@aifabrix/builder 2.41.0 → 2.42.1

package/lib/utils/dev-ca-install.js

@@ -0,0 +1,139 @@
+/**
+ * Dev CA Install – SSL untrusted detection, fetch CA from Builder Server, install into OS trust store.
+ * Used by `aifabrix dev init` when the server certificate is self-signed. Only /install-ca uses
+ * rejectUnauthorized: false; all other requests use default TLS verification.
+ *
+ * @fileoverview CA install utilities for development Builder Server
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const fs = require('fs').promises;
+const path = require('path');
+const https = require('https');
+const os = require('os');
+const { execFileSync } = require('child_process');
+const readline = require('readline');
+const chalk = require('chalk');
+
+const SSL_UNTRUSTED_CODES = [
+  'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
+  'DEPTH_ZERO_SELF_SIGNED_CERT',
+  'CERT_UNTRUSTED',
+  'SELF_SIGNED_CERT_IN_CHAIN',
+  'UNABLE_TO_GET_ISSUER_CERT',
+  'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
+];
+
+/**
+ * Returns true if the error indicates an untrusted/self-signed server certificate.
+ * @param {Error} err - Thrown error (e.g. from devApi.getHealth)
+ * @returns {boolean}
+ */
+function isSslUntrustedError(err) {
+  const code = err?.code || err?.cause?.code;
+  const msg = (err?.message || '').toUpperCase();
+  return SSL_UNTRUSTED_CODES.some(c => code === c || msg.includes(c));
+}
+
+/**
+ * Fetch CA PEM from Builder Server via GET {baseUrl}/install-ca.
+ * Uses rejectUnauthorized: false only for this endpoint (dev setup).
+ * @param {string} baseUrl - Builder Server base URL (no trailing slash)
+ * @returns {Promise<Buffer>} CA certificate PEM
+ */
+function fetchInstallCa(baseUrl) {
+  return new Promise((resolve, reject) => {
+    const url = `${baseUrl.replace(/\/+$/, '')}/install-ca`;
+    const urlObj = new URL(url);
+    if (urlObj.protocol !== 'https:') {
+      reject(new Error('install-ca requires https URL'));
+      return;
+    }
+    const agent = new https.Agent({ rejectUnauthorized: false });
+    const req = https.get(
+      url,
+      { agent },
+      (res) => {
+        if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+          req.destroy();
+          fetchInstallCa(res.headers.location).then(resolve).catch(reject);
+          return;
+        }
+        const chunks = [];
+        res.on('data', c => chunks.push(c));
+        res.on('end', () => {
+          const body = Buffer.concat(chunks).toString('utf8');
+          if (!body || !body.includes('-----BEGIN CERTIFICATE-----')) {
+            reject(new Error('Invalid CA response: expected PEM certificate'));
+            return;
+          }
+          resolve(Buffer.from(body, 'utf8'));
+        });
+      }
+    );
+    req.on('error', reject);
+  });
+}
+
+/**
+ * Install CA PEM into OS trust store (platform-specific).
+ * @param {Buffer|string} caPem - CA certificate PEM
+ * @param {string} baseUrl - Builder Server base URL (for help link)
+ * @returns {Promise<void>}
+ */
+async function installCaPlatform(caPem, baseUrl) {
+  const pem = Buffer.isBuffer(caPem) ? caPem.toString('utf8') : String(caPem);
+  const tmpDir = os.tmpdir();
+  const tmpPath = path.join(tmpDir, 'aifabrix-root-ca.crt');
+  await fs.writeFile(tmpPath, pem, { mode: 0o644 });
+
+  try {
+    if (process.platform === 'win32') {
+      execFileSync('certutil', ['-addstore', '-user', 'ROOT', tmpPath], { stdio: 'inherit' });
+    } else if (process.platform === 'darwin') {
+      const keychain = path.join(os.homedir(), 'Library', 'Keychains', 'login.keychain-db');
+      execFileSync('security', ['add-trusted-cert', '-d', '-r', 'trustRoot', '-k', keychain, tmpPath], { stdio: 'inherit' });
+    } else if (process.platform === 'linux') {
+      const certPath = '/usr/local/share/ca-certificates/aifabrix-root-ca.crt';
+      try {
+        await fs.writeFile(certPath, pem, { mode: 0o644 });
+        execFileSync('update-ca-certificates', [], { stdio: 'inherit' });
+      } catch (e) {
+        if (e.code === 'EACCES' || (e.status !== undefined && e.status !== null && e.status !== 0)) {
+          const helpUrl = `${baseUrl.replace(/\/+$/, '')}/install-ca-help`;
+          throw new Error(
+            `Linux CA install requires sudo. Save CA manually from ${helpUrl} to ${certPath} and run: sudo update-ca-certificates`
+          );
+        }
+        throw e;
+      }
+    } else {
+      throw new Error(`Unsupported platform: ${process.platform}`);
+    }
+  } finally {
+    await fs.unlink(tmpPath).catch(() => {});
+  }
+}
+
+/**
+ * Prompt user: "Download and install the development CA? (y/n)"
+ * @returns {Promise<boolean>}
+ */
+function promptInstallCa() {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise(resolve => {
+    rl.question(chalk.yellow('Server certificate not trusted. Download and install the development CA? (y/n) '), answer => {
+      rl.close();
+      const normalized = (answer || '').trim().toLowerCase();
+      resolve(normalized === 'y' || normalized === 'yes');
+    });
+  });
+}
+
+module.exports = {
+  isSslUntrustedError,
+  fetchInstallCa,
+  installCaPlatform,
+  promptInstallCa
+};

package/lib/utils/env-copy.js

@@ -49,6 +49,22 @@ function readDeveloperIdFromConfig(config) {
   return null;
 }
 
+/**
+ * Substitute /mnt/data with local mount path for local .env and ensure mount dir exists on disk.
+ * Creates the mount folder on the local filesystem (next to the .env file) when it does not exist.
+ * @param {string} content - Env file content
+ * @param {string} outputPath - Resolved path of the .env file being written
+ * @returns {string} Content with /mnt/data replaced by path to mount directory
+ */
+function substituteMntDataForLocal(content, outputPath) {
+  const outputDir = path.dirname(outputPath);
+  const localMountPath = path.resolve(outputDir, 'mount');
+  if (!fs.existsSync(localMountPath)) {
+    fs.mkdirSync(localMountPath, { recursive: true });
+  }
+  return content.replace(/\/mnt\/data/g, localMountPath);
+}
+
 /**
  * Resolve output path for env file
  * @param {string} rawOutputPath - Raw output path from application config
@@ -100,7 +116,8 @@ async function writeEnvOutputForReload(outputPath, runEnvPath) {
  */
 async function writeEnvOutputForLocal(appName, outputPath) {
   const { generateEnvContent, parseEnvContentToMap, mergeEnvMapIntoContent } = require('../core/secrets');
-  const localContent = await generateEnvContent(appName, null, 'local', false);
+  let localContent = await generateEnvContent(appName, null, 'local', false);
+  localContent = substituteMntDataForLocal(localContent, outputPath);
   let toWrite = localContent;
   if (fs.existsSync(outputPath)) {
     const existingContent = await fsp.readFile(outputPath, 'utf8');
@@ -229,7 +246,8 @@ async function patchEnvContentForLocal(envContent, variables) {
  */
 async function writeLocalEnvToOutputPath(outputPath, appName, secretsPath, envOutputPathLabel) {
   const { generateEnvContent, parseEnvContentToMap, mergeEnvMapIntoContent } = require('../core/secrets');
-  const localEnvContent = await generateEnvContent(appName, secretsPath, 'local', false);
+  let localEnvContent = await generateEnvContent(appName, secretsPath, 'local', false);
+  localEnvContent = substituteMntDataForLocal(localEnvContent, outputPath);
   let toWrite = localEnvContent;
   if (fs.existsSync(outputPath)) {
     const existingContent = fs.readFileSync(outputPath, 'utf8');
@@ -250,7 +268,8 @@ async function writeLocalEnvToOutputPath(outputPath, appName, secretsPath, envOu
  */
 async function writePatchedEnvToOutputPath(envPath, outputPath, variables, envOutputPathLabel) {
   const envContent = fs.readFileSync(envPath, 'utf8');
-  const patchedContent = await patchEnvContentForLocal(envContent, variables);
+  let patchedContent = await patchEnvContentForLocal(envContent, variables);
+  patchedContent = substituteMntDataForLocal(patchedContent, outputPath);
   fs.writeFileSync(outputPath, patchedContent, { mode: 0o600 });
   logger.log(chalk.green(`✓ Copied .env to: ${envOutputPathLabel}`));
 }
@@ -292,6 +311,7 @@ async function processEnvVariables(envPath, variablesPath, appName, secretsPath)
 module.exports = {
   processEnvVariables,
   resolveEnvOutputPath,
+  substituteMntDataForLocal,
   writeEnvOutputForReload,
   writeEnvOutputForLocal
 };

package/lib/utils/error-formatters/http-status-errors.js

@@ -323,4 +323,3 @@ module.exports = {
   formatNotFoundError,
   formatGenericError
 };
-

package/lib/utils/error-formatters/permission-errors.js

@@ -134,4 +134,3 @@ module.exports = {
   extractMissingPermissions,
   extractRequiredPermissions
 };
-

package/lib/utils/error-formatters/validation-errors.js

@@ -130,4 +130,3 @@ function formatValidationError(errorData) {
 module.exports = {
   formatValidationError
 };
-

package/lib/utils/external-readme.js

@@ -30,42 +30,92 @@ function formatDisplayName(key) {
     .join(' ');
 }
 
+/**
+ * Derives suffix from datasource key for filename generation
+ * @param {string} key - Datasource key
+ * @param {string} systemKey - System key
+ * @param {string} entityType - Fallback entity type
+ * @returns {string} Suffix segment
+ */
+function getDatasourceKeySuffix(key, systemKey, entityType) {
+  if (key.startsWith(`${systemKey}-deploy-`)) {
+    return key.slice(`${systemKey}-deploy-`.length);
+  }
+  if (systemKey && key.startsWith(`${systemKey}-`)) {
+    return key.slice(systemKey.length + 1);
+  }
+  if (key) {
+    return key;
+  }
+  return entityType;
+}
+
+/**
+ * Normalizes a single datasource entry for template use
+ * @param {Object} datasource - Datasource object
+ * @param {number} index - Index in array
+ * @param {string} systemKey - System key for filename generation
+ * @param {string} ext - File extension (e.g. '.json', '.yaml')
+ * @returns {{entityType: string, displayName: string, fileName: string, datasourceKey: string}} Normalized entry
+ */
+function normalizeOneDatasource(datasource, index, systemKey, ext) {
+  const entityType = datasource.entityType ||
+    datasource.entityKey ||
+    datasource.key?.split('-').pop() ||
+    `entity${index + 1}`;
+  const displayName = datasource.displayName ||
+    datasource.name ||
+    `Datasource ${index + 1}`;
+  const key = datasource.key || '';
+  const suffix = getDatasourceKeySuffix(key, systemKey, entityType);
+  const datasourceKey = key || (systemKey ? `${systemKey}-${suffix}` : suffix);
+  const fileName = datasource.fileName || datasource.file ||
+    (systemKey ? `${systemKey}-datasource-${suffix}${ext}` : `${suffix}${ext}`);
+  return { entityType, displayName, fileName, datasourceKey };
+}
+
 /**
  * Normalizes datasource entries for template use
  * @param {Array} datasources - Datasource objects
  * @param {string} systemKey - System key for filename generation
- * @returns {Array<{entityType: string, displayName: string, fileName: string}>} Normalized entries
+ * @param {string} [fileExt='.json'] - File extension for generated filenames (e.g. '.json', '.yaml')
+ * @returns {Array<{entityType: string, displayName: string, fileName: string, datasourceKey: string}>} Normalized entries
  */
-function normalizeDatasources(datasources, systemKey) {
+function normalizeDatasources(datasources, systemKey, fileExt = '.json') {
   if (!Array.isArray(datasources)) {
     return [];
   }
-  return datasources.map((datasource, index) => {
-    const entityType = datasource.entityType ||
-      datasource.entityKey ||
-      datasource.key?.split('-').pop() ||
-      `entity${index + 1}`;
-    const displayName = datasource.displayName ||
-      datasource.name ||
-      `Datasource ${index + 1}`;
-    let fileName = datasource.fileName || datasource.file;
-    if (!fileName) {
-      const key = datasource.key || '';
-      // Suffix matches split getExternalDatasourceFileName for consistent README and file names
-      let suffix;
-      if (key.startsWith(`${systemKey}-deploy-`)) {
-        suffix = key.slice(`${systemKey}-deploy-`.length);
-      } else if (systemKey && key.startsWith(`${systemKey}-`)) {
