@aifabrix/builder 2.40.2 → 2.42.0

package/templates/external-system/external-datasource.yaml.hbs

@@ -0,0 +1,217 @@
+key: "{{fullDatasourceKey}}"
+displayName: "{{datasourceDisplayName}}"
+description: "{{datasourceDescription}}"
+systemKey: "{{systemKey}}"
+entityType: "{{schemaEntityType}}"
+resourceType: "{{resourceType}}"
+primaryKey:
+{{#each primaryKey}}  - "{{this}}"
+{{/each}}
+enabled: true
+version: "1.0.0"
+fieldMappings:
+{{#if dimensions}}
+  dimensions:
+{{#each dimensions}}
+    {{@key}}: "{{this}}"
+{{/each}}
+{{else}}
+  dimensions: {}
+  # Optional: add country, department, organization for ABAC
+{{/if}}
+  attributes:
+{{#if attributes}}
+{{#each attributes}}
+    {{@key}}:
+      expression: "{{this.expression}}"
+      type: {{this.type}}
+      indexed: {{#if this.indexed}}true{{else}}false{{/if}}
+{{/each}}
+{{else}}
+    id:
+      expression: "{{raw.id}}"
+      type: string
+      indexed: true
+    name:
+      expression: "{{raw.name}}"
+      type: string
+      indexed: false
+{{/if}}
+{{#if (eq systemType "openapi")}}
+openapi:
+  enabled: true
+  documentKey: "{{systemKey}}-api"
+  operations:
+    list:
+      operationId: "list{{entityKey}}"
+      method: GET
+      path: "/{{entityKey}}"
+    get:
+      operationId: "get{{entityKey}}"
+      method: GET
+      path: "/{{entityKey}}/{id}"
+  autoRbac: true
+{{/if}}
+
+# --- Optional sections: uncomment or delete as needed ---
+# CIP (Custom Integration Pipeline) supports: fetch, paginate, map, filter, output, pythonInline steps.
+# Operations: list, get, create, update, delete. Pagination: cursor | page | offset.
+{{#if (eq schemaEntityType "recordStorage")}}
+# sync:
+#   pull:
+#     enabled: true
+#     schedule: "0 * * * *"
+# capabilities: [list, get]
+{{/if}}
+{{#if (eq schemaEntityType "documentStorage")}}
+# documentStorage:
+#   enabled: true
+#   binaryOperationRef: get
+#   embeddingField: content
+{{/if}}
+{{#if (eq schemaEntityType "vectorStore")}}
+# vectorStore:
+#   enabled: true
+#   embeddingModel: "text-embedding-ada-002"
+{{/if}}
+{{#if (eq schemaEntityType "messageService")}}
+# messageService:
+#   enabled: true
+#   channels: []
+{{/if}}
+
+# --- execution: CIP pipeline ---
+# Steps: fetch (openapi/http) → paginate (cursor|page|offset) → map (useFieldMappings, inputPath) → filter (enforceAbac, expression) → output (mode: records)
+# Pagination: cursor=cursorField+cursorParam | page=pageParam+pageSizeParam | offset=offsetParam+pageSizeParam
+# Adjust inputPath to your API ($.results[*], $.items[*], $.value[*], etc.)
+{{#if (eq schemaEntityType "recordStorage")}}
+# execution:
+#   engine: cip
+#   cip:
+#     operations:
+#       list:
+#         enabled: true
+#         description: "List all records"
+#         steps:
+#           - fetch: { source: openapi, openapiRef: list, query: {} }
+#           - paginate: { strategy: cursor, cursorField: "$.paging.next.after", cursorParam: after, pageSize: 100, maxPages: 100 }
+#           # Alternative: page → pageParam, pageSizeParam | offset → offsetParam, pageSizeParam
+#           - map: { useFieldMappings: true, inputPath: "$.results[*]" }
+#           - filter: { enforceAbac: true }
+#           # Optional: filter.expression for SQL or JSON filter, e.g. expression: "status = 'active'"
+#           - output: { mode: records }
+#       get:
+#         enabled: true
+#         description: "Get record by ID"
+#         steps:
+#           - fetch: { source: openapi, openapiRef: get, query: {} }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - filter: { enforceAbac: true }
