; // Ensure we don't continue after exit
   }
 
   const datasources = extractDatasources(response);
-  displayDatasources(datasources, options.environment);
+  displayDatasources(datasources, environment, dataplaneUrl);
 }
 
 module.exports = {

package/lib/deployment/deployer.js

@@ -52,6 +52,27 @@ async function buildValidationData(manifest, validatedEnvKey, authConfig, option
   return { validationData, pipelineAuthConfig };
 }
 
+/**
+ * Handle authentication errors during validation
+ * @param {Error} error - Error object
+ * @param {string} appKey - Application key
+ * @throws {Error} Enhanced authentication error
+ */
+function handleValidationAuthError(error, appKey) {
+  if (error.status === 401 || (error.response && error.response.status === 401)) {
+    const authError = new Error(
+      `Authentication failed: Invalid or expired credentials for application '${appKey}'.\n` +
+      'The provided Client ID and Client Secret are incorrect or have been revoked.\n\n' +
+      '💡 If the application already exists, rotate the secret:\n' +
+      `   aifabrix app rotate-secret ${appKey}\n\n` +
+      '💡 Otherwise, ensure credentials are correct in ~/.aifabrix/secrets.local.yaml or use --client-id and --client-secret flags.'
+    );
+    authError.status = 401;
+    authError.originalError = error;
+    throw authError;
+  }
+}
+
 /**
  * Validates deployment configuration via validate endpoint
  * This is the first step in the deployment process
@@ -79,6 +100,10 @@ async function validateDeployment(url, envKey, manifest, authConfig, options = {
       return handleValidationResponse(response);
     } catch (error) {
       lastError = error;
+
+      // Handle authentication errors (401) - credentials are invalid, not missing
+      handleValidationAuthError(error, manifest.key);
+
       const shouldRetry = attempt < maxRetries && error.status && error.status >= 500;
       if (shouldRetry) {
         const delay = Math.min(1000 * Math.pow(2, attempt - 1), 5000);

package/lib/deployment/environment.js

@@ -12,6 +12,7 @@
 const chalk = require('chalk');
 const logger = require('../utils/logger');
 const config = require('../core/config');
+const { resolveControllerUrl } = require('../utils/controller-url');
 const { validateControllerUrl, validateEnvironmentKey } = require('../utils/deployment-validation');
 const { getOrRefreshDeviceToken } = require('../utils/token-manager');
 const { getEnvironmentStatus } = require('../api/environments.api');
@@ -266,27 +267,19 @@ function displayDeploymentResults(result) {
  * @throws {Error} If deployment fails
  *
  * @example
- * await deployEnvironment('dev', { controller: 'https://controller.aifabrix.ai' });
+ * await deployEnvironment('dev', { controller: 'https://controller.aifabrix.dev' });
  */
 /**
- * Validates deployment input parameters
+ * Validates deployment input parameters (environment key only).
+ * Controller URL is resolved from config.yaml via resolveControllerUrl().
  * @function validateDeploymentInput
  * @param {string} envKey - Environment key
- * @param {Object} options - Deployment options
- * @returns {string} Controller URL
  * @throws {Error} If validation fails
  */
-function validateDeploymentInput(envKey, options) {
+function validateDeploymentInput(envKey) {
   if (!envKey || typeof envKey !== 'string' || envKey.trim().length === 0) {
     throw new Error('Environment key is required');
   }
-
-  const controllerUrl = options.controller || options['controller-url'];
-  if (!controllerUrl) {
-    throw new Error('Controller URL is required. Use --controller flag');
-  }
-
-  return controllerUrl;
 }
 
 /**
@@ -365,7 +358,11 @@ async function pollDeploymentStatusIfEnabled(result, validatedControllerUrl, env
 
 async function deployEnvironment(envKey, options = {}) {
   try {
-    const controllerUrl = validateDeploymentInput(envKey, options);
+    validateDeploymentInput(envKey);
+    const controllerUrl = await resolveControllerUrl();
+    if (!controllerUrl) {
+      throw new Error('Controller URL is required. Run "aifabrix login" to set the controller URL in config.yaml');
+    }
     const authConfig = await prepareEnvironmentDeployment(envKey, controllerUrl, options);
 
     const validatedControllerUrl = validateControllerUrl(authConfig.controller);

