@aifabrix/builder 2.33.0 → 2.33.3

package/lib/commands/up-common.js

@@ -0,0 +1,72 @@
+/**
+ * AI Fabrix Builder - Up Commands Shared Helpers
+ *
+ * Shared logic for up-miso and up-dataplane (ensure app from template).
+ *
+ * @fileoverview Shared helpers for up-miso and up-dataplane commands
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const path = require('path');
+const fs = require('fs');
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+const pathsUtil = require('../utils/paths');
+const { copyTemplateFiles } = require('../validation/template');
+
+/**
+ * Copy template to a target path if variables.yaml is missing there.
+ * @param {string} appName - Application name
+ * @param {string} targetAppPath - Target directory (e.g. builder/keycloak)
+ * @returns {Promise<boolean>} True if template was copied, false if already present
+ */
+async function ensureTemplateAtPath(appName, targetAppPath) {
+  const variablesPath = path.join(targetAppPath, 'variables.yaml');
+  if (fs.existsSync(variablesPath)) {
+    return false;
+  }
+  await copyTemplateFiles(appName, targetAppPath);
+  return true;
+}
+
+/**
+ * Ensures builder app directory exists from template if variables.yaml is missing.
+ * If builder/<appName>/variables.yaml does not exist, copies from templates/applications/<appName>.
+ * Uses AIFABRIX_BUILDER_DIR when set (e.g. by up-miso/up-dataplane from config aifabrix-env-config).
+ * When using a custom builder dir, also populates cwd/builder/<appName> so the repo's builder/ is not empty.
+ *
+ * @async
+ * @function ensureAppFromTemplate
+ * @param {string} appName - Application name (keycloak, miso-controller, dataplane)
+ * @returns {Promise<boolean>} True if template was copied (in either location), false if both already existed
+ * @throws {Error} If template copy fails
+ *
+ * @example
+ * await ensureAppFromTemplate('keycloak');
+ */
+async function ensureAppFromTemplate(appName) {
+  if (!appName || typeof appName !== 'string') {
+    throw new Error('Application name is required and must be a string');
+  }
+
+  const appPath = pathsUtil.getBuilderPath(appName);
+  const primaryCopied = await ensureTemplateAtPath(appName, appPath);
+  if (primaryCopied) {
+    logger.log(chalk.blue(`Creating builder/${appName} from template...`));
+    logger.log(chalk.green(`✓ Copied template for ${appName}`));
+  }
+
+  const cwdBuilderPath = path.join(process.cwd(), 'builder', appName);
+  if (path.resolve(cwdBuilderPath) !== path.resolve(appPath)) {
+    const cwdCopied = await ensureTemplateAtPath(appName, cwdBuilderPath);
+    if (cwdCopied) {
+      logger.log(chalk.blue(`Creating builder/${appName} in project (from template)...`));
+      logger.log(chalk.green(`✓ Copied template for ${appName} into builder/`));
+    }
+  }
+
+  return primaryCopied;
+}
+
+module.exports = { ensureAppFromTemplate };