+#           - output: { mode: records }
+#       create:
+#         steps:
+#           - fetch: { source: openapi, openapiRef: create, bodyTemplate: "{{body}}" }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - output: { mode: records }
+#       update:
+#         steps:
+#           - fetch: { source: openapi, openapiRef: update, bodyTemplate: "{{body}}" }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - output: { mode: records }
+#       delete:
+#         steps:
+#           - fetch: { source: openapi, openapiRef: delete }
+#           - output: { mode: records }
+{{/if}}
+{{#if (eq schemaEntityType "documentStorage")}}
+# execution:
+#   engine: cip
+#   cip:
+#     operations:
+#       list:
+#         enabled: true
+#         description: "List documents"
+#         steps:
+#           - fetch: { source: openapi, openapiRef: list, query: {} }
+#           - paginate: { strategy: offset, offsetParam: skip, pageSizeParam: top, pageSize: 100, maxPages: 100 }
+#           - map: { useFieldMappings: true, inputPath: "$.value[*]" }
+#           - filter: { enforceAbac: true }
+#           - output: { mode: records }
+#       get:
+#         enabled: true
+#         description: "Get document by ID"
+#         steps:
+#           - fetch: { source: openapi, openapiRef: get, query: {} }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - filter: { enforceAbac: true }
+#           - output: { mode: records }
+#       create:
+#         enabled: true
+#         description: "Upload document"
+#         steps:
+#           - fetch: { source: openapi, openapiRef: create, bodyTemplate: "{{fileContent}}" }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - output: { mode: records }
+{{/if}}
+{{#if (eq schemaEntityType "vectorStore")}}
+# execution:
+#   engine: cip
+#   cip:
+#     operations:
+#       list:
+#         steps:
+#           - fetch: { source: openapi, openapiRef: list, query: {} }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - output: { mode: records }
+#       get:
+#         steps:
+#           - fetch: { source: openapi, openapiRef: get, query: {} }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - output: { mode: records }
+{{/if}}
+{{#if (eq schemaEntityType "messageService")}}
+# execution:
+#   engine: cip
+#   cip:
+#     operations:
+#       list:
+#         steps:
+#           - fetch: { source: openapi, openapiRef: list, query: {} }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - output: { mode: records }
+{{/if}}
+{{#if (eq schemaEntityType "none")}}
+# execution:
+#   engine: cip
+#   cip:
+#     operations:
+#       list:
+#         steps:
+#           - fetch: { source: openapi, openapiRef: list, query: {} }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - output: { mode: records }
+#       get:
+#         steps:
+#           - fetch: { source: openapi, openapiRef: get, query: {} }
+#           - map: { useFieldMappings: true, inputPath: "$" }
+#           - output: { mode: records }
+{{/if}}
+
+# config: ABAC cross-system filters (SQL or JSON)
+# config:
+#   abac:
+#     crossSystemSql: "country = '{{actor.country}}'"
+#     # crossSystemJson: { "dimensions.country": { "eq": "{{actor.country}}" } }
+
+# capabilities: [list, get, create, update, delete]
+
+# exposed: attributes to expose via MCP/OpenAPI
+# exposed:
+#   attributes: [id, name]
+
+# metadataSchema: JSON Schema for raw metadata validation
+# metadataSchema:
+#   type: object
+#   properties:
+#     id: { type: string }
+#     name: { type: string }

