@aifabrix/builder 2.39.3 → 2.40.0

package/lib/deployment/deployer.js

@@ -15,6 +15,7 @@ const logger = require('../utils/logger');
 const { validateControllerUrl, validateEnvironmentKey } = require('../utils/deployment-validation');
 const { handleDeploymentError, handleDeploymentErrors } = require('../utils/deployment-errors');
 const { validatePipeline, deployPipeline, getPipelineDeployment } = require('../api/pipeline.api');
+const { getAuthUser } = require('../api/auth.api');
 const { handleValidationResponse } = require('../utils/deployment-validation-helpers');
 const {
   convertToPipelineAuthConfig,
@@ -36,73 +37,72 @@ function transformExternalManifestForPipeline(manifest) {
 
 /**
  * Build validation data for deployment
+ * When authenticated with bearer token only, clientId/clientSecret are not sent (controller uses token).
  * @async
  * @param {Object} manifest - Application manifest/config
  * @param {string} validatedEnvKey - Validated environment key
  * @param {Object} authConfig - Authentication configuration
  * @param {Object} options - Additional options
- * @returns {Promise<Object>} Object with validationData and pipelineAuthConfig
+ * @returns {Promise<Object>} Object with validationData, pipelineAuthConfig, and useBearerOnly
  */
 async function buildValidationData(manifest, validatedEnvKey, authConfig, options) {
-  const tokenManager = require('../utils/token-manager');
-  let clientId;
-  let clientSecret;
-  let pipelineAuthConfig;
+  const repositoryUrl = options.repositoryUrl || `https://github.com/aifabrix/${manifest.key}`;
 
-  try {
-    const credentials = await tokenManager.extractClientCredentials(
-      authConfig,
-      manifest.key,
-      validatedEnvKey,
-      options
-    );
-    clientId = credentials.clientId;
-    clientSecret = credentials.clientSecret;
-    pipelineAuthConfig = {
-      type: 'client-credentials',
-      clientId,
-      clientSecret
+  if (authConfig.type === 'bearer' && authConfig.token && !authConfig.clientId) {
+    const pipelineAuthConfig = { type: 'bearer', token: authConfig.token };
+    const validationData = {
+      clientId: manifest.key,
+      repositoryUrl,
+      applicationConfig: manifest
     };
-  } catch (credError) {
-    if (authConfig.type === 'bearer' && authConfig.token) {
-      pipelineAuthConfig = { type: 'bearer', token: authConfig.token };
-      clientId = manifest.key;
-      clientSecret = '';
-    } else {
-      throw credError;
-    }
+    return { validationData, pipelineAuthConfig, useBearerOnly: true };
   }
 
-  const repositoryUrl = options.repositoryUrl || `https://github.com/aifabrix/${manifest.key}`;
+  const tokenManager = require('../utils/token-manager');
+  const credentials = await tokenManager.extractClientCredentials(
+    authConfig,
+    manifest.key,
+    validatedEnvKey,
+    options
+  );
+  const pipelineAuthConfig = {
+    type: 'client-credentials',
+    clientId: credentials.clientId,
+    clientSecret: credentials.clientSecret
+  };
   const validationData = {
-    clientId: clientId || '',
-    clientSecret: clientSecret || '',
-    repositoryUrl: repositoryUrl,
+    clientId: credentials.clientId || '',
+    clientSecret: credentials.clientSecret || '',
+    repositoryUrl,
     applicationConfig: manifest
   };
-
-  return { validationData, pipelineAuthConfig };
+  return { validationData, pipelineAuthConfig, useBearerOnly: false };
 }
 