-        suffix = key.slice(systemKey.length + 1);
-      } else if (key) {
-        suffix = key;
-      } else {
-        suffix = entityType;
-      }
-      fileName = systemKey ? `${systemKey}-datasource-${suffix}.yaml` : `${suffix}.yaml`;
-    }
-    return { entityType, displayName, fileName };
-  });
+  const ext = fileExt && fileExt.startsWith('.') ? fileExt : `.${fileExt || 'json'}`;
+  return datasources.map((datasource, index) =>
+    normalizeOneDatasource(datasource, index, systemKey, ext)
+  );
+}
+
+/**
+ * Builds secret path entries for README "Secrets" section per auth type.
+ * Path is the key for `aifabrix secret set <key> <value>` (no kv:// prefix; key format systemKey/secretKey in camelCase).
+ * @param {string} systemKey - System key
+ * @param {string} [authType] - Authentication type (oauth2, aad, apikey, basic, queryParam, hmac, bearer, token, none)
+ * @returns {Array<{path: string, description: string}>} secretPaths for template (path = key for secret set, no kv://)
+ */
+function buildSecretPaths(systemKey, authType) {
+  if (!systemKey || typeof systemKey !== 'string') return [];
+  const t = (authType && typeof authType === 'string') ? authType.toLowerCase() : 'apikey';
+  const map = {
+    oauth2: [{ path: `${systemKey}/clientId`, description: 'Client ID' }, { path: `${systemKey}/clientSecret`, description: 'Client Secret' }],
+    oauth: [{ path: `${systemKey}/clientId`, description: 'Client ID' }, { path: `${systemKey}/clientSecret`, description: 'Client Secret' }],
+    aad: [{ path: `${systemKey}/clientId`, description: 'Client ID' }, { path: `${systemKey}/clientSecret`, description: 'Client Secret' }],
+    apikey: [{ path: `${systemKey}/apiKey`, description: 'API Key' }],
+    apiKey: [{ path: `${systemKey}/apiKey`, description: 'API Key' }],
+    basic: [{ path: `${systemKey}/username`, description: 'Username' }, { path: `${systemKey}/password`, description: 'Password' }],
+    queryparam: [{ path: `${systemKey}/paramValue`, description: 'Query parameter value' }],
+    hmac: [{ path: `${systemKey}/signingSecret`, description: 'Signing secret' }],
+    bearer: [{ path: `${systemKey}/bearerToken`, description: 'Bearer token' }],
+    token: [{ path: `${systemKey}/bearerToken`, description: 'Bearer token' }],
+    oidc: [],
+    none: []
+  };
+  return map[t] || map.apikey;
 }
 
 /**
@@ -78,6 +128,9 @@ function normalizeDatasources(datasources, systemKey) {
  * @param {string} [params.displayName] - Display name
  * @param {string} [params.description] - Description
  * @param {Array} [params.datasources] - Datasource objects
+ * @param {string} [params.fileExt] - File extension for config files (e.g. '.json', '.yaml'); default '.json'
+ * @param {string} [params.authType] - Authentication type for Secrets section (oauth2, aad, apikey, basic, etc.)
+ * @param {Object} [params.authentication] - Full authentication object (authType used if authType not set)
  * @returns {Object} Template context
  */
 function buildExternalReadmeContext(params = {}) {
@@ -86,7 +139,10 @@ function buildExternalReadmeContext(params = {}) {
   const displayName = params.displayName || formatDisplayName(systemKey);
   const description = params.description || `External system integration for ${systemKey}`;
   const systemType = params.systemType || 'openapi';
-  const datasources = normalizeDatasources(params.datasources, systemKey);
+  const fileExt = params.fileExt !== undefined ? params.fileExt : '.json';
+  const datasources = normalizeDatasources(params.datasources, systemKey, fileExt);
+  const authType = params.authType || params.authentication?.type || params.authentication?.method || params.authentication?.authType;
+  const secretPaths = buildSecretPaths(systemKey, authType);
 
   return {
     appName,
@@ -94,8 +150,11 @@ function buildExternalReadmeContext(params = {}) {
     displayName,
     description,
     systemType,
+    fileExt: fileExt && fileExt.startsWith('.') ? fileExt : `.${fileExt || 'json'}`,
     datasourceCount: datasources.length,
-    datasources
+    hasDatasources: datasources.length > 0,
+    datasources,
+    secretPaths
   };
 }
 

package/lib/utils/external-system-display.js

@@ -241,8 +241,66 @@ function displayIntegrationTestResults(results, verbose = false) {
   }
 }
 
+/**
+ * Displays E2E test results (steps: config, credential, sync, data, cip).
+ * Supports sync response (data.steps only), final poll (data.steps + data.success), and running poll
+ * (data.completedActions, no data.steps yet). When status is present (async flow), shows it.
+ *
+ * @param {Object} data - E2E response or poll data
+ * @param {string} [data.status] - Optional status: 'running' | 'completed' | 'failed' (async flow)
+ * @param {Object[]} [data.steps] - Per-step results (final state)
+ * @param {Object[]} [data.completedActions] - Steps completed so far (running state when steps absent)
+ * @param {boolean} [data.success] - Overall success (final state)
+ * @param {string} [data.error] - Error message when failed
+ * @param {boolean} [verbose] - Show detailed output
+ */
+/* eslint-disable max-statements,complexity -- Step iteration and status display */
+function displayE2EResults(data, verbose = false) {
+  logger.log(chalk.blue('\n📊 E2E Test Results\n'));
+  if (data.status) {
+    const statusLabel = data.status === 'running'
+      ? chalk.yellow('running')
+      : data.status === 'completed'
+        ? chalk.green('completed')
+        : data.status === 'failed'
+          ? chalk.red('failed')
+          : data.status;
+    logger.log(`Status: ${statusLabel}`);
+  }
+  const steps = data.steps || data.completedActions || [];
+  if (steps.length === 0) {
+    if (data.success === false) {
+      logger.log(chalk.red('✗ E2E test failed'));
+      if (data.error) logger.log(chalk.red(`  Error: ${data.error}`));
+    } else if (data.status === 'running') {
+      logger.log(chalk.gray('  No steps completed yet'));
+    } else {
+      logger.log(chalk.yellow('No step results returned'));
+    }
+    return;
+  }
+  const isRunning = data.status === 'running' && !data.steps;
+  if (isRunning && verbose) {
+    logger.log(chalk.gray(`  (${steps.length} step(s) completed so far)`));
+  }
+  for (const step of steps) {
+    const name = step.name || step.step || 'unknown';
+    const ok = step.success !== false && !step.error;
+    logger.log(`  ${ok ? chalk.green('✓') : chalk.red('✗')} ${name}`);
+    if (!ok && (step.error || step.message)) logger.log(chalk.red(`    ${step.error || step.message}`));
+    if (verbose && step.message && ok) logger.log(chalk.gray(`    ${step.message}`));
+  }
+  if (isRunning) {
+    return;
+  }
+  const allPassed = steps.every(s => s.success !== false && !s.error);
+  logger.log(allPassed ? chalk.green('\n✅ E2E test passed!') : chalk.red('\n❌ E2E test failed'));
+}
+
 module.exports = {
   displayTestResults,
-  displayIntegrationTestResults
+  displayIntegrationTestResults,
+  displayE2EResults,
+  displayDatasourceIntegrationResult
 };
 

package/lib/utils/external-system-test-helpers.js

@@ -12,7 +12,8 @@
 const fs = require('fs').promises;
 const path = require('path');
 const { testDatasourceViaPipeline } = require('../api/pipeline.api');
-const { requireBearerForDataplanePipeline } = require('./token-manager');
+
+/** Pipeline test endpoints accept client credentials; do not enforce Bearer-only */
 
 /**
  * Retry API call with exponential backoff
@@ -40,26 +41,31 @@ async function retryApiCall(fn, maxRetries = 3, backoffMs = 1000) {
 }
 
