@aifabrix/builder 2.41.0 → 2.42.0

package/lib/utils/env-copy.js

@@ -49,6 +49,22 @@ function readDeveloperIdFromConfig(config) {
   return null;
 }
 
+/**
+ * Substitute /mnt/data with local mount path for local .env and ensure mount dir exists on disk.
+ * Creates the mount folder on the local filesystem (next to the .env file) when it does not exist.
+ * @param {string} content - Env file content
+ * @param {string} outputPath - Resolved path of the .env file being written
+ * @returns {string} Content with /mnt/data replaced by path to mount directory
+ */
+function substituteMntDataForLocal(content, outputPath) {
+  const outputDir = path.dirname(outputPath);
+  const localMountPath = path.resolve(outputDir, 'mount');
+  if (!fs.existsSync(localMountPath)) {
+    fs.mkdirSync(localMountPath, { recursive: true });
+  }
+  return content.replace(/\/mnt\/data/g, localMountPath);
+}
+
 /**
  * Resolve output path for env file
  * @param {string} rawOutputPath - Raw output path from application config
@@ -100,7 +116,8 @@ async function writeEnvOutputForReload(outputPath, runEnvPath) {
  */
 async function writeEnvOutputForLocal(appName, outputPath) {
   const { generateEnvContent, parseEnvContentToMap, mergeEnvMapIntoContent } = require('../core/secrets');
-  const localContent = await generateEnvContent(appName, null, 'local', false);
+  let localContent = await generateEnvContent(appName, null, 'local', false);
+  localContent = substituteMntDataForLocal(localContent, outputPath);
   let toWrite = localContent;
   if (fs.existsSync(outputPath)) {
     const existingContent = await fsp.readFile(outputPath, 'utf8');
@@ -229,7 +246,8 @@ async function patchEnvContentForLocal(envContent, variables) {
  */
 async function writeLocalEnvToOutputPath(outputPath, appName, secretsPath, envOutputPathLabel) {
   const { generateEnvContent, parseEnvContentToMap, mergeEnvMapIntoContent } = require('../core/secrets');
-  const localEnvContent = await generateEnvContent(appName, secretsPath, 'local', false);
+  let localEnvContent = await generateEnvContent(appName, secretsPath, 'local', false);
+  localEnvContent = substituteMntDataForLocal(localEnvContent, outputPath);
   let toWrite = localEnvContent;
   if (fs.existsSync(outputPath)) {
     const existingContent = fs.readFileSync(outputPath, 'utf8');
@@ -250,7 +268,8 @@ async function writeLocalEnvToOutputPath(outputPath, appName, secretsPath, envOu
  */
 async function writePatchedEnvToOutputPath(envPath, outputPath, variables, envOutputPathLabel) {
   const envContent = fs.readFileSync(envPath, 'utf8');
-  const patchedContent = await patchEnvContentForLocal(envContent, variables);
+  let patchedContent = await patchEnvContentForLocal(envContent, variables);
+  patchedContent = substituteMntDataForLocal(patchedContent, outputPath);
   fs.writeFileSync(outputPath, patchedContent, { mode: 0o600 });
   logger.log(chalk.green(`✓ Copied .env to: ${envOutputPathLabel}`));
 }
@@ -292,6 +311,7 @@ async function processEnvVariables(envPath, variablesPath, appName, secretsPath)
 module.exports = {
   processEnvVariables,
   resolveEnvOutputPath,
+  substituteMntDataForLocal,
   writeEnvOutputForReload,
   writeEnvOutputForLocal
 };

package/lib/utils/error-formatters/http-status-errors.js

@@ -323,4 +323,3 @@ module.exports = {
   formatNotFoundError,
   formatGenericError
 };
-

package/lib/utils/error-formatters/permission-errors.js

@@ -134,4 +134,3 @@ module.exports = {
   extractMissingPermissions,
   extractRequiredPermissions
 };
-

package/lib/utils/error-formatters/validation-errors.js

@@ -130,4 +130,3 @@ function formatValidationError(errorData) {
 module.exports = {
   formatValidationError
 };
-

package/lib/utils/external-readme.js

@@ -30,42 +30,65 @@ function formatDisplayName(key) {
     .join(' ');
 }
 
+/**
+ * Derives suffix from datasource key for filename generation
+ * @param {string} key - Datasource key
+ * @param {string} systemKey - System key
+ * @param {string} entityType - Fallback entity type
+ * @returns {string} Suffix segment
+ */
+function getDatasourceKeySuffix(key, systemKey, entityType) {
+  if (key.startsWith(`${systemKey}-deploy-`)) {
+    return key.slice(`${systemKey}-deploy-`.length);
+  }
+  if (systemKey && key.startsWith(`${systemKey}-`)) {
+    return key.slice(systemKey.length + 1);
+  }
+  if (key) {
+    return key;
+  }
+  return entityType;
+}
+
+/**
+ * Normalizes a single datasource entry for template use
+ * @param {Object} datasource - Datasource object
+ * @param {number} index - Index in array
+ * @param {string} systemKey - System key for filename generation
+ * @param {string} ext - File extension (e.g. '.json', '.yaml')
+ * @returns {{entityType: string, displayName: string, fileName: string, datasourceKey: string}} Normalized entry
+ */
+function normalizeOneDatasource(datasource, index, systemKey, ext) {
+  const entityType = datasource.entityType ||
+    datasource.entityKey ||
+    datasource.key?.split('-').pop() ||
+    `entity${index + 1}`;
+  const displayName = datasource.displayName ||
+    datasource.name ||
+    `Datasource ${index + 1}`;
+  const key = datasource.key || '';
+  const suffix = getDatasourceKeySuffix(key, systemKey, entityType);
+  const datasourceKey = key || (systemKey ? `${systemKey}-${suffix}` : suffix);
+  const fileName = datasource.fileName || datasource.file ||
+    (systemKey ? `${systemKey}-datasource-${suffix}${ext}` : `${suffix}${ext}`);
+  return { entityType, displayName, fileName, datasourceKey };
+}
+
 /**
  * Normalizes datasource entries for template use
  * @param {Array} datasources - Datasource objects
  * @param {string} systemKey - System key for filename generation
- * @returns {Array<{entityType: string, displayName: string, fileName: string}>} Normalized entries
+ * @param {string} [fileExt='.json'] - File extension for generated filenames (e.g. '.json', '.yaml')
+ * @returns {Array<{entityType: string, displayName: string, fileName: string, datasourceKey: string}>} Normalized entries
  */
-function normalizeDatasources(datasources, systemKey) {
+function normalizeDatasources(datasources, systemKey, fileExt = '.json') {
   if (!Array.isArray(datasources)) {
     return [];
   }
-  return datasources.map((datasource, index) => {
-    const entityType = datasource.entityType ||
-      datasource.entityKey ||
-      datasource.key?.split('-').pop() ||
-      `entity${index + 1}`;
-    const displayName = datasource.displayName ||
-      datasource.name ||
-      `Datasource ${index + 1}`;
-    let fileName = datasource.fileName || datasource.file;
-    if (!fileName) {
-      const key = datasource.key || '';
-      // Suffix matches split getExternalDatasourceFileName for consistent README and file names
-      let suffix;
-      if (key.startsWith(`${systemKey}-deploy-`)) {
-        suffix = key.slice(`${systemKey}-deploy-`.length);
-      } else if (systemKey && key.startsWith(`${systemKey}-`)) {
-        suffix = key.slice(systemKey.length + 1);
-      } else if (key) {
-        suffix = key;
-      } else {
-        suffix = entityType;
-      }
-      fileName = systemKey ? `${systemKey}-datasource-${suffix}.yaml` : `${suffix}.yaml`;
-    }
-    return { entityType, displayName, fileName };
-  });
+  const ext = fileExt && fileExt.startsWith('.') ? fileExt : `.${fileExt || 'json'}`;
+  return datasources.map((datasource, index) =>
+    normalizeOneDatasource(datasource, index, systemKey, ext)
+  );
 }
 
 /**
@@ -78,6 +101,7 @@ function normalizeDatasources(datasources, systemKey) {
  * @param {string} [params.displayName] - Display name
  * @param {string} [params.description] - Description
  * @param {Array} [params.datasources] - Datasource objects
+ * @param {string} [params.fileExt] - File extension for config files (e.g. '.json', '.yaml'); default '.json'
  * @returns {Object} Template context
  */
 function buildExternalReadmeContext(params = {}) {
@@ -86,7 +110,8 @@ function buildExternalReadmeContext(params = {}) {
   const displayName = params.displayName || formatDisplayName(systemKey);
   const description = params.description || `External system integration for ${systemKey}`;
   const systemType = params.systemType || 'openapi';
-  const datasources = normalizeDatasources(params.datasources, systemKey);
+  const fileExt = params.fileExt !== undefined ? params.fileExt : '.json';
+  const datasources = normalizeDatasources(params.datasources, systemKey, fileExt);
 
   return {
     appName,
@@ -94,7 +119,9 @@ function buildExternalReadmeContext(params = {}) {
     displayName,
     description,
     systemType,
+    fileExt: fileExt && fileExt.startsWith('.') ? fileExt : `.${fileExt || 'json'}`,
     datasourceCount: datasources.length,
+    hasDatasources: datasources.length > 0,
     datasources
   };
 }

package/lib/utils/external-system-display.js

@@ -241,8 +241,66 @@ function displayIntegrationTestResults(results, verbose = false) {
   }
 }
 
+/**
+ * Displays E2E test results (steps: config, credential, sync, data, cip).
+ * Supports sync response (data.steps only), final poll (data.steps + data.success), and running poll
+ * (data.completedActions, no data.steps yet). When status is present (async flow), shows it.
+ *
+ * @param {Object} data - E2E response or poll data
+ * @param {string} [data.status] - Optional status: 'running' | 'completed' | 'failed' (async flow)
+ * @param {Object[]} [data.steps] - Per-step results (final state)
+ * @param {Object[]} [data.completedActions] - Steps completed so far (running state when steps absent)
+ * @param {boolean} [data.success] - Overall success (final state)
+ * @param {string} [data.error] - Error message when failed
+ * @param {boolean} [verbose] - Show detailed output
+ */
+/* eslint-disable max-statements,complexity -- Step iteration and status display */
+function displayE2EResults(data, verbose = false) {
+  logger.log(chalk.blue('\n📊 E2E Test Results\n'));
+  if (data.status) {
+    const statusLabel = data.status === 'running'
+      ? chalk.yellow('running')
+      : data.status === 'completed'
+        ? chalk.green('completed')
+        : data.status === 'failed'
+          ? chalk.red('failed')
+          : data.status;
+    logger.log(`Status: ${statusLabel}`);
+  }
+  const steps = data.steps || data.completedActions || [];
+  if (steps.length === 0) {
+    if (data.success === false) {
+      logger.log(chalk.red('✗ E2E test failed'));
+      if (data.error) logger.log(chalk.red(`  Error: ${data.error}`));
+    } else if (data.status === 'running') {
+      logger.log(chalk.gray('  No steps completed yet'));
+    } else {
+      logger.log(chalk.yellow('No step results returned'));
+    }
+    return;
+  }
+  const isRunning = data.status === 'running' && !data.steps;
+  if (isRunning && verbose) {
+    logger.log(chalk.gray(`  (${steps.length} step(s) completed so far)`));
+  }
+  for (const step of steps) {
+    const name = step.name || step.step || 'unknown';
+    const ok = step.success !== false && !step.error;
+    logger.log(`  ${ok ? chalk.green('✓') : chalk.red('✗')} ${name}`);
+    if (!ok && (step.error || step.message)) logger.log(chalk.red(`    ${step.error || step.message}`));
+    if (verbose && step.message && ok) logger.log(chalk.gray(`    ${step.message}`));
+  }
+  if (isRunning) {
+    return;
+  }
+  const allPassed = steps.every(s => s.success !== false && !s.error);
+  logger.log(allPassed ? chalk.green('\n✅ E2E test passed!') : chalk.red('\n❌ E2E test failed'));
+}
+
 module.exports = {
   displayTestResults,
-  displayIntegrationTestResults
+  displayIntegrationTestResults,
+  displayE2EResults,
+  displayDatasourceIntegrationResult
 };
 