package/templates/external-system/external-system.json.hbs

@@ -4,23 +4,7 @@
   "description": "{{systemDescription}}",
   "type": "{{systemType}}",
   "enabled": true,
-  "authentication": {
-    "type": "{{authType}}"{{#if (eq authType "oauth2")}},
-    "oauth2": {
-      "tokenUrl": "https://api.example.com/oauth/token",
-      "clientId": "kv://{{systemKey}}-oauth2-client-id",
-      "clientSecret": "kv://{{systemKey}}-oauth2-client-secret",
-      "scopes": []
-    }{{/if}}{{#if (eq authType "apikey")}},
-    "apikey": {
-      "headerName": "X-API-Key",
-      "key": "kv://{{systemKey}}-api-key"
-    }{{/if}}{{#if (eq authType "basic")}},
-    "basic": {
-      "username": "kv://{{systemKey}}-username",
-      "password": "kv://{{systemKey}}-password"
-    }{{/if}}
-  }{{#if (eq systemType "openapi")}},
+  "authentication": {{{json authentication}}}{{#if (eq systemType "openapi")}},
   "openapi": {
     "documentKey": "{{systemKey}}-api",
     "autoDiscoverEntities": false
@@ -51,4 +35,3 @@
     {{/each}}
   ]{{/if}}
 }
-

package/templates/infra/compose.yaml.hbs

@@ -45,6 +45,7 @@ services:
       retries: 5
     restart: unless-stopped
 
+{{#if pgadmin.enabled}}
   # Optional: pgAdmin for database management
   pgadmin:
     image: dpage/pgadmin4:latest
@@ -78,7 +79,9 @@ services:
         condition: service_healthy
     networks:
       - {{networkName}}
+{{/if}}
 
+{{#if redisCommander.enabled}}
   # Optional: Redis Commander for Redis management
   redis-commander:
     image: rediscommander/redis-commander:latest
@@ -96,6 +99,7 @@ services:
         condition: service_healthy
     networks:
       - {{networkName}}
+{{/if}}
 
 {{#if traefik.enabled}}
   # Traefik Reverse Proxy
@@ -139,9 +143,11 @@ volumes:
   {{#if (eq devId 0)}}redis_data{{else}}dev{{devId}}_redis_data{{/if}}:
     name: {{#if (eq devId 0)}}infra_redis_data{{else}}infra_dev{{devId}}_redis_data{{/if}}
     driver: local
+{{#if pgadmin.enabled}}
   {{#if (eq devId 0)}}pgadmin_data{{else}}dev{{devId}}_pgadmin_data{{/if}}:
     name: {{#if (eq devId 0)}}infra_pgadmin_data{{else}}infra_dev{{devId}}_pgadmin_data{{/if}}
     driver: local
+{{/if}}
 
 networks:
   {{networkName}}:

package/templates/python/docker-compose.hbs

@@ -25,23 +25,39 @@ services:
       - "traefik.http.routers.{{app.key}}.middlewares={{app.key}}-stripprefix"
       {{/unless}}
     {{/if}}
+    environment:
+      - MISO_ENVIRONMENT={{misoEnvironment}}
+    {{#if reloadStartCommand}}
+      - PORT={{containerPort}}
+    {{/if}}
     {{#if traefik.enabled}}
     {{#unless (eq traefik.path "/")}}
-    environment:
       - BASE_PATH={{traefik.path}}
       - X_FORWARDED_PREFIX={{traefik.path}}
     {{/unless}}
     {{/if}}
     env_file:
       - {{envFile}}
+    {{#if reloadStartCommand}}
+    command: ["sh", "-c", "cd /app && {{reloadStartCommand}}"]
+    {{/if}}
     ports:
       - "{{hostPort}}:{{containerPort}}"
     networks:
       - {{networkName}}
+    {{#if devMountPath}}
+    volumes:
+      - {{devMountPath}}:/app
+      {{#if requiresStorage}}
+      - {{#if (eq devId 0)}}aifabrix_{{app.key}}_data{{else}}aifabrix_dev{{devId}}_{{app.key}}_data{{/if}}:/mnt/data
+      {{/if}}
+    user: "${AIFABRIX_UID:-1000}:${AIFABRIX_GID:-1000}"
+    {{else}}
     {{#if requiresStorage}}
     volumes:
       - {{#if (eq devId 0)}}aifabrix_{{app.key}}_data{{else}}aifabrix_dev{{devId}}_{{app.key}}_data{{/if}}:/mnt/data
     {{/if}}
+    {{/if}}
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:{{port}}{{healthCheck.path}}"]
       interval: {{healthCheck.interval}}s
@@ -56,78 +72,88 @@ services:
     {{/if}}
 