 /**
- * Calls pipeline test endpoint using centralized API client
+ * Calls pipeline test endpoint using centralized API client.
+ * Pipeline test accepts Bearer, API_KEY, or client credentials (x-client-id/x-client-secret) for CI/CD.
  * @async
  * @param {Object} params - Function parameters
  * @param {string} params.systemKey - System key
  * @param {string} params.datasourceKey - Datasource key
  * @param {Object} params.payloadTemplate - Test payload template
  * @param {string} params.dataplaneUrl - Dataplane URL
- * @param {Object} params.authConfig - Authentication configuration
+ * @param {Object} params.authConfig - Authentication configuration (token or client credentials)
  * @param {number} [params.timeout] - Request timeout in milliseconds (default: 30000)
+ * @param {boolean} [params.includeDebug] - Include debug output in response
  * @returns {Promise<Object>} Test response
  */
-async function callPipelineTestEndpoint({ systemKey, datasourceKey, payloadTemplate, dataplaneUrl, authConfig, timeout = 30000 }) {
-  requireBearerForDataplanePipeline(authConfig);
+async function callPipelineTestEndpoint({ systemKey, datasourceKey, payloadTemplate, dataplaneUrl, authConfig, timeout = 30000, includeDebug = false }) {
+  const testData = { payloadTemplate };
+  if (includeDebug) {
+    testData.includeDebug = true;
+  }
   const response = await retryApiCall(async() => {
     return await testDatasourceViaPipeline({
       dataplaneUrl,
       systemKey,
       datasourceKey,
       authConfig,
-      testData: { payloadTemplate },
+      testData,
       options: { timeout }
     });
   });
@@ -67,6 +73,11 @@ async function callPipelineTestEndpoint({ systemKey, datasourceKey, payloadTempl
   if (!response.success || !response.data) {
     throw new Error(`Test endpoint failed: ${response.error || response.formattedError || 'Unknown error'}`);
   }
+  // When 200 with success: false in body, pass through; caller interprets via data.success
+  if (response.data?.success === false) {
+    const errMsg = response.data?.error || response.data?.formattedError || 'Test failed';
+    throw new Error(`Test endpoint failed: ${errMsg}`);
+  }
 
   return response.data.data || response.data;
 }
@@ -114,16 +125,18 @@ function determinePayloadTemplate(datasource, datasourceKey, customPayload) {
  * @param {string} params.dataplaneUrl - Dataplane URL
  * @param {Object} params.authConfig - Authentication configuration
  * @param {number} params.timeout - Request timeout
+ * @param {boolean} [params.includeDebug] - Include debug in response
  * @returns {Promise<Object>} Test result
  */
-async function testSingleDatasource({ systemKey, datasourceKey, payloadTemplate, dataplaneUrl, authConfig, timeout }) {
+async function testSingleDatasource({ systemKey, datasourceKey, payloadTemplate, dataplaneUrl, authConfig, timeout, includeDebug = false }) {
   const testResponse = await callPipelineTestEndpoint({
     systemKey,
     datasourceKey,
     payloadTemplate,
     dataplaneUrl,
     authConfig,
-    timeout
+    timeout,
+    includeDebug
   });
 
   return {

package/lib/utils/external-system-validators.js

@@ -9,6 +9,7 @@
  */
 
 const Ajv = require('ajv');
+const addFormats = require('ajv-formats');
 
 /**
  * Validates field mapping expression syntax (pipe-based DSL)
@@ -263,6 +264,7 @@ function validateMetadataSchema(datasource, testPayload) {
 
   try {
     const ajv = new Ajv({ allErrors: true, strict: false });
+    addFormats(ajv);
     const validate = ajv.compile(datasource.metadataSchema);
     const valid = validate(payloadTemplate);
 
@@ -319,6 +321,7 @@ function validateAgainstSchema(data, schema) {
     allowUnionTypes: true,
     validateSchema: false
   });
+  addFormats(ajv);
   // Remove $schema for draft-2020-12 to avoid AJV issues
   const schemaCopy = { ...schema };
   if (schemaCopy.$schema && schemaCopy.$schema.includes('2020-12')) {

package/lib/utils/file-upload.js

@@ -1,29 +1,14 @@
 /**
  * @fileoverview File upload utilities for multipart/form-data requests
+ * All API calls go via ApiClient (lib/api/index.js); no duplicate auth logic.
  * @author AI Fabrix Team
  * @version 2.0.0
  */
 
 const fs = require('fs').promises;
 const path = require('path');
-const { makeApiCall, authenticatedApiCall } = require('./api');
+const { ApiClient } = require('../api');
 
-/**
- * Upload a file using multipart/form-data
- * @async
- * @function uploadFile
- * @param {string} url - API endpoint URL
- * @param {string} filePath - Path to file to upload
- * @param {string} fieldName - Form field name for the file (default: 'file')
- * @param {Object} [authConfig] - Authentication configuration
- * @param {string} [authConfig.type] - Auth type ('bearer' | 'client-credentials')
- * @param {string} [authConfig.token] - Bearer token
- * @param {string} [authConfig.clientId] - Client ID
- * @param {string} [authConfig.clientSecret] - Client secret
- * @param {Object} [additionalFields] - Additional form fields to include
- * @returns {Promise<Object>} API response
- * @throws {Error} If file upload fails
- */
 /**
  * Validates file exists
  * @async
@@ -63,47 +48,32 @@ async function buildFormData(filePath, fieldName, additionalFields) {
 }
 
 /**
- * Builds authentication headers
- * @function buildAuthHeaders
- * @param {Object} authConfig - Authentication configuration
- * @returns {Object} Headers object
+ * Upload a file using multipart/form-data via ApiClient (single place for auth and API calls).
+ * @async
+ * @function uploadFile
+ * @param {string} url - Full API endpoint URL (e.g. https://dataplane.example.com/api/v1/wizard/parse-openapi)
+ * @param {string} filePath - Path to file to upload
+ * @param {string} fieldName - Form field name for the file (default: 'file')
+ * @param {Object} [authConfig] - Authentication configuration (token-only for app endpoints)
+ * @param {string} [authConfig.type] - Auth type ('bearer' | 'client-token')
+ * @param {string} [authConfig.token] - Token (Bearer user token or x-client-token application token)
+ * @param {Object} [additionalFields] - Additional form fields to include
+ * @returns {Promise<Object>} API response
+ * @throws {Error} If file upload fails
  */
-function buildAuthHeaders(authConfig) {
-  const headers = {};
-  if (authConfig.type === 'bearer' && authConfig.token) {
-    headers['Authorization'] = `Bearer ${authConfig.token}`;
-  } else if (authConfig.type === 'client-credentials') {
-    if (authConfig.clientId) {
-      headers['x-client-id'] = authConfig.clientId;
-    }
-    if (authConfig.clientSecret) {
-      headers['x-client-secret'] = authConfig.clientSecret;
-    }
-  }
-  return headers;
-}
-
 async function uploadFile(url, filePath, fieldName = 'file', authConfig = {}, additionalFields = {}) {
   await validateFileExists(filePath);
 
-  const formData = await buildFormData(filePath, fieldName, additionalFields);
-  const headers = buildAuthHeaders(authConfig);
-
-  const options = {
-    method: 'POST',
-    headers,
-    body: formData
-  };
+  const parsed = new URL(url);
+  const baseUrl = parsed.origin;
+  const endpointPath = parsed.pathname + parsed.search;
 
-  // Use authenticatedApiCall if bearer token, otherwise makeApiCall
-  if (authConfig.type === 'bearer' && authConfig.token) {
-    return await authenticatedApiCall(url, options, authConfig.token);
-  }
+  const formData = await buildFormData(filePath, fieldName, additionalFields);
+  const client = new ApiClient(baseUrl, authConfig);
 
-  return await makeApiCall(url, options);
+  return await client.postFormData(endpointPath, formData);
 }
 
 module.exports = {
   uploadFile
 };
-

package/lib/utils/help-builder.js

@@ -97,6 +97,7 @@ const CATEGORIES = [
       { name: 'download', term: 'download <system-key>' },
       { name: 'upload', term: 'upload <system-key>' },
       { name: 'delete', term: 'delete <system-key>' },
+      { name: 'repair', term: 'repair <app>' },
       { name: 'test', term: 'test <app>' },
       { name: 'test-integration', term: 'test-integration <app>' }
     ]