package/lib/utils/external-system-test-helpers.js

@@ -12,7 +12,8 @@
 const fs = require('fs').promises;
 const path = require('path');
 const { testDatasourceViaPipeline } = require('../api/pipeline.api');
-const { requireBearerForDataplanePipeline } = require('./token-manager');
+
+/** Pipeline test endpoints accept client credentials; do not enforce Bearer-only */
 
 /**
  * Retry API call with exponential backoff
@@ -40,26 +41,31 @@ async function retryApiCall(fn, maxRetries = 3, backoffMs = 1000) {
 }
 
 /**
- * Calls pipeline test endpoint using centralized API client
+ * Calls pipeline test endpoint using centralized API client.
+ * Pipeline test accepts Bearer, API_KEY, or client credentials (x-client-id/x-client-secret) for CI/CD.
  * @async
  * @param {Object} params - Function parameters
  * @param {string} params.systemKey - System key
  * @param {string} params.datasourceKey - Datasource key
  * @param {Object} params.payloadTemplate - Test payload template
  * @param {string} params.dataplaneUrl - Dataplane URL
- * @param {Object} params.authConfig - Authentication configuration
+ * @param {Object} params.authConfig - Authentication configuration (token or client credentials)
  * @param {number} [params.timeout] - Request timeout in milliseconds (default: 30000)
+ * @param {boolean} [params.includeDebug] - Include debug output in response
  * @returns {Promise<Object>} Test response
  */
-async function callPipelineTestEndpoint({ systemKey, datasourceKey, payloadTemplate, dataplaneUrl, authConfig, timeout = 30000 }) {
-  requireBearerForDataplanePipeline(authConfig);
+async function callPipelineTestEndpoint({ systemKey, datasourceKey, payloadTemplate, dataplaneUrl, authConfig, timeout = 30000, includeDebug = false }) {
+  const testData = { payloadTemplate };
+  if (includeDebug) {
+    testData.includeDebug = true;
+  }
   const response = await retryApiCall(async() => {
     return await testDatasourceViaPipeline({
       dataplaneUrl,
       systemKey,
       datasourceKey,
       authConfig,
-      testData: { payloadTemplate },
+      testData,
       options: { timeout }
     });
   });
@@ -67,6 +73,11 @@ async function callPipelineTestEndpoint({ systemKey, datasourceKey, payloadTempl
   if (!response.success || !response.data) {
     throw new Error(`Test endpoint failed: ${response.error || response.formattedError || 'Unknown error'}`);
   }
+  // When 200 with success: false in body, pass through; caller interprets via data.success
+  if (response.data?.success === false) {
+    const errMsg = response.data?.error || response.data?.formattedError || 'Test failed';
+    throw new Error(`Test endpoint failed: ${errMsg}`);
+  }
 
   return response.data.data || response.data;
 }
@@ -114,16 +125,18 @@ function determinePayloadTemplate(datasource, datasourceKey, customPayload) {
  * @param {string} params.dataplaneUrl - Dataplane URL
  * @param {Object} params.authConfig - Authentication configuration
  * @param {number} params.timeout - Request timeout
+ * @param {boolean} [params.includeDebug] - Include debug in response
  * @returns {Promise<Object>} Test result
  */
-async function testSingleDatasource({ systemKey, datasourceKey, payloadTemplate, dataplaneUrl, authConfig, timeout }) {
+async function testSingleDatasource({ systemKey, datasourceKey, payloadTemplate, dataplaneUrl, authConfig, timeout, includeDebug = false }) {
   const testResponse = await callPipelineTestEndpoint({
     systemKey,
     datasourceKey,
     payloadTemplate,
     dataplaneUrl,
     authConfig,
-    timeout
+    timeout,
+    includeDebug
   });
 
   return {

package/lib/utils/external-system-validators.js

@@ -9,6 +9,7 @@
  */
 
 const Ajv = require('ajv');
+const addFormats = require('ajv-formats');
 