 /**
  * Handle authentication errors during validation
  * @param {Error} error - Error object
  * @param {string} appKey - Application key
+ * @param {boolean} [useBearerOnly] - True when auth was bearer token only (no client id/secret sent)
  * @throws {Error} Enhanced authentication error
  */
-function handleValidationAuthError(error, appKey) {
-  if (error.status === 401 || (error.response && error.response.status === 401)) {
-    const authError = new Error(
-      `Authentication failed: Invalid or expired credentials for application '${appKey}'.\n` +
-      'The provided Client ID and Client Secret are incorrect or have been revoked.\n\n' +
-      '💡 If the application already exists, rotate the secret:\n' +
-      `   aifabrix app rotate-secret ${appKey}\n\n` +
-      '💡 Otherwise, ensure credentials are correct in ~/.aifabrix/secrets.local.yaml or use --client-id and --client-secret flags.'
-    );
-    authError.status = 401;
-    authError.originalError = error;
-    throw authError;
+function handleValidationAuthError(error, appKey, useBearerOnly) {
+  if (error.status !== 401 && (!error.response || error.response.status !== 401)) {
+    return;
   }
+  const authError = new Error(
+    useBearerOnly
+      ? 'Authentication failed: Your authentication token is invalid or expired.\n\n' +
+        'To authenticate, run:\n  aifabrix login --method device --controller <url>'
+      : `Authentication failed: Invalid or expired credentials for application '${appKey}'.\n` +
+        'The provided Client ID and Client Secret are incorrect or have been revoked.\n\n' +
+        '💡 If the application already exists, rotate the secret:\n' +
+        `   aifabrix app rotate-secret ${appKey}\n\n` +
+        '💡 Otherwise, ensure credentials are correct in ~/.aifabrix/secrets.local.yaml or use --client-id and --client-secret flags.'
+  );
+  authError.status = 401;
+  authError.originalError = error;
+  throw authError;
 }
 
 /**
@@ -122,8 +122,8 @@ async function validateDeployment(url, envKey, manifest, authConfig, options = {
   const validatedEnvKey = validateEnvironmentKey(envKey);
   const maxRetries = options.maxRetries || 3;
 
-  // Build validation data
-  const { validationData, pipelineAuthConfig } = await buildValidationData(manifest, validatedEnvKey, authConfig, options);
+  // Build validation data (bearer-only: no clientId/clientSecret sent)
+  const { validationData, pipelineAuthConfig, useBearerOnly } = await buildValidationData(manifest, validatedEnvKey, authConfig, options);
 
   let lastError;
   for (let attempt = 1; attempt <= maxRetries; attempt++) {
@@ -133,8 +133,8 @@ async function validateDeployment(url, envKey, manifest, authConfig, options = {
     } catch (error) {
       lastError = error;
 
-      // Handle authentication errors (401) - credentials are invalid, not missing
-      handleValidationAuthError(error, manifest.key);
+      // Handle authentication errors (401)
+      handleValidationAuthError(error, manifest.key, useBearerOnly);
 
       const shouldRetry = attempt < maxRetries && error.status && error.status >= 500;
       if (shouldRetry) {
@@ -310,6 +310,32 @@ async function pollDeploymentStatus(deploymentId, controllerUrl, envKey, authCon
   throw new Error('Deployment timeout: Maximum polling attempts reached');
 }
 
+/**
+ * When using bearer token only (no client credentials), verify token is valid before deploy.
+ * @async
+ * @param {string} controllerUrl - Controller URL
+ * @param {Object} authConfig - Authentication configuration
+ * @throws {Error} If token is invalid or expired
+ */
+async function ensureBearerTokenValid(controllerUrl, authConfig) {
+  if (authConfig.type !== 'bearer' || !authConfig.token || authConfig.clientId) {
+    return;
+  }
+  try {
+    const response = await getAuthUser(controllerUrl, authConfig);
+    if (response && response.success && response.data && response.data.authenticated !== false) {
+      return;
+    }
+  } catch (_) {
+    // Fall through to throw below
+  }
+  throw new Error(
+    'Your authentication token is invalid or expired.\n\n' +
+    'Run: aifabrix login --method device --controller <url>\n\n' +
+    'Then run deploy again.'
+  );
+}
+
 /**
  * Validates and sends deployment request to controller
  * Implements two-step process: validate then deploy
@@ -322,6 +348,8 @@ async function pollDeploymentStatus(deploymentId, controllerUrl, envKey, authCon
  * @returns {Promise<Object>} Deployment result
  */
 async function sendDeployment(url, validatedEnvKey, manifest, authConfig, options) {
+  await ensureBearerTokenValid(url, authConfig);
+
   // Step 1: Validate deployment
   logger.log(chalk.blue('🔍 Validating deployment configuration...'));
   const validateResult = await validateDeployment(url, validatedEnvKey, manifest, authConfig, {

package/lib/external-system/delete.js

@@ -50,7 +50,6 @@ async function getAuthAndDataplane(systemKey, _options) {
   const { resolveDataplaneUrl } = require('../utils/dataplane-resolver');
   logger.log(chalk.blue('🌐 Resolving dataplane URL...'));
   const dataplaneUrl = await resolveDataplaneUrl(controllerUrl, environment, authConfig);
-  logger.log(chalk.green(`✓ Dataplane URL: ${dataplaneUrl}`));
 
   return { authConfig, dataplaneUrl, environment, controllerUrl };
 }

package/lib/external-system/deploy-helpers.js

@@ -11,11 +11,10 @@
 const fs = require('fs').promises;
 const fsSync = require('fs');
 const path = require('path');
-const yaml = require('js-yaml');
 const { detectAppType, getDeployJsonPath } = require('../utils/paths');
 
