@aifabrix/builder 2.36.0 → 2.36.1

package/integration/hubspot/README.md

@@ -128,9 +128,56 @@ aifabrix datasource list
 aifabrix datasource validate hubspot-company
 ```
 
+## Wizard E2E tests and use case coverage
+
+The script `integration/hubspot/test.js` runs end-to-end wizard and validation tests. It covers all wizard use cases from [Wizard Guide](../../docs/wizard.md):
+
+| Use case | Test ID | Description |
+|----------|---------|-------------|
+| **Headless config (wizard.yaml)** | | |
+| Required `appName` | 2.1 | Rejects config missing `appName` |
+| Valid `appName` pattern (lowercase, hyphens/underscores) | 2.2 | Rejects uppercase in app name |
+| Required `mode` | 2.5 | Rejects invalid `mode` enum |
+| Required `source` block | 2.3 | Rejects config without `source` |
+| Valid `source.type` | 2.4 | Rejects invalid source type |
+| `openapi-file` requires `filePath` | 2.7 | Rejects missing/non-existent OpenAPI file |
+| `openapi-url` requires `url` | 2.8 | Rejects `openapi-url` without `url` |
+| `known-platform` requires `platform` | 2.6 | Rejects known-platform without `platform` |
+| **Mode: add-datasource** | | |
+| `systemIdOrKey` required when mode=add-datasource | 2.9 | Rejects add-datasource without systemIdOrKey |
+| **Credential** | | |
+| `credential.action=select` requires `credentialIdOrKey` | 2.10 | Rejects select without credentialIdOrKey |
+| `credential.action=create` requires `config` | 2.11 | Rejects create without config |
+| **Positive flows** | | |
+| Full wizard with OpenAPI file | 1.1 | Complete flow with local OpenAPI file |
+| Wizard with known platform | 1.2 | Flow using known-platform (e.g. HubSpot) |
+| Wizard with env var substitution in deployment | 1.6 | `${CONTROLLER_URL}`, `${DATAPLANE_URL}` in wizard.yaml |
+| Real credential creation (real-data) | 1.3 | Credential create with real OAuth2 (optional env) |
+| **Post-wizard validation (external system)** | | |
+| RBAC: permissions reference existing roles | 2.12 | Rejects permission referencing non-existent role |
+| RBAC: rbac.yaml valid YAML and structure | 2.13 | Rejects invalid YAML in rbac.yaml |
+| Datasource: dimensions required in fieldMappings | 2.14 | Rejects missing dimensions |
+| Datasource: dimension key pattern | 2.15 | Rejects invalid dimension key |
+| Datasource: attribute path pattern | 2.16 | Rejects invalid attribute path |
+| Datasource: dimensions must be object | 2.17 | Rejects dimensions as array |
+
+**Run tests:**
+
+```bash
+# All tests (positive may skip if dataplane/controller unavailable)
+node integration/hubspot/test.js
+
+# Negative only (no dataplane required)
+node integration/hubspot/test.js --type negative
+
+# Specific test
+node integration/hubspot/test.js --test "2.1,2.2"
+```
+
 ## Documentation
 
 - [External Systems Guide](../../docs/external-systems.md) - Complete guide with examples
+- [Wizard Guide](../../docs/wizard.md) - Wizard workflow and headless config
 - [CLI Reference](../../docs/cli-reference.md) - All commands
 - [Configuration Reference](../../docs/CONFIGURATION.md) - Config file details
 

package/integration/hubspot/env.template

@@ -5,5 +5,10 @@
 CLIENTID=kv://hubspot-clientidKeyVault
 CLIENTSECRET=kv://hubspot-clientsecretKeyVault
 TOKENURL=https://api.hubapi.com/oauth/v1/token
-REDIRECT_URI=kv://hubspot-redirect-uriKeyVault
+