package/lib/commands/up-dataplane.js

@@ -0,0 +1,109 @@
+/**
+ * AI Fabrix Builder - Up Dataplane Command
+ *
+ * Registers or rotates dataplane app in dev, then deploys. Miso-controller runs
+ * the dataplane container; this command does not run the image locally.
+ * If app is already registered, uses rotate-secret; otherwise registers.
+ *
+ * @fileoverview up-dataplane command implementation
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const path = require('path');
+const fs = require('fs');
+const yaml = require('js-yaml');
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+const config = require('../core/config');
+const { checkAuthentication } = require('../utils/app-register-auth');
+const { resolveControllerUrl } = require('../utils/controller-url');
+const { resolveEnvironment } = require('../core/config');
+const { registerApplication } = require('../app/register');
+const { rotateSecret } = require('../app/rotate-secret');
+const { checkApplicationExists } = require('../utils/app-existence');
+const app = require('../app');
+const { ensureAppFromTemplate } = require('./up-common');
+
+/**
+ * Register or rotate dataplane: if app exists in controller, rotate secret; otherwise register.
+ * @async
+ * @param {Object} options - Commander options
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} environmentKey - Environment key
+ * @param {Object} authConfig - Auth config with token
+ */
+async function registerOrRotateDataplane(options, controllerUrl, environmentKey, authConfig) {
+  const appExists = await checkApplicationExists('dataplane', controllerUrl, environmentKey, authConfig);
+  if (appExists) {
+    logger.log(chalk.blue('Dataplane already registered; rotating secret...'));
+    await rotateSecret('dataplane', options);
+  } else {
+    const imageOverride = options.image || (options.registry ? buildDataplaneImageRef(options.registry) : undefined);
+    const registerOpts = { imageOverride, image: imageOverride, registryMode: options.registryMode };
+    await registerApplication('dataplane', registerOpts);
+  }
+}
+
+/**
+ * Build full image ref from registry and dataplane variables (registry/name:tag)
+ * @param {string} registry - Registry URL
+ * @returns {string|undefined} Full image reference or undefined
+ */
+function buildDataplaneImageRef(registry) {
+  const pathsUtil = require('../utils/paths');
+  const variablesPath = path.join(pathsUtil.getBuilderPath('dataplane'), 'variables.yaml');
+  if (!fs.existsSync(variablesPath)) return undefined;
+  const content = fs.readFileSync(variablesPath, 'utf8');
+  const variables = yaml.load(content);
+  const name = variables?.image?.name || variables?.app?.key || 'dataplane';
+  const tag = variables?.image?.tag || 'latest';
+  const base = (registry || '').replace(/\/+$/, '');
+  return base ? `${base}/${name}:${tag}` : undefined;
+}
+
+/**
+ * Handle up-dataplane command: ensure logged in, environment dev, ensure dataplane,
+ * register or rotate (if already registered), then deploy (miso-controller runs the container).
+ *
+ * @async
+ * @function handleUpDataplane
+ * @param {Object} options - Commander options
+ * @param {string} [options.registry] - Override registry for dataplane
+ * @param {string} [options.registryMode] - Override registry mode (acr|external)
+ * @param {string} [options.image] - Override image reference for dataplane
+ * @returns {Promise<void>}
+ * @throws {Error} If not logged in, environment not dev, or any step fails
+ */
+async function handleUpDataplane(options = {}) {
+  const builderDir = await config.getAifabrixBuilderDir();
+  if (builderDir) {
+    process.env.AIFABRIX_BUILDER_DIR = builderDir;
+  }
+  logger.log(chalk.blue('Starting up-dataplane (register/rotate, deploy dataplane in dev)...\n'));
+
+  const [controllerUrl, environmentKey] = await Promise.all([resolveControllerUrl(), resolveEnvironment()]);
+  const authConfig = await checkAuthentication(controllerUrl, environmentKey);
+
+  const cfg = await config.getConfig();
+  const environment = (cfg && cfg.environment) ? cfg.environment : 'dev';
+  if (environment !== 'dev') {
+    throw new Error(
+      'Dataplane is only supported in dev environment. Set with: aifabrix auth config --set-environment dev.'
+    );
+  }
+  logger.log(chalk.green('✓ Logged in and environment is dev'));
+
+  await ensureAppFromTemplate('dataplane');
+
+  await registerOrRotateDataplane(options, controllerUrl, environmentKey, authConfig);
+
+  const imageOverride = options.image || (options.registry ? buildDataplaneImageRef(options.registry) : undefined);
+  const deployOpts = { imageOverride, image: imageOverride, registryMode: options.registryMode };
+
+  await app.deployApp('dataplane', deployOpts);
+
+  logger.log(chalk.green('\n✓ up-dataplane complete. Dataplane is registered and deployed in dev (miso-controller runs the container).'));
+}
+
+module.exports = { handleUpDataplane, buildDataplaneImageRef };