 /**
- * Loads variables.yaml for an application
+ * Loads application config for an application
  * @async
  * @function loadVariablesYaml
  * @param {string} appName - Application name
@@ -23,11 +22,11 @@ const { detectAppType, getDeployJsonPath } = require('../utils/paths');
  * @throws {Error} If file cannot be loaded
  */
 async function loadVariablesYaml(appName) {
-  // Detect app type and get correct path (integration or builder)
   const { appPath } = await detectAppType(appName);
-  const variablesPath = path.join(appPath, 'variables.yaml');
-  const content = await fs.readFile(variablesPath, 'utf8');
-  return yaml.load(content);
+  const { resolveApplicationConfigPath } = require('../utils/app-config-resolver');
+  const { loadConfigFile } = require('../utils/config-format');
+  const configPath = resolveApplicationConfigPath(appPath);
+  return loadConfigFile(configPath);
 }
 
 /**

package/lib/external-system/deploy.js

@@ -13,6 +13,8 @@ const chalk = require('chalk');
 const { getDeploymentAuth } = require('../utils/token-manager');
 const logger = require('../utils/logger');
 const { resolveControllerUrl } = require('../utils/controller-url');
+const { detectAppType } = require('../utils/paths');
+const { logOfflinePathWhenType } = require('../utils/cli-utils');
 const { resolveDataplaneUrl } = require('../utils/dataplane-resolver');
 const { getExternalSystem } = require('../api/external-systems.api');
 const { generateControllerManifest } = require('../generator/external-controller-manifest');
@@ -132,11 +134,14 @@ async function prepareDeploymentConfig(appName, _options) {
  */
 async function deployExternalSystem(appName, options = {}) {
   try {
+    const { appPath } = await detectAppType(appName);
+    logOfflinePathWhenType(appPath);
+
     logger.log(chalk.blue(`\n🚀 Deploying external system: ${appName}`));
 
     // Step 0: Validate before deployment (same as validate command)
     logger.log(chalk.blue('🔍 Validating external system before deployment...'));
-    const validationResult = await validateExternalSystemComplete(appName);
+    const validationResult = await validateExternalSystemComplete(appName, options);
 
     if (!validationResult.valid) {
       displayValidationResults(validationResult);
@@ -146,7 +151,7 @@ async function deployExternalSystem(appName, options = {}) {
     logger.log(chalk.green('✓ Validation passed, proceeding with deployment...'));
 
     // Step 1: Generate controller manifest (validated, ready for deployment)
-    const manifest = await generateControllerManifest(appName);
+    const manifest = await generateControllerManifest(appName, options);
 
     // Step 2: Get deployment configuration (auth, controller URL, etc.)
     const { environment, controllerUrl, authConfig } = await prepareDeploymentConfig(appName, options);

package/lib/external-system/download-helpers.js

@@ -11,14 +11,14 @@
 const { generateExternalReadmeContent } = require('../utils/external-readme');
 
 /**
- * Generates variables.yaml content for downloaded system
+ * Generates application.yaml content for downloaded system
  * @param {string} systemKey - System key
  * @param {Object} application - External system configuration
  * @param {Array} dataSources - Array of datasource configurations
  * @returns {Object} Variables YAML object
  */
 function generateVariablesYaml(systemKey, application, dataSources) {
-  const systemFileName = `${systemKey}-system.json`;
+  const systemFileName = `${systemKey}-system.yaml`;
   const datasourceFiles = dataSources.map(ds => {
     // Extract datasource key (remove system key prefix if present)
     const datasourceKey = ds.key || '';
@@ -29,7 +29,7 @@ function generateVariablesYaml(systemKey, application, dataSources) {
       const entityType = ds.entityType || ds.entityKey || datasourceKey.split('-').pop();
       datasourceKeyOnly = entityType;
     }
-    return `${systemKey}-datasource-${datasourceKeyOnly}.json`;
+    return `${systemKey}-datasource-${datasourceKeyOnly}.yaml`;
   });
 
