@aifabrix/builder 2.42.0 → 2.43.0

package/lib/datasource/log-viewer.js

@@ -0,0 +1,221 @@
+/**
+ * Log viewer for E2E and integration test logs - format and display JSON logs.
+ * @fileoverview Read and format test-e2e / test-integration debug logs for terminal
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+/* eslint-disable max-statements, complexity, max-depth -- Formatter functions; display branches by design */
+
+const path = require('path');
+const fs = require('fs').promises;
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+const { resolveAppKeyForDatasource } = require('./resolve-app');
+const { getIntegrationPath } = require('../utils/paths');
+
+/**
+ * Get the path to the latest log file in a directory matching a glob-like pattern
+ * @param {string} logsDir - Directory containing log files
+ * @param {string} pattern - Prefix pattern (e.g. 'test-e2e' matches test-e2e-*.json)
+ * @returns {Promise<string|null>} Full path to latest file or null if none
+ */
+async function getLatestLogPath(logsDir, pattern) {
+  let entries;
+  try {
+    entries = await fs.readdir(logsDir, { withFileTypes: true });
+  } catch (err) {
+    if (err.code === 'ENOENT') return null;
+    throw err;
+  }
+  const prefix = pattern.replace(/\*$/, '');
+  const files = entries
+    .filter(e => e.isFile() && e.name.startsWith(prefix) && e.name.endsWith('.json'))
+    .map(e => path.join(logsDir, e.name));
+  if (files.length === 0) return null;
+  const withStats = await Promise.all(
+    files.map(async f => ({ path: f, mtime: (await fs.stat(f)).mtimeMs }))
+  );
+  withStats.sort((a, b) => b.mtime - a.mtime);
+  return withStats[0].path;
+}
+
+/**
+ * Truncate string for display
+ * @param {string} s - String
+ * @param {number} maxLen - Max length
+ * @returns {string}
+ */
+function truncate(s, maxLen = 60) {
+  if (typeof s !== 'string') return String(s);
+  return s.length <= maxLen ? s : `${s.slice(0, maxLen - 1)}…`;
+}
+
+/**
+ * Format E2E log content for terminal display
+ * @param {Object} data - Parsed log JSON (request, response, error)
+ * @param {string} [fileName] - Log file name for header
+ */
+function formatE2ELog(data, fileName) {
+  logger.log(chalk.blue('\n——— E2E Log') + (fileName ? chalk.gray(` ${fileName}`) : ''));
+  const req = data.request || {};
+  logger.log(chalk.cyan('Request:'));
+  logger.log(chalk.gray(`  sourceIdOrKey: ${req.sourceIdOrKey ?? '—'}`));
+  if (req.includeDebug !== undefined) logger.log(chalk.gray(`  includeDebug: ${req.includeDebug}`));
+  if (req.cleanup !== undefined) logger.log(chalk.gray(`  cleanup: ${req.cleanup}`));
+  if (req.primaryKeyValue !== undefined) logger.log(chalk.gray(`  primaryKeyValue: ${truncate(JSON.stringify(req.primaryKeyValue))}`));
+  if (data.error) {
+    logger.log(chalk.red('Error: ') + data.error);
+    return;
+  }
+  const res = data.response || {};
+  logger.log(chalk.cyan('Response:'));
+  logger.log(chalk.gray(`  success: ${res.success}`));
+  if (res.status) logger.log(chalk.gray(`  status: ${res.status}`));
+  if (res.error) logger.log(chalk.red(`  error: ${res.error}`));
+  const steps = res.steps || res.completedActions || [];
+  if (steps.length > 0) {