package/lib/commands/up-miso.js

@@ -0,0 +1,134 @@
+/**
+ * AI Fabrix Builder - Up Miso Command
+ *
+ * Installs miso-controller and keycloak from images (no build).
+ * Assumes infra is up; sets dev secrets and resolves (no force; existing .env values preserved).
+ *
+ * @fileoverview up-miso command implementation
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const path = require('path');
+const fs = require('fs');
+const yaml = require('js-yaml');
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+const config = require('../core/config');
+const secrets = require('../core/secrets');
+const infra = require('../infrastructure');
+const app = require('../app');
+const { saveLocalSecret } = require('../utils/local-secrets');
+const { ensureAppFromTemplate } = require('./up-common');
+
+/** Keycloak base port (from templates/applications/keycloak/variables.yaml) */
+const KEYCLOAK_BASE_PORT = 8082;
+/** Miso controller base port (dev-config app base) */
+const MISO_BASE_PORT = 3000;
+
+/**
+ * Parse --image options array into map { keycloak?: string, 'miso-controller'?: string }
+ * @param {string[]|string} imageOpts - Option value(s) e.g. ['keycloak=reg/k:v1', 'miso-controller=reg/m:v1']
+ * @returns {{ keycloak?: string, 'miso-controller'?: string }}
+ */
+function parseImageOptions(imageOpts) {
+  const map = {};
+  const arr = Array.isArray(imageOpts) ? imageOpts : (imageOpts ? [imageOpts] : []);
+  for (const item of arr) {
+    if (typeof item !== 'string') continue;
+    const eq = item.indexOf('=');
+    if (eq > 0) {
+      const key = item.substring(0, eq).trim();
+      const value = item.substring(eq + 1).trim();
+      if (key && value) map[key] = value;
+    }
+  }
+  return map;
+}
+
+/**
+ * Build full image ref from registry and app variables (registry/name:tag)
+ * @param {string} appName - keycloak or miso-controller
+ * @param {string} registry - Registry URL
+ * @returns {string} Full image reference
+ */
+function buildImageRefFromRegistry(appName, registry) {
+  const pathsUtil = require('../utils/paths');
+  const variablesPath = path.join(pathsUtil.getBuilderPath(appName), 'variables.yaml');
+  if (!fs.existsSync(variablesPath)) return undefined;
+  const content = fs.readFileSync(variablesPath, 'utf8');
+  const variables = yaml.load(content);
+  const name = variables?.image?.name || variables?.app?.key || appName;
+  const tag = variables?.image?.tag || 'latest';
+  const base = (registry || '').replace(/\/+$/, '');
+  return base ? `${base}/${name}:${tag}` : undefined;
+}
+
+/**
+ * Set URL secrets and resolve keycloak + miso-controller (no force; existing .env preserved)
+ * @async
+ * @param {number} devIdNum - Developer ID number
+ */
+async function setMisoSecretsAndResolve(devIdNum) {
+  const keycloakPort = KEYCLOAK_BASE_PORT + (devIdNum === 0 ? 0 : devIdNum * 100);
+  const misoPort = MISO_BASE_PORT + (devIdNum === 0 ? 0 : devIdNum * 100);
+  await saveLocalSecret('keycloak-public-server-urlKeyVault', `http://localhost:${keycloakPort}`);
+  await saveLocalSecret('miso-controller-web-server-url', `http://localhost:${misoPort}`);
+  logger.log(chalk.green('✓ Set keycloak and miso-controller URL secrets'));
+  await secrets.generateEnvFile('keycloak', undefined, 'docker', false, true);
+  await secrets.generateEnvFile('miso-controller', undefined, 'docker', false, true);
+  logger.log(chalk.green('✓ Resolved keycloak and miso-controller'));
+}
+
+/**
+ * Build run options and run keycloak then miso-controller
+ * @async
+ * @param {Object} options - Commander options (image, registry, registryMode)
+ */
+async function runMisoApps(options) {
+  const imageMap = parseImageOptions(options.image);
+  const keycloakImage = imageMap.keycloak || (options.registry ? buildImageRefFromRegistry('keycloak', options.registry) : undefined);
+  const misoImage = imageMap['miso-controller'] || (options.registry ? buildImageRefFromRegistry('miso-controller', options.registry) : undefined);
+  const keycloakRunOpts = { image: keycloakImage, registry: options.registry, registryMode: options.registryMode, skipEnvOutputPath: true };
+  const misoRunOpts = { image: misoImage, registry: options.registry, registryMode: options.registryMode, skipEnvOutputPath: true };
+  logger.log(chalk.blue('Starting keycloak...'));
+  await app.runApp('keycloak', keycloakRunOpts);
+  logger.log(chalk.blue('Starting miso-controller...'));
+  await app.runApp('miso-controller', misoRunOpts);
+}
+
+/**
+ * Handle up-miso command: ensure infra, ensure app dirs, set secrets, resolve (preserve existing .env), run keycloak then miso-controller.
+ *
+ * @async
+ * @function handleUpMiso
+ * @param {Object} options - Commander options
+ * @param {string} [options.registry] - Override registry for both apps
+ * @param {string} [options.registryMode] - Override registry mode (acr|external)
+ * @param {string[]|string} [options.image] - Override images e.g. keycloak=reg/k:v1 or miso-controller=reg/m:v1
+ * @returns {Promise<void>}
+ * @throws {Error} If infra not up or any step fails
+ */
+async function handleUpMiso(options = {}) {
+  const builderDir = await config.getAifabrixBuilderDir();
+  if (builderDir) {
+    process.env.AIFABRIX_BUILDER_DIR = builderDir;
+  }
+  logger.log(chalk.blue('Starting up-miso (keycloak + miso-controller from images)...\n'));
+  const health = await infra.checkInfraHealth();
+  const allHealthy = Object.values(health).every(status => status === 'healthy');
+  if (!allHealthy) {
+    throw new Error('Infrastructure is not up. Run \'aifabrix up\' first.');
+  }
+  logger.log(chalk.green('✓ Infrastructure is up'));
+  await ensureAppFromTemplate('keycloak');
+  await ensureAppFromTemplate('miso-controller');
+  const developerId = await config.getDeveloperId();
+  const devIdNum = typeof developerId === 'string' ? parseInt(developerId, 10) : developerId;
+  await setMisoSecretsAndResolve(devIdNum);
+  await runMisoApps(options);
+  logger.log(chalk.green('\n✓ up-miso complete. Keycloak and miso-controller are running.'));
+  logger.log(chalk.gray('  Run onboarding and register Keycloak from the miso-controller repo if needed.'));
+}
+
+module.exports = { handleUpMiso, parseImageOptions };