   return {
@@ -73,7 +73,7 @@ function generateReadme(systemKey, application, dataSources) {
     return {
       entityType: datasourceKeyOnly,
       displayName: ds.displayName || ds.name || ds.key || `Datasource ${index + 1}`,
-      fileName: `${systemKey}-datasource-${datasourceKeyOnly}.json`
+      fileName: `${systemKey}-datasource-${datasourceKeyOnly}.yaml`
     };
   });
 

package/lib/external-system/download.js

@@ -19,6 +19,7 @@ const { getDeploymentAuth } = require('../utils/token-manager');
 const { getConfig } = require('../core/config');
 const { detectAppType } = require('../utils/paths');
 const logger = require('../utils/logger');
+const { writeConfigFile } = require('../utils/config-format');
 const { generateEnvTemplate } = require('../utils/external-system-env-helpers');
 const { generateVariablesYaml, generateReadme } = require('./download-helpers');
 const { resolveControllerUrl } = require('../utils/controller-url');
@@ -201,9 +202,9 @@ async function downloadSystemConfiguration(dataplaneUrl, systemKey, authConfig)
  * @returns {Promise<string>} System file path
  */
 async function generateSystemFile(tempDir, systemKey, application) {
-  const systemFileName = `${systemKey}-system.json`;
+  const systemFileName = `${systemKey}-system.yaml`;
   const systemFilePath = path.join(tempDir, systemFileName);
-  await fs.writeFile(systemFilePath, JSON.stringify(application, null, 2), 'utf8');
+  writeConfigFile(systemFilePath, application);
   return systemFilePath;
 }
 
@@ -230,9 +231,9 @@ async function generateDatasourceFiles(tempDir, systemKey, dataSources) {
         const entityType = datasource.entityType || datasource.entityKey || datasourceKey.split('-').pop();
         datasourceKeyOnly = entityType;
       }
-      const datasourceFileName = `${systemKey}-datasource-${datasourceKeyOnly}.json`;
+      const datasourceFileName = `${systemKey}-datasource-${datasourceKeyOnly}.yaml`;
       const datasourceFilePath = path.join(tempDir, datasourceFileName);
-      await fs.writeFile(datasourceFilePath, JSON.stringify(datasource, null, 2), 'utf8');
+      writeConfigFile(datasourceFilePath, datasource);
       datasourceFiles.push(datasourceFilePath);
     } catch (error) {
       datasourceErrors.push(new Error(`Failed to write datasource ${datasource.key}: ${error.message}`));
@@ -242,7 +243,7 @@ async function generateDatasourceFiles(tempDir, systemKey, dataSources) {
 }
 
 /**
- * Generates configuration files (variables.yaml, env.template, README.md)
+ * Generates configuration files (application.yaml, env.template, README.md)
  * @async
  * @function generateConfigFiles
  * @param {string} tempDir - Temporary directory
@@ -252,9 +253,9 @@ async function generateDatasourceFiles(tempDir, systemKey, dataSources) {
  * @returns {Promise<Object>} Object with file paths
  */
 async function generateConfigFiles(tempDir, systemKey, application, dataSources) {
-  // Generate variables.yaml
+  // Generate application.yaml
   const variables = generateVariablesYaml(systemKey, application, dataSources);
-  const variablesPath = path.join(tempDir, 'variables.yaml');
+  const variablesPath = path.join(tempDir, 'application.yaml');
   await fs.writeFile(variablesPath, yaml.dump(variables, { indent: 2, lineWidth: 120, noRefs: true }), 'utf8');
 
   // Generate env.template
@@ -307,7 +308,7 @@ async function moveFilesToFinalLocation(tempDir, finalPath, systemKey, filePaths
   const systemFileName = `${systemKey}-system.json`;
   const filesToMove = [
     { from: filePaths.systemFilePath, to: path.join(finalPath, systemFileName) },
-    { from: filePaths.variablesPath, to: path.join(finalPath, 'variables.yaml') },
+    { from: filePaths.variablesPath, to: path.join(finalPath, 'application.yaml') },
     { from: filePaths.envTemplatePath, to: path.join(finalPath, 'env.template') },
     { from: filePaths.readmePath, to: path.join(finalPath, 'README.md') }
   ];
@@ -347,8 +348,8 @@ function handleDryRun(systemKey, dataplaneUrl) {
   logger.log(chalk.gray(`  ${dataplaneUrl}/api/v1/external/systems/${systemKey}/config`));
   logger.log(chalk.yellow('\nWould create:'));
   logger.log(chalk.gray(`  integration/${systemKey}/`));
-  logger.log(chalk.gray(`  integration/${systemKey}/variables.yaml`));
-  logger.log(chalk.gray(`  integration/${systemKey}/${systemKey}-system.json`));
+  logger.log(chalk.gray(`  integration/${systemKey}/application.yaml`));
+  logger.log(chalk.gray(`  integration/${systemKey}/${systemKey}-system.yaml`));
   logger.log(chalk.gray(`  integration/${systemKey}/env.template`));
   logger.log(chalk.gray(`  integration/${systemKey}/README.md`));
 }

package/lib/external-system/generator.js

@@ -12,9 +12,10 @@
 const fs = require('fs').promises;
 const path = require('path');
 const handlebars = require('handlebars');
-const yaml = require('js-yaml');
 const chalk = require('chalk');
 const logger = require('../utils/logger');
+const { resolveApplicationConfigPath } = require('../utils/app-config-resolver');
+const { loadConfigFile, writeConfigFile } = require('../utils/config-format');
 
 // Register Handlebars helper for equality check
 handlebars.registerHelper('eq', (a, b) => a === b);
@@ -52,11 +53,12 @@ async function generateExternalSystemTemplate(appPath, systemKey, config) {
     };
 
     const rendered = template(context);
+    const parsed = JSON.parse(rendered);
 
-    // Generate in same folder as variables.yaml (new structure)
-    // Use naming: <app-name>-system.json
-    const outputPath = path.join(appPath, `${systemKey}-system.json`);
-    await fs.writeFile(outputPath, rendered, 'utf8');
+    // Generate in same folder as application.yaml (new structure)
+    // Use naming: <app-name>-system.yaml
+    const outputPath = path.join(appPath, `${systemKey}-system.yaml`);
+    writeConfigFile(outputPath, parsed);
 
     return outputPath;
   } catch (error) {
@@ -98,15 +100,16 @@ async function generateExternalDataSourceTemplate(appPath, datasourceKey, config
     };
 
     const rendered = template(context);
+    const datasourceConfig = JSON.parse(rendered);
 
-    // Generate in same folder as variables.yaml (new structure)
-    // Use naming: <app-name>-datasource-<datasource-key>.json
+    // Generate in same folder as application.yaml (new structure)
+    // Use naming: <app-name>-datasource-<datasource-key>.yaml
     // Extract datasource key (remove system key prefix if present)
     const datasourceKeyOnly = datasourceKey.includes('-') && datasourceKey.startsWith(`${config.systemKey}-`)
       ? datasourceKey.substring(config.systemKey.length + 1)
       : datasourceKey;
-    const outputPath = path.join(appPath, `${config.systemKey}-datasource-${datasourceKeyOnly}.json`);
-    await fs.writeFile(outputPath, rendered, 'utf8');
+    const outputPath = path.join(appPath, `${config.systemKey}-datasource-${datasourceKeyOnly}.yaml`);
+    writeConfigFile(outputPath, datasourceConfig);
 
     return outputPath;
   } catch (error) {
@@ -160,7 +163,7 @@ async function generateExternalSystemFiles(appPath, appName, config) {
       logger.log(chalk.green(`✓ Generated datasource: ${path.basename(datasourcePath)}`));
     }
 
-    // Update variables.yaml with externalIntegration block
+    // Update application.yaml with externalIntegration block
     await updateVariablesYamlWithExternalIntegration(appPath, systemKey, datasourcePaths);
 
     return {
@@ -173,7 +176,7 @@ async function generateExternalSystemFiles(appPath, appName, config) {
 }
 
 /**
- * Updates variables.yaml with externalIntegration block
+ * Updates application.yaml with externalIntegration block
  * @async
  * @function updateVariablesYamlWithExternalIntegration
  * @param {string} appPath - Application directory path
@@ -183,23 +186,22 @@ async function generateExternalSystemFiles(appPath, appName, config) {
  */
 async function updateVariablesYamlWithExternalIntegration(appPath, systemKey, datasourcePaths) {
   try {
-    const variablesPath = path.join(appPath, 'variables.yaml');
-    const variablesContent = await fs.readFile(variablesPath, 'utf8');
-    const variables = yaml.load(variablesContent);
+    const configPath = resolveApplicationConfigPath(appPath);
+    const variables = loadConfigFile(configPath);
 
     // Add externalIntegration block
     // Files are in same folder, so schemaBasePath is './'
     variables.externalIntegration = {
       schemaBasePath: './',
-      systems: [`${systemKey}-system.json`],
+      systems: [`${systemKey}-system.yaml`],
       dataSources: datasourcePaths.map(p => path.basename(p)),
       autopublish: true,
       version: '1.0.0'
     };
 
-    await fs.writeFile(variablesPath, yaml.dump(variables, { indent: 2, lineWidth: 120, noRefs: true }), 'utf8');
+    writeConfigFile(configPath, variables);
   } catch (error) {
-    throw new Error(`Failed to update variables.yaml: ${error.message}`);
+    throw new Error(`Failed to update application config: ${error.message}`);
   }
 }
 

package/lib/external-system/test.js

@@ -12,7 +12,6 @@
 const fs = require('fs').promises;
 const fsSync = require('fs');
 const path = require('path');
-const yaml = require('js-yaml');
 const chalk = require('chalk');
 const testHelpers = require('../utils/external-system-test-helpers');
 const { retryApiCall } = require('../utils/external-system-test-helpers');
@@ -39,30 +38,26 @@ const {
 } = require('./test-execution');
 
 /**
- * Loads and parses variables.yaml file
+ * Loads and parses application config file
  * @async
  * @function loadVariablesYamlFile
- * @param {string} variablesPath - Path to variables.yaml
+ * @param {string} variablesPath - Path to application config
  * @returns {Promise<Object>} Parsed variables
- * @throws {Error} If file not found or invalid YAML
+ * @throws {Error} If file not found or invalid
  */
 async function loadVariablesYamlFile(variablesPath) {
-  if (!fsSync.existsSync(variablesPath)) {
-    throw new Error(`variables.yaml not found: ${variablesPath}`);
-  }
-
-  const variablesContent = await fs.readFile(variablesPath, 'utf8');
+  const { loadConfigFile } = require('../utils/config-format');
   try {
-    const variables = yaml.load(variablesContent);
+    const variables = loadConfigFile(variablesPath);
     if (!variables.externalIntegration) {
-      throw new Error('externalIntegration block not found in variables.yaml');
+      throw new Error('externalIntegration block not found in application config');
     }
     return variables;
   } catch (error) {
     if (error.message.includes('externalIntegration')) {
       throw error;
     }
-    throw new Error(`Invalid YAML syntax in variables.yaml: ${error.message}`);
+    throw new Error(`Application config: ${error.message}`);
   }
 }
 
@@ -152,9 +147,9 @@ async function loadDatasourceFiles(datasourceFiles, schemaBasePath, appPath) {
  */
 async function loadExternalSystemFiles(appName) {
   const { appPath } = await detectAppType(appName);
-  const variablesPath = path.join(appPath, 'variables.yaml');
-
-  const variables = await loadVariablesYamlFile(variablesPath);
+  const { resolveApplicationConfigPath } = require('../utils/app-config-resolver');
+  const configPath = resolveApplicationConfigPath(appPath);
+  const variables = await loadVariablesYamlFile(configPath);
 
   const schemaBasePath = variables.externalIntegration.schemaBasePath || './';
   const systemFiles = variables.externalIntegration.systems || [];

package/lib/generator/builders.js

@@ -290,7 +290,7 @@ function addHealthCheckToDeployment(deployment, variables) {
  * @param {Object|null} rbac - RBAC configuration
  */
 function addRolesAndPermissions(deployment, variables, rbac) {
-  // Priority: variables.yaml > rbac.yaml
+  // Priority: application.yaml > rbac.yaml
   if (variables.roles) {
     deployment.roles = variables.roles;
   } else if (rbac && rbac.roles) {

package/lib/generator/external-controller-manifest.js

@@ -11,6 +11,7 @@
 
 const path = require('path');
 const { detectAppType } = require('../utils/paths');
+const { resolveApplicationConfigPath } = require('../utils/app-config-resolver');
 const { loadSystemFile, loadDatasourceFiles } = require('./external');
 const { loadVariables, loadRbac } = require('./helpers');
 
@@ -42,18 +43,18 @@ function mergeRbacIntoSystemJson(systemJson, rbac) {
  * @param {Object} options - Options with optional appPath
  * @returns {Promise<string>} Application path
  */
-async function resolveAppPath(appName, options) {
-  if (options.appPath) {
+async function resolveAppPath(appName, options = {}) {
+  if (options && options.appPath) {
     return options.appPath;
   }
-  const detected = await detectAppType(appName, { type: 'external' });
+  const detected = await detectAppType(appName);
   return detected.appPath;
 }
 
 /**
  * Extracts app metadata from variables
  * @function extractAppMetadata
- * @param {Object} variables - Parsed variables.yaml
+ * @param {Object} variables - Parsed application config
  * @param {string} appName - Application name
  * @returns {Object} App metadata { appKey, displayName, description }
  */
@@ -98,59 +99,55 @@ async function loadSystemWithRbac(appPath, schemaBasePath, systemFile) {
  * const manifest = await generateControllerManifest('my-hubspot');
  * // Returns: { key, displayName, description, type: "external", system: {...}, dataSources: [...] }
  */
+function normalizeSchemaBasePath(schemaBasePath, appPath, appName) {
+  const base = path.normalize(schemaBasePath || './').replace(/[/\\]+$/, '');
+  return base === path.join('integration', appName) ? './' : (schemaBasePath || './');
+}
+
 async function generateControllerManifest(appName, options = {}) {
   if (!appName || typeof appName !== 'string') {
     throw new Error('App name is required and must be a string');
   }
-
   const appPath = await resolveAppPath(appName, options);
-  const variablesPath = path.join(appPath, 'variables.yaml');
-  const { parsed: variables } = loadVariables(variablesPath);
-
+  const { parsed: variables } = loadVariables(resolveApplicationConfigPath(appPath));
   if (!variables.externalIntegration) {
-    throw new Error('externalIntegration block not found in variables.yaml');
+    throw new Error('externalIntegration block not found in application.yaml');
   }
-
   const metadata = extractAppMetadata(variables, appName);
-  const schemaBasePath = variables.externalIntegration.schemaBasePath || './';
+  const schemaBasePath = normalizeSchemaBasePath(
+    variables.externalIntegration.schemaBasePath,
+    appPath,
+    appName
+  );
   const systemFiles = variables.externalIntegration.systems || [];
-
   if (systemFiles.length === 0) {
     throw new Error('No system files specified in externalIntegration.systems');
   }
-
-  const systemJson = await loadSystemWithRbac(appPath, schemaBasePath, systemFiles[0]);
-  const datasourceFiles = variables.externalIntegration.dataSources || [];
-  const datasourceJsons = await loadDatasourceFiles(appPath, schemaBasePath, datasourceFiles);
-
+  const [systemJson, datasourceJsons] = await Promise.all([
+    loadSystemWithRbac(appPath, schemaBasePath, systemFiles[0]),
+    loadDatasourceFiles(appPath, schemaBasePath, variables.externalIntegration.dataSources || [])
+  ]);
   const appVersion = variables.app?.version || variables.externalIntegration?.version || '1.0.0';
-
-  // Build externalIntegration block (required by application schema for type: "external")
   const externalIntegration = {
-    schemaBasePath: schemaBasePath,
+    schemaBasePath,
     systems: systemFiles,
-    dataSources: datasourceFiles,
-    autopublish: variables.externalIntegration.autopublish !== false, // default true
+    dataSources: variables.externalIntegration.dataSources || [],
+    autopublish: variables.externalIntegration.autopublish !== false,
     version: appVersion
   };
-
-  const manifest = {
+  return {
     key: metadata.appKey,
     displayName: metadata.displayName,
     description: metadata.description,
     type: 'external',
     version: appVersion,
-    externalIntegration: externalIntegration,
-    // Inline system and dataSources for atomic deployment (optional but recommended)
+    externalIntegration,
     system: systemJson,
     dataSources: datasourceJsons,
-    // Explicitly set to false to satisfy conditional schema requirements
     requiresDatabase: false,
     requiresRedis: false,
     requiresStorage: false
   };
-
-  return manifest;
 }
 
 module.exports = {