+    logger.log(chalk.cyan('Steps:'));
+    for (const step of steps) {
+      const name = step.name || step.step || 'unknown';
+      const ok = step.success !== false && !step.error;
+      logger.log(`  ${ok ? chalk.green('✓') : chalk.red('✗')} ${name}`);
+      if (step.error) logger.log(chalk.red(`    ${step.error}`));
+      if (step.message && ok) logger.log(chalk.gray(`    ${step.message}`));
+      if ((name === 'sync' || step.step === 'sync') && step.evidence && step.evidence.jobs) {
+        for (const job of step.evidence.jobs) {
+          const audit = job.audit || {};
+          const parts = [];
+          if (job.recordsProcessed !== undefined && job.recordsProcessed !== null) parts.push(`${job.recordsProcessed} processed`);
+          if (job.totalRecords !== undefined && job.totalRecords !== null) parts.push(`total: ${job.totalRecords}`);
+          if (audit.inserted !== undefined && audit.inserted !== null || audit.updated !== undefined && audit.updated !== null || audit.deleted !== undefined && audit.deleted !== null) {
+            parts.push(`(inserted: ${audit.inserted ?? 0}, updated: ${audit.updated ?? 0}, deleted: ${audit.deleted ?? 0})`);
+          }
+          if (parts.length) logger.log(chalk.gray(`    Job: ${parts.join(' ')}`));
+        }
+      }
+    }
+  }
+  if (res.auditLog && Array.isArray(res.auditLog) && res.auditLog.length > 0) {
+    logger.log(chalk.cyan('CIP execution trace(s): ') + chalk.gray(`${res.auditLog.length}`));
+    const baseUrl = (req.dataplaneUrl || '').toString().replace(/\/$/, '');
+    const sourceIdOrKey = req.sourceIdOrKey || '';
+    res.auditLog.slice(0, 3).forEach((trace, i) => {
+      const id = trace.executionId || trace.id || trace.traceId;
+      if (id) {
+        const idStr = String(id);
+        logger.log(chalk.gray(`  ${i + 1}. executionId: ${idStr}`));
+        if (baseUrl && sourceIdOrKey) {
+          const executionUrl = `${baseUrl}/api/v1/external/${sourceIdOrKey}/executions/${idStr}`;
+          logger.log(chalk.gray(`      Link: ${executionUrl}`));
+        }
+      }
+    });
+  }
+}
+
+/**
+ * Format integration test log content for terminal display
+ * @param {Object} data - Parsed log JSON
+ * @param {string} [fileName] - Log file name for header
+ */
+function formatIntegrationLog(data, fileName) {
+  logger.log(chalk.blue('\n——— Integration Log') + (fileName ? chalk.gray(` ${fileName}`) : ''));
+  const req = data.request || {};
+  logger.log(chalk.cyan('Request:'));
+  logger.log(chalk.gray(`  systemKey: ${req.systemKey ?? '—'}, datasourceKey: ${req.datasourceKey ?? '—'}`));
+  if (req.includeDebug !== undefined) logger.log(chalk.gray(`  includeDebug: ${req.includeDebug}`));
+  if (data.error) {
+    logger.log(chalk.red('Error: ') + data.error);
+    return;
+  }
+  const res = data.response || {};
+  logger.log(chalk.cyan('Response:'));
+  logger.log(chalk.gray(`  success: ${res.success}`));
+  if (res.error) logger.log(chalk.red(`  error: ${res.error}`));
+  const vr = res.validationResults || {};
+  logger.log(chalk.cyan('Validation:'));
+  logger.log(chalk.gray(`  isValid: ${vr.isValid}`));
+  if (vr.errors && vr.errors.length) vr.errors.forEach(e => logger.log(chalk.red(`    - ${e}`)));