package/lib/core/config.js

@@ -14,16 +14,31 @@ const yaml = require('js-yaml');
 const os = require('os');
 const { encryptToken, decryptToken, isTokenEncrypted } = require('../utils/token-encryption');
 // Avoid importing paths here to prevent circular dependency.
-// Config location is always under OS home at ~/.aifabrix/config.yaml
-
-// Default (for tests and constants): always reflects OS home
-const CONFIG_DIR = path.join(os.homedir(), '.aifabrix');
-const CONFIG_FILE = path.join(CONFIG_DIR, 'config.yaml');
+// Config location (first match wins):
+//   1. AIFABRIX_CONFIG env = full path to config.yaml
+//   2. AIFABRIX_HOME env = directory containing config.yaml
+//   3. ~/.aifabrix
+// Set AIFABRIX_HOME=/workspace/.aifabrix or AIFABRIX_CONFIG=/workspace/.aifabrix/config.yaml when config is not in default home.
+
+function getConfigDir() {
+  const configFile = process.env.AIFABRIX_CONFIG && typeof process.env.AIFABRIX_CONFIG === 'string';
+  if (configFile) {
+    return path.dirname(path.resolve(process.env.AIFABRIX_CONFIG.trim()));
+  }
+  if (process.env.AIFABRIX_HOME && typeof process.env.AIFABRIX_HOME === 'string') {
+    return path.resolve(process.env.AIFABRIX_HOME.trim());
+  }
+  return path.join(os.homedir(), '.aifabrix');
+}
 
-// Runtime config directory (always under OS home)
-const RUNTIME_CONFIG_DIR = path.join(os.homedir(), '.aifabrix');
+// Runtime config directory and file (respect AIFABRIX_HOME)
+const RUNTIME_CONFIG_DIR = getConfigDir();
 const RUNTIME_CONFIG_FILE = path.join(RUNTIME_CONFIG_DIR, 'config.yaml');
 
+// Legacy exports (same as runtime when module loads)
+const CONFIG_DIR = RUNTIME_CONFIG_DIR;
+const CONFIG_FILE = RUNTIME_CONFIG_FILE;
+
 // Cache for developer ID - loaded when getConfig() is first called
 let cachedDeveloperId = null;
 
