@aifabrix/builder 2.42.1 → 2.44.0

package/lib/validation/external-manifest-validator.js

@@ -10,9 +10,12 @@
  */
 
 const Ajv = require('ajv');
+const addFormats = require('ajv-formats');
 const fs = require('fs');
 const path = require('path');
 const { formatValidationErrors } = require('../utils/error-formatter');
+const { validateFieldReferences } = require('../datasource/field-reference-validator');
+const { validateAbac } = require('../datasource/abac-validator');
 
 /**
  * Sets up AJV validator with external schemas
@@ -26,6 +29,7 @@ async function setupAjvWithSchemas() {
     strict: false,
     removeAdditional: false
   });
+  addFormats(ajv);
 
   // Load raw schema objects (not compiled validators)
   const externalSystemSchemaPath = path.join(__dirname, '..', 'schema', 'external-system.schema.json');
@@ -41,11 +45,20 @@ async function setupAjvWithSchemas() {
     externalDatasourceSchema = schemaCopy;
   }
 
-  const externalSystemSchemaId = externalSystemSchema.$id || 'https://raw.githubusercontent.com/esystemsdev/aifabrix-builder/refs/heads/main/lib/schema/external-system.schema.json';
-  const externalDatasourceSchemaId = externalDatasourceSchema.$id || 'https://raw.githubusercontent.com/esystemsdev/aifabrix-builder/refs/heads/main/lib/schema/external-datasource.schema.json';
+  if (!externalSystemSchema.$id || typeof externalSystemSchema.$id !== 'string') {
+    throw new Error('External system schema is missing required $id');
+  }
+  if (!externalDatasourceSchema.$id || typeof externalDatasourceSchema.$id !== 'string') {
+    throw new Error('External datasource schema is missing required $id');
+  }
 
-  ajv.addSchema(externalSystemSchema, externalSystemSchemaId);
-  ajv.addSchema(externalDatasourceSchema, externalDatasourceSchemaId);
+  // external-datasource.schema.json references these by $id (aifabrix://schema/type/*)
+  ajv.addSchema(require('../schema/type/document-storage.json'));
+  ajv.addSchema(require('../schema/type/message-service.json'));
+  ajv.addSchema(require('../schema/type/vector-store.json'));
+
+  ajv.addSchema(externalSystemSchema, externalSystemSchema.$id);
+  ajv.addSchema(externalDatasourceSchema, externalDatasourceSchema.$id);
 
   return { ajv, externalSystemSchema, externalDatasourceSchema };
 }
@@ -64,7 +77,10 @@ function validateManifestStructure(manifest, ajv, applicationSchema, errors) {
   const manifestValid = validateManifest(manifest);
 
   if (!manifestValid) {
-    const manifestErrors = formatValidationErrors(validateManifest.errors);
+    const manifestErrors = formatValidationErrors(validateManifest.errors, {
+      rootData: manifest,
+      deploymentManifest: manifest
+    });
     errors.push(...manifestErrors.map(err => `Manifest validation: ${err}`));
   }
 }
@@ -84,7 +100,10 @@ function validateInlineSystem(manifest, ajv, externalSystemSchema, errors) {
     const systemValid = validateSystem(manifest.system);
 
     if (!systemValid) {
-      const systemErrors = formatValidationErrors(validateSystem.errors);
+      const systemErrors = formatValidationErrors(validateSystem.errors, {
+        rootData: manifest.system,
+        deploymentManifest: manifest.system
+      });
       errors.push(...systemErrors.map(err => `System validation: ${err}`));
     }
   } else if (manifest.type === 'external') {
@@ -111,8 +130,17 @@ function validateDatasources(manifest, ajv, externalDatasourceSchema, errors, wa
       manifest.dataSources.forEach((datasource, index) => {
         const datasourceValid = validateDatasource(datasource);
         if (!datasourceValid) {
-          const datasourceErrors = formatValidationErrors(validateDatasource.errors);
+          const datasourceErrors = formatValidationErrors(validateDatasource.errors, {
+            rootData: datasource,
+            deploymentManifest: datasource
+          });
           errors.push(...datasourceErrors.map(err => `Datasource ${index + 1} (${datasource.key || 'unknown'}): ${err}`));
+        } else {
+          const fieldRefErrors = validateFieldReferences(datasource);
+          const abacErrors = validateAbac(datasource);
+          const prefix = `Datasource ${index + 1} (${datasource.key || 'unknown'}): `;
+          fieldRefErrors.forEach(e => errors.push(prefix + e));
+          abacErrors.forEach(e => errors.push(prefix + e));
         }
       });
     }