+# Optional: test runner (integration/hubspot/test.js) reads all config from this .env
+# CONTROLLER_URL=http://localhost:3110
+# ENVIRONMENT=miso
+# DATAPLANE_URL=
+# HUBSPOT_OPENAPI_FILE=integration/hubspot/companies.json
 

package/integration/hubspot/hubspot-deploy.json

@@ -61,12 +61,6 @@
         "location": "variable",
         "required": true
       },
-      {
-        "name": "REDIRECT_URI",
-        "value": "hubspot-redirect-uriKeyVault",
-        "location": "keyvault",
-        "required": false
-      },
       {
         "name": "HUBSPOT_API_VERSION",
         "value": "v3",

package/integration/hubspot/hubspot-system.json

@@ -43,12 +43,6 @@
       "location": "variable",
       "required": true
     },
-    {
-      "name": "REDIRECT_URI",
-      "value": "hubspot-redirect-uriKeyVault",
-      "location": "keyvault",
-      "required": false
-    },
     {
       "name": "HUBSPOT_API_VERSION",
       "value": "v3",

package/integration/hubspot/test-artifacts/wizard-hubspot-env-vars.yaml

@@ -6,4 +6,4 @@ source:
 deployment:
   controller: ${CONTROLLER_URL}
   dataplane: ${DATAPLANE_URL}
-  environment: miso
+  environment: dev

package/integration/hubspot/test-dataplane-down-helpers.js

@@ -217,7 +217,10 @@ function validateWizardResult(result, output) {
     'fetch failed',
     'timeout',
     'unreachable',
-    'failed to create wizard session'
+    'failed to create wizard session',
+    'authentication failed',
+    'no authentication method',
+    'client token unavailable'
   ];
 
   const isValid = !result.success && validateError(output, expectedPatterns);

package/integration/hubspot/test-dataplane-down-tests.js

@@ -65,13 +65,7 @@ async function testWizard() {
       'bin/aifabrix.js',
       'wizard',
       '--config',
-      configPath,
-      '--controller',
-      CONTROLLER_URL,
-      '--environment',
-      ENVIRONMENT,
-      '--dataplane',
-      INVALID_DATAPLANE_URL
+      configPath
     ];
 
     const result = await runCommand('node', args);
@@ -107,11 +101,7 @@ async function testDownload() {
   const args = [
     'bin/aifabrix.js',
     'download',
-    'non-existent-system-that-should-fail',
-    '--environment',
-    ENVIRONMENT,
-    '--controller',
-    CONTROLLER_URL
+    'non-existent-system-that-should-fail'
   ];
 
   const result = await runCommand('node', args);
@@ -155,10 +145,6 @@ async function testDelete() {
     'non-existent-system-that-should-fail',
     '--type',
     'external',
-    '--environment',
-    ENVIRONMENT,
-    '--controller',
-    CONTROLLER_URL,
     '--yes'
   ];
 
@@ -219,13 +205,7 @@ function buildDatasourceDeployArgs(datasourcePath) {
     'datasource',
     'deploy',
     'test-app',
-    datasourcePath,
-    '--environment',
-    ENVIRONMENT,
-    '--controller',
-    CONTROLLER_URL,
-    '--dataplane',
-    INVALID_DATAPLANE_URL
+    datasourcePath
   ];
 }
 
@@ -321,11 +301,7 @@ async function testIntegration() {
   const args = [
     'bin/aifabrix.js',
     'test-integration',
-    testApp,
-    '--environment',
-    ENVIRONMENT,
-    '--controller',
-    CONTROLLER_URL
+    testApp
   ];
 
   const result = await runCommand('node', args);
@@ -372,11 +348,7 @@ async function testDataplaneDiscovery() {
   const args = [
     'bin/aifabrix.js',
     'download',
-    'non-existent-system-for-discovery-test',
-    '--environment',
-    ENVIRONMENT,