package/lib/external-system/delete.js

@@ -0,0 +1,151 @@
+/**
+ * External System Delete Module
+ *
+ * Deletes external systems from dataplane and confirms before removal.
+ *
+ * @fileoverview External system delete functionality for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+'use strict';
+
+const chalk = require('chalk');
+const inquirer = require('inquirer');
+const logger = require('../utils/logger');
+const { getDeploymentAuth } = require('../utils/token-manager');
+const { resolveControllerUrl } = require('../utils/controller-url');
+const { getExternalSystemConfig, deleteExternalSystem } = require('../api/external-systems.api');
+
+/**
+ * Validates system key format
+ * @param {string} systemKey - System key to validate
+ */
+function validateSystemKey(systemKey) {
+  if (!systemKey || typeof systemKey !== 'string') {
+    throw new Error('System key is required and must be a string');
+  }
+  if (!/^[a-z0-9-_]+$/.test(systemKey)) {
+    throw new Error('System key must contain only lowercase letters, numbers, hyphens, and underscores');
+  }
+}
+
+/**
+ * Gets dataplane URL and authentication configuration
+ * @async
+ * @param {string} systemKey - System key
+ * @param {Object} options - Command options
+ * @returns {Promise<Object>} Auth and dataplane details
+ */
+async function getAuthAndDataplane(systemKey, _options) {
+  const { resolveEnvironment } = require('../core/config');
+  const environment = await resolveEnvironment();
+  const controllerUrl = await resolveControllerUrl();
+  const authConfig = await getDeploymentAuth(controllerUrl, environment, systemKey);
+
+  if (!authConfig.token && !authConfig.clientId) {
+    throw new Error('Authentication required. Run "aifabrix login" or "aifabrix app register" first.');
+  }
+
+  const { resolveDataplaneUrl } = require('../utils/dataplane-resolver');
+  logger.log(chalk.blue('🌐 Resolving dataplane URL...'));
+  const dataplaneUrl = await resolveDataplaneUrl(controllerUrl, environment, authConfig);
+  logger.log(chalk.green(`✓ Dataplane URL: ${dataplaneUrl}`));
+
+  return { authConfig, dataplaneUrl, environment, controllerUrl };
+}
+
+/**
+ * Fetches external system configuration for warning display
+ * @async
+ * @param {string} dataplaneUrl - Dataplane URL
+ * @param {string} systemKey - System key
+ * @param {Object} authConfig - Authentication configuration
+ * @returns {Promise<Object>} System config response data
+ */
+async function fetchExternalSystemConfig(dataplaneUrl, systemKey, authConfig) {
+  const response = await getExternalSystemConfig(dataplaneUrl, systemKey, authConfig);
+  if (!response || response.success === false) {
+    throw new Error(response?.error || response?.formattedError || `External system '${systemKey}' not found`);
+  }
+  return response.data?.data || response.data || {};
+}
+
+/**
+ * Formats datasources for warning output
+ * @param {Array} dataSources - Datasource objects
+ * @returns {string[]} Datasource labels
+ */
+function formatDatasourceList(dataSources) {
+  if (!Array.isArray(dataSources)) {
+    return [];
+  }
+  return dataSources
+    .map(ds => ds.key || ds.displayName || 'unknown-datasource')
+    .filter(Boolean);
+}
+
+/**
+ * Prompts for delete confirmation if needed
+ * @async
+ * @param {string} systemKey - System key
+ * @param {string[]} datasources - Datasource keys
+ * @param {Object} options - Command options
+ * @returns {Promise<boolean>} True if confirmed
+ */
+async function confirmDeletion(systemKey, datasources, options) {
+  if (options.yes || options.force) {
+    return true;
+  }
+
+  logger.log(chalk.yellow(`\n⚠️  Warning: Deleting external system '${systemKey}' will also delete all associated datasources:`));
+  if (datasources.length > 0) {
+    datasources.forEach(ds => logger.log(chalk.yellow(` - ${ds}`)));
+  } else {
+    logger.log(chalk.yellow(' - (no datasources found)'));
+  }
+
+  const answer = await inquirer.prompt([{
+    type: 'input',
+    name: 'confirm',
+    message: `Are you sure you want to delete external system '${systemKey}'? (yes/no):`,
+    default: 'no'
+  }]);
+
+  return String(answer.confirm).trim().toLowerCase() === 'yes';
+}
+
+/**
+ * Deletes an external system from dataplane
+ * @async
+ * @function deleteExternalSystemCommand
+ * @param {string} systemKey - System key
+ * @param {Object} options - Command options
+ * @returns {Promise<void>}
+ * @throws {Error} If deletion fails or is cancelled
+ */
+async function deleteExternalSystemCommand(systemKey, options = {}) {
+  validateSystemKey(systemKey);
+
+  const { authConfig, dataplaneUrl } = await getAuthAndDataplane(systemKey, options);
+  const configData = await fetchExternalSystemConfig(dataplaneUrl, systemKey, authConfig);
+  const dataSources = formatDatasourceList(configData.dataSources || []);
+
+  const confirmed = await confirmDeletion(systemKey, dataSources, options);
+  if (!confirmed) {
+    logger.log(chalk.yellow('Deletion cancelled.'));
+    return;
+  }
+
+  const response = await deleteExternalSystem(dataplaneUrl, systemKey, authConfig);
+  if (!response || response.success === false) {
+    throw new Error(response?.error || response?.formattedError || `Failed to delete external system '${systemKey}'`);
+  }
+
+  logger.log(chalk.green(`✓ External system '${systemKey}' deleted successfully`));
+  logger.log(chalk.green('✓ All associated datasources have been removed'));
+}
+
+module.exports = {
+  deleteExternalSystem: deleteExternalSystemCommand
+};