npm - @aifabrix/builder - Versions diffs - 2.4.0 → 2.5.1 - Mend

@aifabrix/builder 2.4.0 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/README.md +3 -0
package/lib/app-down.js +123 -0
package/lib/app.js +4 -2
package/lib/build.js +19 -13
package/lib/cli.js +52 -9
package/lib/commands/secure.js +5 -40
package/lib/config.js +26 -4
package/lib/env-reader.js +3 -2
package/lib/generator.js +0 -9
package/lib/infra.js +30 -3
package/lib/schema/application-schema.json +0 -15
package/lib/schema/env-config.yaml +8 -8
package/lib/secrets.js +167 -253
package/lib/templates.js +10 -18
package/lib/utils/api-error-handler.js +182 -147
package/lib/utils/api.js +144 -354
package/lib/utils/build-copy.js +6 -13
package/lib/utils/compose-generator.js +2 -1
package/lib/utils/device-code.js +349 -0
package/lib/utils/env-config-loader.js +102 -0
package/lib/utils/env-copy.js +131 -0
package/lib/utils/env-endpoints.js +209 -0
package/lib/utils/env-map.js +116 -0
package/lib/utils/env-ports.js +60 -0
package/lib/utils/environment-checker.js +39 -6
package/lib/utils/image-name.js +49 -0
package/lib/utils/paths.js +22 -20
package/lib/utils/secrets-generator.js +3 -3
package/lib/utils/secrets-helpers.js +359 -0
package/lib/utils/secrets-path.js +12 -36
package/lib/utils/secrets-url.js +38 -0
package/lib/utils/secrets-utils.js +1 -42
package/lib/utils/variable-transformer.js +0 -9
package/package.json +1 -1
package/templates/applications/README.md.hbs +4 -2
package/templates/applications/miso-controller/env.template +1 -1
package/templates/infra/compose.yaml +4 -0
package/templates/infra/compose.yaml.hbs +9 -4

package/lib/secrets.js CHANGED Viewed

@@ -12,10 +12,24 @@
 const fs = require('fs');
 const path = require('path');
 const yaml = require('js-yaml');
-const chalk = require('chalk');
 const logger = require('./utils/logger');
 const config = require('./config');
-const devConfig = require('./utils/dev-config');
+const {
+  interpolateEnvVars,
+  collectMissingSecrets,
+  formatMissingSecretsFileInfo,
+  replaceKvInContent,
+  loadEnvTemplate,
+  processEnvVariables,
+  adjustLocalEnvPortsInContent,
+  rewriteInfraEndpoints,
+  readYamlAtPath,
+  applyCanonicalSecretsOverride,
+  ensureNonEmptySecrets,
+  validateSecrets
+} = require('./utils/secrets-helpers');
+const { buildEnvVarMap } = require('./utils/env-map');
+const { resolveServicePortsInEnvContent } = require('./utils/secrets-url');
 const {
   generateMissingSecrets,
   createDefaultSecrets
@@ -26,22 +40,28 @@ const {
 } = require('./utils/secrets-path');
 const {
   loadUserSecrets,
-  loadBuildSecrets,
-  loadDefaultSecrets,
-  buildHostnameToServiceMap,
-  resolveUrlPort
+  loadDefaultSecrets
 } = require('./utils/secrets-utils');
 const { decryptSecret, isEncrypted } = require('./utils/secrets-encryption');
 const pathsUtil = require('./utils/paths');
 /**
- * Loads environment configuration for docker/local context
- * @returns {Object} Environment configuration
+ * Generates a canonical secret name from an environment variable key.
+ * Converts to lowercase, replaces non-alphanumeric characters with hyphens,
+ * collapses consecutive hyphens, and trims leading/trailing hyphens.