-    '--controller',
-    CONTROLLER_URL
+    'non-existent-system-for-discovery-test'
   ];
 
   const result = await runCommand('node', args);

package/integration/hubspot/test-dataplane-down.js

@@ -11,6 +11,9 @@
  */
 'use strict';
 
+const fs = require('fs').promises;
+const path = require('path');
+const os = require('os');
 const {
   logInfo,
   logSuccess,
@@ -27,9 +30,51 @@ const {
 } = require('./test-dataplane-down-tests');
 
 const INVALID_DATAPLANE_URL = 'http://localhost:9999';
-const CONTROLLER_URL = process.env.CONTROLLER_URL || 'http://localhost:3110';
 const ENVIRONMENT = process.env.ENVIRONMENT || 'miso';
 
+/** Path to temp config used so CLI uses invalid controller URL and fails with connection error */
+let tempConfigPath = null;
+let originalAifabrixConfig = null;
+
+/**
+ * Create temp config pointing controller to invalid URL so commands fail with connection error
+ * @async
+ * @returns {Promise<string>} Path to temp config file
+ */
+async function createTempConfig() {
+  const dir = path.join(os.tmpdir(), `aifabrix-dataplane-down-${Date.now()}`);
+  await fs.mkdir(dir, { recursive: true });
+  const configPath = path.join(dir, 'config.yaml');
+  const content = `controller: "${INVALID_DATAPLANE_URL}"
+environment: "${ENVIRONMENT}"
+`;
+  await fs.writeFile(configPath, content, 'utf8');
+  return configPath;
+}
+
+/**
+ * Restore AIFABRIX_CONFIG and remove temp config
+ * @async
+ * @returns {Promise<void>} Resolves when cleanup is complete
+ */
+async function cleanupTempConfig() {
+  if (originalAifabrixConfig !== undefined) {
+    if (originalAifabrixConfig === null) {
+      delete process.env.AIFABRIX_CONFIG;
+    } else {
+      process.env.AIFABRIX_CONFIG = originalAifabrixConfig;
+    }
+  }
+  if (tempConfigPath) {
+    try {
+      await fs.rm(path.dirname(tempConfigPath), { recursive: true, force: true }).catch(() => {});
+    } catch {
+      // Ignore cleanup errors
+    }
+    tempConfigPath = null;
+  }
+}
+
 /**
  * Displays failed test details
  * @function displayFailedTestDetails
@@ -137,17 +182,24 @@ async function main() {
   logInfo('='.repeat(60));
   logInfo('Dataplane Down Error Handling Test Suite');
   logInfo('='.repeat(60));
-  logInfo(`Invalid Dataplane URL: ${INVALID_DATAPLANE_URL}`);
-  logInfo(`Controller URL: ${CONTROLLER_URL}`);
+  logInfo(`Invalid Controller URL (used for all commands): ${INVALID_DATAPLANE_URL}`);
   logInfo(`Environment: ${ENVIRONMENT}`);
   logInfo('='.repeat(60));
 
-  const results = await runTests();
-  displaySummary(results);
+  try {
+    tempConfigPath = await createTempConfig();
+    originalAifabrixConfig = process.env.AIFABRIX_CONFIG || null;
+    process.env.AIFABRIX_CONFIG = tempConfigPath;
 
-  const failed = results.filter(r => !r.success).length;
-  if (failed > 0) {
-    process.exitCode = 1;
+    const results = await runTests();
+    displaySummary(results);
+
+    const failed = results.filter(r => !r.success).length;
+    if (failed > 0) {
+      process.exitCode = 1;
+    }
+  } finally {
+    await cleanupTempConfig();
   }
 }
 

package/integration/hubspot/test.js

@@ -18,19 +18,14 @@ const yaml = require('js-yaml');
 const chalk = require('chalk');
 const { getDeploymentAuth } = require('../../lib/utils/token-manager');
 const { discoverDataplaneUrl } = require('../../lib/commands/wizard-dataplane');
