npm - @aifabrix/builder - Versions diffs - 2.42.1 → 2.44.0 - Mend

@aifabrix/builder 2.42.1 → 2.44.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (392) hide show

package/.cursor/rules/anchor-docs.mdc +15 -0
package/README.md +2 -2
package/anchor-docs/README.md +10 -0
package/anchor-docs/_TEMPLATE +24 -0
package/bin/aifabrix.js +13 -4
package/integration/hubspot-test/README.md +157 -0
package/integration/{hubspot → hubspot-test}/application.json +6 -6
package/integration/{hubspot → hubspot-test}/create-hubspot.js +10 -10
package/integration/hubspot-test/env.template +4 -0
package/integration/hubspot-test/hubspot-test-datasource-company.json +138 -0
package/integration/hubspot-test/hubspot-test-datasource-contact.json +146 -0
package/integration/hubspot-test/hubspot-test-datasource-deal.json +146 -0
package/integration/hubspot-test/hubspot-test-datasource-users.json +76 -0
package/integration/{hubspot/hubspot-deploy.json → hubspot-test/hubspot-test-deploy.json} +201 -24
package/integration/{hubspot/hubspot-system.json → hubspot-test/hubspot-test-system.json} +8 -7
package/integration/hubspot-test/rbac.json +166 -0
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-hubspot-credential-real.yaml +3 -3
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-hubspot-env-vars.yaml +2 -2
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-add-datasource.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-credential-create.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-credential-select.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-known-platform.yaml +1 -1
package/integration/hubspot-test/test-artifacts/wizard-invalid-missing-source.yaml +2 -0
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-mode.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-openapi-file.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-openapi-url.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-source.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-valid-for-dimension-array-test.yaml +1 -1
package/integration/hubspot-test/test-artifacts/wizard-valid-for-dimension-key-test.yaml +5 -0
package/integration/hubspot-test/test-artifacts/wizard-valid-for-dimension-path-test.yaml +5 -0
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-valid-for-dimension-test.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-valid-for-rbac-test.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-valid-for-rbac-yaml-test.yaml +1 -1
package/integration/{hubspot → hubspot-test}/test-dataplane-down-tests.js +1 -7
package/integration/{hubspot → hubspot-test}/test-dataplane-down.js +3 -3
package/integration/{hubspot → hubspot-test}/test.js +137 -102
package/integration/{hubspot → hubspot-test}/wizard-hubspot-e2e.yaml +2 -2
package/integration/{hubspot → hubspot-test}/wizard-hubspot-platform.yaml +1 -1
package/integration/hubspot-test/wizard-hubspot-test-headless.yaml +23 -0
package/integration/roundtrip-test-local/README.md +144 -0
package/integration/roundtrip-test-local/application.yaml +13 -0
package/integration/roundtrip-test-local/env.template +15 -0
package/integration/roundtrip-test-local/roundtrip-test-local-datasource-roundtrip-test-company.yaml +14 -0
package/integration/roundtrip-test-local/roundtrip-test-local-deploy.json +61 -0
package/integration/roundtrip-test-local/roundtrip-test-local-system.yaml +25 -0
package/integration/roundtrip-test-local2/README.md +144 -0
package/integration/roundtrip-test-local2/application.yaml +13 -0
package/integration/roundtrip-test-local2/env.template +15 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-datasource-company.yaml +31 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-deploy.json +86 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-system.yaml +25 -0
package/integration/test/wizard.yaml +8 -0
package/jest.config.default.js +10 -0
package/jest.config.integration.fixtures.js +22 -0
package/jest.config.integration.js +21 -18
package/jest.config.isolated.js +10 -0
package/jest.projects.js +288 -0
package/lib/api/datasources-core.api.js +3 -3
package/lib/api/dev-mtls-request.js +110 -0
package/lib/api/dev-server-https.js +145 -0
package/lib/api/dev.api.js +133 -144
package/lib/api/index.js +0 -1
package/lib/api/pipeline.api.js +67 -20
package/lib/api/service-users.api.js +111 -2
package/lib/api/types/dev.types.js +4 -3
package/lib/api/types/pipeline.types.js +8 -5
package/lib/api/types/service-users.types.js +41 -0
package/lib/api/types/validation-run.types.js +56 -0
package/lib/api/validation-run.api.js +99 -0
package/lib/api/validation-runner.js +99 -0
package/lib/app/config.js +1 -1
package/lib/app/deploy-status-display.js +2 -2
package/lib/app/deploy.js +7 -6
package/lib/app/display.js +2 -1
package/lib/app/dockerfile.js +3 -2
package/lib/app/down.js +2 -1
package/lib/app/helpers.js +6 -5
package/lib/app/index.js +27 -8
package/lib/app/list.js +7 -6
package/lib/app/push.js +4 -3
package/lib/app/register.js +19 -8
package/lib/app/rotate-secret.js +17 -13
package/lib/app/run-container-start.js +184 -0
package/lib/app/run-docker-fallback.js +108 -0
package/lib/app/run-env-compose.js +30 -42
package/lib/app/run-helpers.js +49 -126
package/lib/app/run-infra-requirements.js +30 -0
package/lib/app/run-resolve-image.js +21 -0
package/lib/app/run.js +74 -21
package/lib/app/show-display.js +1 -1
package/lib/app/show.js +1 -1
package/lib/build/index.js +13 -10
package/lib/cli/index.js +2 -0
package/lib/cli/setup-app.help.js +67 -0
package/lib/cli/setup-app.js +59 -123
package/lib/cli/setup-app.test-commands.js +179 -0
package/lib/cli/setup-auth.js +36 -14
package/lib/cli/setup-credential-deployment.js +22 -8
package/lib/cli/setup-dev-path-commands.js +124 -0
package/lib/cli/setup-dev.js +190 -103
package/lib/cli/setup-environment.js +11 -20
package/lib/cli/setup-external-system.js +62 -22
package/lib/cli/setup-infra.js +139 -47