 /**
  * Validates field mapping expression syntax (pipe-based DSL)
@@ -263,6 +264,7 @@ function validateMetadataSchema(datasource, testPayload) {
 
   try {
     const ajv = new Ajv({ allErrors: true, strict: false });
+    addFormats(ajv);
     const validate = ajv.compile(datasource.metadataSchema);
     const valid = validate(payloadTemplate);
 
@@ -319,6 +321,7 @@ function validateAgainstSchema(data, schema) {
     allowUnionTypes: true,
     validateSchema: false
   });
+  addFormats(ajv);
   // Remove $schema for draft-2020-12 to avoid AJV issues
   const schemaCopy = { ...schema };
   if (schemaCopy.$schema && schemaCopy.$schema.includes('2020-12')) {

package/lib/utils/file-upload.js

@@ -1,29 +1,14 @@
 /**
  * @fileoverview File upload utilities for multipart/form-data requests
+ * All API calls go via ApiClient (lib/api/index.js); no duplicate auth logic.
  * @author AI Fabrix Team
  * @version 2.0.0
  */
 
 const fs = require('fs').promises;
 const path = require('path');
-const { makeApiCall, authenticatedApiCall } = require('./api');
+const { ApiClient } = require('../api');
 
-/**
- * Upload a file using multipart/form-data
- * @async
- * @function uploadFile
- * @param {string} url - API endpoint URL
- * @param {string} filePath - Path to file to upload
- * @param {string} fieldName - Form field name for the file (default: 'file')
- * @param {Object} [authConfig] - Authentication configuration
- * @param {string} [authConfig.type] - Auth type ('bearer' | 'client-credentials')
- * @param {string} [authConfig.token] - Bearer token
- * @param {string} [authConfig.clientId] - Client ID
- * @param {string} [authConfig.clientSecret] - Client secret
- * @param {Object} [additionalFields] - Additional form fields to include
- * @returns {Promise<Object>} API response
- * @throws {Error} If file upload fails
- */
 /**
  * Validates file exists
  * @async
@@ -63,47 +48,32 @@ async function buildFormData(filePath, fieldName, additionalFields) {
 }
 
 /**
- * Builds authentication headers
- * @function buildAuthHeaders
- * @param {Object} authConfig - Authentication configuration
- * @returns {Object} Headers object
+ * Upload a file using multipart/form-data via ApiClient (single place for auth and API calls).
+ * @async
+ * @function uploadFile
+ * @param {string} url - Full API endpoint URL (e.g. https://dataplane.example.com/api/v1/wizard/parse-openapi)
+ * @param {string} filePath - Path to file to upload
+ * @param {string} fieldName - Form field name for the file (default: 'file')
+ * @param {Object} [authConfig] - Authentication configuration (token-only for app endpoints)
+ * @param {string} [authConfig.type] - Auth type ('bearer' | 'client-token')
+ * @param {string} [authConfig.token] - Token (Bearer user token or x-client-token application token)
+ * @param {Object} [additionalFields] - Additional form fields to include
+ * @returns {Promise<Object>} API response
+ * @throws {Error} If file upload fails
  */
-function buildAuthHeaders(authConfig) {
-  const headers = {};
-  if (authConfig.type === 'bearer' && authConfig.token) {
-    headers['Authorization'] = `Bearer ${authConfig.token}`;
-  } else if (authConfig.type === 'client-credentials') {
-    if (authConfig.clientId) {
-      headers['x-client-id'] = authConfig.clientId;
-    }
-    if (authConfig.clientSecret) {
-      headers['x-client-secret'] = authConfig.clientSecret;
-    }
-  }
-  return headers;
-}
-
 async function uploadFile(url, filePath, fieldName = 'file', authConfig = {}, additionalFields = {}) {
   await validateFileExists(filePath);
 
-  const formData = await buildFormData(filePath, fieldName, additionalFields);
-  const headers = buildAuthHeaders(authConfig);
-
-  const options = {
-    method: 'POST',
-    headers,
-    body: formData
-  };
+  const parsed = new URL(url);
+  const baseUrl = parsed.origin;
+  const endpointPath = parsed.pathname + parsed.search;
 
-  // Use authenticatedApiCall if bearer token, otherwise makeApiCall
-  if (authConfig.type === 'bearer' && authConfig.token) {
-    return await authenticatedApiCall(url, options, authConfig.token);
-  }
+  const formData = await buildFormData(filePath, fieldName, additionalFields);
+  const client = new ApiClient(baseUrl, authConfig);
 
-  return await makeApiCall(url, options);
+  return await client.postFormData(endpointPath, formData);
 }
 
 module.exports = {
   uploadFile
 };
-

package/lib/utils/help-builder.js

@@ -97,6 +97,7 @@ const CATEGORIES = [
       { name: 'download', term: 'download <system-key>' },
       { name: 'upload', term: 'upload <system-key>' },
       { name: 'delete', term: 'delete <system-key>' },
+      { name: 'repair', term: 'repair <app>' },
       { name: 'test', term: 'test <app>' },
       { name: 'test-integration', term: 'test-integration <app>' }
     ]

package/lib/utils/infra-status.js

@@ -17,9 +17,53 @@ const containerUtils = require('./infra-containers');
 
 const execAsync = promisify(exec);
 