@@ -325,9 +340,17 @@ async function decryptTokenValue(value) {
     if (!isTokenEncrypted(value)) return value;
     const decrypted = decryptToken(value, encryptionKey);
     // Ensure we never return undefined for valid inputs
-    return decrypted !== undefined && decrypted !== null ? decrypted : value;
+    if (decrypted !== undefined && decrypted !== null) {
+      return decrypted;
+    }
+    // Encrypted value but decryption produced nothing - do not return encrypted string to callers (e.g. refresh API)
+    throw new Error('Could not decrypt stored token. If you changed the secrets-encryption key, run "aifabrix login" again.');
   } catch (error) {
-    return value;
+    if (error.message && error.message.includes('Could not decrypt stored token')) {
+      throw error;
+    }
+    // Decryption failed (wrong key, corrupted data, etc.) - do not pass encrypted value to callers
+    throw new Error('Could not decrypt stored token. If you changed the secrets-encryption key, run "aifabrix login" again.');
   }
 }
 // Token management functions moved to lib/utils/config-tokens.js to reduce file size

package/lib/core/secrets-docker-env.js

@@ -0,0 +1,88 @@
+/**
+ * Docker environment helpers for secrets/env generation.
+ *
+ * @fileoverview Base docker env, config overrides, and PORT handling for container env
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const fs = require('fs');
+const yaml = require('js-yaml');
+const config = require('./config');
+const { getEnvHosts } = require('../utils/env-endpoints');
+const { getContainerPortFromPath } = require('../utils/port-resolver');
+
+/**
+ * Gets base docker environment config
+ * @async
+ * @function getBaseDockerEnv
+ * @returns {Promise<Object>} Docker environment config
+ */
+async function getBaseDockerEnv() {
+  return await getEnvHosts('docker');
+}
+
+/**
+ * Applies config.yaml override to docker environment
+ * @function applyDockerEnvOverride
+ * @param {Object} dockerEnv - Base docker environment config
+ * @returns {Object} Updated docker environment config
+ */
+function applyDockerEnvOverride(dockerEnv) {
+  try {
+    const cfgPath = config.CONFIG_FILE;
+    if (fs.existsSync(cfgPath)) {
+      const cfgContent = fs.readFileSync(cfgPath, 'utf8');
+      const cfg = yaml.load(cfgContent) || {};
+      if (cfg && cfg.environments && cfg.environments.docker) {
+        return { ...dockerEnv, ...cfg.environments.docker };
+      }
+    }
+  } catch {
+    // Ignore config.yaml read errors, continue with env-config values
+  }
+  return dockerEnv;
+}
+
+/**
+ * Gets container port from docker environment config
+ * @function getContainerPortFromDockerEnv
+ * @param {Object} dockerEnv - Docker environment config
+ * @returns {number} Container port (defaults to 3000)
+ */
+function getContainerPortFromDockerEnv(dockerEnv) {
+  if (dockerEnv.PORT === undefined || dockerEnv.PORT === null) {
+    return 3000;
+  }
+  const portVal = typeof dockerEnv.PORT === 'number' ? dockerEnv.PORT : parseInt(dockerEnv.PORT, 10);
+  return Number.isNaN(portVal) ? 3000 : portVal;
+}
+
+/**
+ * Updates PORT in resolved content for docker environment
+ * Sets PORT to container port (build.containerPort or port from variables.yaml)
+ * NOT the host port (which includes developer-id offset)
+ * @async
+ * @function updatePortForDocker
+ * @param {string} resolved - Resolved environment content
+ * @param {string} variablesPath - Path to variables.yaml file
+ * @returns {Promise<string>} Updated content with PORT set
+ */
+async function updatePortForDocker(resolved, variablesPath) {
+  let dockerEnv = await getBaseDockerEnv();
+  dockerEnv = applyDockerEnvOverride(dockerEnv);
+
+  let containerPort = getContainerPortFromPath(variablesPath);
+  if (containerPort === null) {
+    containerPort = getContainerPortFromDockerEnv(dockerEnv);
+  }
+
+  return resolved.replace(/^PORT\s*=\s*.*$/m, `PORT=${containerPort}`);
+}
+
+module.exports = {
+  getBaseDockerEnv,
+  applyDockerEnvOverride,
+  getContainerPortFromDockerEnv,
+  updatePortForDocker
+};