@aifabrix/builder 2.37.5 → 2.37.9

package/lib/commands/up-miso.js

@@ -140,8 +140,8 @@ async function handleUpMiso(options = {}) {
   const devIdNum = typeof developerId === 'string' ? parseInt(developerId, 10) : developerId;
   await setMisoSecretsAndResolve(devIdNum);
   await runMisoApps(options);
-  logger.log(chalk.green('\n✓ up-miso complete. Keycloak, miso-controller, and dataplane are running.'));
-  logger.log(chalk.gray('  Run onboarding and register Keycloak from the miso-controller repo if needed.'));
+  logger.log(chalk.green('\n✓ up-miso complete. Keycloak, miso-controller, and dataplane are running.') +
+    chalk.gray('\n  Run onboarding and register Keycloak from the miso-controller repo if needed.'));
 }
 
 module.exports = { handleUpMiso, parseImageOptions };

package/lib/commands/wizard-core.js

@@ -338,6 +338,44 @@ async function validateWizardConfiguration(dataplaneUrl, authConfig, systemConfi
   }
 }
 
+/**
+ * Fetches deployment docs and writes README.md when variables.yaml and deploy JSON are available.
+ * @async
+ * @param {string} appPath - Application path
+ * @param {string} appName - Application name
+ * @param {string} dataplaneUrl - Dataplane URL
+ * @param {Object} authConfig - Authentication configuration
+ * @param {string} systemKey - System key
+ */
+async function tryUpdateReadmeFromDeploymentDocs(appPath, appName, dataplaneUrl, authConfig, systemKey) {
+  const variablesPath = path.join(appPath, 'variables.yaml');
+  const deployPath = path.join(appPath, `${appName}-deploy.json`);
+  let variablesYaml = null;
+  let deployJson = null;
+  try {
+    variablesYaml = await fs.readFile(variablesPath, 'utf8');
+  } catch {
+    // optional
+  }
+  try {
+    const deployContent = await fs.readFile(deployPath, 'utf8');
+    deployJson = JSON.parse(deployContent);
+  } catch {
+    // optional
+  }
+  const hasBody = variablesYaml !== null || deployJson !== null;
+  const body = hasBody ? { variablesYaml: variablesYaml || null, deployJson: deployJson || null } : null;
+  const docsResponse = body
+    ? await postDeploymentDocs(dataplaneUrl, authConfig, systemKey, body)
+    : await getDeploymentDocs(dataplaneUrl, authConfig, systemKey);
+  const content = docsResponse?.data?.content ?? docsResponse?.content;
+  if (content && typeof content === 'string') {
+    const readmePath = path.join(appPath, 'README.md');
+    await fs.writeFile(readmePath, content, 'utf8');
+    logger.log(chalk.gray('  Updated README.md from deployment-docs API (variables.yaml + deploy JSON).'));
+  }
+}
+
 /**
  * Handle file saving step
  * @async
@@ -357,33 +395,7 @@ async function handleFileSaving(appName, systemConfig, datasourceConfigs, system
     const generatedFiles = await generateWizardFiles(appName, systemConfig, datasourceConfigs, systemKey, { aiGeneratedReadme: null });
     if (systemKey && dataplaneUrl && authConfig && generatedFiles.appPath) {
       try {
-        const appPath = generatedFiles.appPath;
-        const deployKey = appName;
-        const variablesPath = path.join(appPath, 'variables.yaml');
-        const deployPath = path.join(appPath, `${deployKey}-deploy.json`);
-        let variablesYaml = null;
-        let deployJson = null;
-        try {
-          variablesYaml = await fs.readFile(variablesPath, 'utf8');
-        } catch {
-          // optional
-        }
-        try {
-          const deployContent = await fs.readFile(deployPath, 'utf8');
-          deployJson = JSON.parse(deployContent);
-        } catch {
-          // optional
-        }
-        const body = (variablesYaml !== null && variablesYaml !== undefined) || (deployJson !== null && deployJson !== undefined) ? { variablesYaml: variablesYaml || null, deployJson: deployJson || null } : null;
-        const docsResponse = body
-          ? await postDeploymentDocs(dataplaneUrl, authConfig, systemKey, body)
-          : await getDeploymentDocs(dataplaneUrl, authConfig, systemKey);
-        const content = docsResponse?.data?.content ?? docsResponse?.content;
-        if (content && typeof content === 'string') {
-          const readmePath = path.join(appPath, 'README.md');
-          await fs.writeFile(readmePath, content, 'utf8');
-          logger.log(chalk.gray('  Updated README.md from deployment-docs API (variables.yaml + deploy JSON).'));
-        }
+        await tryUpdateReadmeFromDeploymentDocs(generatedFiles.appPath, appName, dataplaneUrl, authConfig, systemKey);
       } catch (e) {
         logger.log(chalk.gray(`  Could not fetch AI-generated README: ${e.message}`));
       }

package/lib/core/config.js

@@ -405,9 +405,24 @@ async function ensureSecretsEncryptionKey() {
   await run({ getSecretsEncryptionKey, setSecretsEncryptionKey, getSecretsPath });
 }
 