+  const fmr = res.fieldMappingResults || {};
+  if (Object.keys(fmr).length) {
+    logger.log(chalk.cyan('Field mapping:'));
+    logger.log(chalk.gray(`  mappingCount: ${fmr.mappingCount ?? '—'}`));
+    if (fmr.dimensions) logger.log(chalk.gray(`  dimensions: ${Object.keys(fmr.dimensions).join(', ')}`));
+  }
+  const etr = res.endpointTestResults || {};
+  if (Object.keys(etr).length) {
+    logger.log(chalk.cyan('Endpoint:'));
+    logger.log(chalk.gray(`  endpointConfigured: ${etr.endpointConfigured}`));
+  }
+  if (res.normalizedOutput || res.normalizedMetadata) {
+    const out = res.normalizedOutput || res.normalizedMetadata;
+    const keys = typeof out === 'object' && out !== null ? Object.keys(out) : [];
+    logger.log(chalk.cyan('Normalized output: ') + chalk.gray(keys.length ? `${keys.length} fields` : '—'));
+  }
+}
+
+/**
+ * Format log content by type
+ * @param {Object} parsed - Parsed JSON log
+ * @param {'test-e2e'|'test-integration'} logType - Log type
+ * @param {string} [fileName] - File name for header
+ */
+function formatLogContent(parsed, logType, fileName) {
+  if (logType === 'test-e2e') {
+    formatE2ELog(parsed, fileName);
+  } else {
+    formatIntegrationLog(parsed, fileName);
+  }
+}
+
+/**
+ * Run log viewer: resolve log file, read, parse, format and print
+ * @async
+ * @param {string} datasourceKey - Datasource key (used when no --file)
+ * @param {Object} options - Options
+ * @param {string} [options.app] - App key (optional, resolved from key if omitted)
+ * @param {string} [options.file] - Path to log file (overrides app resolution)
+ * @param {'test-e2e'|'test-integration'} options.logType - Log type
+ * @throws {Error} When file not found or invalid JSON
+ */
+/* eslint-disable-next-line max-statements -- Resolve path, read, parse, format */
+async function runLogViewer(datasourceKey, options) {
+  const { app, file, logType } = options;
+  let logPath;
+  let fileName;
+  if (file && typeof file === 'string' && file.trim()) {
+    logPath = path.isAbsolute(file) ? file : path.resolve(process.cwd(), file.trim());
+    fileName = path.basename(logPath);
+  } else {
+    if (!datasourceKey || typeof datasourceKey !== 'string') {
+      throw new Error('Datasource key is required when --file is not provided');
+    }
+    const { appKey } = await resolveAppKeyForDatasource(datasourceKey.trim(), app);
+    const appPath = getIntegrationPath(appKey);
+    const logsDir = path.join(appPath, 'logs');
+    const pattern = logType === 'test-e2e' ? 'test-e2e-' : 'test-integration-';
+    logPath = await getLatestLogPath(logsDir, pattern);
+    if (!logPath) {
+      throw new Error(
+        `No ${logType} log found in ${logsDir}. Run the test with --debug first.`
+      );
+    }
+    fileName = path.basename(logPath);
+  }
+  const content = await fs.readFile(logPath, 'utf8');
+  let parsed;
+  try {
+    parsed = JSON.parse(content);
+  } catch (err) {
+    throw new Error(`Invalid JSON in ${logPath}: ${err.message}`);
+  }
+  formatLogContent(parsed, logType, fileName);
+}
+
+module.exports = {
+  getLatestLogPath,
+  formatLogContent,
+  formatE2ELog,
+  formatIntegrationLog,
+  runLogViewer
+};