+/**
+ * Builds services config map from ports and config flags.
+ * @param {Object} ports - Port configuration
+ * @param {Object} cfg - Config (pgadmin, redisCommander, traefik)
+ * @returns {Object} Map of serviceName -> { port, url }
+ */
+function buildServicesConfig(ports, cfg) {
+  const services = {
+    postgres: { port: ports.postgres, url: `localhost:${ports.postgres}` },
+    redis: { port: ports.redis, url: `localhost:${ports.redis}` }
+  };
+  if (cfg.pgadmin !== false) services.pgadmin = { port: ports.pgadmin, url: `http://localhost:${ports.pgadmin}` };
+  if (cfg.redisCommander !== false) {
+    services['redis-commander'] = { port: ports.redisCommander, url: `http://localhost:${ports.redisCommander}` };
+  }
+  if (cfg.traefik) {
+    services.traefik = {
+      port: `${ports.traefikHttp}, ${ports.traefikHttps}`,
+      url: `http://localhost:${ports.traefikHttp}, https://localhost:${ports.traefikHttps}`
+    };
+  }
+  return services;
+}
+
+/**
+ * Gets status for a single service.
+ * @param {string} serviceName - Service name
+ * @param {Object} serviceConfig - { port, url }
+ * @param {string} devId - Developer ID
+ * @returns {Promise<Object>} Status entry
+ */
+async function getServiceStatus(serviceName, serviceConfig, devId) {
+  try {
+    const containerName = await containerUtils.findContainer(serviceName, devId, { strict: true });
+    const rawStatus = containerName
+      ? (await execAsync(`docker inspect --format='{{.State.Status}}' ${containerName}`)).stdout.trim().replace(/['"]/g, '')
+      : 'not running';
+    return { status: rawStatus, port: serviceConfig.port, url: serviceConfig.url };
+  } catch {
+    return { status: 'not running', port: serviceConfig.port, url: serviceConfig.url };
+  }
+}
+
 /**
  * Gets the status of infrastructure services
- * Returns detailed information about running containers
+ * Returns detailed information about running containers.
+ * Only includes pgAdmin, Redis Commander, and Traefik when enabled in config.
  *
  * @async
  * @function getInfraStatus
@@ -31,51 +75,13 @@ const execAsync = promisify(exec);
  */
 async function getInfraStatus() {
   const devId = await config.getDeveloperId();
-  // Convert string developer ID to number for getDevPorts
-  const devIdNum = parseInt(devId, 10);
-  const ports = devConfig.getDevPorts(devIdNum);
-  const services = {
-    postgres: { port: ports.postgres, url: `localhost:${ports.postgres}` },
-    redis: { port: ports.redis, url: `localhost:${ports.redis}` },
-    pgadmin: { port: ports.pgadmin, url: `http://localhost:${ports.pgadmin}` },
-    'redis-commander': { port: ports.redisCommander, url: `http://localhost:${ports.redisCommander}` },
-    traefik: {
-      port: `${ports.traefikHttp}, ${ports.traefikHttps}`,
-      url: `http://localhost:${ports.traefikHttp}, https://localhost:${ports.traefikHttps}`
-    }
-  };
-
+  const cfg = await config.getConfig();
+  const ports = devConfig.getDevPorts(parseInt(devId, 10));
+  const services = buildServicesConfig(ports, cfg);
   const status = {};
-
-  for (const [serviceName, serviceConfig] of Object.entries(services)) {
-    try {
-      // Strict: only this developer's infra (no fallback to dev 0), so status reflects reality
-      const containerName = await containerUtils.findContainer(serviceName, devId, { strict: true });
-      if (containerName) {
-        const { stdout } = await execAsync(`docker inspect --format='{{.State.Status}}' ${containerName}`);
-        // Normalize status value (trim whitespace and remove quotes)
-        const normalizedStatus = stdout.trim().replace(/['"]/g, '');
-        status[serviceName] = {
-          status: normalizedStatus,
-          port: serviceConfig.port,
-          url: serviceConfig.url
-        };
-      } else {
-        status[serviceName] = {
-          status: 'not running',
-          port: serviceConfig.port,
-          url: serviceConfig.url
-        };
-      }
-    } catch (error) {
-      status[serviceName] = {
-        status: 'not running',
-        port: serviceConfig.port,
-        url: serviceConfig.url
-      };
-    }
+  for (const [name, svc] of Object.entries(services)) {
+    status[name] = await getServiceStatus(name, svc, devId);
   }
-
   return status;
 }
 

package/lib/utils/local-secrets.js

@@ -13,12 +13,12 @@ const path = require('path');
 const yaml = require('js-yaml');
 const logger = require('../utils/logger');
 const pathsUtil = require('./paths');
-const { appendSecretsToFile } = require('./secrets-generator');
+const { mergeSecretsIntoFile } = require('./secrets-generator');
 
 /**
  * Saves a secret to ~/.aifabrix/secrets.local.yaml
  * Uses paths.getAifabrixHome() to respect config.yaml aifabrix-home override
- * Appends the key to the end of the file without changing existing content (preserves comments and structure)
+ * Merges the key into the file (updates in place if key already exists, e.g. after rotate-secret)
  *
  * @async
  * @function saveLocalSecret
@@ -40,12 +40,12 @@ async function saveLocalSecret(key, value) {
   }
 
   const secretsPath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
-  appendSecretsToFile(secretsPath, { [key]: value });
+  mergeSecretsIntoFile(secretsPath, { [key]: value });
 }
 
 /**
  * Saves a secret to a specified secrets file path
- * Appends the key to the end of the file without changing existing content (preserves comments and structure)
+ * Merges the key into the file (updates in place if key already exists)
  *
  * @async
  * @function saveSecret
@@ -122,7 +122,7 @@ async function saveSecret(key, value, secretsPath) {
   validateSaveSecretParams(key, value, secretsPath);
 
   const resolvedPath = resolveAndPrepareSecretsPath(secretsPath);
-  appendSecretsToFile(resolvedPath, { [key]: value });
+  mergeSecretsIntoFile(resolvedPath, { [key]: value });
 }
 
 /**