+const { resolveControllerUrl } = require('../../lib/utils/controller-url');
+const { resolveEnvironment } = require('../../lib/core/config');
 
 const execFileAsync = promisify(execFile);
 
-const DEFAULT_CONTROLLER_URL = process.env.CONTROLLER_URL || 'http://localhost:3110';
-const DEFAULT_ENVIRONMENT = process.env.ENVIRONMENT || 'miso';
-const DEFAULT_DATAPLANE_URL = process.env.DATAPLANE_URL || '';
-const DEFAULT_OPENAPI_FILE = process.env.HUBSPOT_OPENAPI_FILE ||
-  '/workspace/aifabrix-dataplane/data/hubspot/openapi/companies.json';
-const LOCAL_ENV_PATH = path.join(process.cwd(), 'integration', 'hubspot', '.env');
-const DEFAULT_ENV_PATH = process.env.HUBSPOT_ENV_PATH ||
-  (fsSync.existsSync(LOCAL_ENV_PATH) ? LOCAL_ENV_PATH : '/workspace/aifabrix-dataplane/data/hubspot/.env');
-
+/** Single source for test config: integration/hubspot/.env */
 const HUBSPOT_DIR = path.join(process.cwd(), 'integration', 'hubspot');
+const LOCAL_ENV_PATH = path.join(HUBSPOT_DIR, '.env');
 const ARTIFACT_DIR = path.join(HUBSPOT_DIR, 'test-artifacts');
 const MAX_OUTPUT_BYTES = 10 * 1024 * 1024;
 const COMMAND_TIMEOUT_MS = 10 * 60 * 1000;
@@ -271,11 +266,54 @@ async function loadEnvFile(envPath, options) {
       process.env[key] = value;
     }
   }
+  // Map common .env keys so tests and wizard use credentials from integration/hubspot/.env
+  if (process.env.CLIENTID && process.env.HUBSPOT_CLIENT_ID === undefined) {
+    process.env.HUBSPOT_CLIENT_ID = process.env.CLIENTID;
+  }
+  if (process.env.CLIENTSECRET && process.env.HUBSPOT_CLIENT_SECRET === undefined) {
+    process.env.HUBSPOT_CLIENT_SECRET = process.env.CLIENTSECRET;
+  }
   if (options.verbose) {
     logInfo(`Loaded env vars from: ${envPath}`);
   }
 }
 
+/**
+ * Load test config (controller, environment, dataplane, openapi file).
+ * Reads integration/hubspot/.env; missing CONTROLLER_URL/ENVIRONMENT fall back to
+ * the same resolution as the CLI (aifx auth status) so tests use the same controller.
+ * @async
+ * @function loadTestConfigFromEnv
+ * @returns {Promise<Object>} Context with controllerUrl, environment, dataplaneUrl, openapiFile
+ */
+async function loadTestConfigFromEnv() {
+  const defaults = {
+    DATAPLANE_URL: '',
+    HUBSPOT_OPENAPI_FILE: path.join(HUBSPOT_DIR, 'companies.json')
+  };
+  let parsed = {};
+  try {
+    if (fsSync.existsSync(LOCAL_ENV_PATH)) {
+      const content = await fs.readFile(LOCAL_ENV_PATH, 'utf8');
+      parsed = parseEnvFile(content);
+    }
+  } catch (error) {
+    logWarn(`Could not read ${LOCAL_ENV_PATH}: ${error.message}`);
+  }
+  const controllerUrl = parsed.CONTROLLER_URL
+    ? parsed.CONTROLLER_URL.trim()
+    : await resolveControllerUrl();
+  const environment = parsed.ENVIRONMENT
+    ? parsed.ENVIRONMENT.trim()
+    : await resolveEnvironment();
+  return {
+    controllerUrl,
+    environment,
+    dataplaneUrl: parsed.DATAPLANE_URL || defaults.DATAPLANE_URL,
+    openapiFile: parsed.HUBSPOT_OPENAPI_FILE || defaults.HUBSPOT_OPENAPI_FILE
+  };
+}
+
 /**
  * Ensure dataplane URL is available for tests
  * @async
@@ -392,7 +430,8 @@ async function validateAuth(context, options) {
     throw new Error('Authentication check failed. Run: node bin/aifabrix.js login --controller <url> --method device');
   }
   const output = `${result.stdout}\n${result.stderr}`;