package/lib/cli/setup-parameters.js +32 -0
package/lib/cli/setup-secrets.js +147 -10
package/lib/cli/setup-service-user.js +146 -20
package/lib/cli/setup-utility.js +47 -19
package/lib/commands/app-down.js +5 -7
package/lib/commands/app-install.js +14 -7
package/lib/commands/app-logs.js +13 -10
package/lib/commands/app-shell.js +4 -1
package/lib/commands/app-test.js +25 -19
package/lib/commands/app.js +22 -10
package/lib/commands/auth-config.js +10 -14
package/lib/commands/auth-status.js +4 -3
package/lib/commands/credential-env.js +4 -3
package/lib/commands/credential-list.js +5 -4
package/lib/commands/credential-push.js +4 -3
package/lib/commands/datasource-unified-test-cli.js +495 -0
package/lib/commands/datasource-unified-test-cli.options.js +149 -0
package/lib/commands/datasource-validation-cli.js +129 -0
package/lib/commands/datasource.js +123 -71
package/lib/commands/deployment-list.js +6 -5
package/lib/commands/dev-cli-handlers.js +122 -18
package/lib/commands/dev-down.js +4 -3
package/lib/commands/dev-init.js +231 -116
package/lib/commands/dev-show-display.js +473 -0
package/lib/commands/login-credentials.js +3 -2
package/lib/commands/login-device.js +4 -3
package/lib/commands/login.js +5 -4
package/lib/commands/logout.js +8 -7
package/lib/commands/parameters-validate.js +54 -0
package/lib/commands/repair-datasource.js +314 -68
package/lib/commands/repair-env-template.js +16 -10
package/lib/commands/repair-rbac.js +25 -19
package/lib/commands/repair.js +116 -32
package/lib/commands/secrets-list.js +23 -12
package/lib/commands/secrets-remove-all.js +220 -0
package/lib/commands/secrets-remove.js +22 -13
package/lib/commands/secrets-set.js +21 -12
package/lib/commands/secrets-validate.js +20 -7
package/lib/commands/secure.js +10 -9
package/lib/commands/service-user.js +243 -13
package/lib/commands/test-e2e-external.js +27 -1
package/lib/commands/up-common.js +28 -2
package/lib/commands/up-dataplane.js +31 -18
package/lib/commands/up-miso.js +19 -29
package/lib/commands/upload.js +138 -39
package/lib/commands/wizard-core-helpers.js +1 -1
package/lib/commands/wizard-dataplane.js +4 -3
package/lib/commands/wizard-helpers.js +3 -3
package/lib/commands/wizard.js +2 -2
package/lib/core/admin-secrets.js +16 -5
package/lib/core/audit-logger.js +12 -4
package/lib/core/config-attach-extensions.js +46 -0
package/lib/core/config-runtime-paths.js +29 -0
package/lib/core/config.js +59 -58
package/lib/core/diff.js +3 -2
package/lib/core/ensure-encryption-key.js +2 -4
package/lib/core/secrets-ensure-infra.js +77 -0
package/lib/core/secrets-ensure.js +120 -64
package/lib/core/secrets-env-write.js +35 -7
package/lib/core/secrets-infra-placeholder-sync.js +61 -0
package/lib/core/secrets.js +228 -42
package/lib/core/templates-env.js +4 -3
package/lib/core/templates.js +1 -1
package/lib/datasource/abac-validator.js +148 -0
package/lib/datasource/deploy.js +75 -53
package/lib/datasource/field-reference-validator.js +77 -36
package/lib/datasource/integration-context.js +63 -0
package/lib/datasource/list.js +8 -7
package/lib/datasource/log-viewer.js +252 -0
package/lib/datasource/resolve-app.js +109 -0
package/lib/datasource/test-e2e.js +95 -155
package/lib/datasource/test-integration.js +121 -109
package/lib/datasource/unified-validation-run-body.js +65 -0
package/lib/datasource/unified-validation-run-post.js +23 -0
package/lib/datasource/unified-validation-run-resolve.js +43 -0
package/lib/datasource/unified-validation-run.js +92 -0
package/lib/datasource/validate.js +162 -15
package/lib/deployment/deployer.js +4 -3
package/lib/deployment/environment.js +7 -6
package/lib/deployment/push.js +17 -8
package/lib/external-system/delete.js +4 -3
package/lib/external-system/deploy.js +131 -53
package/lib/external-system/download-helpers.js +1 -1
package/lib/external-system/download.js +7 -6
package/lib/external-system/generator.js +104 -14
package/lib/external-system/integration-test-dispatch.js +26 -0
package/lib/external-system/test-execution.js +5 -1
package/lib/external-system/test-helpers.js +0 -4
package/lib/external-system/test-system-level-helpers.js +110 -0
package/lib/external-system/test-system-level.js +83 -44
package/lib/external-system/test.js +59 -8
package/lib/generator/builders.js +23 -11
package/lib/generator/deploy-manifest-azure-kv.js +81 -0
package/lib/generator/external-controller-manifest.js +3 -3
package/lib/generator/external.js +23 -11
package/lib/generator/helpers.js +71 -12
package/lib/generator/index.js +8 -4
package/lib/generator/split-readme.js +12 -7
package/lib/generator/split-variables.js +2 -1
package/lib/generator/split.js +46 -11
package/lib/generator/wizard-readme.js +3 -3
package/lib/generator/wizard.js +16 -13
package/lib/infrastructure/compose.js +60 -6
package/lib/infrastructure/helpers.js +238 -51
package/lib/infrastructure/index.js +64 -37
package/lib/infrastructure/services.js +21 -15
package/lib/internal/fs-real-sync.js +104 -0
package/lib/internal/node-fs.js +98 -0
package/lib/parameters/database-secret-values.js +173 -0
package/lib/parameters/infra-kv-discovery.js +121 -0
package/lib/parameters/infra-parameter-catalog.js +458 -0
package/lib/parameters/infra-parameter-validate.js +64 -0
package/lib/schema/application-schema.json +37 -17
package/lib/schema/datasource-test-run.schema.json +493 -0
package/lib/schema/deployment-rules.yaml +102 -63
package/lib/schema/external-datasource.schema.json +1201 -433
package/lib/schema/external-system.schema.json +181 -5
package/lib/schema/flag-map-validation-run.json +31 -0
package/lib/schema/infra-parameter.schema.json +106 -0
package/lib/schema/infra.parameter.yaml +421 -0
package/lib/schema/type/credential-auth-templates.json +40 -0
package/lib/schema/type/document-storage.json +213 -0
package/lib/schema/type/message-service.json +123 -0
package/lib/schema/type/vector-store.json +88 -0