package/lib/datasource/resolve-app.js

@@ -0,0 +1,109 @@
+/**
+ * Resolve app key for datasource commands from explicit --app, cwd, scan, or key parse.
+ * @fileoverview App resolution for datasource test-e2e, test-integration, log-e2e, log-integration
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const path = require('path');
+const fs = require('fs');
+const {
+  getIntegrationPath,
+  listIntegrationAppNames,
+  resolveIntegrationAppKeyFromCwd
+} = require('../utils/paths');
+const { resolveApplicationConfigPath } = require('../utils/app-config-resolver');
+const { loadConfigFile } = require('../utils/config-format');
+
+/**
+ * For one app, check if any of its datasource files has the given key
+ * @param {string} appKey - Integration app key
+ * @param {string} datasourceKey - Datasource key to match
+ * @returns {boolean} True if this app has a datasource with that key
+ */
+function appHasDatasourceKey(appKey, datasourceKey) {
+  const appPath = getIntegrationPath(appKey);
+  let config;
+  try {
+    const configPath = resolveApplicationConfigPath(appPath);
+    config = loadConfigFile(configPath);
+  } catch {
+    return false;
+  }
+  const schemaBasePath = config.externalIntegration?.schemaBasePath || './';
+  const datasourceFiles = config.externalIntegration?.dataSources || [];
+  for (const f of datasourceFiles) {
+    if (!f || typeof f !== 'string') continue;
+    const fullPath = path.isAbsolute(schemaBasePath)
+      ? path.join(schemaBasePath, f)
+      : path.join(appPath, schemaBasePath, f);
+    if (!fs.existsSync(fullPath)) continue;
+    try {
+      const parsed = loadConfigFile(fullPath);
+      if (parsed && parsed.key === datasourceKey) return true;
+    } catch {
+      // skip unreadable or invalid files
+    }
+  }
+  return false;
+}
+
+/**
+ * Resolve app key for a datasource: explicit --app, cwd, scan by key, or parse key convention.
+ * @async
+ * @param {string} datasourceKey - Datasource key (e.g. hubspot-test-company)
+ * @param {string} [explicitApp] - Explicit app key from --app
+ * @returns {Promise<{appKey: string}>} Resolved app key
+ * @throws {Error} When app cannot be determined or multiple apps match
+ */
+/* eslint-disable-next-line max-statements -- Resolution order: explicit, cwd, scan, parse */
+async function resolveAppKeyForDatasource(datasourceKey, explicitApp) {
+  if (!datasourceKey || typeof datasourceKey !== 'string') {
+    throw new Error('Datasource key is required');
+  }
+  const key = String(datasourceKey).trim();
+  if (key.length === 0) {
+    throw new Error('Datasource key cannot be empty');
+  }
+
+  if (explicitApp && typeof explicitApp === 'string' && explicitApp.trim()) {
+    const appPath = getIntegrationPath(explicitApp.trim());
+    if (fs.existsSync(appPath)) {
+      return { appKey: explicitApp.trim() };
+    }
+  }
+
+  const fromCwd = resolveIntegrationAppKeyFromCwd();
+  if (fromCwd && appHasDatasourceKey(fromCwd, key)) {
+    return { appKey: fromCwd };
+  }
+
+  const appNames = listIntegrationAppNames();
+  const matches = appNames.filter(appName => appHasDatasourceKey(appName, key));
+  if (matches.length === 1) {
+    return { appKey: matches[0] };
+  }
+  if (matches.length > 1) {
+    throw new Error(
+      `More than one app has this datasource; add --app <appKey>. Apps: ${matches.join(', ')}`
+    );
+  }
+
+  const segments = key.split('-');
+  if (segments.length >= 2) {
+    const candidate = segments.slice(0, -1).join('-');
+    const candidatePath = getIntegrationPath(candidate);
+    if (fs.existsSync(candidatePath) && appHasDatasourceKey(candidate, key)) {
+      return { appKey: candidate };
+    }
+  }
+
+  throw new Error(
+    'Could not determine app context. Use --app <appKey> or run from integration/<appKey>/ directory.'
+  );
+}
+
+module.exports = {
+  resolveAppKeyForDatasource,
+  appHasDatasourceKey
+};

package/lib/datasource/test-e2e.js

@@ -10,7 +10,8 @@ const path = require('path');
 const fs = require('fs').promises;
 const chalk = require('chalk');
 const logger = require('../utils/logger');
-const { getIntegrationPath, resolveIntegrationAppKeyFromCwd } = require('../utils/paths');
+const { getIntegrationPath } = require('../utils/paths');
+const { resolveAppKeyForDatasource } = require('./resolve-app');
 const { resolveDataplaneUrl } = require('../utils/dataplane-resolver');
 const { resolveControllerUrl } = require('../utils/controller-url');
 const { getDeviceOnlyAuth } = require('../utils/token-manager');
@@ -20,20 +21,6 @@ const { writeTestLog } = require('../utils/test-log-writer');
 const DEFAULT_POLL_INTERVAL_MS = 2500;
 const DEFAULT_POLL_TIMEOUT_MS = 15 * 60 * 1000;
 