-  if (output.includes('Not authenticated') || output.includes('✗')) {
+  // Only treat "Not authenticated" as failure; "✗ Not reachable" (dataplane) is not auth failure
+  if (output.includes('Not authenticated')) {
     throw new Error('Not authenticated. Run: node bin/aifabrix.js login --controller <url> --method device');
   }
   logSuccess('Authentication validated.');
@@ -1216,7 +1255,7 @@ async function corruptSystemFileWithInvalidRole(appPath) {
  * @returns {Promise<void>} Resolves when file is corrupted
  */
 async function corruptRbacFile(appPath) {
-  const rbacPath = path.join(appPath, 'rbac.yml');
+  const rbacPath = path.join(appPath, 'rbac.yaml');
   await fs.writeFile(rbacPath, 'invalid: yaml: syntax: [', 'utf8');
 }
 
@@ -1339,7 +1378,7 @@ function buildNegativeRbacTestCases(context) {
         const appName = 'hubspot-test-negative-rbac-invalid-yaml';
         const appPath = await createSystemForNegativeTest(appName, 'wizard-valid-for-rbac-yaml-test', context, options);
         await corruptRbacFile(appPath);
-        await runValidationExpectFailure(appName, context, options, 'schema must be object or boolean');
+        await runValidationExpectFailure(appName, context, options, 'Invalid YAML syntax in rbac.yaml');
         await cleanupAppArtifacts(appName, options);
       }
     }
@@ -1485,13 +1524,8 @@ async function main() {
     return;
   }
   await ensureDir(ARTIFACT_DIR);
-  await loadEnvFile(DEFAULT_ENV_PATH, args);
-  const context = {
-    controllerUrl: DEFAULT_CONTROLLER_URL,
-    environment: DEFAULT_ENVIRONMENT,
-    dataplaneUrl: DEFAULT_DATAPLANE_URL,
-    openapiFile: DEFAULT_OPENAPI_FILE
-  };
+  await loadEnvFile(LOCAL_ENV_PATH, args);
+  const context = await loadTestConfigFromEnv();
   setupTestContext(context);
   await validateAuth(context, args);
   const testCases = buildTestCases(context).filter(testCase => (

package/integration/hubspot/wizard-hubspot-e2e.yaml

@@ -13,4 +13,4 @@ preferences:
   enableRBAC: false
 deployment:
   controller: http://localhost:3110
-  environment: miso
+  environment: dev

package/lib/app/config.js

@@ -66,7 +66,6 @@ function generateExternalSystemEnvTemplate(config, appName) {
     lines.push('CLIENTID=kv://' + systemKey + '-clientidKeyVault');
     lines.push('CLIENTSECRET=kv://' + systemKey + '-clientsecretKeyVault');
     lines.push('TOKENURL=https://api.example.com/oauth/token');
-    lines.push('REDIRECT_URI=kv://' + systemKey + '-redirect-uriKeyVault');
   } else if (authType === 'apikey') {
     lines.push('API_KEY=kv://' + systemKey + '-api-keyKeyVault');
   } else if (authType === 'basic') {

package/lib/app/show-display.js

@@ -51,7 +51,7 @@ function logApplicationExternalIntegration(ei) {
   logger.log(`    schemaBasePath: ${ei.schemaBasePath}`);
   logger.log(`    systems: [${(ei.systems || []).join(', ')}]`);
   logger.log(`    dataSources: [${(ei.dataSources || []).join(', ')}]`);
-  logger.log(chalk.gray('\n  For external system data as on dataplane, run with --online.'));
+  logger.log(chalk.gray('\n  For external system data as on dataplane, run: aifabrix show <appKey> --online or aifabrix app show <appKey>.'));
 }
 
 function logApplicationSection(a, isExternal) {
@@ -130,6 +130,31 @@ function logExternalSystemDataSources(dataSources) {
   });
 }
 
+/**
+ * Log OpenAPI and MCP documentation links for external system (dataplane endpoints).