   {{#if requiresDatabase}}
-  # Database Initialization
+  # Database Initialization (uses infra pgpass when available: ~/.aifabrix/infra/pgpass)
+  # env_file: .env.run.admin only (POSTGRES_PASSWORD + DB_*); admin secrets never in app container
   db-init:
     image: pgvector/pgvector:pg15
     container_name: {{containerName}}-db-init
     entrypoint: []
     env_file:
-      - ${ADMIN_SECRETS_PATH}
-      - {{envFile}}
+      - {{#if dbInitEnvFile}}{{dbInitEnvFile}}{{else}}{{envFile}}{{/if}}
     environment:
       POSTGRES_DB: postgres
       PGHOST: postgres
       PGPORT: "5432"
       PGUSER: pgadmin
-      {{#if databases}}
-      {{#each databases}}
-      DB_{{@index}}_PASSWORD: {{lookup ../databasePasswords.array @index}}
-      {{/each}}
-      {{else}}
-      DB_PASSWORD: {{lookup databasePasswords.array 0}}
+      {{#if useInfraPgpass}}
+      PGPASSFILE: /run/pgpass
       {{/if}}
     networks:
       - {{networkName}}
-    volumes: []
+    volumes:
+      {{#if useInfraPgpass}}
+      - {{infraPgpassPath}}:/run/pgpass:ro
+      {{else}}
+      []
+      {{/if}}
     tmpfs:
       - /var/lib/postgresql/data
     command:
       - sh
       - -c
       - |
-        export PGHOST=postgres PGPORT=5432 PGUSER=pgadmin &&
-        export PGPASSWORD="${POSTGRES_PASSWORD}" &&
+        {{#unless useInfraPgpass}}
+        export PGPASSWORD="$${POSTGRES_PASSWORD}" &&
+        {{/unless}}
         echo 'Waiting for PostgreSQL to be ready...' &&
         counter=0 &&
-        while [ ${counter:-0} -lt 30 ]; do
-          if pg_isready -h postgres -p 5432 -U pgadmin >/dev/null 2>&1; then
+        while [ $${counter:-0} -lt 30 ]; do
+          if pg_isready >/dev/null 2>&1; then
             echo 'PostgreSQL is ready!'
             break
           fi
           echo 'Waiting for PostgreSQL...'
           sleep 1
-          counter=$((${counter:-0} + 1))
+          counter=$$(($${counter:-0} + 1))
         done &&
         {{#if databases}}
         {{#each databases}}
         echo 'Creating {{name}} database and user...' &&
-        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{name}}'" 2>/dev/null | grep -q '^1$'; then
-          echo 'Database "{{name}}" already exists, all ok.'
+        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{name}}'" 2>/dev/null | grep -q '^1$$'; then
+          echo 'Database "{{name}}" already exists, syncing user password...' &&
+          psql -d postgres -c "ALTER USER \"{{pgUserName name}}\" WITH PASSWORD '"$${DB_{{@index}}_PASSWORD}"';" &&
+          echo 'Database "{{name}}" ok.'
         else
           echo 'Creating database "{{name}}"...' &&
           psql -d postgres -c "CREATE DATABASE \"{{name}}\";" &&
           echo 'Dropping old user if exists...' &&
           psql -d postgres -c "DROP USER IF EXISTS \"{{pgUserOld name}}\";" || true &&
           echo 'Creating user "{{pgUserName name}}"...' &&
-          psql -d postgres -c 'CREATE USER "{{pgUserName name}}" WITH PASSWORD '\''${DB_{{@index}}_PASSWORD}'\'';' &&
+          psql -d postgres -c "CREATE USER \"{{pgUserName name}}\" WITH PASSWORD '"$${DB_{{@index}}_PASSWORD}"';" &&
           echo 'Granting privileges...' &&
           psql -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE \"{{name}}\" TO \"{{pgUserName name}}\";" &&
           psql -d {{name}} -c "ALTER SCHEMA public OWNER TO \"{{pgUserName name}}\";" &&
           psql -d {{name}} -c "GRANT ALL ON SCHEMA public TO \"{{pgUserName name}}\";" &&
           echo 'Database "{{name}}" created successfully!'
         fi &&
+        {{#each (extensionsForDb this)}}
+        (psql -d {{../name}} -c 'CREATE EXTENSION IF NOT EXISTS {{pgQuote this}};' || echo 'Warning: could not create extension {{this}}') &&
+        echo 'Extension "{{this}}" enabled on "{{../name}}".' &&
+        {{/each}}
         {{/each}}
         {{else}}
         echo 'Creating {{app.key}} database and user...' &&
-        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{app.key}}'" 2>/dev/null | grep -q '^1$'; then
-          echo 'Database "{{app.key}}" already exists, all ok.'
+        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{app.key}}'" 2>/dev/null | grep -q '^1$$'; then
+          echo 'Database "{{app.key}}" already exists, syncing user password...' &&
+          psql -d postgres -c "ALTER USER \"{{pgUserName app.key}}\" WITH PASSWORD '"$${DB_0_PASSWORD:-$$DB_PASSWORD}"';" &&
+          echo 'Database "{{app.key}}" ok.'
         else
           echo 'Creating database "{{app.key}}"...' &&
           psql -d postgres -c "CREATE DATABASE \"{{app.key}}\";" &&
           echo 'Dropping old user if exists...' &&
           psql -d postgres -c "DROP USER IF EXISTS \"{{pgUserOld app.key}}\";" || true &&
           echo 'Creating user "{{pgUserName app.key}}"...' &&
-          psql -d postgres -c 'CREATE USER "{{pgUserName app.key}}" WITH PASSWORD '\''${DB_0_PASSWORD:-${DB_PASSWORD}}'\'';' &&
+          psql -d postgres -c "CREATE USER \"{{pgUserName app.key}}\" WITH PASSWORD '"$${DB_0_PASSWORD:-$$DB_PASSWORD}"';" &&
           echo 'Granting privileges...' &&
           psql -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE \"{{app.key}}\" TO \"{{pgUserName app.key}}\";" &&
           psql -d {{app.key}} -c "ALTER SCHEMA public OWNER TO \"{{pgUserName app.key}}\";" &&
@@ -154,4 +180,4 @@ volumes:
 