package/lib/utils/aifabrix-runtime-config-dir.js +132 -0
package/lib/utils/api-error-handler.js +2 -2
package/lib/utils/api.js +49 -14
package/lib/utils/app-config-resolver.js +23 -1
package/lib/utils/app-register-api.js +3 -2
package/lib/utils/app-register-auth.js +1 -1
package/lib/utils/app-register-config.js +4 -4
package/lib/utils/app-register-display.js +3 -2
package/lib/utils/app-register-validator.js +3 -2
package/lib/utils/app-run-containers.js +26 -22
package/lib/utils/app-scoped-config.js +31 -0
package/lib/utils/app-service-env-from-builder.js +164 -0
package/lib/utils/build-copy.js +1 -1
package/lib/utils/build-helpers.js +20 -20
package/lib/utils/build-resolve-image.js +165 -0
package/lib/utils/cli-layout-chalk.js +8 -0
package/lib/utils/cli-test-layout-chalk.js +267 -0
package/lib/utils/cli-utils.js +88 -11
package/lib/utils/compose-db-passwords.js +138 -0
package/lib/utils/compose-generate-docker-compose.js +216 -0
package/lib/utils/compose-generator.js +197 -291
package/lib/utils/compose-miso-env.js +18 -0
package/lib/utils/compose-traefik-ingress-base.js +158 -0
package/lib/utils/config-paths.js +209 -6
package/lib/utils/config-scoped-resources-preference.js +41 -0
package/lib/utils/controller-deployment-outcome.js +68 -0
package/lib/utils/credential-display.js +2 -2
package/lib/utils/credential-secrets-env.js +16 -1
package/lib/utils/dataplane-pipeline-warning.js +4 -3
package/lib/utils/datasource-test-run-capability-scope.js +43 -0
package/lib/utils/datasource-test-run-debug-display.js +137 -0
package/lib/utils/datasource-test-run-debug-slice.js +93 -0
package/lib/utils/datasource-test-run-display.js +442 -0
package/lib/utils/datasource-test-run-exit.js +58 -0
package/lib/utils/datasource-test-run-legacy-adapter.js +93 -0
package/lib/utils/datasource-test-run-report-version.js +51 -0
package/lib/utils/datasource-test-run-schema-sync.js +59 -0
package/lib/utils/datasource-test-run-tty-log.js +81 -0
package/lib/utils/datasource-validation-watch.js +266 -0
package/lib/utils/declarative-url-ports.js +47 -0
package/lib/utils/derive-env-key-from-client-id.js +41 -0
package/lib/utils/dev-ca-install.js +185 -23
package/lib/utils/dev-cert-helper.js +266 -17
package/lib/utils/dev-hosts-helper.js +307 -0
package/lib/utils/dev-init-cert-hints.js +37 -0
package/lib/utils/dev-init-health-messages.js +52 -0
package/lib/utils/dev-init-resolve.js +86 -0
package/lib/utils/dev-init-ssh-merge.js +65 -0
package/lib/utils/dev-ssh-config-helper.js +196 -0
package/lib/utils/dev-user-groups.js +93 -0
package/lib/utils/docker-build.js +42 -17
package/lib/utils/docker-exec.js +28 -0
package/lib/utils/docker-manifest-public-port.js +116 -0
package/lib/utils/docker-not-running-hint.js +52 -0
package/lib/utils/docker.js +98 -11
package/lib/utils/ensure-dev-certs-for-remote-docker.js +192 -0
package/lib/utils/env-config-loader.js +10 -91
package/lib/utils/env-copy.js +19 -10
package/lib/utils/env-map.js +42 -11
package/lib/utils/env-template.js +2 -2
package/lib/utils/environment-scoped-resources.js +144 -0
package/lib/utils/error-formatter.js +125 -9
package/lib/utils/error-formatters/http-status-errors.js +6 -5
package/lib/utils/error-formatters/network-errors.js +2 -1
package/lib/utils/error-formatters/permission-errors.js +2 -1
package/lib/utils/error-formatters/validation-errors.js +2 -1
package/lib/utils/external-env-template.js +180 -0
package/lib/utils/external-readme.js +8 -1
package/lib/utils/external-system-display.js +277 -136
package/lib/utils/external-system-local-test-tty.js +389 -0
package/lib/utils/external-system-readiness-core.js +377 -0
package/lib/utils/external-system-readiness-deploy-display.js +270 -0
package/lib/utils/external-system-readiness-display-internals.js +150 -0
package/lib/utils/external-system-readiness-display.js +186 -0
package/lib/utils/external-system-test-helpers.js +24 -6
package/lib/utils/external-system-validators.js +32 -14
package/lib/utils/health-check-url.js +119 -0
package/lib/utils/health-check.js +59 -25
package/lib/utils/help-builder.js +14 -13
package/lib/utils/image-version.js +4 -8
package/lib/utils/infra-containers.js +4 -7
package/lib/utils/infra-env-defaults.js +162 -0
package/lib/utils/infra-status-display.js +167 -0
package/lib/utils/infra-status.js +16 -8
package/lib/utils/local-secrets.js +29 -7
package/lib/utils/paths.js +136 -48
package/lib/utils/port-resolver.js +10 -23
package/lib/utils/redis-env-scope.js +62 -0
package/lib/utils/register-aifabrix-shell-env.js +204 -0
package/lib/utils/remote-builder-validation.js +99 -0
package/lib/utils/remote-dev-auth.js +117 -21
package/lib/utils/remote-docker-env.js +67 -15
package/lib/utils/remote-secrets-loader.js +13 -4
package/lib/utils/resolve-docker-image-ref.js +124 -0
package/lib/utils/schema-loader.js +22 -9
package/lib/utils/secrets-bash-kv.js +25 -0
package/lib/utils/secrets-generator.js +171 -51
package/lib/utils/secrets-helpers.js +70 -59
package/lib/utils/secrets-kv-scope.js +60 -0
package/lib/utils/secrets-utils.js +35 -37
package/lib/utils/secrets-validation.js +3 -1
package/lib/utils/secrets-yaml-preserve.js +109 -0
package/lib/utils/secure-file-permissions.js +91 -0
package/lib/utils/ssh-key-helper.js +4 -2
package/lib/utils/template-helpers.js +2 -2
package/lib/utils/test-log-writer.js +3 -3
package/lib/utils/token-manager.js +37 -5
package/lib/utils/url-declarative-public-base.js +188 -0
package/lib/utils/url-declarative-resolve-build.js +493 -0
package/lib/utils/url-declarative-resolve-load-doc.js +51 -0
package/lib/utils/url-declarative-resolve.js +220 -0
package/lib/utils/url-declarative-token-parse.js +74 -0
package/lib/utils/url-declarative-url-flags.js +50 -0
package/lib/utils/url-declarative-vdir-inactive-env.js +99 -0
package/lib/utils/url-public-path-prefix.js +34 -0
package/lib/utils/urls-local-registry.js +220 -0
package/lib/utils/validation-report-tty-kit.js +77 -0
package/lib/utils/validation-run-poll.js +89 -0
package/lib/utils/validation-run-post-retry.js +73 -0
package/lib/utils/validation-run-request.js +98 -0
package/lib/utils/variable-transformer.js +21 -4
package/lib/utils/yaml-preserve.js +78 -1
package/lib/validation/datasource-warnings.js +56 -0
package/lib/validation/env-template-auth.js +50 -2
package/lib/validation/external-manifest-validator.js +35 -7
package/lib/validation/validate-display.js +37 -31
package/lib/validation/validate.js +9 -10
package/lib/validation/validator-unresolved-placeholders.js +98 -0
package/lib/validation/validator.js +32 -78
package/lib/validation/wizard-config-validator.js +2 -1
package/package.json +11 -3
package/scripts/check-datasource-test-run-schema-sync.js +34 -0
package/scripts/diagnose-cli.js +150 -0
package/scripts/install-local.js +304 -55
package/templates/README.md +15 -2
package/templates/applications/dataplane/application.yaml +52 -2
package/templates/applications/dataplane/env.template +80 -18
package/templates/applications/dataplane/rbac.yaml +8 -0
package/templates/applications/keycloak/application.yaml +9 -1
package/templates/applications/keycloak/env.template +15 -6
package/templates/applications/miso-controller/application.yaml +10 -2
package/templates/applications/miso-controller/env.template +55 -14
package/templates/applications/miso-controller/rbac.yaml +5 -0
package/templates/external-system/README.md.hbs +20 -7
package/templates/external-system/deploy.js.hbs +5 -5
package/templates/external-system/env.template.hbs +22 -0
package/templates/external-system/external-datasource.yaml.hbs +197 -118
package/templates/infra/compose.yaml.hbs +20 -4
package/templates/python/docker-compose.hbs +16 -0
package/templates/typescript/docker-compose.hbs +16 -0
package/integration/hubspot/README.md +0 -102
package/integration/hubspot/env.template +0 -4
package/integration/hubspot/hubspot-datasource-company.json +0 -541
package/integration/hubspot/hubspot-datasource-contact.json +0 -639
package/integration/hubspot/hubspot-datasource-deal.json +0 -588
package/integration/hubspot/hubspot-datasource-users.json +0 -116
package/integration/hubspot/test-artifacts/wizard-invalid-missing-source.yaml +0 -2
package/integration/hubspot/test-artifacts/wizard-valid-for-dimension-key-test.yaml +0 -5
package/integration/hubspot/test-artifacts/wizard-valid-for-dimension-path-test.yaml +0 -5
package/lib/api/external-test.api.js +0 -111
package/lib/schema/env-config.yaml +0 -43
/package/integration/{hubspot → hubspot-test}/companies.json +0 -0
/package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-app-name.yaml +0 -0
/package/integration/{hubspot → hubspot-test}/test-artifacts/wizard-invalid-missing-app.yaml +0 -0
/package/integration/{hubspot → hubspot-test}/test-dataplane-down-helpers.js +0 -0

package/lib/commands/secrets-set.js CHANGED Viewed

@@ -9,13 +9,13 @@
  * @version 2.0.0
  */
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 const path = require('path');
-const chalk = require('chalk');
 const logger = require('../utils/logger');
 const { getAifabrixSecretsPath } = require('../core/config');
 const { saveLocalSecret, saveSecret } = require('../utils/local-secrets');
 const pathsUtil = require('../utils/paths');
-const { isRemoteSecretsUrl, getRemoteDevAuth } = require('../utils/remote-dev-auth');
+const remoteDevAuth = require('../utils/remote-dev-auth');
 const devApi = require('../api/dev.api');
 /**
@@ -39,20 +39,29 @@ const devApi = require('../api/dev.api');
  * @returns {Promise<void>}
  */
 async function setSharedSecret(key, value, generalSecretsPath) {
-  if (isRemoteSecretsUrl(generalSecretsPath)) {
-    const auth = await getRemoteDevAuth();
+  const target = await remoteDevAuth.resolveSharedSecretsEndpoint(generalSecretsPath);
+  if (remoteDevAuth.isRemoteSecretsUrl(target)) {
+    const auth = await remoteDevAuth.getRemoteDevAuth();
     if (!auth) {
       throw new Error('Remote server not configured or certificate missing. Run "aifabrix dev init" first.');
     }
-    await devApi.addSecret(auth.serverUrl, auth.clientCertPem, { key, value });
-    logger.log(chalk.green(`✓ Secret '${key}' saved to remote secrets (shared).`));
+    await devApi.addSecret(
+      auth.serverUrl,
+      auth.clientCertPem,
+      { key, value },
+      auth.serverCaPem || undefined,
+      target
+    );
+    const host = remoteDevAuth.getSharedSecretsRemoteHostname(target);
+    const where = host ? `shared secrets (remote - ${host})` : 'shared secrets (remote)';
+    logger.log(formatSuccessLine(`Secret '${key}' saved to ${where}.`));
     return;
   }
-  const resolvedPath = path.isAbsolute(generalSecretsPath)
-    ? generalSecretsPath
-    : path.resolve(process.cwd(), generalSecretsPath);
+  const resolvedPath = path.isAbsolute(target)
+    ? target
+    : path.resolve(process.cwd(), target);
   await saveSecret(key, value, resolvedPath);
-  logger.log(chalk.green(`✓ Secret '${key}' saved to general secrets file: ${resolvedPath}`));
+  logger.log(formatSuccessLine(`Secret '${key}' saved to general secrets file: ${resolvedPath}`));
 }
 async function handleSecretsSet(key, value, options) {
@@ -80,8 +89,8 @@ async function handleSecretsSet(key, value, options) {
     await setSharedSecret(key, value, generalSecretsPath);
   } else {
     await saveLocalSecret(key, value);
-    const userSecretsPath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
-    logger.log(chalk.green(`✓ Secret '${key}' saved to user secrets file: ${userSecretsPath}`));
+    const userSecretsPath = pathsUtil.getPrimaryUserSecretsLocalPath();
+    logger.log(formatSuccessLine(`Secret '${key}' saved to user secrets file: ${userSecretsPath}`));
   }
 }

package/lib/commands/secrets-validate.js CHANGED Viewed

@@ -1,3 +1,4 @@
+const { formatBlockingError, formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder – Secrets validate command