+ * REST: /api/v1/rest/{systemKey}/docs; MCP: /api/v1/mcp/{systemKey}/{resourceType}/docs per dataSource.
+ * @param {Object} ext - External system result (dataplaneUrl, systemKey, dataSources, openapiFiles, openapiEndpoints)
+ */
+function logExternalSystemServiceLinks(ext) {
+  if (!ext || !ext.dataplaneUrl || !ext.systemKey) return;
+  const base = ext.dataplaneUrl.replace(/\/$/, '');
+  const sk = ext.systemKey;
+  const hasOpenApi = (ext.openapiFiles && ext.openapiFiles.length > 0) ||
+    (ext.openapiEndpoints && ext.openapiEndpoints.length > 0);
+  const dataSources = ext.dataSources || [];
+  const hasMcp = dataSources.length > 0;
+  if (!hasOpenApi && !hasMcp) return;
+
+  logger.log('  Service links:');
+  logger.log(`    REST OpenAPI:  ${base}/api/v1/rest/${sk}/docs`);
+  if (hasMcp) {
+    dataSources.forEach((ds) => {
+      const resourceType = ds.key || ds.systemKey || sk;
+      logger.log(`    MCP ${resourceType}:  ${base}/api/v1/mcp/${sk}/${resourceType}/docs`);
+    });
+  }
+}
+
 function logExternalSystemApplication(ap) {
   if (!ap) return;
   logger.log('  Application (from dataplane):');
@@ -155,6 +180,7 @@ function logExternalSystemSection(ext) {
     const sample = ext.openapiEndpoints.slice(0, 3).map((e) => `${e.method || 'GET'} ${e.path || e.pathPattern || e}`).join(', ');
     logger.log(`  OpenAPI endpoints: ${ext.openapiEndpoints.length} (e.g. ${sample}${ext.openapiEndpoints.length > 3 ? ' …' : ''})`);
   }
+  logExternalSystemServiceLinks(ext);
 }
 
 /**

package/lib/commands/app.js

@@ -14,6 +14,7 @@ const logger = require('../utils/logger');
 const { listApplications } = require('../app/list');
 const { registerApplication } = require('../app/register');
 const { rotateSecret } = require('../app/rotate-secret');
+const { showApp } = require('../app/show');
 
 /**
  * Setup application management commands
@@ -66,6 +67,20 @@ function setupAppCommands(program) {
         process.exit(1);
       }
     });
+
+  // Show command: show application from controller (online). Same as aifabrix show <appKey> --online.