+ *
+ * @function getCanonicalSecretName
+ * @param {string} key - Environment variable key (e.g., JWT_SECRET)
+ * @returns {string} Canonical secret name (e.g., jwt-secret)
  */
-function loadEnvConfig() {
-  const envConfigPath = path.join(__dirname, 'schema', 'env-config.yaml');
-  const content = fs.readFileSync(envConfigPath, 'utf8');
-  return yaml.load(content);
+function getCanonicalSecretName(key) {
+  if (!key || typeof key !== 'string') {
+    return '';
+  }
+  const lower = key.toLowerCase();
+  const hyphenated = lower.replace(/[^a-z0-9]/g, '-');
+  const collapsed = hyphenated.replace(/-+/g, '-');
+  return collapsed.replace(/^-+|-+$/g, '');
 }
 /**
@@ -89,13 +109,13 @@ async function decryptSecretsObject(secrets) {
 /**
  * Loads secrets with cascading lookup
  * Supports both user secrets (~/.aifabrix/secrets.local.yaml) and project overrides
- * User's file takes priority, then falls back to build.secrets from variables.yaml
+ * User's file takes priority, then falls back to aifabrix-secrets from config.yaml
  * Automatically decrypts values with secure:// prefix
  *
  * @async
  * @function loadSecrets
  * @param {string} [secretsPath] - Path to secrets file (optional, for explicit override)
- * @param {string} [appName] - Application name (optional, for variables.yaml lookup)
+ * @param {string} [appName] - Application name (optional, for backward compatibility)
  * @returns {Promise<Object>} Loaded secrets object with decrypted values
  * @throws {Error} If no secrets file found and no fallback available
  *
@@ -103,46 +123,28 @@ async function decryptSecretsObject(secrets) {
  * const secrets = await loadSecrets('../../secrets.local.yaml');
  * // Returns: { 'postgres-passwordKeyVault': 'admin123', ... }
  */
-async function loadSecrets(secretsPath, appName) {
-  let secrets;
-  // If explicit path provided, use it (backward compatibility)
+async function loadSecrets(secretsPath, _appName) {
+  // Explicit path branch
   if (secretsPath) {
     const resolvedPath = resolveSecretsPath(secretsPath);
     if (!fs.existsSync(resolvedPath)) {
       throw new Error(`Secrets file not found: ${resolvedPath}`);
     }
-    const content = fs.readFileSync(resolvedPath, 'utf8');
-    secrets = yaml.load(content);
-    if (!secrets || typeof secrets !== 'object') {
+    const explicitSecrets = readYamlAtPath(resolvedPath);
+    if (!explicitSecrets || typeof explicitSecrets !== 'object') {
       throw new Error(`Invalid secrets file format: ${resolvedPath}`);
     }
-  } else {
-    // Cascading lookup: user's file first
-    let mergedSecrets = loadUserSecrets();
-    // Then check build.secrets from variables.yaml if appName provided
-    if (appName) {
-      mergedSecrets = await loadBuildSecrets(mergedSecrets, appName);
-    }
-    // If still no secrets found, try default location
-    if (Object.keys(mergedSecrets).length === 0) {
-      mergedSecrets = loadDefaultSecrets();
-    }
-    // If still empty, throw error
-    if (Object.keys(mergedSecrets).length === 0) {
-      throw new Error('No secrets file found. Please create ~/.aifabrix/secrets.local.yaml or configure build.secrets in variables.yaml');
-    }
-    secrets = mergedSecrets;
+    return await decryptSecretsObject(explicitSecrets);
   }
-  // Decrypt encrypted values
-  return await decryptSecretsObject(secrets);
+  // Cascading lookup branch
+  let mergedSecrets = loadUserSecrets();
+  mergedSecrets = await applyCanonicalSecretsOverride(mergedSecrets);
+  if (Object.keys(mergedSecrets).length === 0) {
+    mergedSecrets = loadDefaultSecrets();
+  }
+  ensureNonEmptySecrets(mergedSecrets);
+  return await decryptSecretsObject(mergedSecrets);
 }
 /**
@@ -156,7 +158,7 @@ async function loadSecrets(secretsPath, appName) {
  * @param {string} [environment='local'] - Environment context (docker/local)
  * @param {Object|string|null} [secretsFilePaths] - Paths object with userPath and buildPath, or string path (for backward compatibility)
  * @param {string} [secretsFilePaths.userPath] - User's secrets file path
- * @param {string|null} [secretsFilePaths.buildPath] - App's build.secrets file path (if configured)
+ * @param {string|null} [secretsFilePaths.buildPath] - App's aifabrix-secrets file path (from config.yaml, if configured)
  * @param {string} [appName] - Application name (optional, for error messages)
  * @returns {Promise<string>} Resolved environment content
  * @throws {Error} If kv:// reference cannot be resolved
@@ -166,229 +168,168 @@ async function loadSecrets(secretsPath, appName) {
  * // Returns: 'DATABASE_URL=postgresql://user:pass@localhost:5432/db'
  */
 async function resolveKvReferences(envTemplate, secrets, environment = 'local', secretsFilePaths = null, appName = null) {
-  const envConfig = loadEnvConfig();
-  const envVars = envConfig.environments[environment] || envConfig.environments.local;
-  // First, replace ${VAR} references in the template itself (for variables like DB_HOST=${DB_HOST})
-  let resolved = envTemplate.replace(/\$\{([A-Z_]+)\}/g, (match, envVar) => {
-    return envVars[envVar] || match;
-  });
-  const kvPattern = /kv:\/\/([a-zA-Z0-9-_]+)/g;
-  const missingSecrets = [];
-  let match;
-  while ((match = kvPattern.exec(resolved)) !== null) {
-    const secretKey = match[1];
-    if (!(secretKey in secrets)) {
-      missingSecrets.push(`kv://${secretKey}`);
-    }
+  const os = require('os');
+  let envVars = await buildEnvVarMap(environment, os);
+  if (!envVars || Object.keys(envVars).length === 0) {
+    // Fallback to local environment variables if requested environment does not exist
+    envVars = await buildEnvVarMap('local', os);
   }
-  if (missingSecrets.length > 0) {
-    let fileInfo = '';
-    if (secretsFilePaths) {
-      // Handle backward compatibility: if it's a string, use it as-is
-      if (typeof secretsFilePaths === 'string') {
-        fileInfo = `\n\nSecrets file location: ${secretsFilePaths}`;
-      } else if (typeof secretsFilePaths === 'object' && secretsFilePaths.userPath) {
-        // New format: show both paths if buildPath is configured
-        const paths = [secretsFilePaths.userPath];
-        if (secretsFilePaths.buildPath) {
-          paths.push(secretsFilePaths.buildPath);
-        }
-        fileInfo = `\n\nSecrets file location: ${paths.join(' and ')}`;
-      }
-    }
+  const resolved = interpolateEnvVars(envTemplate, envVars);
+  const missing = collectMissingSecrets(resolved, secrets);
+  if (missing.length > 0) {
+    const fileInfo = formatMissingSecretsFileInfo(secretsFilePaths);
     const resolveCommand = appName ? `aifabrix resolve ${appName}` : 'aifabrix resolve <app-name>';
-    throw new Error(`Missing secrets: ${missingSecrets.join(', ')}${fileInfo}\n\nRun "${resolveCommand}" to generate missing secrets.`);
+    throw new Error(`Missing secrets: ${missing.join(', ')}${fileInfo}\n\nRun "${resolveCommand}" to generate missing secrets.`);
   }
-  // Now replace kv:// references, and handle ${VAR} inside the secret values
-  resolved = resolved.replace(kvPattern, (match, secretKey) => {
-    let value = secrets[secretKey];
-    if (typeof value === 'string') {
-      // Replace ${VAR} references inside the secret value
-      value = value.replace(/\$\{([A-Z_]+)\}/g, (m, envVar) => {
-        return envVars[envVar] || m;
-      });
-    }
-    return value;
-  });
-  return resolved;
+  return replaceKvInContent(resolved, secrets, envVars);
 }
-/**
- * Resolves service ports in URLs within .env content for Docker environment
- * Replaces ports in URLs with containerPort from service's variables.yaml
- *
- * @function resolveServicePortsInEnvContent
- * @param {string} envContent - Resolved .env file content
- * @param {string} environment - Environment context (docker/local)
- * @returns {string} Content with resolved ports
- */
-function resolveServicePortsInEnvContent(envContent, environment) {
-  // Only process docker environment
-  if (environment !== 'docker') {
-    return envContent;
-  }
-  const envConfig = loadEnvConfig();
-  const dockerHosts = envConfig.environments.docker || {};
-  const hostnameToService = buildHostnameToServiceMap(dockerHosts);
-  // Pattern to match URLs: http://hostname:port or https://hostname:port
-  // Matches: protocol://hostname:port/path?query
-  // Captures: protocol, hostname, port, and optional path/query
-  // Note: [^\s\n]* matches any non-whitespace characters except newline (stops at end of line)
-  const urlPattern = /(https?:\/\/)([a-zA-Z0-9-]+):(\d+)([^\s\n]*)?/g;
-  return envContent.replace(urlPattern, (match, protocol, hostname, port, urlPath = '') => {
-    return resolveUrlPort(protocol, hostname, port, urlPath || '', hostnameToService);
-  });
-}
+// resolveServicePortsInEnvContent, loadEnvTemplate, and processEnvVariables
+// are imported from ./utils/secrets-helpers above.
 /**
- * Loads environment template from file
- * @function loadEnvTemplate
- * @param {string} templatePath - Path to env.template
- * @returns {string} Template content
- * @throws {Error} If file not found
+ * Generates .env file from template and secrets
+ * Creates environment file for local development
+ *
+ * @async
+ * @function generateEnvFile
+ * @param {string} appName - Name of the application
+ * @param {string} [secretsPath] - Path to secrets file (optional)
+ * @param {string} [environment='local'] - Environment context
+ * @param {boolean} [force=false] - Generate missing secret keys in secrets file
+ * @param {boolean} [skipOutputPath=false] - Skip processing envOutputPath (to avoid recursion)
+ * @returns {Promise<string>} Path to generated .env file
+ * @throws {Error} If generation fails
+ *
+ * @example
+ * const envPath = await generateEnvFile('myapp', '../../secrets.local.yaml', 'local', true);
+ * // Returns: './builder/myapp/.env'
  */
-function loadEnvTemplate(templatePath) {
-  if (!fs.existsSync(templatePath)) {
-    throw new Error(`env.template not found: ${templatePath}`);
-  }
-  return fs.readFileSync(templatePath, 'utf8');
-}
 /**
- * Processes environment variables and copies to output path if needed
- * Updates PORT variable to use localPort if available (only when copying to envOutputPath)
- * When .env stays in builder folder, uses port (container port)
- * @function processEnvVariables
- * @param {string} envPath - Path to generated .env file
- * @param {string} variablesPath - Path to variables.yaml
- * @throws {Error} If processing fails
+ * Updates PORT in resolved content for docker environment
+ * Sets PORT to container port (build.containerPort or port from variables.yaml)
+ * NOT the host port (which includes developer-id offset)
+ * @async
+ * @function updatePortForDocker
+ * @param {string} resolved - Resolved environment content
+ * @param {string} variablesPath - Path to variables.yaml file
+ * @returns {Promise<string>} Updated content with PORT set
  */
-function processEnvVariables(envPath, variablesPath) {
-  if (!fs.existsSync(variablesPath)) {
-    return;
-  }
-  const variablesContent = fs.readFileSync(variablesPath, 'utf8');
-  const variables = yaml.load(variablesContent);
+async function updatePortForDocker(resolved, variablesPath) {
+  // Step 1: Get base config from env-config.yaml (includes user env-config file if configured)
+  const { getEnvHosts } = require('./utils/env-endpoints');
+  let dockerEnv = await getEnvHosts('docker');
-  if (!variables?.build?.envOutputPath || variables.build.envOutputPath === null) {
-    return;
-  }
-  let outputPath = path.resolve(process.cwd(), variables.build.envOutputPath);
-  if (!outputPath.endsWith('.env')) {
-    if (fs.existsSync(outputPath) && fs.statSync(outputPath).isDirectory()) {
-      outputPath = path.join(outputPath, '.env');
-    } else {
-      outputPath = path.join(outputPath, '.env');
+  // Step 2: Apply config.yaml → environments.docker override (if exists)
+  try {
+    const os = require('os');
+    const cfgPath = path.join(os.homedir(), '.aifabrix', 'config.yaml');
+    if (fs.existsSync(cfgPath)) {
+      const cfgContent = fs.readFileSync(cfgPath, 'utf8');
+      const cfg = yaml.load(cfgContent) || {};
+      if (cfg && cfg.environments && cfg.environments.docker) {
+        dockerEnv = { ...dockerEnv, ...cfg.environments.docker };
+      }
     }
+  } catch {
+    // Ignore config.yaml read errors, continue with env-config values
   }
-  const outputDir = path.dirname(outputPath);
-  if (!fs.existsSync(outputDir)) {
-    fs.mkdirSync(outputDir, { recursive: true });
+  // Step 3: Get PORT value for container (should be container port, NOT host port)
+  // For Docker containers, PORT should be the container port (build.containerPort or port)
+  // NOT the host port (which includes developer-id offset)
+  let containerPort = null;
+  if (variablesPath && fs.existsSync(variablesPath)) {
+    try {
+      const variablesContent = fs.readFileSync(variablesPath, 'utf8');
+      const variables = yaml.load(variablesContent);
+      // Use containerPort if specified, otherwise use base port (no developer-id offset)
+      containerPort = variables?.build?.containerPort || variables?.port || 3000;
+    } catch {
+      // Fallback to default
+      containerPort = 3000;
+    }
+  } else {
+    // Fallback: check dockerEnv.PORT (but this should be container port, not host port)
+    if (dockerEnv.PORT !== undefined && dockerEnv.PORT !== null) {
+      const portVal = typeof dockerEnv.PORT === 'number' ? dockerEnv.PORT : parseInt(dockerEnv.PORT, 10);
+      if (!Number.isNaN(portVal)) {
+        containerPort = portVal;
+      }
+    }
+    if (containerPort === null || containerPort === undefined) {
+      containerPort = 3000;
+    }
   }
-  // Read the .env file content
-  let envContent = fs.readFileSync(envPath, 'utf8');
-  // Update PORT variable: use localPort ONLY when copying to envOutputPath (outside builder folder)
-  // When .env stays in builder folder, it uses port (container port)
-  const portToUse = variables.build?.localPort || variables.port || 3000;
-  // Replace PORT line (handles PORT=value format, with or without spaces)
-  envContent = envContent.replace(/^PORT\s*=\s*.*$/m, `PORT=${portToUse}`);
+  // PORT in container should be the container port (no developer-id adjustment)
+  // Docker will map container port to host port via port mapping
+  return resolved.replace(/^PORT\s*=\s*.*$/m, `PORT=${containerPort}`);
+}
-  // Write updated content to output path
-  fs.writeFileSync(outputPath, envContent, { mode: 0o600 });
-  logger.log(chalk.green(`✓ Copied .env to: ${variables.build.envOutputPath}`));
+/**
+ * Applies environment-specific transformations to resolved content
+ * @async
+ * @function applyEnvironmentTransformations
+ * @param {string} resolved - Resolved environment content
+ * @param {string} environment - Environment context
+ * @param {string} variablesPath - Path to variables.yaml file
+ * @returns {Promise<string>} Transformed content
+ */
+async function applyEnvironmentTransformations(resolved, environment, variablesPath) {
+  if (environment === 'docker') {
+    resolved = await resolveServicePortsInEnvContent(resolved, environment);
+    resolved = await rewriteInfraEndpoints(resolved, 'docker');
+    resolved = await updatePortForDocker(resolved, variablesPath);
+  } else if (environment === 'local') {
+    resolved = await adjustLocalEnvPortsInContent(resolved, variablesPath);
+  }
+  return resolved;
 }
 /**
- * Generates .env file from template and secrets
- * Creates environment file for local development
- *
+ * Generates .env file content from template and secrets (without writing to disk)
  * @async
- * @function generateEnvFile
+ * @function generateEnvContent
  * @param {string} appName - Name of the application
  * @param {string} [secretsPath] - Path to secrets file (optional)
  * @param {string} [environment='local'] - Environment context
  * @param {boolean} [force=false] - Generate missing secret keys in secrets file
- * @returns {Promise<string>} Path to generated .env file
+ * @returns {Promise<string>} Generated .env file content
  * @throws {Error} If generation fails
- *
- * @example
- * const envPath = await generateEnvFile('myapp', '../../secrets.local.yaml', 'local', true);
- * // Returns: './builder/myapp/.env'
  */
-async function generateEnvFile(appName, secretsPath, environment = 'local', force = false) {
+async function generateEnvContent(appName, secretsPath, environment = 'local', force = false) {
   const builderPath = path.join(process.cwd(), 'builder', appName);
   const templatePath = path.join(builderPath, 'env.template');
   const variablesPath = path.join(builderPath, 'variables.yaml');
-  const envPath = path.join(builderPath, '.env');
   const template = loadEnvTemplate(templatePath);
-  // Resolve secrets paths to show in error messages (use actual paths that loadSecrets would use)
   const secretsPaths = await getActualSecretsPath(secretsPath, appName);
   if (force) {
-    // Use userPath for generating missing secrets (priority file)
     await generateMissingSecrets(template, secretsPaths.userPath);
   }
   const secrets = await loadSecrets(secretsPath, appName);
   let resolved = await resolveKvReferences(template, secrets, environment, secretsPaths, appName);
+  resolved = await applyEnvironmentTransformations(resolved, environment, variablesPath);
-  // Resolve service ports in URLs for docker environment
-  if (environment === 'docker') {
-    resolved = resolveServicePortsInEnvContent(resolved, environment);
-  }
-  // For local environment, update infrastructure ports to use dev-specific ports
-  if (environment === 'local') {
-    const devId = await config.getDeveloperId();
-    // Convert string developer ID to number for getDevPorts
-    const devIdNum = parseInt(devId, 10);
-    const ports = devConfig.getDevPorts(devIdNum);
-    // Update DATABASE_PORT if present
-    resolved = resolved.replace(/^DATABASE_PORT\s*=\s*.*$/m, `DATABASE_PORT=${ports.postgres}`);
+  return resolved;
+}
-    // Update REDIS_URL if present (format: redis://localhost:port)
-    resolved = resolved.replace(/^REDIS_URL\s*=\s*redis:\/\/localhost:\d+/m, `REDIS_URL=redis://localhost:${ports.redis}`);
+async function generateEnvFile(appName, secretsPath, environment = 'local', force = false, skipOutputPath = false) {
+  const builderPath = path.join(process.cwd(), 'builder', appName);
+  const variablesPath = path.join(builderPath, 'variables.yaml');
+  const envPath = path.join(builderPath, '.env');
-    // Update REDIS_HOST if it contains a port
-    resolved = resolved.replace(/^REDIS_HOST\s*=\s*localhost:\d+/m, `REDIS_HOST=localhost:${ports.redis}`);
-  }
+  const resolved = await generateEnvContent(appName, secretsPath, environment, force);
   fs.writeFileSync(envPath, resolved, { mode: 0o600 });
-  // Update PORT variable in container .env file to use port (from variables.yaml)
-  // Note: containerPort is ONLY used for Docker Compose port mapping, NOT for PORT env variable
-  // The application inside container listens on PORT env variable, which should be 'port' from variables.yaml
-  if (fs.existsSync(variablesPath)) {
-    const variablesContent = fs.readFileSync(variablesPath, 'utf8');
-    const variables = yaml.load(variablesContent);
-    const port = variables.port || 3000;
-    // Update PORT in container .env file to use port (NOT containerPort, NOT localPort)
-    let envContent = fs.readFileSync(envPath, 'utf8');
-    envContent = envContent.replace(/^PORT\s*=\s*.*$/m, `PORT=${port}`);
-    fs.writeFileSync(envPath, envContent, { mode: 0o600 });
-  }
   // Process and copy to envOutputPath if configured (uses localPort for copied file)
-  processEnvVariables(envPath, variablesPath);
+  if (!skipOutputPath) {
+    await processEnvVariables(envPath, variablesPath, appName, secretsPath);
+  }
   return envPath;
 }
@@ -447,43 +388,16 @@ REDIS_COMMANDER_PASSWORD=${postgresPassword}
   return adminEnvPath;
 }
-/**
- * Validates that all required secrets are present
- * Checks for missing kv:// references and provides helpful error messages
- *
- * @function validateSecrets