  *
@@ -9,9 +10,9 @@
  */
 const chalk = require('chalk');
-const path = require('path');
 const logger = require('../utils/logger');
 const { validateSecretsFile } = require('../utils/secrets-validation');
+const { validateDataplaneSecrets } = require('../utils/token-manager');
 const pathsUtil = require('../utils/paths');
 const secretsEnsure = require('../core/secrets-ensure');
@@ -33,18 +34,30 @@ async function handleSecretsValidate(pathArg, options = {}) {
     if (target.type === 'file' && target.filePath) {
       filePath = target.filePath;
     } else {
-      filePath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
+      filePath = pathsUtil.getPrimaryUserSecretsLocalPath();
     }
   }
   const result = validateSecretsFile(filePath, { checkNaming: Boolean(options.naming) });
+  const dataplaneResult = validateDataplaneSecrets(filePath);
+  const allValid = result.valid && dataplaneResult.valid;
   if (result.valid) {
-    logger.log(chalk.green(`✓ Secrets file is valid: ${result.path}`));
-    return { valid: true, errors: [] };
+    logger.log(formatSuccessLine(`Secrets file is valid: ${result.path}`));
+  } else {
+    logger.log(formatBlockingError(`Validation failed: ${result.path}`));
+    result.errors.forEach((err) => logger.log(chalk.yellow(`  • ${err}`)));
   }
-  logger.log(chalk.red(`✗ Validation failed: ${result.path}`));
-  result.errors.forEach((err) => logger.log(chalk.yellow(`  • ${err}`)));
-  return { valid: false, errors: result.errors };
+  if (!dataplaneResult.valid) {
+    logger.log(chalk.yellow(`⚠ ${dataplaneResult.hint}`));
+    if (result.valid) {
+      logger.log(chalk.yellow('  Wizard/dataplane calls may fail until dataplane credentials are present.'));
+    }
+  }
+  return {
+    valid: allValid,
+    errors: allValid ? [] : [...result.errors, ...(dataplaneResult.valid ? [] : [dataplaneResult.hint])],
+    dataplaneValid: dataplaneResult.valid
+  };
 }
 module.exports = { handleSecretsValidate };

package/lib/commands/secure.js CHANGED Viewed

@@ -1,3 +1,4 @@
+const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder - Secure Command
  *
@@ -32,7 +33,7 @@ async function findSecretsFiles() {
   const files = [];
   // User's secrets file
-  const userSecretsPath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
+  const userSecretsPath = pathsUtil.getPrimaryUserSecretsLocalPath();
   if (fs.existsSync(userSecretsPath)) {
     files.push({ path: userSecretsPath, type: 'user' });
   }
@@ -131,7 +132,7 @@ async function getEncryptionKey(options) {
     // Check if key already exists in config
     const existingKey = await getSecretsEncryptionKey();
     if (existingKey) {
-      logger.log(chalk.yellow('⚠️  Encryption key already configured in config.yaml'));
+      logger.log(chalk.yellow('⚠  Encryption key already configured in config.yaml'));
       const useExisting = await inquirer.prompt([{
         type: 'confirm',
         name: 'use',
@@ -143,18 +144,18 @@ async function getEncryptionKey(options) {
       } else {
         encryptionKey = await promptForEncryptionKey();
         await setSecretsEncryptionKey(encryptionKey);
-        logger.log(chalk.green('✓ Encryption key saved to config.yaml'));
+        logger.log(formatSuccessLine('Encryption key saved to config.yaml'));
       }
     } else {
       encryptionKey = await promptForEncryptionKey();
       await setSecretsEncryptionKey(encryptionKey);
-      logger.log(chalk.green('✓ Encryption key saved to config.yaml'));
+      logger.log(formatSuccessLine('Encryption key saved to config.yaml'));
     }
   } else {
     // Validate and save the provided key
     validateEncryptionKey(encryptionKey);
     await setSecretsEncryptionKey(encryptionKey);
-    logger.log(chalk.green('✓ Encryption key saved to config.yaml'));
+    logger.log(formatSuccessLine('Encryption key saved to config.yaml'));
   }
   return encryptionKey;
 }
@@ -178,12 +179,12 @@ async function processSecretsFiles(secretsFiles, encryptionKey) {
       totalValues += result.total;
       if (result.encrypted > 0) {
-        logger.log(chalk.green(`  ✓ Encrypted ${result.encrypted} of ${result.total} values`));
+        logger.log(chalk.green(`  ✔ Encrypted ${result.encrypted} of ${result.total} values`));
       } else {
         logger.log(chalk.gray(`  - All values already encrypted (${result.total} total)`));
       }
     } catch (error) {
-      logger.log(chalk.red(`  ✗ Error: ${error.message}`));
+      logger.log(chalk.red(`  ✖ Error: ${error.message}`));
     }
   }
@@ -197,7 +198,7 @@ async function processSecretsFiles(secretsFiles, encryptionKey) {
  * @param {number} totalValues - Total number of values
  */
 function displayEncryptionSummary(filesCount, totalEncrypted, totalValues) {
-  logger.log(chalk.green('\n✅ Encryption complete!'));
+  logger.log(formatSuccessParagraph('Encryption complete!'));
   logger.log(chalk.gray(`   Files processed: ${filesCount}`));
   logger.log(chalk.gray(`   Values encrypted: ${totalEncrypted} of ${totalValues} total`));
   logger.log(chalk.gray('   Encryption key stored in: ~/.aifabrix/config.yaml\n'));
@@ -224,7 +225,7 @@ async function handleSecure(options) {
   const secretsFiles = await findSecretsFiles();
   if (secretsFiles.length === 0) {
-    logger.log(chalk.yellow('⚠️  No secrets files found to encrypt'));
+    logger.log(chalk.yellow('⚠  No secrets files found to encrypt'));
     logger.log(chalk.gray('   Create ~/.aifabrix/secrets.local.yaml or configure aifabrix-secrets in config.yaml'));
     return;
   }

package/lib/commands/service-user.js CHANGED Viewed

@@ -1,3 +1,4 @@
+const { formatBlockingError, formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * Service user create command – create service user and get one-time secret
  * POST /api/v1/service-users. Used by `aifabrix service-user create`.