-/**
- * Resolve appKey for datasource test-e2e
- * @param {string} [appKey] - Explicit app key from --app
- * @returns {string}
- */
-function resolveAppKey(appKey) {
-  if (appKey) return appKey;
-  const fromCwd = resolveIntegrationAppKeyFromCwd();
-  if (fromCwd) return fromCwd;
-  throw new Error(
-    'Could not determine app context. Use --app <appKey> or run from integration/<appKey>/ directory.'
-  );
-}
-
 /**
  * Resolve primaryKeyValue for request body: string as-is, or read and parse JSON from @path
  * @param {string} [value] - Literal value or path prefixed with @ (e.g. @pk.json)
@@ -58,6 +45,7 @@ async function resolvePrimaryKeyValue(value) {
 async function buildE2EBody(options) {
   const body = {};
   if (options.debug) body.includeDebug = true;
+  if (options.verbose) body.audit = true;
   if (options.testCrud === true) body.testCrud = true;
   if (options.recordId !== undefined && options.recordId !== null && options.recordId !== '') body.recordId = String(options.recordId);
   if (options.cleanup === false) body.cleanup = false;
@@ -125,7 +113,7 @@ async function runDatasourceTestE2E(datasourceKey, options = {}) {
   if (!datasourceKey || typeof datasourceKey !== 'string') {
     throw new Error('Datasource key is required');
   }
-  const appKey = resolveAppKey(options.app);
+  const { appKey } = await resolveAppKeyForDatasource(datasourceKey, options.app);
   const controllerUrl = await resolveControllerUrl();
   const { resolveEnvironment } = require('../core/config');
   const environment = options.environment || await resolveEnvironment();
@@ -138,6 +126,7 @@ async function runDatasourceTestE2E(datasourceKey, options = {}) {
   const useAsync = options.async !== false;
   const requestMeta = {
     sourceIdOrKey: datasourceKey,
+    dataplaneUrl,
     includeDebug: options.debug,
     testCrud: options.testCrud,
     recordId: options.recordId,
@@ -197,11 +186,14 @@ async function executeE2EWithOptionalPoll(opts) {
     asyncRun: useAsync
   });
   let data = response.data || response;
-  if (useAsync && data !== null && data !== undefined && data.testRunId) {
+  const runId = (data?.testRunId !== null && data?.testRunId !== undefined)
+    ? (typeof data.testRunId === 'string' ? data.testRunId : data.testRunId.id || data.testRunId.key)
+    : null;
+  if (useAsync && runId) {
     data = await pollE2ETestRun(
       dataplaneUrl,
       datasourceKey,
-      data.testRunId,
+      runId,
       authConfig,
       {
         intervalMs: pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS,
@@ -214,6 +206,5 @@ async function executeE2EWithOptionalPoll(opts) {
 }
 
 module.exports = {
-  runDatasourceTestE2E,
-  resolveAppKey
+  runDatasourceTestE2E
 };

package/lib/datasource/test-integration.js

@@ -9,7 +9,8 @@
 const path = require('path');
 const chalk = require('chalk');
 const logger = require('../utils/logger');
-const { getIntegrationPath, resolveIntegrationAppKeyFromCwd } = require('../utils/paths');
+const { getIntegrationPath } = require('../utils/paths');
+const { resolveAppKeyForDatasource } = require('./resolve-app');
 const { resolveApplicationConfigPath } = require('../utils/app-config-resolver');
 const { loadConfigFile } = require('../utils/config-format');
 const { setupIntegrationTestAuth } = require('../external-system/test-auth');
@@ -20,21 +21,12 @@ const testHelpers = require('../utils/external-system-test-helpers');
 const fs = require('fs').promises;
 
