@aifabrix/builder 2.40.2 → 2.42.0

package/lib/utils/config-paths.js

@@ -10,6 +10,21 @@
 
 const path = require('path');
 
+/**
+ * GET /api/dev/settings response parameter names (builder-cli.md §1).
+ * Single source of truth so CLI and config merge stay aligned with the contract.
+ */
+const SETTINGS_RESPONSE_KEYS = [
+  'user-mutagen-folder',
+  'secrets-encryption',
+  'aifabrix-secrets',
+  'aifabrix-env-config',
+  'remote-server',
+  'docker-endpoint',
+  'sync-ssh-user',
+  'sync-ssh-host'
+];
+
 /**
  * Get path configuration value
  * @async
@@ -73,6 +88,114 @@ function createEnvConfigPathFunctions(getConfigFn, saveConfigFn) {
   };
 }
 
+function createRemoteConfigGetters(getConfigFn) {
+  return {
+    async getRemoteServer() {
+      return getPathConfig(getConfigFn, 'remote-server');
+    },
+    async getDockerEndpoint() {
+      return getPathConfig(getConfigFn, 'docker-endpoint');
+    },
+    async getUserMutagenFolder() {
+      return getPathConfig(getConfigFn, 'user-mutagen-folder');
+    },
+    async getSyncSshUser() {
+      return getPathConfig(getConfigFn, 'sync-ssh-user');
+    },
+    async getSyncSshHost() {
+      return getPathConfig(getConfigFn, 'sync-ssh-host');
+    }
+  };
+}
+
+function createRemoteConfigSetters(getConfigFn, saveConfigFn) {
+  return {
+    async setRemoteServer(value) {
+      if (value !== null && value !== undefined && typeof value !== 'string') {
+        throw new Error('remote-server must be a string');
+      }
+      const config = await getConfigFn();
+      config['remote-server'] = value ? value.trim().replace(/\/+$/, '') : undefined;
+      await saveConfigFn(config);
+    },
+    async setDockerEndpoint(value) {
+      if (value !== null && value !== undefined && typeof value !== 'string') {
+        throw new Error('docker-endpoint must be a string');
+      }
+      const config = await getConfigFn();
+      config['docker-endpoint'] = value || undefined;
+      await saveConfigFn(config);
+    }
+  };
+}
+
+function isHttpUrl(value) {
+  return typeof value === 'string' && (value.startsWith('http://') || value.startsWith('https://'));
+}
+
+/**
+ * Derive hostname from a URL (e.g. https://builder.aifabrix.dev -> builder.aifabrix.dev).
+ * @param {string} url - URL string
+ * @returns {string|null} Hostname or null if invalid
+ */
+function hostnameFromUrl(url) {
+  if (!url || typeof url !== 'string') return null;
+  const s = url.trim().replace(/\/+$/, '');
+  if (!s) return null;
+  const withProtocol = s.match(/^https?:\/\//) ? s : `https://${s}`;
+  try {
+    return new URL(withProtocol).hostname || null;
+  } catch {
+    return null;
+  }
+}
+
+function applySecretsUrlFromRemote(config) {
+  const remoteServer = config['remote-server'];
+  const secretsPath = config['aifabrix-secrets'];
+  if (!remoteServer || !secretsPath || isHttpUrl(secretsPath)) return;
+  const base = typeof remoteServer === 'string' ? remoteServer.trim().replace(/\/+$/, '') : '';
+  if (base) config['aifabrix-secrets'] = `${base}/api/dev/secrets`;
+}
+
+function applySyncAndDockerFromHost(config) {
+  const host = hostnameFromUrl(config['remote-server']);
+  if (!host) return;
+  if (!config['sync-ssh-host']) config['sync-ssh-host'] = host;
+  if (!config['docker-endpoint']) config['docker-endpoint'] = `tcp://${host}:2376`;
+}
+
+async function mergeRemoteSettingsImpl(getConfigFn, saveConfigFn, settings) {
+  if (!settings || typeof settings !== 'object') return;
+  const config = await getConfigFn();
+  for (const key of SETTINGS_RESPONSE_KEYS) {
+    const raw = settings[key];
+    if (raw === undefined || raw === null) continue;
+    const value = typeof raw === 'string' ? raw.trim() : raw;
+    if (value === '') continue;
+    config[key] = value;
+  }
+  applySecretsUrlFromRemote(config);
+  applySyncAndDockerFromHost(config);
+  await saveConfigFn(config);
+}
+
+/**
+ * Remote Docker / Builder Server config. Used when remote-server is set.
+ * @param {Function} getConfigFn - Function to get config
+ * @param {Function} saveConfigFn - Function to save config
+ * @returns {Object} Remote config getters, setters, and mergeRemoteSettings
+ */
+function createRemoteConfigFunctions(getConfigFn, saveConfigFn) {
+  return {
+    ...createRemoteConfigGetters(getConfigFn),
+    ...createRemoteConfigSetters(getConfigFn, saveConfigFn),
+    async mergeRemoteSettings(settings) {
+      return mergeRemoteSettingsImpl(getConfigFn, saveConfigFn, settings);
+    }
+  };
+}
+
 /**
  * Create path configuration functions with config access
  * @param {Function} getConfigFn - Function to get config
@@ -82,13 +205,15 @@ function createEnvConfigPathFunctions(getConfigFn, saveConfigFn) {
 function createPathConfigFunctions(getConfigFn, saveConfigFn) {
   return {
     ...createHomeAndSecretsPathFunctions(getConfigFn, saveConfigFn),
-    ...createEnvConfigPathFunctions(getConfigFn, saveConfigFn)
+    ...createEnvConfigPathFunctions(getConfigFn, saveConfigFn),
+    ...createRemoteConfigFunctions(getConfigFn, saveConfigFn)
   };
 }
 