+  app
+    .command('show <appKey>')
+    .description('Show application from controller (online). Same as aifabrix show <appKey> --online')
+    .option('--json', 'Output as JSON')
+    .action(async(appKey, options) => {
+      try {
+        await showApp(appKey, { online: true, json: !!options.json });
+      } catch (error) {
+        logger.error(chalk.red(`Error: ${error.message}`));
+        process.exit(1);
+      }
+    });
 }
 
 module.exports = { setupAppCommands };

package/lib/commands/wizard-helpers.js

@@ -12,13 +12,15 @@ const logger = require('../utils/logger');
 /**
  * Build preferences object for wizard.yaml (schema shape: intent, fieldOnboardingLevel, enableOpenAPIGeneration, enableMCP, enableABAC, enableRBAC)
  * @param {string} intent - User intent
- * @param {Object} preferences - From promptForUserPreferences (mcp, abac, rbac)
+ * @param {Object} preferences - From promptForUserPreferences (fieldOnboardingLevel, mcp, abac, rbac)
  * @returns {Object} Preferences for wizard-config schema
  */
 function buildPreferencesForSave(intent, preferences) {
+  const level = preferences?.fieldOnboardingLevel;
+  const validLevel = level === 'standard' || level === 'minimal' ? level : 'full';
   return {
     intent: intent || 'general integration',
-    fieldOnboardingLevel: 'full',
+    fieldOnboardingLevel: validLevel,
     enableOpenAPIGeneration: true,
     enableMCP: Boolean(preferences?.mcp),
     enableABAC: Boolean(preferences?.abac),
@@ -78,11 +80,18 @@ function formatSourceLine(source) {
  * @returns {string|null}
  */
 function formatPreferencesLine(preferences) {
-  if (!preferences || (!preferences.intent && (preferences.enableMCP === undefined || preferences.enableMCP === null))) {
+  if (!preferences || (!preferences.intent && (preferences.enableMCP === undefined || preferences.enableMCP === null) && !preferences.fieldOnboardingLevel)) {
     return null;
   }
   const p = preferences;
-  return [p.intent && `intent=${p.intent}`, p.enableMCP && 'MCP', p.enableABAC && 'ABAC', p.enableRBAC && 'RBAC'].filter(Boolean).join(', ') || '(defaults)';
+  const parts = [
+    p.fieldOnboardingLevel && `level=${p.fieldOnboardingLevel}`,
+    p.intent && `intent=${p.intent}`,
+    p.enableMCP && 'MCP',
+    p.enableABAC && 'ABAC',
+    p.enableRBAC && 'RBAC'
+  ].filter(Boolean);
+  return parts.length ? parts.join(', ') : '(defaults)';
 }
 
 /**

package/lib/commands/wizard.js

@@ -148,6 +148,7 @@ async function handleInteractiveConfigGeneration(options) {
 
   const configPrefs = {
     intent: userIntent,
+    fieldOnboardingLevel: preferences.fieldOnboardingLevel || 'full',
     enableMCP: preferences.mcp,
     enableABAC: preferences.abac,
     enableRBAC: preferences.rbac

package/lib/generator/wizard-prompts.js

@@ -309,10 +309,21 @@ async function promptForUserIntent() {
  * Prompt for user preferences
  * @async
  * @function promptForUserPreferences
- * @returns {Promise<Object>} User preferences object
+ * @returns {Promise<Object>} User preferences object (fieldOnboardingLevel, mcp, abac, rbac)
  */
 async function promptForUserPreferences() {
   const answers = await inquirer.prompt([
+    {
+      type: 'list',
+      name: 'fieldOnboardingLevel',
+      message: 'Field onboarding level:',
+      choices: [
+        { name: 'full - All fields mapped and indexed', value: 'full' },
+        { name: 'standard - Core and important fields only', value: 'standard' },
+        { name: 'minimal - Essential fields only', value: 'minimal' }
+      ],
+      default: 'full'
+    },
     {
       type: 'confirm',
       name: 'mcp',
@@ -333,6 +344,7 @@ async function promptForUserPreferences() {
     }
   ]);
   return {
+    fieldOnboardingLevel: answers.fieldOnboardingLevel,
     mcp: answers.mcp,
     abac: answers.abac,
     rbac: answers.rbac

package/lib/schema/env-config.yaml

@@ -20,7 +20,7 @@ environments:
     KEYCLOAK_PORT: 8082  # Internal port (container-to-container). KEYCLOAK_PUBLIC_PORT calculated automatically.
     KEYCLOAK_PUBLIC_PORT: 8082
     DATAPLANE_HOST: dataplane
-    DATAPLANE_PORT: 3001
+    DATAPLANE_PORT: 3001 # Internal port (container-to-container). DATAPLANE_PUBLIC_PORT calculated automatically.