 /**
- * Resolve systemKey and appKey for datasource test-integration
- * @param {string} [appKey] - Explicit app key from --app
- * @returns {Promise<{appKey: string, systemKey: string}>}
+ * Get systemKey for an integration app (from application config and first system file)
+ * @param {string} appKey - Integration app key
+ * @returns {Promise<string>} systemKey
  */
-async function resolveSystemKey(appKey) {
-  let resolvedAppKey = appKey;
-  if (!resolvedAppKey) {
-    resolvedAppKey = resolveIntegrationAppKeyFromCwd();
-  }
-  if (!resolvedAppKey) {
-    throw new Error(
-      'Could not determine app context. Use --app <appKey> or run from integration/<appKey>/ directory.'
-    );
-  }
-  const appPath = getIntegrationPath(resolvedAppKey);
+async function getSystemKeyFromAppKey(appKey) {
+  const appPath = getIntegrationPath(appKey);
   const configPath = resolveApplicationConfigPath(appPath);
   const config = loadConfigFile(configPath);
   if (!config.externalIntegration || !config.externalIntegration.systems || config.externalIntegration.systems.length === 0) {
@@ -47,8 +39,33 @@ async function resolveSystemKey(appKey) {
   const systemContent = await fs.readFile(systemPath, 'utf8');
   const yaml = require('js-yaml');
   const systemConfig = yaml.load(systemContent);
-  const systemKey = systemConfig?.key || path.basename(systemFile, '-system.yaml').replace('-system', '');
-  return { appKey: resolvedAppKey, systemKey };
+  return systemConfig?.key || path.basename(systemFile, '-system.yaml').replace('-system', '');
+}
+
+/**
+ * Find a datasource filename by matching the key inside the file (fallback when filename-base match fails).
+ * @param {string} appPath - Integration app directory path
+ * @param {string} schemaBasePath - Schema base path (relative or absolute)
+ * @param {string[]} datasourceFiles - List of datasource filenames from application config
+ * @param {string} datasourceKey - Datasource key to find
+ * @returns {string|null} Filename if found, null otherwise
+ */
+function findDatasourceFileByKey(appPath, schemaBasePath, datasourceFiles, datasourceKey) {
+  const fsSync = require('fs');
+  for (const f of datasourceFiles) {
+    if (!f || typeof f !== 'string') continue;
+    const fullPath = path.isAbsolute(schemaBasePath)
+      ? path.join(schemaBasePath, f)
+      : path.join(appPath, schemaBasePath, f);
+    if (!fsSync.existsSync(fullPath)) continue;
+    try {
+      const parsed = loadConfigFile(fullPath);
+      if (parsed && parsed.key === datasourceKey) return f;
+    } catch {
+      // skip unreadable or invalid files
+    }
+  }
+  return null;
 }
 
 /**
@@ -67,23 +84,26 @@ async function runDatasourceTestIntegration(datasourceKey, options = {}) {
   if (!datasourceKey || typeof datasourceKey !== 'string') {
     throw new Error('Datasource key is required');
   }
-  const { appKey, systemKey } = await resolveSystemKey(options.app);
+  const { appKey } = await resolveAppKeyForDatasource(datasourceKey, options.app);
+  const systemKey = await getSystemKeyFromAppKey(appKey);
   const appPath = getIntegrationPath(appKey);
   const config = loadConfigFile(resolveApplicationConfigPath(appPath));
   const schemaBasePath = config.externalIntegration?.schemaBasePath || './';
   const datasourceFiles = config.externalIntegration?.dataSources || [];
-  const datasourceFile = datasourceFiles.find(f => {
+  let datasourceFile = datasourceFiles.find(f => {
     const base = path.basename(f, path.extname(f));
     return base === datasourceKey || base.includes(datasourceKey);
   });
+  if (!datasourceFile) {
+    datasourceFile = findDatasourceFileByKey(appPath, schemaBasePath, datasourceFiles, datasourceKey);
+  }
   if (!datasourceFile) {
     throw new Error(`Datasource '${datasourceKey}' not found in application config`);
   }
   const datasourcePath = path.isAbsolute(schemaBasePath)
     ? path.join(schemaBasePath, datasourceFile)
     : path.join(appPath, schemaBasePath, datasourceFile);
-  const datasourceContent = await fs.readFile(datasourcePath, 'utf8');
-  const datasource = JSON.parse(datasourceContent);
+  const datasource = loadConfigFile(datasourcePath);
   if (datasource.key !== datasourceKey) {
     throw new Error(`Datasource key mismatch: file has '${datasource.key}', expected '${datasourceKey}'`);
   }
@@ -150,5 +170,5 @@ async function runDatasourceTestIntegration(datasourceKey, options = {}) {
 
 module.exports = {
   runDatasourceTestIntegration,
-  resolveSystemKey
+  getSystemKeyFromAppKey
 };

package/lib/datasource/validate.js

@@ -12,6 +12,7 @@ const fs = require('fs');
 const { loadExternalDataSourceSchema } = require('../utils/schema-loader');
 const { formatValidationErrors } = require('../utils/error-formatter');
 const { validateFieldReferences } = require('./field-reference-validator');
+const { validateAbac } = require('./abac-validator');
 
 /**
  * Validates a datasource file against external-datasource schema
@@ -60,10 +61,12 @@ async function validateDatasourceFile(filePath) {
   }
 
   const fieldRefErrors = validateFieldReferences(parsed);
-  if (fieldRefErrors.length > 0) {
+  const abacErrors = validateAbac(parsed);
+  const postSchemaErrors = [...fieldRefErrors, ...abacErrors];
+  if (postSchemaErrors.length > 0) {
     return {
       valid: false,
-      errors: fieldRefErrors,
+      errors: postSchemaErrors,
       warnings: []
     };
   }

package/lib/external-system/download-helpers.js

@@ -77,13 +77,15 @@ function generateReadme(systemKey, application, dataSources) {
     };
   });
 
+  const authType = application.authentication?.type || application.authentication?.method;
   return generateExternalReadmeContent({
     appName: systemKey,
     systemKey,
     systemType: application.type,
     displayName: application.displayName,
     description: application.description,
-    datasources
+    datasources,
+    authType
   });
 }
 

package/lib/external-system/generator.js

@@ -16,6 +16,7 @@ const chalk = require('chalk');
 const logger = require('../utils/logger');
 const { resolveApplicationConfigPath } = require('../utils/app-config-resolver');
 const { loadConfigFile, writeConfigFile } = require('../utils/config-format');
+const { getKvPathSegmentForSecurityKey } = require('../utils/credential-secrets-env');
 
 // Register Handlebars helper for equality check
 handlebars.registerHelper('eq', (a, b) => a === b);
@@ -23,36 +24,39 @@ handlebars.registerHelper('json', (obj) => JSON.stringify(obj));
 
 /**
  * Build authentication object per schema authenticationVariablesByMethod.
- * Security values use kv://<systemKey>/<key> pattern.
+ * Security values use canonical kv://<systemKey>/<segment> paths (segment from getKvPathSegmentForSecurityKey).
  * @param {string} systemKey - External system key
  * @param {string} authType - Auth method (oauth2, aad, apikey, basic, queryParam, oidc, hmac, none)
  * @returns {{ method: string, variables: Object, security: Object }} Authentication object
  */
 function buildAuthenticationFromMethod(systemKey, authType) {
-  const kv = (key) => `kv://${systemKey}/${key}`;
+  const kvPath = (securityKey) => {
+    const segment = getKvPathSegmentForSecurityKey(securityKey);
+    return segment ? `kv://${systemKey}/${segment}` : null;
+  };
   const method = authType || 'apikey';
   const base = 'https://api.example.com';
 