+/**
+ * Expand leading ~ to home directory so config paths like ~/.aifabrix/secrets.local.yaml resolve correctly.
+ * @param {string} filePath - Path that may start with ~ or ~/
+ * @returns {string} Path with ~ expanded, or unchanged if no leading ~
+ */
+function expandTilde(filePath) {
+  if (!filePath || typeof filePath !== 'string') return filePath;
+  if (filePath === '~') return os.homedir();
+  if (filePath.startsWith('~/') || filePath.startsWith('~' + path.sep)) {
+    return path.join(os.homedir(), filePath.slice(2));
+  }
+  return filePath;
+}
+
 async function getSecretsPath() {
   const config = await getConfig();
-  return config['aifabrix-secrets'] || config['secrets-path'] || null;
+  const raw = config['aifabrix-secrets'] || config['secrets-path'] || null;
+  return raw ? expandTilde(raw) : null;
 }
 
 async function setSecretsPath(secretsPath) {

package/lib/core/secrets.js

@@ -132,28 +132,57 @@ async function decryptSecretsObject(secrets) {
  * const secrets = await loadSecrets(undefined, 'myapp');
  */
 
+/**
+ * Merges config file secrets into user secrets (user wins). Returns null if path missing or config empty.
+ * @param {Object} userSecrets - User secrets object
+ * @param {string} resolvedConfigPath - Absolute path to config secrets file
+ * @returns {Object|null} Merged secrets or null
+ */
+function mergeUserWithConfigFile(userSecrets, resolvedConfigPath) {
+  if (!fs.existsSync(resolvedConfigPath)) {
+    return null;
+  }
+  let configSecrets;
+  try {
+    configSecrets = readYamlAtPath(resolvedConfigPath);
+  } catch (loadError) {
+    throw new Error(`Failed to load secrets file ${resolvedConfigPath}: ${loadError.message}`);
+  }
+  if (!configSecrets || typeof configSecrets !== 'object') {
+    return null;
+  }
+  const merged = { ...userSecrets };
+  for (const key of Object.keys(configSecrets)) {
+    if (!(key in merged) || merged[key] === undefined || merged[key] === null || merged[key] === '') {
+      merged[key] = configSecrets[key];
+    }
+  }
+  return merged;
+}
+
 /**
  * Loads config secrets path, merges with user secrets (user overrides). Used by loadSecrets cascade.
  * @async
  * @returns {Promise<Object|null>} Merged secrets object or null
  */
 async function loadMergedConfigAndUserSecrets() {
+  const userSecrets = loadUserSecrets();
+  const hasKeys = (obj) => obj && Object.keys(obj).length > 0;
+  const userOrNull = () => (hasKeys(userSecrets) ? userSecrets : null);
   try {
     const configSecretsPath = await config.getSecretsPath();
-    if (!configSecretsPath) return null;
+    if (!configSecretsPath) {
+      return userOrNull();
+    }
     const resolvedConfigPath = path.isAbsolute(configSecretsPath)
       ? configSecretsPath
       : path.resolve(process.cwd(), configSecretsPath);
-    if (!fs.existsSync(resolvedConfigPath)) return null;
-    const configSecrets = readYamlAtPath(resolvedConfigPath);
-    if (!configSecrets || typeof configSecrets !== 'object') return null;
-    const merged = { ...configSecrets };
-    const userSecrets = loadUserSecrets();
-    for (const key of Object.keys(userSecrets)) {
-      merged[key] = userSecrets[key];
+    const merged = mergeUserWithConfigFile(userSecrets, resolvedConfigPath);
+    return merged !== null ? merged : userOrNull();
+  } catch (error) {
+    if (error.message && error.message.startsWith('Failed to load secrets file')) {
+      throw error;
     }
-    return merged;
-  } catch {
     return null;
   }
 }
@@ -229,22 +258,11 @@ async function resolveKvReferences(envTemplate, secrets, environment = 'local',
   return replaceKvInContent(resolved, secrets, envVars);
 }
 