 module.exports = {
   getPathConfig,
   setPathConfig,
-  createPathConfigFunctions
+  createPathConfigFunctions,
+  SETTINGS_RESPONSE_KEYS
 };
 

package/lib/utils/configuration-env-resolver.js

@@ -0,0 +1,179 @@
+/**
+ * Resolves configuration section values for upload (variable → .env, keyvault → secrets)
+ * and re-templates configuration on download from env.template.
+ *
+ * @fileoverview Configuration env resolution for external system upload/download
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const path = require('path');
+const fs = require('fs');
+const { getIntegrationPath } = require('./paths');
+const { parseEnvToMap, resolveKvValue } = require('./credential-secrets-env');
+const { loadSecrets, resolveKvReferences } = require('../core/secrets');
+const { loadEnvTemplate } = require('./secrets-helpers');
+const { getActualSecretsPath } = require('./secrets-path');
+
+const VAR_PLACEHOLDER_REGEX = /\{\{([^}]+)\}\}/g;
+
+/**
+ * Builds resolved env map and secrets for an integration app (for configuration resolution).
+ * If .env exists, parses it; otherwise resolves env.template with secrets and parses the result.
+ *
+ * @param {string} systemKey - External system key (e.g. 'my-sharepoint')
+ * @returns {Promise<{ envMap: Object.<string, string>, secrets: Object }>} envMap for {{VAR}} substitution, secrets for kv://
+ * @throws {Error} If env.template is missing when .env is missing (only when building from template)
+ */
+async function buildResolvedEnvMapForIntegration(systemKey) {
+  if (!systemKey || typeof systemKey !== 'string') {
+    throw new Error('systemKey is required and must be a string');
+  }
+  const integrationPath = getIntegrationPath(systemKey);
+  const envPath = path.join(integrationPath, '.env');
+  const envTemplatePath = path.join(integrationPath, 'env.template');
+
+  let secrets = {};
+  try {
+    secrets = await loadSecrets(undefined, systemKey);
+  } catch {
+    secrets = {};
+  }
+
+  let envMap = {};
+  if (fs.existsSync(envPath)) {
+    const content = fs.readFileSync(envPath, 'utf8');
+    envMap = parseEnvToMap(content);
+  } else if (fs.existsSync(envTemplatePath)) {
+    const templateContent = loadEnvTemplate(envTemplatePath);
+    const secretsPaths = await getActualSecretsPath(undefined, systemKey);
+    const resolvedContent = await resolveKvReferences(
+      templateContent,
+      secrets,
+      'local',
+      secretsPaths,
+      systemKey
+    );
+    envMap = parseEnvToMap(resolvedContent);
+  }
+  return { envMap, secrets };
+}
+
+/**
+ * Resolves {{VAR}} in a string using envMap. Throws if any variable is missing.
+ *
+ * @param {string} value - Value that may contain {{VAR}}
+ * @param {Object.<string, string>} envMap - Resolved env key-value map
+ * @param {string} [systemKey] - System key for error message
+ * @returns {string} Value with {{VAR}} replaced
+ * @throws {Error} If a {{VAR}} is missing from envMap
+ */
+function substituteVarPlaceholders(value, envMap, systemKey) {
+  const hint = systemKey ? ` Run 'aifabrix resolve ${systemKey}' or set the variable in .env.` : '';
+  return value.replace(VAR_PLACEHOLDER_REGEX, (match, varName) => {
+    const key = varName.trim();
+    if (envMap[key] === undefined || envMap[key] === null) {
+      throw new Error(`Missing configuration env var: ${key}.${hint}`);
+    }
+    return String(envMap[key]);
+  });
+}
+
+/**
+ * Resolves configuration array values in place by location: variable → {{VAR}} from envMap;
+ * keyvault → kv:// from secrets. Does not log or expose secret values.
+ *
+ * @param {Array<{ name?: string, value?: string, location?: string }>} configArray - Configuration array (mutated)
+ * @param {Object.<string, string>} envMap - Resolved env map from buildResolvedEnvMapForIntegration
+ * @param {Object} secrets - Loaded secrets for kv:// resolution
+ * @param {string} [systemKey] - System key for error messages
+ * @throws {Error} If variable env is missing or keyvault secret unresolved (message never contains secret values)
+ */
+function resolveConfigurationValues(configArray, envMap, secrets, systemKey) {
+  if (!Array.isArray(configArray)) return;
+  const hint = systemKey ? ` Run 'aifabrix resolve ${systemKey}' and ensure the key exists in the secrets file.` : '';
+  for (const item of configArray) {
+    if (!item || typeof item.value !== 'string') continue;
+    const location = (item.location || '').toLowerCase();
+    if (location === 'variable') {
+      if (item.value.trim().startsWith('kv://')) {
+        throw new Error(`Configuration entry '${item.name || 'unknown'}' has location 'variable' but value is kv://. Use location 'keyvault' for secrets.`);
+      }
+      item.value = substituteVarPlaceholders(item.value, envMap, systemKey);
+    } else if (location === 'keyvault') {
+      const resolved = resolveKvValue(secrets, item.value);
+      if (resolved === null || resolved === undefined) {
+        throw new Error(`Unresolved keyvault reference for configuration '${item.name || 'unknown'}'.${hint}`);
+      }
+      item.value = resolved;
+    }
+  }
+}
+
+/**
+ * Returns the set of variable names (keys) defined in env.template content.
+ *
+ * @param {string} envTemplateContent - Raw env.template content
+ * @returns {Set<string>} Set of variable names
+ */
+function getEnvTemplateVariableNames(envTemplateContent) {
+  const names = new Set();
+  if (!envTemplateContent || typeof envTemplateContent !== 'string') return names;
+  const lines = envTemplateContent.split(/\r?\n/);
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#')) continue;
+    const eq = trimmed.indexOf('=');
+    if (eq > 0) {
+      const key = trimmed.substring(0, eq).trim();
+      if (key) names.add(key);
+    }
+  }
+  return names;
+}
+
+/**
+ * Re-templates configuration from env.template: for each entry with location === 'variable'
+ * whose name matches a key in env.template, sets value to {{name}}. Mutates configArray in place.
+ *
+ * @param {Array<{ name?: string, value?: string, location?: string }>} configArray - Configuration array (mutated)
+ * @param {Set<string>} envTemplateVariableNames - Variable names present in env.template
+ */
+function retemplateConfigurationFromEnvTemplate(configArray, envTemplateVariableNames) {
+  if (!Array.isArray(configArray) || !envTemplateVariableNames || !envTemplateVariableNames.size) return;
+  for (const item of configArray) {
+    if (!item || (item.location || '').toLowerCase() !== 'variable') continue;
+    const name = item.name && String(item.name).trim();
+    if (name && envTemplateVariableNames.has(name)) {
+      item.value = `{{${name}}}`;
+    }
+  }
+}
+
+/**
+ * Reads env.template at integration path, re-templates the given configuration array,
+ * and returns the updated array (mutates in place). If env.template is missing, does nothing.
+ *
+ * @param {string} systemKey - External system key
+ * @param {Array<{ name?: string, value?: string, location?: string }>} configArray - Configuration array (mutated)
+ * @returns {Promise<boolean>} True if re-templating was applied (env.template existed)
+ */
+async function retemplateConfigurationForDownload(systemKey, configArray) {
+  if (!systemKey || typeof systemKey !== 'string' || !Array.isArray(configArray)) return false;
+  const integrationPath = getIntegrationPath(systemKey);
+  const envTemplatePath = path.join(integrationPath, 'env.template');
+  if (!fs.existsSync(envTemplatePath)) return false;
+  const content = fs.readFileSync(envTemplatePath, 'utf8');
+  const names = getEnvTemplateVariableNames(content);
+  retemplateConfigurationFromEnvTemplate(configArray, names);
+  return true;
+}
+
+module.exports = {
+  buildResolvedEnvMapForIntegration,
+  resolveConfigurationValues,
+  getEnvTemplateVariableNames,
+  retemplateConfigurationFromEnvTemplate,
+  retemplateConfigurationForDownload,
+  substituteVarPlaceholders
+};