package/lib/validation/validate-display.js

@@ -1,3 +1,4 @@
+const { formatBlockingError, formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * Validation Display Utilities
  *
@@ -25,9 +26,9 @@ function displayApplicationValidation(application) {
 
   logger.log(chalk.blue('\nApplication:'));
   if (application.valid) {
-    logger.log(chalk.green('  ✓ Application configuration is valid'));
+    logger.log(chalk.green('  ✔ Application configuration is valid'));
   } else {
-    logger.log(chalk.red('  ✗ Application configuration has errors:'));
+    logger.log(chalk.red('  ✖ Application configuration has errors:'));
     if (application.errors && application.errors.length > 0) {
       application.errors.forEach(error => {
         logger.log(chalk.red(`    • ${error}`));
@@ -51,12 +52,17 @@ function extractDimensionsFromDatasource(filePath) {
   try {
     const parsed = loadConfigFile(filePath);
 
-    // Check fieldMappings.dimensions (primary location)
-    const dimensions = parsed.fieldMappings?.dimensions || {};
+    const rootFlat = {};
+    const root = parsed.dimensions;
+    if (root && typeof root === 'object' && !Array.isArray(root)) {
+      for (const [dimKey, binding] of Object.entries(root)) {
+        if (binding && typeof binding === 'object' && typeof binding.field === 'string') {
+          rootFlat[dimKey] = `metadata.${binding.field}`;
+        }
+      }
+    }
     const abacDimensions = parsed.abac?.dimensions || {};
-
-    // Merge both sources (abac.dimensions can override fieldMappings.dimensions)
-    const allDimensions = { ...dimensions, ...abacDimensions };
+    const allDimensions = { ...rootFlat, ...abacDimensions };
     const dimensionKeys = Object.keys(allDimensions);
 
     return {
@@ -82,9 +88,9 @@ function displayExternalFilesValidation(externalFiles) {
   logger.log(chalk.blue('\nExternal Integration Files:'));
   externalFiles.forEach(file => {
     if (file.valid) {
-      logger.log(chalk.green(`  ✓ ${file.file} (${file.type})`));
+      logger.log(chalk.green(`  ✔ ${file.file} (${file.type})`));
     } else {
-      logger.log(chalk.red(`  ✗ ${file.file} (${file.type}):`));
+      logger.log(chalk.red(`  ✖ ${file.file} (${file.type}):`));
       file.errors.forEach(error => {
         logger.log(chalk.red(`    • ${error}`));
       });
@@ -126,7 +132,7 @@ function displayDimensionsValidation(externalFiles) {
 
     if (dimensionsInfo.hasDimensions) {
       anyDatasourceHasDimensions = true;
-      logger.log(chalk.green(`  ✓ ${file.file}`));
+      logger.log(chalk.green(`  ✔ ${file.file}`));
       dimensionsInfo.dimensionKeys.forEach(key => {
         const mapping = dimensionsInfo.dimensions[key];
         logger.log(chalk.gray(`      ${key} → ${mapping}`));
@@ -156,9 +162,9 @@ function displayRbacValidation(rbac) {
 