 networks:
   {{networkName}}:
-    external: true
+    external: true

package/templates/typescript/docker-compose.hbs

@@ -25,23 +25,39 @@ services:
       - "traefik.http.routers.{{app.key}}.middlewares={{app.key}}-stripprefix"
       {{/unless}}
     {{/if}}
+    environment:
+      - MISO_ENVIRONMENT={{misoEnvironment}}
+    {{#if reloadStartCommand}}
+      - PORT={{containerPort}}
+    {{/if}}
     {{#if traefik.enabled}}
     {{#unless (eq traefik.path "/")}}
-    environment:
       - BASE_PATH={{traefik.path}}
       - X_FORWARDED_PREFIX={{traefik.path}}
     {{/unless}}
     {{/if}}
     env_file:
       - {{envFile}}
+    {{#if reloadStartCommand}}
+    command: ["sh", "-c", "cd /app && {{reloadStartCommand}}"]
+    {{/if}}
     ports:
       - "{{hostPort}}:{{containerPort}}"
     networks:
       - {{networkName}}
+    {{#if devMountPath}}
+    volumes:
+      - {{devMountPath}}:/app
+      {{#if requiresStorage}}
+      - {{#if (eq devId 0)}}aifabrix_{{app.key}}_data{{else}}aifabrix_dev{{devId}}_{{app.key}}_data{{/if}}:/mnt/data
+      {{/if}}
+    user: "${AIFABRIX_UID:-1000}:${AIFABRIX_GID:-1000}"
+    {{else}}
     {{#if requiresStorage}}
     volumes:
       - {{#if (eq devId 0)}}aifabrix_{{app.key}}_data{{else}}aifabrix_dev{{devId}}_{{app.key}}_data{{/if}}:/mnt/data
     {{/if}}
+    {{/if}}
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:{{port}}{{healthCheck.path}}"]
       interval: {{healthCheck.interval}}s
@@ -56,78 +72,88 @@ services:
     {{/if}}
 