@@ -12,7 +13,14 @@ const logger = require('../utils/logger');
 const { resolveControllerUrl } = require('../utils/controller-url');
 const { getOrRefreshDeviceToken } = require('../utils/token-manager');
 const { normalizeControllerUrl } = require('../core/config');
-const { createServiceUser } = require('../api/service-users.api');
+const {
+  createServiceUser,
+  listServiceUsers,
+  regenerateSecretServiceUser,
+  deleteServiceUser,
+  updateGroupsServiceUser,
+  updateRedirectUrisServiceUser
+} = require('../api/service-users.api');
 const ONE_TIME_WARNING =
   'Save this secret now; it will not be shown again.';
@@ -54,6 +62,12 @@ function extractCreateResponse(response) {
   return { clientId, clientSecret };
 }
+const ID_WIDTH = 38;
+const USERNAME_WIDTH = 22;
+const EMAIL_WIDTH = 28;
+const CLIENT_ID_WIDTH = 24;
+const TABLE_SEPARATOR_LENGTH = 130;
 /**
  * Log error for failed create response and exit
  * @param {Object} response - API response with success: false
@@ -62,25 +76,105 @@ function handleCreateError(response) {
   const status = response.status;
   const msg = response.formattedError || response.error || 'Request failed';
   if (status === 400) {
-    logger.error(chalk.red(`❌ Validation error: ${msg}`));
+    logger.error(formatBlockingError(`Validation error: ${msg}`));
   } else if (status === 401) {
-    logger.error(chalk.red('❌ Unauthorized. Run "aifabrix login" and try again.'));
+    logger.error(formatBlockingError('Unauthorized. Run "aifabrix login" and try again.'));
   } else if (status === 403) {
-    logger.error(chalk.red('❌ Missing permission: service-user:create'));
+    logger.error(formatBlockingError('Missing permission: service-user:create'));
     logger.error(chalk.gray('Your account needs the service-user:create permission on the controller.'));
   } else {
-    logger.error(chalk.red(`❌ Failed to create service user: ${msg}`));
+    logger.error(formatBlockingError(`Failed to create service user: ${msg}`));
   }
   process.exit(1);
 }
+/**
+ * Log error for service-user API response and exit
+ * @param {Object} response - API response with success: false
+ * @param {string} permissionScope - Permission hint: 'read' | 'update' | 'delete'
+ */
+function handleServiceUserApiError(response, permissionScope) {
+  const status = response.status;
+  const msg = response.formattedError || response.error || 'Request failed';
+  if (status === 400) {
+    logger.error(formatBlockingError(`Validation error: ${msg}`));
+  } else if (status === 401) {
+    logger.error(formatBlockingError('Unauthorized. Run "aifabrix login" and try again.'));
+  } else if (status === 403) {
+    logger.error(formatBlockingError(`Missing permission: service-user:${permissionScope}`));
+    logger.error(chalk.gray(`Your account needs the service-user:${permissionScope} permission on the controller.`));
+  } else if (status === 404) {
+    logger.error(formatBlockingError('Service user not found.'));
+    const detail = response.error || '';
+    if (detail) {
+      logger.error(chalk.gray(detail));
+    }
+  } else {
+    logger.error(formatBlockingError(`Request failed: ${msg}`));
+  }
+  process.exit(1);
+}
+/**
+ * Resolve controller URL and auth for list/rotate/delete/update (no create-specific validation)
+ * @async
+ * @param {Object} options - CLI options (controller optional)
+ * @returns {Promise<{ controllerUrl: string, authConfig: Object }>}
+ */
+async function resolveControllerAndAuth(options) {
+  const controllerUrl = options.controller || (await resolveControllerUrl());
+  if (!controllerUrl) {
+    logger.error(formatBlockingError('Controller URL is required. Run "aifabrix login" first.'));
+    process.exit(1);
+  }
+  const authResult = await getServiceUserAuth(controllerUrl);
+  if (!authResult || !authResult.token) {
+    logger.error(formatBlockingError(`No authentication token for controller: ${controllerUrl}`));
+    logger.error(chalk.gray('Run: aifabrix login'));
+    process.exit(1);
+  }
+  return {
+    controllerUrl: authResult.controllerUrl,
+    authConfig: { type: 'bearer', token: authResult.token }
+  };
+}
+/**
+ * Display service user list as a table (id, username, email, clientId, active).
+ * API shape: items have id, username, email, status, federatedIdentity.keycloakClientId.
+ * @param {Array<{ id?: string, username?: string, email?: string, status?: string, active?: boolean, clientId?: string, federatedIdentity?: { keycloakClientId?: string } }>} items - Service users
+ */
+function displayServiceUserList(items) {
+  logger.log(chalk.bold('\n📋 Service users:\n'));
+  if (!items || items.length === 0) {
+    logger.log(chalk.gray('  No service users found.\n'));
+    return;
+  }
+  const idCol = 'Id'.padEnd(ID_WIDTH);
+  const usernameCol = 'Username'.padEnd(USERNAME_WIDTH);
+  const emailCol = 'Email'.padEnd(EMAIL_WIDTH);
+  const clientIdCol = 'ClientId'.padEnd(CLIENT_ID_WIDTH);
+  const activeCol = 'Active';
+  logger.log(chalk.gray(`${idCol}${usernameCol}${emailCol}${clientIdCol}${activeCol}`));
+  logger.log(chalk.gray('-'.repeat(TABLE_SEPARATOR_LENGTH)));
+  items.forEach((row) => {
+    const id = (row.id ?? '').toString().padEnd(ID_WIDTH);
+    const username = (row.username ?? '—').padEnd(USERNAME_WIDTH);
+    const email = (row.email ?? '—').padEnd(EMAIL_WIDTH);
+    const clientId = (row.federatedIdentity?.keycloakClientId ?? row.clientId ?? '—').padEnd(CLIENT_ID_WIDTH);
+    const active = row.status === 'active' ? 'yes' : (row.status ?? (row.active === true ? 'yes' : row.active === false ? 'no' : '—'));
+    logger.log(`${id}${username}${email}${clientId}${active}`);
+  });
+  logger.log('');
+}
 /**
  * Display success output with clientId, clientSecret and one-time warning
  * @param {string} clientId - Service user client ID
  * @param {string} clientSecret - One-time client secret
  */
 function displayCreateSuccess(clientId, clientSecret) {
-  logger.log(chalk.bold('\n✓ Service user created\n'));
+  logger.log(chalk.bold('\n✔ Service user created\n'));
   logger.log(chalk.cyan('  clientId:    ') + clientId);
   logger.log(chalk.cyan('  clientSecret: ') + clientSecret);
   logger.log('');
@@ -114,19 +208,19 @@ function validateServiceUserOptions(options) {
   const redirectUris = parseList(options.redirectUris);
   const groupNames = parseList(options.groupNames);
   if (!username) {
-    logger.error(chalk.red('❌ Username is required. Use --username <username>.'));
+    logger.error(formatBlockingError('Username is required. Use --username <username>.'));
     process.exit(1);
   }
   if (!email) {
-    logger.error(chalk.red('❌ Email is required. Use --email <email>.'));
+    logger.error(formatBlockingError('Email is required. Use --email <email>.'));
     process.exit(1);
   }
   if (redirectUris.length === 0) {
-    logger.error(chalk.red('❌ At least one redirect URI is required. Use --redirect-uris <uri1,uri2,...>.'));
+    logger.error(formatBlockingError('At least one redirect URI is required. Use --redirect-uris <uri1,uri2,...>.'));