   logger.log(chalk.blue('\nRBAC Configuration:'));
   if (rbac.valid) {
-    logger.log(chalk.green('  ✓ RBAC configuration is valid'));
+    logger.log(chalk.green('  ✔ RBAC configuration is valid'));
   } else {
-    logger.log(chalk.red('  ✗ RBAC configuration has errors:'));
+    logger.log(chalk.red('  ✖ RBAC configuration has errors:'));
     rbac.errors.forEach(error => {
       logger.log(chalk.red(`    • ${error}`));
     });
@@ -183,9 +189,9 @@ function displayFileValidation(result) {
   logger.log(chalk.blue(`\nFile: ${result.file}`));
   logger.log(chalk.blue(`Type: ${result.type}`));
   if (result.valid) {
-    logger.log(chalk.green('  ✓ File is valid'));
+    logger.log(chalk.green('  ✔ File is valid'));
   } else {
-    logger.log(chalk.red('  ✗ File has errors:'));
+    logger.log(chalk.red('  ✖ File has errors:'));
     result.errors.forEach(error => {
       logger.log(chalk.red(`    • ${error}`));
     });
@@ -222,9 +228,9 @@ function displayAggregatedWarnings(warnings) {
 function displayApplicationStep(application) {
   logger.log(chalk.blue('\nApplication:'));
   if (application.valid) {
-    logger.log(chalk.green('  ✓ Application configuration is valid'));
+    logger.log(chalk.green('  ✔ Application configuration is valid'));
   } else {
-    logger.log(chalk.red('  ✗ Application configuration has errors:'));
+    logger.log(chalk.red('  ✖ Application configuration has errors:'));
     application.errors.forEach(error => {
       logger.log(chalk.red(`    • ${error}`));
     });
@@ -253,9 +259,9 @@ function displayComponentsStep(components) {
   if (hasFiles) {
     components.files.forEach(file => {
       if (file.valid) {
-        logger.log(chalk.green(`  ✓ ${file.file} (${file.type})`));
+        logger.log(chalk.green(`  ✔ ${file.file} (${file.type})`));
       } else {
-        logger.log(chalk.red(`  ✗ ${file.file} (${file.type})`));
+        logger.log(chalk.red(`  ✖ ${file.file} (${file.type})`));
       }
     });
   }
@@ -282,7 +288,7 @@ function displayDimensionsStep(datasourceFiles) {
     try {
       const dimensionsInfo = extractDimensionsFromDatasource(file.path || file.file);
       if (dimensionsInfo.hasDimensions) {
-        logger.log(chalk.green(`  ✓ ${file.file}`));
+        logger.log(chalk.green(`  ✔ ${file.file}`));
         dimensionsInfo.dimensionKeys.forEach(key => {
           const mapping = dimensionsInfo.dimensions[key];
           logger.log(chalk.gray(`      ${key} → ${mapping}`));
@@ -308,15 +314,15 @@ function displayManifestStep(manifest, componentFiles) {
   if (manifest.skipped) {
     logger.log(chalk.yellow('  ⊘ Skipped (fix errors above first)'));
   } else if (manifest.valid) {
-    logger.log(chalk.green('  ✓ Full deployment manifest is valid'));
+    logger.log(chalk.green('  ✔ Full deployment manifest is valid'));
     if (componentFiles) {
       const datasourceFiles = componentFiles.filter(f => f.type === 'datasource' || f.type === 'external-datasource');
-      logger.log(chalk.green('    ✓ System configuration valid'));
-      logger.log(chalk.green(`    ✓ ${datasourceFiles.length} datasource(s) valid`));
-      logger.log(chalk.green('    ✓ Schema validation passed'));
+      logger.log(chalk.green('    ✔ System configuration valid'));
+      logger.log(chalk.green(`    ✔ ${datasourceFiles.length} datasource(s) valid`));
+      logger.log(chalk.green('    ✔ Schema validation passed'));
     }
   } else {
-    logger.log(chalk.red('  ✗ Full deployment manifest validation failed:'));
+    logger.log(chalk.red('  ✖ Full deployment manifest validation failed:'));
     const errs = manifest.errors && manifest.errors.length > 0 ? manifest.errors : [];
     if (errs.length > 0) {
       errs.forEach(error => {
@@ -341,9 +347,9 @@ function displayManifestStep(manifest, componentFiles) {
  */
 function displayStepByStepValidation(result) {
   if (result.valid) {
-    logger.log(chalk.green('\n✓ Validation passed!'));
+    logger.log(formatSuccessParagraph('Validation passed!'));
   } else {
-    logger.log(chalk.red('\n✗ Validation failed!'));
+    logger.log(chalk.red('\n✖ Validation failed!'));
   }
 
   displayApplicationStep(result.steps.application);
@@ -388,7 +394,7 @@ function displayBatchValidationResults(batchResult) {
   results.forEach(item => {
     logger.log(chalk.blue(`\n--- ${item.appName} ---`));
     if (item.error) {
-      logger.log(chalk.red(`  ✗ ${item.error}`));
+      logger.log(chalk.red(`  ✖ ${item.error}`));
     } else if (item.result) {
       displayValidationResults(item.result);
     }
@@ -398,10 +404,10 @@ function displayBatchValidationResults(batchResult) {
   const failed = results.length - passed;
   logger.log(chalk.blue('\n--- Summary ---'));
   if (failed === 0) {
-    logger.log(chalk.green(`✓ ${passed} passed, 0 failed`));
+    logger.log(formatSuccessLine(`${passed} passed, 0 failed`));
     logger.log(chalk.green('Overall: Passed'));
   } else {
-    logger.log(chalk.red(`✗ ${passed} passed, ${failed} failed`));
+    logger.log(formatBlockingError(`${passed} passed, ${failed} failed`));
     logger.log(chalk.red('Overall: Failed'));
   }
 }
@@ -445,9 +451,9 @@ function displayValidationResults(result) {
 
   // Legacy format (for regular apps)
   if (result.valid) {
-    logger.log(chalk.green('\n✓ Validation passed!'));
+    logger.log(formatSuccessParagraph('Validation passed!'));
   } else {
-    logger.log(chalk.red('\n✗ Validation failed!'));
+    logger.log(chalk.red('\n✖ Validation failed!'));
   }
 
   displayApplicationValidation(result.application);

package/lib/validation/validate.js

@@ -15,6 +15,8 @@ const validator = require('./validator');
 const { resolveExternalFiles } = require('../utils/schema-resolver');
 const { loadExternalSystemSchema, loadExternalDataSourceSchema, detectSchemaType } = require('../utils/schema-loader');
 const { formatValidationErrors } = require('../utils/error-formatter');
+const { validateFieldReferences } = require('../datasource/field-reference-validator');
+const { validateAbac } = require('../datasource/abac-validator');
 const { detectAppType } = require('../utils/paths');
 const batch = require('./validate-batch');
 const { logOfflinePathWhenType } = require('../utils/cli-utils');
@@ -102,15 +104,6 @@ function aggregateValidationResults(appValidation, externalValidations, rbacVali
   };
 }
 
-/**
- * Validates a single external file against its schema
- *
- * @async
- * @function validateExternalFile
- * @param {string} filePath - Path to the file
- * @param {string} type - File type: 'system' | 'datasource'
- * @returns {Promise<Object>} Validation result
- */
 /**
  * Parses external system/datasource file content (JSON or YAML).
  * @function parseJsonFileContent
@@ -177,6 +170,7 @@ function validateRoleReferences(parsed, errors) {
   });
 }
 
+/** @async */
 async function validateExternalFile(filePath, type) {
   if (!fs.existsSync(filePath)) {
     throw new Error(`File not found: ${filePath}`);
@@ -200,6 +194,12 @@ async function validateExternalFile(filePath, type) {
     validateConfigurationNoStandardAuthVariables(parseResult.parsed, errors);
   }
 
+  if (normalizedType === 'datasource') {
+    const { collectExternalDatasourceWarnings } = require('./datasource-warnings');
+    errors.push(...validateFieldReferences(parseResult.parsed), ...validateAbac(parseResult.parsed));
+    warnings.push(...collectExternalDatasourceWarnings(parseResult.parsed));
+  }
+
   return {
     valid: errors.length === 0,
     errors,
@@ -489,4 +489,3 @@ module.exports = {
   validateAll: (opts = {}) => batch.validateAll(validateAppOrFile, opts),
   buildBatchResult: batch.buildBatchResult
 };
-

package/lib/validation/validator-unresolved-placeholders.js

@@ -0,0 +1,98 @@
+/**
+ * Scan deployment/config objects for unresolved ${VAR} placeholders (validator helper).
+ *
+ * @fileoverview Extracted from validator.js for ESLint max-lines
+ * @author AI Fabrix Team
+ * @version 1.0.0
+ */
+
+'use strict';
+
+/** Pattern matching ${VAR} style unresolved variables in strings */
+const UNRESOLVED_VAR_REGEX = /\$\{[^}]+\}/g;
+
+/** Allowed manifest placeholders in frontDoorRouting.host (expanded at run/resolve time; plan 122). */
+const FRONT_DOOR_HOST_ALLOWED = /\$\{DEV_USERNAME\}|\$\{REMOTE_HOST\}/g;
+
+/**
+ * First ${...} still present after stripping allowed DEV_USERNAME / REMOTE_HOST segments, or null.
+ * @param {string} str
+ * @returns {string|null}
+ */
+function getFrontDoorHostFirstForbiddenPlaceholder(str) {
+  let t = String(str).trim();
+  t = t.replace(FRONT_DOOR_HOST_ALLOWED, '');
+  t = t.replace(/^\.+|\.+$/g, '').trim();
+  const m = t.match(UNRESOLVED_VAR_REGEX);
+  return m ? m[0] : null;
+}
+
+/**
+ * @param {string} obj
+ * @param {string} prefix
+ * @returns {string[]}
+ */
+function collectStringUnresolved(obj, prefix) {
+  if (prefix === 'frontDoorRouting.host') {
+    const bad = getFrontDoorHostFirstForbiddenPlaceholder(obj);
+    return bad ? [`${prefix}: ${bad}`] : [];
+  }
+  const matches = obj.match(UNRESOLVED_VAR_REGEX);
+  if (matches && matches.length > 0) {
+    const pathLabel = prefix || 'value';
+    return [`${pathLabel}: ${matches[0]}`];
+  }
+  return [];
+}
+
+/**
+ * Recursively finds all string values in obj that contain ${...} placeholders.
+ *
+ * @param {Object} obj - Object to scan (e.g. deployment manifest)
+ * @param {string} [prefix=''] - Path prefix for error reporting
+ * @returns {string[]} List of paths with example placeholder (e.g. "port: ${PORT}")
+ */
+function findUnresolvedVariablesInObject(obj, prefix = '') {
+  const found = [];
+  if (obj === null || obj === undefined) {
+    return found;
+  }
+  if (typeof obj === 'string') {
+    return collectStringUnresolved(obj, prefix);
+  }
+  if (Array.isArray(obj)) {
+    obj.forEach((item, i) => {
+      found.push(...findUnresolvedVariablesInObject(item, `${prefix}[${i}]`));
+    });
+    return found;
+  }
+  if (typeof obj === 'object') {
+    for (const [key, value] of Object.entries(obj)) {
+      const path = prefix ? `${prefix}.${key}` : key;
+      found.push(...findUnresolvedVariablesInObject(value, path));
+    }
+    return found;
+  }
+  return found;
+}
+
+/**
+ * Validates that deployment manifest contains no unresolved ${...} variables.
+ * @param {Object} deployment - Deployment manifest object
+ * @throws {Error} If any ${...} placeholders are found
+ */
+function validateNoUnresolvedVariablesInDeployment(deployment) {
+  const unresolved = findUnresolvedVariablesInObject(deployment);
+  if (unresolved.length > 0) {
+    const examples = [...new Set(unresolved)].slice(0, 5).join(', ');
+    throw new Error(
+      `Deployment manifest contains unresolved variables (e.g. ${examples}). ` +
+        'Use secret variables (kv://) in env.template for sensitive values, and set the application port as a number in application.yaml.'
+    );
+  }
+}
+
+module.exports = {
+  findUnresolvedVariablesInObject,
+  validateNoUnresolvedVariablesInDeployment
+};

package/lib/validation/validator.js

@@ -11,17 +11,17 @@
 
 const fs = require('fs');
 const path = require('path');
-const yaml = require('js-yaml');
 const Ajv = require('ajv');
+const addFormats = require('ajv-formats');
 const applicationSchema = require('../schema/application-schema.json');
 const externalSystemSchema = require('../schema/external-system.schema.json');
 const externalDataSourceSchema = require('../schema/external-datasource.schema.json');
 const { transformVariablesForValidation } = require('../utils/variable-transformer');
 const { checkEnvironment } = require('../utils/environment-checker');
 const { formatValidationErrors } = require('../utils/error-formatter');
-const { detectAppType, resolveApplicationConfigPath } = require('../utils/paths');
+const { detectAppType, resolveApplicationConfigPath, resolveRbacPath } = require('../utils/paths');
 const { loadConfigFile } = require('../utils/config-format');
-const { validateAuthKvCoverage } = require('./env-template-auth');
+const { validateAuthKvCoverage, validateAuthSecurityPathConsistency } = require('./env-template-auth');
 const { validateKvReferencesInLines } = require('./env-template-kv');
 
 /**
@@ -58,7 +58,8 @@ async function loadVariablesYaml(appName, options = {}) {
  * @returns {Function} Compiled validator function
  */
 function setupAjvValidator() {
-  const ajv = new Ajv({ allErrors: true, strict: false });
+  const ajv = new Ajv({ allErrors: true, strict: false, verbose: true });
+  addFormats(ajv);
   const externalSystemSchemaCopy = { ...externalSystemSchema };
   const externalDataSourceSchemaCopy = { ...externalDataSourceSchema };
 
@@ -66,6 +67,11 @@ function setupAjvValidator() {
     delete externalDataSourceSchemaCopy.$schema;
   }
 
+  // external-datasource.schema.json references these by $id (aifabrix://schema/type/*)
+  ajv.addSchema(require('../schema/type/document-storage.json'));
+  ajv.addSchema(require('../schema/type/message-service.json'));
+  ajv.addSchema(require('../schema/type/vector-store.json'));
+
   ajv.addSchema(externalSystemSchemaCopy, externalSystemSchema.$id);
   ajv.addSchema(externalDataSourceSchemaCopy, externalDataSourceSchema.$id);
   return ajv.compile(applicationSchema);
@@ -155,7 +161,7 @@ async function validateVariables(appName, options = {}) {
 function validateRoles(roles) {
   const errors = [];
   if (!roles || !Array.isArray(roles)) {
-    errors.push('rbac.yaml must contain a "roles" array');
+    errors.push('rbac file must contain a "roles" array');
     return errors;
   }
 
@@ -179,7 +185,7 @@ function validateRoles(roles) {
 function validatePermissions(permissions) {
   const errors = [];
   if (!permissions || !Array.isArray(permissions)) {
-    errors.push('rbac.yaml must contain a "permissions" array');
+    errors.push('rbac file must contain a "permissions" array');
     return errors;
   }
 
@@ -203,21 +209,18 @@ async function validateRbac(appName, options = {}) {
 
   // Support both builder/ and integration/ directories using detectAppType
   const { appPath } = await detectAppType(appName, options);
-  const rbacYaml = path.join(appPath, 'rbac.yaml');
-  const rbacYml = path.join(appPath, 'rbac.yml');
-  const rbacPath = fs.existsSync(rbacYaml) ? rbacYaml : (fs.existsSync(rbacYml) ? rbacYml : null);
+  const rbacPath = resolveRbacPath(appPath);
 
   if (!rbacPath) {
-    return { valid: true, errors: [], warnings: ['rbac.yaml not found - authentication disabled'] };
+    return { valid: true, errors: [], warnings: ['rbac file not found - authentication disabled'] };
   }
 
-  const content = fs.readFileSync(rbacPath, 'utf8');
   let rbac;
-
   try {
-    rbac = yaml.load(content);
+    rbac = loadConfigFile(rbacPath);
   } catch (error) {
-    throw new Error(`Invalid YAML syntax in rbac.yaml: ${error.message}`);
+    const basename = path.basename(rbacPath);
+    throw new Error(`Invalid syntax in ${basename}: ${error.message}`);
   }
 
   const errors = [
@@ -287,6 +290,7 @@ async function validateEnvTemplate(appName, options = {}) {
 
   if (isExternal) {
     await validateAuthKvCoverage(appPath, content, errors, warnings, options);
+    await validateAuthSecurityPathConsistency(appPath, errors, warnings);
   }
 
   return {
@@ -344,7 +348,8 @@ function validateDeploymentJson(deployment) {
 
   // verbose: true includes the actual data value in error objects for better error messages
   const ajv = new Ajv({ allErrors: true, strict: false, verbose: true });
-  // Register external schemas with their $id (GitHub raw URLs)
+  addFormats(ajv);
+  // Register external schemas with their $id
   // Create copies to avoid modifying the original schemas
   const externalSystemSchemaCopy = { ...externalSystemSchema };
   const externalDataSourceSchemaCopy = { ...externalDataSourceSchema };
@@ -352,6 +357,10 @@ function validateDeploymentJson(deployment) {
   if (externalDataSourceSchemaCopy.$schema && externalDataSourceSchemaCopy.$schema.includes('2020-12')) {
     delete externalDataSourceSchemaCopy.$schema;
   }
+  // external-datasource.schema.json references these by $id (aifabrix://schema/type/*)
+  ajv.addSchema(require('../schema/type/document-storage.json'));
+  ajv.addSchema(require('../schema/type/message-service.json'));
+  ajv.addSchema(require('../schema/type/vector-store.json'));
   ajv.addSchema(externalSystemSchemaCopy, externalSystemSchema.$id);
   ajv.addSchema(externalDataSourceSchemaCopy, externalDataSourceSchema.$id);
   const validate = ajv.compile(applicationSchema);
@@ -359,72 +368,17 @@ function validateDeploymentJson(deployment) {
 
   return {
     valid,
-    errors: valid ? [] : formatValidationErrors(validate.errors)
+    errors: valid ? [] : formatValidationErrors(validate.errors, {
+      deploymentManifest: deployment,
+      rootData: deployment
+    })
   };
 }
 
-/** Pattern matching ${VAR} style unresolved variables in strings */
-const UNRESOLVED_VAR_REGEX = /\$\{[^}]+\}/g;
-
-/**
- * Recursively finds all string values in obj that contain ${...} placeholders.
- * Used to ensure deployment manifest has no unresolved variables before deploy.
- *
- * @function findUnresolvedVariablesInObject
- * @param {Object} obj - Object to scan (e.g. deployment manifest)
- * @param {string} [prefix=''] - Path prefix for error reporting
- * @returns {string[]} List of paths with example placeholder (e.g. "port: ${PORT}")
- *
- * @example
- * findUnresolvedVariablesInObject({ port: '${PORT}' }) // ['port: ${PORT}']
- */
-function findUnresolvedVariablesInObject(obj, prefix = '') {
-  const found = [];
-  if (obj === null || obj === undefined) {
-    return found;
-  }
-  if (typeof obj === 'string') {
-    const matches = obj.match(UNRESOLVED_VAR_REGEX);
-    if (matches && matches.length > 0) {
-      const pathLabel = prefix || 'value';
-      found.push(`${pathLabel}: ${matches[0]}`);
-    }
-    return found;
-  }
-  if (Array.isArray(obj)) {
-    obj.forEach((item, i) => {
-      found.push(...findUnresolvedVariablesInObject(item, `${prefix}[${i}]`));
-    });
-    return found;
-  }
-  if (typeof obj === 'object') {
-    for (const [key, value] of Object.entries(obj)) {
-      const path = prefix ? `${prefix}.${key}` : key;
-      found.push(...findUnresolvedVariablesInObject(value, path));
-    }
-    return found;
-  }
-  return found;
-}
-
-/**
- * Validates that deployment manifest contains no unresolved ${...} variables.
- * Throws if any are found, with a message to use secret variables or literal values.
- *
- * @function validateNoUnresolvedVariablesInDeployment
- * @param {Object} deployment - Deployment manifest object
- * @throws {Error} If any ${...} placeholders are found
- */
-function validateNoUnresolvedVariablesInDeployment(deployment) {
-  const unresolved = findUnresolvedVariablesInObject(deployment);
-  if (unresolved.length > 0) {
-    const examples = [...new Set(unresolved)].slice(0, 5).join(', ');
-    throw new Error(
-      `Deployment manifest contains unresolved variables (e.g. ${examples}). ` +
-      'Use secret variables (kv://) in env.template for sensitive values, and set the application port as a number in application.yaml.'
-    );
-  }
-}
+const {
+  findUnresolvedVariablesInObject,
+  validateNoUnresolvedVariablesInDeployment
+} = require('./validator-unresolved-placeholders');
 
 /**
  * Validates all application configuration files

package/lib/validation/wizard-config-validator.js

@@ -1,3 +1,4 @@
+const { formatBlockingError } = require('../utils/cli-test-layout-chalk');
 /**
  * @fileoverview Wizard configuration validator for wizard.yaml files
  * @author AI Fabrix Team
@@ -281,7 +282,7 @@ function displayValidationResults(result) {
     console.log(chalk.green('Wizard configuration is valid'));
   } else {
     // eslint-disable-next-line no-console
-    console.log(chalk.red('✗ Wizard configuration validation failed:'));
+    console.log(formatBlockingError('Wizard configuration validation failed:'));
     result.errors.forEach(error => {
       // eslint-disable-next-line no-console
       console.log(chalk.red(`  - ${error}`));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.42.1",
+  "version": "2.44.0",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {
@@ -8,6 +8,7 @@
     "af": "bin/aifabrix.js"
   },
   "scripts": {
+    "all": "npm run precommit && npm run test:manual && npm run test:integration:fixtures && npm run test:hubspot-wizard",
     "test": "node tests/scripts/test-wrapper.js",
     "test:ci": "bash tests/scripts/ci-simulate.sh",
     "test:same-as-github": "npm run build:ci",
@@ -15,8 +16,13 @@
     "test:coverage:nyc": "nyc --reporter=text --reporter=lcov --reporter=html jest --config jest.config.coverage.js --runInBand",
     "test:watch": "jest --watch",
     "test:integration": "jest --config jest.config.integration.js --runInBand",
+    "test:integration:fixtures": "jest --config jest.config.integration.fixtures.js --runInBand",
     "test:integration:python": "cross-env TEST_LANGUAGE=python jest --config jest.config.integration.js --runInBand",
     "test:integration:typescript": "cross-env TEST_LANGUAGE=typescript jest --config jest.config.integration.js --runInBand",
+    "test:hubspot-wizard": "node integration/hubspot-test/test.js",
+    "test:hubspot-wizard:negative": "node integration/hubspot-test/test.js --type negative",
+    "test:hubspot-wizard:positive": "node integration/hubspot-test/test.js --type positive",
+    "test:hubspot-dataplane-down": "node integration/hubspot-test/test-dataplane-down.js",
     "test:manual": "jest --config jest.config.manual.js --runInBand",
     "lint": "eslint . --ext .js",
     "lint:fix": "eslint . --ext .js --fix",
@@ -28,8 +34,10 @@
     "validate": "npm run build",
     "prepublishOnly": "npm run validate",
     "precommit": "npm run lint:fix && npm run test",
-    "install:local": "node scripts/install-local.js",
-    "uninstall:local": "node scripts/install-local.js uninstall"
+    "install:local": "node scripts/install-local.js && which aifabrix && which af",
+    "uninstall:local": "node scripts/install-local.js uninstall && which aifabrix && which af",
+    "diagnose:cli": "node scripts/diagnose-cli.js",
+    "check:schema-sync": "node scripts/check-datasource-test-run-schema-sync.js"
   },
   "keywords": [
     "aifabrix",