   {{#if requiresDatabase}}
-  # Database Initialization
+  # Database Initialization (uses infra pgpass when available: ~/.aifabrix/infra/pgpass)
+  # env_file: .env.run.admin only (POSTGRES_PASSWORD + DB_*); admin secrets never in app container
   db-init:
     image: pgvector/pgvector:pg15
     container_name: {{containerName}}-db-init
     entrypoint: []
     env_file:
-      - ${ADMIN_SECRETS_PATH}
-      - {{envFile}}
+      - {{#if dbInitEnvFile}}{{dbInitEnvFile}}{{else}}{{envFile}}{{/if}}
     environment:
       POSTGRES_DB: postgres
       PGHOST: postgres
       PGPORT: "5432"
       PGUSER: pgadmin
-      {{#if databases}}
-      {{#each databases}}
-      DB_{{@index}}_PASSWORD: {{lookup ../databasePasswords.array @index}}
-      {{/each}}
-      {{else}}
-      DB_PASSWORD: {{lookup databasePasswords.array 0}}
+      {{#if useInfraPgpass}}
+      PGPASSFILE: /run/pgpass
       {{/if}}
     networks:
       - {{networkName}}
-    volumes: []
+    volumes:
+      {{#if useInfraPgpass}}
+      - {{infraPgpassPath}}:/run/pgpass:ro
+      {{else}}
+      []
+      {{/if}}
     tmpfs:
       - /var/lib/postgresql/data
     command:
       - sh
       - -c
       - |
-        export PGHOST=postgres PGPORT=5432 PGUSER=pgadmin &&
-        export PGPASSWORD="${POSTGRES_PASSWORD}" &&
+        {{#unless useInfraPgpass}}
+        export PGPASSWORD="$${POSTGRES_PASSWORD}" &&
+        {{/unless}}
         echo 'Waiting for PostgreSQL to be ready...' &&
         counter=0 &&
-        while [ ${counter:-0} -lt 30 ]; do
-          if pg_isready -h postgres -p 5432 -U pgadmin >/dev/null 2>&1; then
+        while [ $${counter:-0} -lt 30 ]; do
+          if pg_isready >/dev/null 2>&1; then
             echo 'PostgreSQL is ready!'
             break
           fi
           echo 'Waiting for PostgreSQL...'
           sleep 1
-          counter=$((${counter:-0} + 1))
+          counter=$$(($${counter:-0} + 1))
         done &&
         {{#if databases}}
         {{#each databases}}
         echo 'Creating {{name}} database and user...' &&
-        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{name}}'" 2>/dev/null | grep -q '^1$'; then
-          echo 'Database "{{name}}" already exists, all ok.'
+        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{name}}'" 2>/dev/null | grep -q '^1$$'; then
+          echo 'Database "{{name}}" already exists, syncing user password...' &&
+          psql -d postgres -c "ALTER USER \"{{pgUserName name}}\" WITH PASSWORD '"$${DB_{{@index}}_PASSWORD}"';" &&
+          echo 'Database "{{name}}" ok.'
         else
           echo 'Creating database "{{name}}"...' &&
           psql -d postgres -c "CREATE DATABASE \"{{name}}\";" &&
           echo 'Dropping old user if exists...' &&
           psql -d postgres -c "DROP USER IF EXISTS \"{{pgUserOld name}}\";" || true &&
           echo 'Creating user "{{pgUserName name}}"...' &&
-          psql -d postgres -c 'CREATE USER "{{pgUserName name}}" WITH PASSWORD '\''${DB_{{@index}}_PASSWORD}'\'';' &&
+          psql -d postgres -c "CREATE USER \"{{pgUserName name}}\" WITH PASSWORD '"$${DB_{{@index}}_PASSWORD}"';" &&