-/**
- * Applies environment-specific transformations to resolved content
- * @async
- * @function applyEnvironmentTransformations
- * @param {string} resolved - Resolved environment content
- * @param {string} environment - Environment context
- * @param {string} variablesPath - Path to variables.yaml file
- * @returns {Promise<string>} Transformed content
- */
+/** Applies environment-specific transformations to resolved content. */
 async function applyEnvironmentTransformations(resolved, environment, variablesPath) {
   if (environment === 'docker') {
     resolved = await resolveServicePortsInEnvContent(resolved, environment);
     resolved = await rewriteInfraEndpoints(resolved, 'docker');
-    // Interpolate ${VAR} references created by rewriteInfraEndpoints
-    // Get the actual host and port values from env-endpoints.js directly
-    // to ensure they are correctly populated in envVars for interpolation
     const { getEnvHosts, getServiceHost, getServicePort, getLocalhostOverride } = require('../utils/env-endpoints');
     const hosts = await getEnvHosts('docker');
     const localhostOverride = getLocalhostOverride('docker');
@@ -252,10 +270,7 @@ async function applyEnvironmentTransformations(resolved, environment, variablesP
     const redisPort = await getServicePort('REDIS_PORT', 'redis', hosts, 'docker', null);
     const dbHost = getServiceHost(hosts.DB_HOST, 'docker', 'postgres', localhostOverride);
     const dbPort = await getServicePort('DB_PORT', 'postgres', hosts, 'docker', null);
-
-    // Build envVars map and ensure it has the correct values
     const envVars = await buildEnvVarMap('docker');
-    // Override with the actual values that were just set by rewriteInfraEndpoints
     envVars.REDIS_HOST = redisHost;
     envVars.REDIS_PORT = String(redisPort);
     envVars.DB_HOST = dbHost;
@@ -269,35 +284,15 @@ async function applyEnvironmentTransformations(resolved, environment, variablesP
   return resolved;
 }
 
-/**
- * Generates .env file content from template and secrets (without writing to disk)
- * @async
- * @function generateEnvContent
- * @param {string} appName - Name of the application
- * @param {string} [secretsPath] - Path to secrets file (optional)
- * @param {string} [environment='local'] - Environment context
- * @param {boolean} [force=false] - Generate missing secret keys in secrets file
- * @returns {Promise<string>} Generated .env file content
- * @throws {Error} If generation fails
- */
+/** Generates .env file content from template and secrets (without writing to disk). */
 async function generateEnvContent(appName, secretsPath, environment = 'local', force = false) {
   const builderPath = pathsUtil.getBuilderPath(appName);
   const templatePath = path.join(builderPath, 'env.template');
   const variablesPath = path.join(builderPath, 'variables.yaml');
-
   const template = loadEnvTemplate(templatePath);
   const secretsPaths = await getActualSecretsPath(secretsPath, appName);
-
   if (force) {
-    // Use the same path resolution logic as loadSecrets
-    // If explicit path provided, use it; otherwise use the path that loadUserSecrets() would use
-    let secretsFileForGeneration;
-    if (secretsPath) {
-      secretsFileForGeneration = resolveSecretsPath(secretsPath);
-    } else {
-      // Use the same path that loadUserSecrets() would use (now uses paths.getAifabrixHome())
-      secretsFileForGeneration = secretsPaths.userPath;
-    }
+    const secretsFileForGeneration = secretsPath ? resolveSecretsPath(secretsPath) : secretsPaths.userPath;
     await generateMissingSecrets(template, secretsFileForGeneration);
   }
 
@@ -472,9 +467,6 @@ REDIS_COMMANDER_PASSWORD=${postgresPassword}
   fs.writeFileSync(adminEnvPath, adminSecrets, { mode: 0o600 });
   return adminEnvPath;
 }
-
-// validateSecrets is imported from ./utils/secrets-helpers
-
 module.exports = {
   loadSecrets,
   resolveKvReferences,