- * @param {string} envTemplate - Environment template content
- * @param {Object} secrets - Available secrets
- * @returns {Object} Validation result with missing secrets
- *
- * @example
- * const validation = validateSecrets(template, secrets);
- * // Returns: { valid: false, missing: ['kv://missing-secret'] }
- */
-function validateSecrets(envTemplate, secrets) {
-  const kvPattern = /kv:\/\/([a-zA-Z0-9-_]+)/g;
-  const missing = [];
-  let match;
-  while ((match = kvPattern.exec(envTemplate)) !== null) {
-    const secretKey = match[1];
-    if (!(secretKey in secrets)) {
-      missing.push(`kv://${secretKey}`);
-    }
-  }
-  return {
-    valid: missing.length === 0,
-    missing
-  };
-}
+// validateSecrets is imported from ./utils/secrets-helpers
 module.exports = {
   loadSecrets,
   resolveKvReferences,
   generateEnvFile,
+  generateEnvContent,
   generateMissingSecrets,
   generateAdminSecretsEnv,
   validateSecrets,
-  createDefaultSecrets
+  createDefaultSecrets,
+  getCanonicalSecretName
 };

package/lib/templates.js CHANGED Viewed

@@ -50,8 +50,7 @@ function generateVariablesYaml(appName, config) {
       language: config.language || 'typescript',
       envOutputPath: null,
       context: null, // Defaults to dev directory in build process
-      dockerfile: '',
-      secrets: null
+      dockerfile: ''
     },
     repository: {
       enabled: false,
@@ -59,9 +58,7 @@ function generateVariablesYaml(appName, config) {
     },
     deployment: {
       controllerUrl: '',
-      environment: 'dev',
-      clientId: '',
-      clientSecret: ''
+      environment: 'dev'
     }
   };
@@ -125,7 +122,7 @@ function buildDatabaseEnv(config) {
   return {
     'DATABASE_URL': `kv://databases-${appName}-0-urlKeyVault`,
     'DB_HOST': '${DB_HOST}',
-    'DB_PORT': '5432',
+    'DB_PORT': '${DB_PORT}',
     'DB_NAME': dbName,
     'DB_USER': `${dbName}_user`,
     'DB_PASSWORD': `kv://databases-${appName}-0-passwordKeyVault`,
@@ -143,8 +140,8 @@ function buildRedisEnv(config) {
   return {
     'REDIS_URL': 'kv://redis-url',
     'REDIS_HOST': '${REDIS_HOST}',
-    'REDIS_PORT': '6379',
-    'REDIS_PASSWORD': 'kv://redis-password'
+    'REDIS_PORT': '${REDIS_PORT}',
+    'REDIS_PASSWORD': 'kv://redis-passwordKeyVault'
   };
 }
@@ -155,10 +152,7 @@ function buildStorageEnv(config) {
   return {
     'STORAGE_TYPE': 'local',
-    'STORAGE_PATH': '/app/storage',
-    'STORAGE_URL': 'kv://storage-url',
-    'STORAGE_KEY': 'kv://storage-key',
-    'STORAGE_SECRET': 'kv://storage-secret'
+    'STORAGE_PATH': '/app/storage'
   };
 }
@@ -168,10 +162,9 @@ function buildAuthEnv(config) {
   }
   return {
-    'JWT_SECRET': 'kv://jwt-secret',
+    'JWT_SECRET': 'kv://miso-controller-jwt-secretKeyVault',
     'JWT_EXPIRES_IN': '24h',
-    'AUTH_PROVIDER': 'local',
-    'SESSION_SECRET': 'kv://session-secret'
+    'AUTH_PROVIDER': 'local'
   };
 }
@@ -415,15 +408,14 @@ function generateSecretsYaml(config, existingSecrets = {}) {
     secrets.data['database-user'] = 'base64-encoded-user';
   }
   if (config.redis) {
-    secrets.data['redis-password'] = 'base64-encoded-redis-password';
+    secrets.data['redis-passwordKeyVault'] = 'base64-encoded-redis-password';
   }
   if (config.storage) {
     secrets.data['storage-key'] = 'base64-encoded-storage-key';
     secrets.data['storage-secret'] = 'base64-encoded-storage-secret';
   }
   if (config.authentication) {
-    secrets.data['jwt-secret'] = 'base64-encoded-jwt-secret';
-    secrets.data['session-secret'] = 'base64-encoded-session-secret';
+    secrets.data['miso-controller-jwt-secretKeyVault'] = 'base64-encoded-miso-controller-jwt-secretKeyVault';
   }
   Object.entries(existingSecrets).forEach(([key, value]) => {
     secrets.data[key] = Buffer.from(value).toString('base64');