   const authMap = {
     oauth2: {
       variables: { baseUrl: base, tokenUrl: `${base}/oauth/token`, authorizationUrl: `${base}/oauth/authorize` },
-      security: { clientId: kv('clientid'), clientSecret: kv('clientsecret') }
+      security: { clientId: kvPath('clientId'), clientSecret: kvPath('clientSecret') }
     },
     aad: {
       variables: { baseUrl: base, tokenUrl: 'https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token', tenantId: '{tenant-id}' },
-      security: { clientId: kv('clientid'), clientSecret: kv('clientsecret') }
+      security: { clientId: kvPath('clientId'), clientSecret: kvPath('clientSecret') }
     },
     apikey: {
       variables: { baseUrl: base, headerName: 'X-API-Key' },
-      security: { apiKey: kv('apikey') }
+      security: { apiKey: kvPath('apiKey') }
     },
     basic: {
       variables: { baseUrl: base },
-      security: { username: kv('username'), password: kv('password') }
+      security: { username: kvPath('username'), password: kvPath('password') }
     },
     queryParam: {
       variables: { baseUrl: base, paramName: 'api_key' },
-      security: { paramValue: kv('paramvalue') }
+      security: { paramValue: kvPath('paramValue') }
     },
     oidc: {
       variables: { openIdConfigUrl: 'https://example.com/.well-known/openid-configuration', clientId: 'app-id' },
@@ -60,7 +64,7 @@ function buildAuthenticationFromMethod(systemKey, authType) {
     },
     hmac: {
       variables: { baseUrl: base, algorithm: 'sha256', signatureHeader: 'X-Signature' },
-      security: { signingSecret: kv('signingsecret') }
+      security: { signingSecret: kvPath('signingSecret') }
     },
     none: {
       variables: {},

package/lib/external-system/test-system-level.js

@@ -42,7 +42,7 @@ async function runSystemLevelTest({ appName, systemKey, authConfig, dataplaneUrl
   let success = true;
 
   for (const r of rawResults) {
-    const dsKey = r.key || r.datasourceKey;
+    const dsKey = r.key || r.sourceKey || r.name || r.datasourceKey;
     const dsResult = {
       key: dsKey,
       success: r.success !== false,

package/lib/generator/external-controller-manifest.js

@@ -11,7 +11,7 @@
 
 const path = require('path');
 const { detectAppType } = require('../utils/paths');
-const { resolveApplicationConfigPath } = require('../utils/app-config-resolver');
+const { resolveApplicationConfigPath, resolveRbacPath } = require('../utils/app-config-resolver');
 const { loadSystemFile, loadDatasourceFiles } = require('./external');
 const { loadVariables, loadRbac } = require('./helpers');
 
@@ -77,8 +77,8 @@ function extractAppMetadata(variables, appName) {
  */
 async function loadSystemWithRbac(appPath, schemaBasePath, systemFile) {
   const systemJson = await loadSystemFile(appPath, schemaBasePath, systemFile);
-  const rbacPath = path.join(appPath, 'rbac.yaml');
-  const rbac = loadRbac(rbacPath);
+  const rbacPath = resolveRbacPath(appPath);
+  const rbac = rbacPath ? loadRbac(rbacPath) : null;
   mergeRbacIntoSystemJson(systemJson, rbac);
   return systemJson;
 }

package/lib/generator/external-schema-utils.js

@@ -196,13 +196,15 @@ async function writeSplitExternalSchemaFiles({ outputDir, systemKey, application
     await writeYamlFile(rbacPath, rbac, { indent: 2, lineWidth: -1 });
   }
 
+  const authType = application.authentication?.type || application.authentication?.method;
   const readmeContent = generateExternalReadmeContent({
     appName: systemKey,
     systemKey,
     systemType: application.type,
     displayName: application.displayName,
     description: application.description,
-    datasources: dataSources
+    datasources: dataSources,
+    authType
   });
   const readmePath = path.join(outputDir, 'README.md');
   await fs.promises.writeFile(readmePath, readmeContent, 'utf8');