package/lib/utils/credential-display.js

@@ -0,0 +1,83 @@
+/**
+ * Credential display utilities – status icons and formatting for CLI output
+ * Aligns with dataplane credential status lifecycle (pending, verified, failed, expired).
+ *
+ * @fileoverview Credential status formatter with icons and chalk colors
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const chalk = require('chalk');
+
+/** @type {{ verified: string, pending: string, failed: string, expired: string }} */
+const STATUS_ICONS = {
+  verified: ' ✓',
+  pending: ' ○',
+  failed: ' ✗',
+  expired: ' ⊘'
+};
+
+/** @type {{ verified: string, pending: string, failed: string, expired: string }} */
+const STATUS_LABELS = {
+  verified: 'Valid',
+  pending: 'Not tested',
+  failed: 'Connection failed',
+  expired: 'Token expired'
+};
+
+/**
+ * Chalk color functions per status
+ * @type {{ verified: Function, pending: Function, failed: Function, expired: Function }}
+ */
+const STATUS_CHALK = {
+  verified: chalk.green,
+  pending: chalk.gray,
+  failed: chalk.red,
+  expired: chalk.yellow
+};
+
+const VALID_STATUSES = ['verified', 'pending', 'failed', 'expired'];
+
+/**
+ * Format credential status for display (icon + optional label)
+ * @param {string} [status] - Credential status (pending | verified | failed | expired)
+ * @returns {{ icon: string, color: Function, label: string } | null} Status info or null when missing/invalid
+ */
+function formatCredentialStatus(status) {
+  if (!status || typeof status !== 'string') return null;
+  const s = status.toLowerCase();
+  if (!VALID_STATUSES.includes(s)) return null;
+  return {
+    icon: STATUS_ICONS[s],
+    color: STATUS_CHALK[s],
+    label: STATUS_LABELS[s]
+  };
+}
+
+/**
+ * Format credential with status for CLI display
+ * @param {Object} credential - Credential object from API
+ * @param {string} [credential.key]
+ * @param {string} [credential.id]
+ * @param {string} [credential.credentialKey]
+ * @param {string} [credential.displayName]
+ * @param {string} [credential.name]
+ * @param {string} [credential.status]
+ * @returns {{ key: string, name: string, statusFormatted: string, statusLabel: string }}
+ */
+function formatCredentialWithStatus(credential) {
+  const key = credential?.key ?? credential?.id ?? credential?.credentialKey ?? '-';
+  const name = credential?.displayName ?? credential?.name ?? key;
+  const statusInfo = formatCredentialStatus(credential?.status);
+  const statusFormatted = statusInfo ? statusInfo.color(statusInfo.icon) : '';
+  const statusLabel = statusInfo ? ` (${statusInfo.label})` : '';
+  return { key, name, statusFormatted, statusLabel };
+}
+
+module.exports = {
+  STATUS_ICONS,
+  STATUS_LABELS,
+  STATUS_CHALK,
+  formatCredentialStatus,
+  formatCredentialWithStatus
+};