     process.exit(1);
   }
   if (groupNames.length === 0) {
-    logger.error(chalk.red('❌ At least one group name is required. Use --group-names <name1,name2,...>.'));
+    logger.error(formatBlockingError('At least one group name is required. Use --group-names <name1,name2,...>.'));
     process.exit(1);
   }
   return {
@@ -148,12 +242,12 @@ async function resolveOptionsAndAuth(options) {
   const validated = validateServiceUserOptions(options);
   const controllerUrl = options.controller || (await resolveControllerUrl());
   if (!controllerUrl) {
-    logger.error(chalk.red('❌ Controller URL is required. Run "aifabrix login" first.'));
+    logger.error(formatBlockingError('Controller URL is required. Run "aifabrix login" first.'));
     process.exit(1);
   }
   const authResult = await getServiceUserAuth(controllerUrl);
   if (!authResult || !authResult.token) {
-    logger.error(chalk.red(`❌ No authentication token for controller: ${controllerUrl}`));
+    logger.error(formatBlockingError(`No authentication token for controller: ${controllerUrl}`));
     logger.error(chalk.gray('Run: aifabrix login'));
     process.exit(1);
   }
@@ -194,6 +288,142 @@ async function runServiceUserCreate(options = {}) {
   displayCreateSuccess(clientId, clientSecret);
 }
+/**
+ * Require service user id option; exit with message if missing
+ * @param {string} [id] - Service user ID from options
+ * @returns {string} Trimmed id
+ */
+function requireServiceUserId(id) {
+  const trimmed = (id && typeof id === 'string' ? id.trim() : '') || '';
+  if (!trimmed) {
+    logger.error(formatBlockingError('Service user ID is required. Use --id <uuid>.'));
+    process.exit(1);
+  }
+  return trimmed;
+}
+/**
+ * Run service-user list: call GET /api/v1/service-users and display table
+ * @async
+ * @param {Object} options - CLI options (controller, page, pageSize, sort, filter, search)
+ * @returns {Promise<void>}
+ */
+async function runServiceUserList(options = {}) {
+  const { controllerUrl, authConfig } = await resolveControllerAndAuth(options);
+  const listOptions = {
+    page: options.page,
+    pageSize: options.pageSize,
+    sort: options.sort,
+    filter: options.filter,
+    search: options.search
+  };
+  const response = await listServiceUsers(controllerUrl, authConfig, listOptions);
+  if (response && response.success === false) {
+    handleServiceUserApiError(response, 'read');
+    return;
+  }
+  const body = response?.data?.data ?? response?.data ?? response ?? {};
+  const items = Array.isArray(body) ? body : (body.data ?? []);
+  displayServiceUserList(items);
+}
+/**
+ * Run service-user rotate-secret: call POST .../regenerate-secret and print new secret once with warning
+ * @async
+ * @param {Object} options - CLI options (controller, id required)
+ * @returns {Promise<void>}
+ */
+async function runServiceUserRotateSecret(options = {}) {
+  const id = requireServiceUserId(options.id);
+  const { controllerUrl, authConfig } = await resolveControllerAndAuth(options);
+  const response = await regenerateSecretServiceUser(controllerUrl, authConfig, id);
+  if (response && response.success === false) {
+    handleServiceUserApiError(response, 'update');
+    return;
+  }
+  const payload = response?.data?.data ?? response?.data ?? response ?? {};
+  const clientSecret = payload?.clientSecret ?? '';
+  if (response && response.success === true) {
+    logger.log(chalk.bold('\n✔ Secret rotated\n'));
+    logger.log(chalk.cyan('  clientSecret: ') + clientSecret);
+    logger.log('');
+    logger.log(chalk.yellow('⚠ ' + ONE_TIME_WARNING));
+    logger.log('');
+  }
+}
+/**
+ * Run service-user delete: call DELETE .../service-users/{id} (deactivates the user)
+ * @async
+ * @param {Object} options - CLI options (controller, id required)
+ * @returns {Promise<void>}
+ */
+async function runServiceUserDelete(options = {}) {
+  const id = requireServiceUserId(options.id);
+  const { controllerUrl, authConfig } = await resolveControllerAndAuth(options);
+  const response = await deleteServiceUser(controllerUrl, authConfig, id);
+  if (response && response.success === false) {
+    handleServiceUserApiError(response, 'delete');
+    return;
+  }
+  if (response && response.success === true) {
+    logger.log(formatSuccessLine('Service user deactivated.\n'));
+  }
+}
+/**
+ * Run service-user update-groups: call PUT .../groups with groupNames
+ * @async
+ * @param {Object} options - CLI options (controller, id, groupNames required)
+ * @returns {Promise<void>}
+ */
+async function runServiceUserUpdateGroups(options = {}) {
+  const id = requireServiceUserId(options.id);
+  const groupNames = parseList(options.groupNames);
+  if (groupNames.length === 0) {
+    logger.error(formatBlockingError('At least one group name is required. Use --group-names <name1,name2,...>.'));
+    process.exit(1);
+  }
+  const { controllerUrl, authConfig } = await resolveControllerAndAuth(options);
+  const response = await updateGroupsServiceUser(controllerUrl, authConfig, id, { groupNames });
+  if (response && response.success === false) {
+    handleServiceUserApiError(response, 'update');
+    return;
+  }
+  if (response && response.success === true) {
+    logger.log(formatSuccessLine('Service user groups updated.\n'));
+  }
+}
+/**
+ * Run service-user update-redirect-uris: call PUT .../redirect-uris (min 1 URI)
+ * @async
+ * @param {Object} options - CLI options (controller, id, redirectUris required, min 1)
+ * @returns {Promise<void>}
+ */
+async function runServiceUserUpdateRedirectUris(options = {}) {
+  const id = requireServiceUserId(options.id);
+  const redirectUris = parseList(options.redirectUris);
+  if (redirectUris.length === 0) {
+    logger.error(formatBlockingError('At least one redirect URI is required. Use --redirect-uris <uri1,uri2,...>.'));
+    process.exit(1);
+  }
+  const { controllerUrl, authConfig } = await resolveControllerAndAuth(options);
+  const response = await updateRedirectUrisServiceUser(controllerUrl, authConfig, id, { redirectUris });
+  if (response && response.success === false) {
+    handleServiceUserApiError(response, 'update');
+    return;
+  }
+  if (response && response.success === true) {
+    logger.log(formatSuccessLine('Service user redirect URIs updated.\n'));
+  }
+}
 module.exports = {
-  runServiceUserCreate
+  runServiceUserCreate,
+  runServiceUserList,
+  runServiceUserRotateSecret,
+  runServiceUserDelete,
+  runServiceUserUpdateGroups,
+  runServiceUserUpdateRedirectUris
 };

package/lib/commands/test-e2e-external.js CHANGED Viewed

@@ -7,6 +7,7 @@
  */
 'use strict';
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 const path = require('path');
 const fs = require('fs');
@@ -84,6 +85,23 @@ function getDatasourceKeys(appPath, configPath, variables, systemKey, systemPars
   return keys;
 }
+/**
+ * Full upload to dataplane when --sync (same path as `aifabrix upload <systemKey>`).