     NODE_ENV: production
     PYTHONUNBUFFERED: 1
     PYTHONDONTWRITEBYTECODE: 1
@@ -33,10 +33,8 @@ environments:
     REDIS_PORT: 6379
     MISO_HOST: localhost
     MISO_PORT: 3010
-    MISO_PUBLIC_PORT: 3010
     KEYCLOAK_HOST: localhost
     KEYCLOAK_PORT: 8082
-    KEYCLOAK_PUBLIC_PORT: 8082
     DATAPLANE_HOST: localhost
     DATAPLANE_PORT: 3011
     NODE_ENV: development

package/lib/utils/token-manager.js

@@ -25,8 +25,9 @@ function getSecretsFilePath() {
 }
 
 /**
- * Load client credentials from secrets.local.yaml
- * Reads using pattern: <app-name>-client-idKeyVault and <app-name>-client-secretKeyVault
+ * Load client credentials from secrets.local.yaml or process.env (e.g. integration/hubspot/.env).
+ * Reads secrets file using pattern: <app-name>-client-idKeyVault and <app-name>-client-secretKeyVault.
+ * If not found, checks process.env.CLIENTID and process.env.CLIENTSECRET (set when .env is loaded).
  * @param {string} appName - Application name
  * @returns {Promise<{clientId: string, clientSecret: string}|null>} Credentials or null if not found
  */
@@ -37,31 +38,38 @@ async function loadClientCredentials(appName) {
 
   try {
     const secretsFile = getSecretsFilePath();
-    if (!fs.existsSync(secretsFile)) {
-      return null;
-    }
-
-    const content = fs.readFileSync(secretsFile, 'utf8');
-    const secrets = yaml.load(content) || {};
-
-    const clientIdKey = `${appName}-client-idKeyVault`;
-    const clientSecretKey = `${appName}-client-secretKeyVault`;
-
-    const clientId = secrets[clientIdKey];
-    const clientSecret = secrets[clientSecretKey];
-
-    if (!clientId || !clientSecret) {
-      return null;
+    if (fs.existsSync(secretsFile)) {
+      const content = fs.readFileSync(secretsFile, 'utf8');
+      const secrets = yaml.load(content) || {};
+
+      const clientIdKey = `${appName}-client-idKeyVault`;
+      const clientSecretKey = `${appName}-client-secretKeyVault`;
+
+      const clientId = secrets[clientIdKey];
+      const clientSecret = secrets[clientSecretKey];
+
+      if (clientId && clientSecret) {
+        return {
+          clientId: String(clientId),
+          clientSecret: String(clientSecret)
+        };
+      }
     }
+  } catch (error) {
+    logger.warn(`Failed to load credentials from secrets.local.yaml: ${error.message}`);
+  }
 
+  // Fallback: use CLIENTID/CLIENTSECRET from process.env (e.g. from integration/hubspot/.env)
+  const envClientId = process.env.CLIENTID || process.env.CLIENT_ID;
+  const envClientSecret = process.env.CLIENTSECRET || process.env.CLIENT_SECRET;
+  if (envClientId && envClientSecret) {
     return {
-      clientId: clientId,
-      clientSecret: clientSecret
+      clientId: String(envClientId).trim(),
+      clientSecret: String(envClientSecret).trim()
     };
-  } catch (error) {
-    logger.warn(`Failed to load credentials from secrets.local.yaml: ${error.message}`);
-    return null;
   }
+
+  return null;
 }
 
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.36.0",
+  "version": "2.36.1",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {

package/integration/test-hubspot/wizard.yaml

@@ -1,8 +0,0 @@
-appName: test-hubspot
-mode: create-system
-source:
-  type: openapi-file
-  filePath: /workspace/aifabrix-builder/integration/hubspot/companies.json
-credential:
-  action: skip
-preferences: {}