           echo 'Granting privileges...' &&
           psql -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE \"{{name}}\" TO \"{{pgUserName name}}\";" &&
           psql -d {{name}} -c "ALTER SCHEMA public OWNER TO \"{{pgUserName name}}\";" &&
           psql -d {{name}} -c "GRANT ALL ON SCHEMA public TO \"{{pgUserName name}}\";" &&
           echo 'Database "{{name}}" created successfully!'
         fi &&
+        {{#each (extensionsForDb this)}}
+        (psql -d {{../name}} -c 'CREATE EXTENSION IF NOT EXISTS {{pgQuote this}};' || echo 'Warning: could not create extension {{this}}') &&
+        echo 'Extension "{{this}}" enabled on "{{../name}}".' &&
+        {{/each}}
         {{/each}}
         {{else}}
         echo 'Creating {{app.key}} database and user...' &&
-        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{app.key}}'" 2>/dev/null | grep -q '^1$'; then
-          echo 'Database "{{app.key}}" already exists, all ok.'
+        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{app.key}}'" 2>/dev/null | grep -q '^1$$'; then
+          echo 'Database "{{app.key}}" already exists, syncing user password...' &&
+          psql -d postgres -c "ALTER USER \"{{pgUserName app.key}}\" WITH PASSWORD '"$${DB_0_PASSWORD:-$$DB_PASSWORD}"';" &&
+          echo 'Database "{{app.key}}" ok.'
         else
           echo 'Creating database "{{app.key}}"...' &&
           psql -d postgres -c "CREATE DATABASE \"{{app.key}}\";" &&
           echo 'Dropping old user if exists...' &&
           psql -d postgres -c "DROP USER IF EXISTS \"{{pgUserOld app.key}}\";" || true &&
           echo 'Creating user "{{pgUserName app.key}}"...' &&
-          psql -d postgres -c 'CREATE USER "{{pgUserName app.key}}" WITH PASSWORD '\''${DB_0_PASSWORD:-${DB_PASSWORD}}'\'';' &&
+          psql -d postgres -c "CREATE USER \"{{pgUserName app.key}}\" WITH PASSWORD '"$${DB_0_PASSWORD:-$$DB_PASSWORD}"';" &&
           echo 'Granting privileges...' &&
           psql -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE \"{{app.key}}\" TO \"{{pgUserName app.key}}\";" &&
           psql -d {{app.key}} -c "ALTER SCHEMA public OWNER TO \"{{pgUserName app.key}}\";" &&

package/integration/hubspot/application.yaml

@@ -1,37 +0,0 @@
-app:
-  key: hubspot
-  displayName: HubSpot CRM Integration
-  description: HubSpot CRM external system integration with companies, contacts, and deals
-  type: external
-configuration:
-  - name: HUBSPOT_API_VERSION
-    portalInput:
-      field: select
-      label: HubSpot API Version
-      placeholder: Select API version
-      options:
-        - v1
-        - v2
-        - v3
-      validation:
-        required: false
-  - name: MAX_PAGE_SIZE
-    portalInput:
-      field: text
-      label: Maximum Page Size
-      placeholder: '100'
-      validation:
-        required: false
-        pattern: ^[0-9]+$
-        minLength: 1
-        maxLength: 1000
-externalIntegration:
-  schemaBasePath: ./
-  systems:
-    - hubspot-system.json
-  dataSources:
-    - hubspot-datasource-company.json
-    - hubspot-datasource-contact.json
-    - hubspot-datasource-deal.json
-  autopublish: true
-  version: 1.0.0