+ * @param {string} systemKey
+ * @param {Object} options
+ * @returns {Promise<void>}
+ */
+async function syncLocalIfRequested(systemKey, options) {
+  if (options.sync !== true) return;
+  logger.log(chalk.cyan('Syncing local config to dataplane…'));
+  const { uploadExternalSystem } = require('./upload');
+  await uploadExternalSystem(systemKey, {
+    verbose: !!options.verbose,
+    minimal: true
+  });
+  logger.log(formatSuccessLine('Sync complete'));
+}
 /* eslint-disable max-lines-per-function, max-statements -- Load context, then loop over keys */
 /**
  * Runs E2E for all datasources of an external system. Uses each datasource's payloadTemplate (no extra params required).
@@ -95,6 +113,7 @@ function getDatasourceKeys(appPath, configPath, variables, systemKey, systemPars
  * @param {boolean} [options.debug] - Include debug, write log
  * @param {boolean} [options.verbose] - Verbose output
  * @param {boolean} [options.async] - If false, sync mode (default true)
+ * @param {boolean} [options.sync] - When true, run full upload (`uploadExternalSystem`) before per-datasource E2E
  * @returns {Promise<{ success: boolean, results: Array<{ key: string, success: boolean, error?: string }> }>}
  */
 async function runTestE2EForExternalSystem(externalSystem, options = {}) {
@@ -137,6 +156,8 @@ async function runTestE2EForExternalSystem(externalSystem, options = {}) {
     return { success: true, results: [] };
   }
+  await syncLocalIfRequested(systemKey, options);
   const results = [];
   const opts = {
     app: externalSystem,
@@ -150,7 +171,12 @@ async function runTestE2EForExternalSystem(externalSystem, options = {}) {
       const data = await runDatasourceTestE2E(key, opts);
       const steps = data.steps || data.completedActions || [];
       const failed = data.success === false || steps.some(s => s.success === false || s.error);
-      results.push({ key, success: !failed });
+      results.push({
+        key,
+        success: !failed,
+        error: failed ? (data.error || 'E2E step failed') : undefined,
+        datasourceTestRun: data.datasourceTestRun
+      });
     } catch (err) {
       results.push({ key, success: false, error: err.message });
     }

package/lib/commands/up-common.js CHANGED Viewed

@@ -1,3 +1,4 @@
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder - Up Commands Shared Helpers
  *
@@ -165,6 +166,30 @@ function patchEnvOutputPathForDeployOnly(appName) {
   }
 }
+/**
+ * Removes builder app directories for the given app names. Only removes paths under the builder root
+ * to prevent path traversal. Uses getBuilderPath for each app and validates before removal.
+ *
+ * @param {string[]} appNames - Application names (e.g. ['keycloak', 'miso-controller', 'dataplane'])
+ * @returns {Promise<void>}
+ * @throws {Error} If any path is outside builder root (path traversal attempt)
+ */
+async function cleanBuilderAppDirs(appNames) {
+  if (!Array.isArray(appNames) || appNames.length === 0) return;
+  const builderRoot = path.resolve(pathsUtil.getBuilderRoot());
+  for (const appName of appNames) {
+    if (!appName || typeof appName !== 'string') continue;
+    const appPath = path.resolve(pathsUtil.getBuilderPath(appName));
+    if (!appPath.startsWith(builderRoot + path.sep) && appPath !== builderRoot) {
+      throw new Error(`Path ${appPath} is outside builder root ${builderRoot}; refusing to clean`);
+    }
+    if (fs.existsSync(appPath)) {
+      fs.rmSync(appPath, { recursive: true });
+      logger.log(chalk.blue(`Cleaned builder/${appName}`));
+    }
+  }
+}
 /**
  * Ensures builder app directory exists from template if application config is missing.
  * If builder/<appName>/application config does not exist, copies from templates/applications/<appName>.
@@ -189,7 +214,7 @@ async function ensureAppFromTemplate(appName) {
   const primaryCopied = await ensureTemplateAtPath(appName, appPath);
   if (primaryCopied) {
     logger.log(chalk.blue(`Creating builder/${appName} from template...`));
-    logger.log(chalk.green(`✓ Copied template for ${appName}`));
+    logger.log(formatSuccessLine(`Copied template for ${appName}`));
   }
   const cwdBuilderPath = path.join(process.cwd(), 'builder', appName);
@@ -197,7 +222,7 @@ async function ensureAppFromTemplate(appName) {
     const cwdCopied = await ensureTemplateAtPath(appName, cwdBuilderPath);
     if (cwdCopied) {
       logger.log(chalk.blue(`Creating builder/${appName} in project (from template)...`));
-      logger.log(chalk.green(`✓ Copied template for ${appName} into builder/`));
+      logger.log(formatSuccessLine(`Copied template for ${appName} into builder/`));
     }
   }
@@ -206,6 +231,7 @@ async function ensureAppFromTemplate(appName) {
 }
 module.exports = {
+  cleanBuilderAppDirs,
   ensureAppFromTemplate,
   patchEnvOutputPathForDeployOnly,
   validateEnvOutputPathFolderOrNull,