package/lib/deployment/environment.js

@@ -82,20 +82,8 @@ async function getEnvironmentAuth(controllerUrl) {
  * @returns {Promise<Object>} Deployment result
  * @throws {Error} If deployment fails
  */
-/**
- * Loads and validates environment deploy config from a JSON file
- * @param {string} configPath - Absolute or relative path to config JSON
- * @returns {Object} Valid deploy request { environmentConfig, dryRun? }
- * @throws {Error} If file missing, invalid JSON, or validation fails
- */
-function loadAndValidateEnvironmentDeployConfig(configPath) {
-  const resolvedPath = path.isAbsolute(configPath) ? configPath : path.resolve(process.cwd(), configPath);
-  if (!fs.existsSync(resolvedPath)) {
-    throw new Error(
-      `Environment config file not found: ${resolvedPath}\n` +
-      'Use --config <file> with a JSON file containing "environmentConfig" (e.g. templates/infra/environment-dev.json).'
-    );
-  }
+/** Reads and parses config file; throws if missing, unreadable, or invalid structure. */
+function parseEnvironmentConfigFile(resolvedPath) {
   let raw;
   try {
     raw = fs.readFileSync(resolvedPath, 'utf8');
@@ -124,14 +112,21 @@ function loadAndValidateEnvironmentDeployConfig(configPath) {
     );
   }
   if (typeof parsed.environmentConfig !== 'object' || parsed.environmentConfig === null) {
-    throw new Error(
-      `"environmentConfig" must be an object. File: ${resolvedPath}`
-    );
+    throw new Error(`"environmentConfig" must be an object. File: ${resolvedPath}`);
   }
+  return parsed;
+}
+
+/**
+ * Validates parsed config against schema and returns deploy request.
+ * @param {Object} parsed - Parsed config object
+ * @param {string} resolvedPath - Path for error messages
+ * @returns {Object} { environmentConfig, dryRun? }
+ */
+function validateEnvironmentDeployParsed(parsed, resolvedPath) {
   const ajv = new Ajv({ allErrors: true, strict: false });
   const validate = ajv.compile(environmentDeployRequestSchema);
-  const valid = validate(parsed);
-  if (!valid) {
+  if (!validate(parsed)) {
     const messages = formatValidationErrors(validate.errors);
     throw new Error(
       `Environment config validation failed (${resolvedPath}):\n  • ${messages.join('\n  • ')}\n` +
@@ -144,6 +139,24 @@ function loadAndValidateEnvironmentDeployConfig(configPath) {
   };
 }
 
+/**
+ * Loads and validates environment deploy config from a JSON file
+ * @param {string} configPath - Absolute or relative path to config JSON
+ * @returns {Object} Valid deploy request { environmentConfig, dryRun? }
+ * @throws {Error} If file missing, invalid JSON, or validation fails
+ */
+function loadAndValidateEnvironmentDeployConfig(configPath) {
+  const resolvedPath = path.isAbsolute(configPath) ? configPath : path.resolve(process.cwd(), configPath);
+  if (!fs.existsSync(resolvedPath)) {
+    throw new Error(
+      `Environment config file not found: ${resolvedPath}\n` +
+      'Use --config <file> with a JSON file containing "environmentConfig" (e.g. templates/infra/environment-dev.json).'
+    );
+  }
+  const parsed = parseEnvironmentConfigFile(resolvedPath);
+  return validateEnvironmentDeployParsed(parsed, resolvedPath);
+}
+
 /**
  * Builds environment deployment request from options (config file required)
  * @function buildEnvironmentDeploymentRequest
@@ -479,8 +492,6 @@ async function deployEnvironment(envKey, options = {}) {
     throw error;
   }
 }
-
 module.exports = {
   deployEnvironment
 };
-

package/lib/utils/paths.js

@@ -31,11 +31,15 @@ function safeHomedir() {
 }
 
 /**
- * Returns the path to the config file (AIFABRIX_HOME env or ~/.aifabrix).
- * Used so getAifabrixHome can read from the same location as config.js.
+ * Returns the path to the config directory (same precedence as config.js so both read the same config).
+ * Priority: AIFABRIX_CONFIG (dirname) → AIFABRIX_HOME → ~/.aifabrix.
  * @returns {string} Absolute path to config directory
  */
 function getConfigDirForPaths() {
+  const configFile = process.env.AIFABRIX_CONFIG && typeof process.env.AIFABRIX_CONFIG === 'string';
+  if (configFile) {
+    return path.dirname(path.resolve(process.env.AIFABRIX_CONFIG.trim()));
+  }
   if (process.env.AIFABRIX_HOME && typeof process.env.AIFABRIX_HOME === 'string') {
     return path.resolve(process.env.AIFABRIX_HOME.trim());
   }
@@ -480,7 +484,6 @@ async function detectAppType(appName, options = {}) {
   // Check builder folder (backward compatibility)
   return checkBuilderFolder(appName);
 }
-
 module.exports = {
   getAifabrixHome,
   getConfigDirForPaths,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.37.5",
+  "version": "2.37.9",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {