@aifabrix/builder 2.42.1 → 2.44.0

package/lib/api/service-users.api.js

@@ -1,5 +1,5 @@
 /**
- * @fileoverview Service users API functions (create service user with one-time secret)
+ * @fileoverview Service users API functions (create, list, rotate-secret, delete, update)
  * @author AI Fabrix Team
  * @version 2.0.0
  */
@@ -36,6 +36,115 @@ async function createServiceUser(controllerUrl, authConfig, body) {
   });
 }
 
+/**
+ * List service users with optional pagination and search
+ * GET /api/v1/service-users
+ * @requiresPermission {Controller} service-user:read
+ * @async
+ * @function listServiceUsers
+ * @param {string} controllerUrl - Controller base URL
+ * @param {Object} authConfig - Authentication configuration (bearer or client-credentials)
+ * @param {Object} [options] - Query options
+ * @param {number} [options.page] - Page number
+ * @param {number} [options.pageSize] - Items per page
+ * @param {string} [options.sort] - Sort field/direction
+ * @param {string} [options.filter] - Filter expression
+ * @param {string} [options.search] - Search term
+ * @returns {Promise<Object>} Response with data (array), meta, links
+ * @throws {Error} If request fails (401/403 or network)
+ */
+async function listServiceUsers(controllerUrl, authConfig, options = {}) {
+  const client = new ApiClient(controllerUrl, authConfig);
+  const params = {};
+  if (options.page !== undefined && options.page !== null) params.page = options.page;
+  if (options.pageSize !== undefined && options.pageSize !== null) params.pageSize = options.pageSize;
+  if (options.sort) params.sort = options.sort;
+  if (options.filter) params.filter = options.filter;
+  if (options.search) params.search = options.search;
+  return await client.get('/api/v1/service-users', { params });
+}
+
+/**
+ * Regenerate (rotate) secret for a service user. New secret is returned once only.
+ * POST /api/v1/service-users/{id}/regenerate-secret
+ * @requiresPermission {Controller} service-user:update
+ * @async
+ * @function regenerateSecretServiceUser
+ * @param {string} controllerUrl - Controller base URL
+ * @param {Object} authConfig - Authentication configuration
+ * @param {string} id - Service user ID (UUID)
+ * @returns {Promise<Object>} Response with data.clientSecret
+ * @throws {Error} If request fails (401/403/404 or network)
+ */
+async function regenerateSecretServiceUser(controllerUrl, authConfig, id) {
+  const client = new ApiClient(controllerUrl, authConfig);
+  return await client.post(`/api/v1/service-users/${encodeURIComponent(id)}/regenerate-secret`);
+}
+
+/**
+ * Delete (deactivate) a service user
+ * DELETE /api/v1/service-users/{id}
+ * @requiresPermission {Controller} service-user:delete
+ * @async
+ * @function deleteServiceUser
+ * @param {string} controllerUrl - Controller base URL
+ * @param {Object} authConfig - Authentication configuration
+ * @param {string} id - Service user ID (UUID)
+ * @returns {Promise<Object>} Response (data may be null)
+ * @throws {Error} If request fails (401/403/404 or network)
+ */
+async function deleteServiceUser(controllerUrl, authConfig, id) {
+  const client = new ApiClient(controllerUrl, authConfig);
+  return await client.delete(`/api/v1/service-users/${encodeURIComponent(id)}`);
+}
+
+/**
+ * Update group assignments for a service user
+ * PUT /api/v1/service-users/{id}/groups
+ * @requiresPermission {Controller} service-user:update
+ * @async
+ * @function updateGroupsServiceUser
+ * @param {string} controllerUrl - Controller base URL
+ * @param {Object} authConfig - Authentication configuration
+ * @param {string} id - Service user ID (UUID)
+ * @param {Object} body - Request body
+ * @param {string[]} body.groupNames - Group names to set
+ * @returns {Promise<Object>} Response with data.id, data.groupNames
+ * @throws {Error} If request fails (400/401/403/404 or network)
+ */
+async function updateGroupsServiceUser(controllerUrl, authConfig, id, body) {
+  const client = new ApiClient(controllerUrl, authConfig);
+  return await client.put(`/api/v1/service-users/${encodeURIComponent(id)}/groups`, {
+    body: { groupNames: body.groupNames }
+  });
+}
+
+/**
+ * Update redirect URIs for a service user (min 1). Controller merges in its callback URL.
+ * PUT /api/v1/service-users/{id}/redirect-uris
+ * @requiresPermission {Controller} service-user:update
+ * @async
+ * @function updateRedirectUrisServiceUser
+ * @param {string} controllerUrl - Controller base URL
+ * @param {Object} authConfig - Authentication configuration
+ * @param {string} id - Service user ID (UUID)
+ * @param {Object} body - Request body
+ * @param {string[]} body.redirectUris - Redirect URIs (min 1)
+ * @returns {Promise<Object>} Response with data.id, data.redirectUris
+ * @throws {Error} If request fails (400/401/403/404 or network)
+ */
+async function updateRedirectUrisServiceUser(controllerUrl, authConfig, id, body) {
+  const client = new ApiClient(controllerUrl, authConfig);
+  return await client.put(`/api/v1/service-users/${encodeURIComponent(id)}/redirect-uris`, {
+    body: { redirectUris: body.redirectUris }
+  });
+}
+
 module.exports = {
-  createServiceUser
+  createServiceUser,
+  listServiceUsers,
+  regenerateSecretServiceUser,
+  deleteServiceUser,
+  updateGroupsServiceUser,
+  updateRedirectUrisServiceUser
 };

package/lib/api/types/dev.types.js

@@ -27,10 +27,11 @@
  * @typedef {Object} SettingsResponseDto
  * @property {string} user-mutagen-folder - Server path to workspace root (no app segment)
  * @property {string} secrets-encryption - Encryption key (hex)
- * @property {string} aifabrix-secrets - Path or URL for secrets
+ * @property {string} aifabrix-secrets - Local filesystem path or https URL for shared secrets (file vs remote API)
  * @property {string} aifabrix-env-config - Env config path
  * @property {string} remote-server - Builder-server base URL
  * @property {string} docker-endpoint - Docker API endpoint
+ * @property {boolean} [docker-tls-skip-verify] - When true and ca.pem is absent, Docker uses DOCKER_TLS_VERIFY=0; if ca.pem exists, daemon is always verified
  * @property {string} sync-ssh-user - SSH user for Mutagen
  * @property {string} sync-ssh-host - SSH host for Mutagen
  */
@@ -44,7 +45,7 @@
  * @property {string} createdAt - ISO 8601
  * @property {boolean} certificateIssued - Whether cert was issued
  * @property {string} [certificateValidNotAfter] - Cert validity end (optional)
- * @property {string[]} groups - Access groups (admin, secret-manager, developer)
+ * @property {string[]} groups - Access groups (admin, secret-manager, developer, docker)
  */
 
 /**
@@ -53,7 +54,7 @@
  * @property {string} developerId - Unique developer ID (numeric string)
  * @property {string} name - Display name
  * @property {string} email - Email
- * @property {string[]} [groups] - Default [developer]
+ * @property {string[]} [groups] - Default [developer]; tokens: admin, secret-manager, developer, docker
  */
 
 /**

package/lib/api/types/pipeline.types.js

@@ -131,13 +131,16 @@
  */
 
 /**
- * Dataplane pipeline upload response (publication result; no uploadId).
+ * Dataplane pipeline upload API envelope (makeApiCall / ApiClient).
+ * Body in `data` matches dataplane PublicationResult (uploadId, uploadStatus, system, datasources, generateMcpContract, …).
  * @typedef {Object} PipelineUploadResponse
  * @property {boolean} success - Request success flag
- * @property {Object} [data] - Publication result (system, datasources, warnings)
- * @property {string} [data.systemKey] - Published system key
- * @property {string[]} [data.datasourceKeys] - Published datasource keys
- * @property {string[]} [data.warnings] - Warnings if any
+ * @property {Object} [data] - PublicationResult from dataplane (not a generic wrapper with datasourceKeys/warnings)
+ * @property {string} [data.uploadId] - Upload / publication id
+ * @property {string} [data.uploadStatus] - e.g. published
+ * @property {Object} [data.system] - Published external system
+ * @property {Object[]} [data.datasources] - Published datasources
+ * @property {boolean} [data.generateMcpContract] - MCP generation flag
  * @property {string} [formattedError] - Formatted error message on failure
  */
 

package/lib/api/types/service-users.types.js

@@ -22,3 +22,44 @@
  * @property {boolean} [success] - Optional wrapper flag
  * @property {string} [createdAt] - Optional creation timestamp (ISO 8601)
  */
+
+/**
+ * Single service user item in list response
+ * @typedef {Object} ListServiceUserItem
+ * @property {string} id - Service user ID (UUID)
+ * @property {string} [username] - Username
+ * @property {string} [email] - Email
+ * @property {string} [clientId] - OAuth2 client ID
+ * @property {boolean} [active] - Whether the service user is active
+ */
+
+/**
+ * List service users response (Controller GET /api/v1/service-users)
+ * @typedef {Object} ListServiceUsersResponse
+ * @property {ListServiceUserItem[]} data - Array of service users
+ * @property {Object} [meta] - Pagination metadata (e.g. total, page, pageSize)
+ * @property {Object} [links] - Pagination links
+ */
+
+/**
+ * Regenerate secret response (Controller POST .../regenerate-secret). clientSecret is one-time-only.
+ * @typedef {Object} RegenerateSecretServiceUserResponse
+ * @property {Object} data - Response data
+ * @property {string} data.clientSecret - New client secret (shown once only)
+ */
+
+/**
+ * Update groups response (Controller PUT .../groups)
+ * @typedef {Object} UpdateGroupsServiceUserResponse
+ * @property {Object} data - Response data
+ * @property {string} data.id - Service user ID
+ * @property {string[]} data.groupNames - Updated group names
+ */
+
+/**
+ * Update redirect URIs response (Controller PUT .../redirect-uris)
+ * @typedef {Object} UpdateRedirectUrisServiceUserResponse
+ * @property {Object} data - Response data
+ * @property {string} data.id - Service user ID
+ * @property {string[]} data.redirectUris - Updated redirect URIs
+ */

package/lib/api/types/validation-run.types.js

@@ -0,0 +1,56 @@
+/**
+ * @fileoverview JSDoc types for unified validation run (POST /api/v1/validation/run).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * @typedef {'externalSystem'|'externalDataSource'} ValidationScope
+ */
+
+/**
+ * @typedef {'test'|'integration'|'e2e'} ValidationRunKind
+ */
+
+/**
+ * Request body for POST /api/v1/validation/run (camelCase; see Dataplane OpenAPI).
+ * @typedef {Object} ValidationRunRequestBody
+ * @property {string} [systemIdOrKey]
+ * @property {string} [systemKey]
+ * @property {string[]} [datasourceKeys]
+ * @property {string} [datasourceKey]
+ * @property {boolean} [explain]
+ * @property {boolean} [includeLiveChecks]
+ * @property {boolean} [includeLiveDebug]
+ * @property {boolean} [showCapabilities]
+ * @property {boolean} [explainMetrics]
+ * @property {boolean} [explainCertification]
+ * @property {boolean} [includeMetrics]
+ * @property {boolean} [includeCertification]
+ * @property {Object} [systemConfig]
+ * @property {Object[]} [datasourceConfigs]
+ * @property {ValidationScope} [validationScope]
+ * @property {ValidationRunKind} [runType]
+ * @property {Object} [payloadTemplate]
+ * @property {boolean} [asyncRun]
+ * @property {Object} [e2eOptions]
+ * @property {boolean} [includeDebug]
+ */
+
+/**
+ * Minimal DatasourceTestRun shape for CLI exit / display (full schema in lib/schema).
+ * @typedef {Object} DatasourceTestRunLike
+ * @property {string} [reportVersion]
+ * @property {string} datasourceKey
+ * @property {string} systemKey
+ * @property {ValidationRunKind} runType
+ * @property {'ok'|'warn'|'fail'|'skipped'} status
+ * @property {'minimal'|'partial'|'full'} [reportCompleteness]
+ * @property {string} [runId]
+ * @property {string} [testRunId]
+ * @property {Object} [certificate]
+ * @property {string} [certificate.status]
+ * @property {Object} [developer]
+ */
+
+module.exports = {};

package/lib/api/validation-run.api.js

@@ -0,0 +1,99 @@
+/**
+ * @fileoverview Unified dataplane validation API — POST /api/v1/validation/run and poll GET.
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const { ApiClient } = require('./index');
+
+const POST_PATH = '/api/v1/validation/run';
+
+function buildClientCredentialHeaders(authConfig) {
+  if (!authConfig || typeof authConfig !== 'object') return null;
+  if (authConfig.type !== 'client-credentials') return null;
+  if (!authConfig.clientId || !authConfig.clientSecret) return null;
+  return {
+    'x-client-id': String(authConfig.clientId),
+    'x-client-secret': String(authConfig.clientSecret)
+  };
+}
+
+/**
+ * Normalize auth for dataplane: Bearer user token, x-client-token app token, or API key as Bearer.
+ * @param {Object} authConfig - Auth configuration
+ * @returns {Object} Auth for ApiClient
+ */
+function normalizeDataplaneAuth(authConfig) {
+  if (!authConfig || typeof authConfig !== 'object') {
+    throw new Error('authConfig is required');
+  }
+  if (authConfig.token) {
+    return authConfig;
+  }
+  if (authConfig.apiKey) {
+    return { ...authConfig, token: authConfig.apiKey, type: authConfig.type || 'bearer' };
+  }
+  throw new Error(
+    'Validation run requires Bearer token or API key. Run \'aifabrix login\' or configure API key.'
+  );
+}
+
+/**
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @function postValidationRun
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Authentication (token or apiKey)
+ * @param {import('./types/validation-run.types').ValidationRunRequestBody} body - Request JSON body
+ * @returns {Promise<Object>} ApiClient result: { success, data, status, ... }
+ */
+async function postValidationRun(dataplaneUrl, authConfig, body) {
+  const hdrs = buildClientCredentialHeaders(authConfig);
+  const clientAuth = hdrs ? {} : normalizeDataplaneAuth(authConfig);
+  const client = new ApiClient(dataplaneUrl, clientAuth);
+  return client.post(POST_PATH, { body, headers: hdrs || undefined });
+}
+
+/**
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @function getValidationRun
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Authentication
+ * @param {string} testRunId - Poll id from 202 / envelope
+ * @returns {Promise<Object>} ApiClient result
+ */
+async function getValidationRun(dataplaneUrl, authConfig, testRunId) {
+  if (!testRunId || typeof testRunId !== 'string') {
+    throw new Error('testRunId is required for validation run poll');
+  }
+  const hdrs = buildClientCredentialHeaders(authConfig);
+  const clientAuth = hdrs ? {} : normalizeDataplaneAuth(authConfig);
+  const client = new ApiClient(dataplaneUrl, clientAuth);
+  const path = `${POST_PATH}/${encodeURIComponent(testRunId)}`;
+  return client.get(path, { headers: hdrs || undefined });
+}
+
+/**
+ * Extract async poll id from POST 202 body or partial DatasourceTestRun.
+ * @param {Object} data - Parsed JSON body
+ * @returns {string|null}
+ */
+function extractTestRunId(data) {
+  if (!data || typeof data !== 'object') return null;
+  if (typeof data.testRunId === 'string' && data.testRunId.trim()) return data.testRunId.trim();
+  if (data.testRunId && typeof data.testRunId === 'object') {
+    const id = data.testRunId.id || data.testRunId.key;
+    if (typeof id === 'string' && id.trim()) return id.trim();
+  }
+  return null;
+}
+
+module.exports = {
+  postValidationRun,
+  getValidationRun,
+  extractTestRunId,
+  normalizeDataplaneAuth,
+  buildClientCredentialHeaders,
+  POST_PATH
+};

package/lib/api/validation-runner.js

@@ -0,0 +1,99 @@
+/**
+ * @fileoverview Single reusable module for unified validation POST + optional poll.
+ *
+ * Used by datasource- and system-scoped CLI flows to enforce plan §9 behavior consistently.
+ */
+
+'use strict';
+
+const { extractTestRunId } = require('./validation-run.api');
+const { postValidationRunWithTransportRetry } = require('../utils/validation-run-post-retry');
+const { pollValidationRunUntilComplete } = require('../utils/validation-run-poll');
+
+/**
+ * POST /api/v1/validation/run and (when async) poll GET until reportCompleteness is full.
+ *
+ * @param {Object} opts
+ * @param {string} opts.dataplaneUrl
+ * @param {Object} opts.authConfig
+ * @param {Object} opts.body
+ * @param {number} opts.timeoutMs
+ * @param {boolean} opts.useAsync
+ * @param {boolean} opts.noAsync
+ * @returns {Promise<{ envelope: Object|null, apiError: Object|null, pollTimedOut: boolean, incompleteNoAsync: boolean }>}
+ */
+/* eslint-disable max-lines-per-function, max-statements, complexity -- POST + poll orchestration */
+async function postValidationRunAndOptionalPoll(opts) {
+  const { dataplaneUrl, authConfig, body, timeoutMs, useAsync, noAsync } = opts;
+  const started = Date.now();
+  const postRes = await postValidationRunWithTransportRetry(dataplaneUrl, authConfig, body);
+  if (!postRes.success) {
+    return {
+      envelope: null,
+      apiError: postRes,
+      pollTimedOut: false,
+      incompleteNoAsync: false
+    };
+  }
+
+  let envelope = postRes.data;
+  const httpStatus = postRes.status;
+  const testRunId = extractTestRunId(envelope);
+  const completeness = envelope && envelope.reportCompleteness;
+  const needsPoll =
+    httpStatus === 202 ||
+    (testRunId && completeness && completeness !== 'full' && useAsync);
+
+  if (needsPoll && testRunId) {
+    const elapsed = Date.now() - started;
+    const remaining = Math.max(0, timeoutMs - elapsed);
+    const pollResult = await pollValidationRunUntilComplete({
+      dataplaneUrl,
+      authConfig,
+      testRunId,
+      budgetMs: remaining
+    });
+    if (!pollResult.lastApiResult || !pollResult.lastApiResult.success) {
+      return {
+        envelope: pollResult.envelope,
+        apiError: pollResult.lastApiResult,
+        pollTimedOut: pollResult.timedOut,
+        incompleteNoAsync: false
+      };
+    }
+    envelope = pollResult.envelope;
+    if (pollResult.timedOut) {
+      return {
+        envelope,
+        apiError: null,
+        pollTimedOut: true,
+        incompleteNoAsync: false
+      };
+    }
+  }
+
+  if (
+    noAsync &&
+    envelope &&
+    envelope.reportCompleteness &&
+    envelope.reportCompleteness !== 'full'
+  ) {
+    return {
+      envelope,
+      apiError: null,
+      pollTimedOut: false,
+      incompleteNoAsync: true
+    };
+  }
+
+  return {
+    envelope,
+    apiError: null,
+    pollTimedOut: false,
+    incompleteNoAsync: false
+  };
+}
+/* eslint-enable max-lines-per-function, max-statements, complexity */
+
+module.exports = { postValidationRunAndOptionalPoll };
+

package/lib/app/config.js

@@ -135,7 +135,7 @@ async function generateEnvTemplateFile(appPath, appName, config, existingEnv) {
       envTemplate = envResult.template;
 
       if (envResult.warnings.length > 0) {
-        logger.log(chalk.yellow('\n⚠️  Environment conversion warnings:'));
+        logger.log(chalk.yellow('\n⚠  Environment conversion warnings:'));
         envResult.warnings.forEach(warning => logger.log(chalk.yellow(`  - ${warning}`)));
       }
     } else {

package/lib/app/deploy-status-display.js

@@ -69,9 +69,9 @@ async function displayAppUrlFromController(controllerUrl, envKey, appKey, authCo
     url = buildAppUrlFromControllerAndPort(controllerUrl, port);
   }
   if (url) {
-    logger.log(chalk.green(`   ✓ App running at ${url}`));
+    logger.log(chalk.green(`   ✔ App running at ${url}`));
   } else {
-    logger.log(chalk.blue('   ✓ App deployed. Get URL from controller dashboard.'));
+    logger.log(chalk.blue('   ✔ App deployed. Get URL from controller dashboard.'));
   }
 }
 

package/lib/app/deploy.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder Application Deployment Module
  *
@@ -79,7 +80,7 @@ async function validatePushPrerequisites(appName, registry) {
  */
 async function executePush(appName, registry, tags) {
   if (await pushUtils.checkACRAuthentication(registry)) {
-    logger.log(chalk.green(`✓ Already authenticated with ${registry}`));
+    logger.log(formatSuccessLine(`Already authenticated with ${registry}`));
   } else {
     await pushUtils.authenticateACR(registry);
   }
@@ -98,7 +99,7 @@ async function executePush(appName, registry, tags) {
  * @param {string} appName - Application name
  */
 function verifyPushResult(tags, registry, appName) {
-  logger.log(chalk.green(`\n✓ Successfully pushed ${tags.length} tag(s) to ${registry}`));
+  logger.log(formatSuccessParagraph(`Successfully pushed ${tags.length} tag(s) to ${registry}`));
   logger.log(chalk.gray(`Image: ${registry}/${appName}:*`));
   logger.log(chalk.gray(`Tags: ${tags.join(', ')}`));
 }
@@ -173,7 +174,7 @@ async function generateAndValidateManifest(appName, options = {}) {
  * @param {string} manifestPath - Path to manifest file
  */
 function displayDeploymentInfo(manifest, manifestPath) {
-  logger.log(chalk.green(`✓ Manifest generated: ${manifestPath}`));
+  logger.log(formatSuccessLine(`Manifest generated: ${manifestPath}`));
   logger.log(chalk.blue(`   Key: ${manifest.key}`));
   logger.log(chalk.blue(`   Display Name: ${manifest.displayName}`));
   logger.log(chalk.blue(`   Image: ${manifest.image}`));
@@ -216,8 +217,8 @@ function displayDeploymentResults(result) {
     logger.log(chalk.blue(`   Deployment ID: ${result.deploymentId}`));
   }
   if (result.status) {
-    const statusIcon = result.status.status === 'completed' ? '✅' :
-      result.status.status === 'failed' ? '❌' : '⏳';
+    const statusIcon = result.status.status === 'completed' ? '✔' :
+      result.status.status === 'failed' ? '✖' : '⏳';
     logger.log(chalk.blue(`   Status: ${statusIcon} ${result.status.status}`));
   }
 }
@@ -368,7 +369,7 @@ async function executeStandardDeployment(appName, options) {
 }
 
 /**
- * Tries external deploy when builder/<app> does not exist but integration/<app> does.
+ * Tries external deploy when builder/<appKey> does not exist but integration/<systemKey> does.
  * @async
  * @param {string} appName - Application name
  * @param {Object} options - Deployment options

package/lib/app/display.js

@@ -1,3 +1,4 @@
+const { formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Display Utilities
  *
@@ -64,7 +65,7 @@ function displayWebappSuccess(appName, config, envConversionMessage) {
  * @param {string} appPath - Application path
  */
 function displaySuccessMessage(appName, config, envConversionMessage, hasAppFiles = false, appPath = null) {
-  logger.log(chalk.green('\n✓ Application created successfully!'));
+  logger.log(formatSuccessParagraph('Application created successfully!'));
   logger.log(chalk.blue(`\nApplication: ${appName}`));
 
   // Determine location based on app type

package/lib/app/dockerfile.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Dockerfile Generation
  *
@@ -74,7 +75,7 @@ async function generateAndCopyDockerfile(appPath, dockerfilePath, config) {
   const buildConfig = config.build || {};
   const generatedPath = await build.generateDockerfile(appPath, config.language, config, buildConfig);
   await fs.copyFile(generatedPath, dockerfilePath);
-  logger.log(chalk.green('✓ Generated Dockerfile from template'));
+  logger.log(formatSuccessLine('Generated Dockerfile from template'));
   return dockerfilePath;
 }
 
@@ -90,7 +91,7 @@ async function generateDockerfileForApp(appName, options = {}) {
   try {
     const { isExternal } = await detectAppType(appName);
     if (isExternal) {
-      logger.log(chalk.yellow('⚠️  External systems don\'t require Dockerfiles. Skipping...'));
+      logger.log(chalk.yellow('⚠  External systems don\'t require Dockerfiles. Skipping...'));
       return null;
     }
   } catch (error) {

package/lib/app/down.js

@@ -10,6 +10,7 @@
  */
 
 'use strict';
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 
 const chalk = require('chalk');
 const { exec } = require('child_process');
@@ -104,7 +105,7 @@ async function downApp(appName, options = {}) {
         logger.log(chalk.yellow(`Removing volume ${volumeName}...`));
         try {
           await execAsync(`docker volume rm -f ${volumeName}`);
-          logger.log(chalk.green(`✓ Volume ${volumeName} removed`));
+          logger.log(formatSuccessLine(`Volume ${volumeName} removed`));
         } catch (volErr) {
           // Swallow errors for missing volume; provide neutral message
           logger.log(chalk.gray(`Volume ${volumeName} not found or already removed`));

package/lib/app/helpers.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Helper Utilities
  *
@@ -21,7 +22,7 @@ const { getIntegrationPath, getBuilderPath } = require('../utils/paths');
  *
  * @async
  * @param {string} appName - Application or external system name
- * @throws {Error} If integration/<appName> or builder/<appName> already exists
+ * @throws {Error} If integration/<systemKey> or builder/<appKey> already exists
  */
 async function validateAppOrExternalNameNotExists(appName) {
   const integrationPath = getIntegrationPath(appName);
@@ -104,7 +105,7 @@ async function handleGitHubWorkflows(options, config) {
     }
   );
 
-  logger.log(chalk.green('✓ Generated GitHub Actions workflows:'));
+  logger.log(formatSuccessLine('Generated GitHub Actions workflows:'));
   workflowFiles.forEach(file => logger.log(chalk.gray(`  - ${file}`)));
 }
 
@@ -157,7 +158,7 @@ async function processTemplateFiles(template, appPath, appName, options, config)
 
   await validateTemplate(template);
   const copiedFiles = await copyTemplateFiles(template, appPath);
-  logger.log(chalk.green(`✓ Copied ${copiedFiles.length} file(s) from template '${template}'`));
+  logger.log(formatSuccessLine(`Copied ${copiedFiles.length} file(s) from template '${template}'`));
   const { updateTemplateVariables } = require('../utils/template-helpers');
   await updateTemplateVariables(appPath, appName, options, config);
 }
@@ -190,7 +191,7 @@ async function updateVariablesForAppFlag(appPath, appName) {
     writeConfigFile(variablesPath, variables);
   } catch (error) {
     if (!error.message.includes('not found')) {
-      logger.warn(chalk.yellow(`⚠️  Warning: Could not update application config: ${error.message}`));
+      logger.warn(chalk.yellow(`⚠  Warning: Could not update application config: ${error.message}`));
     }
   }
 }
@@ -239,7 +240,7 @@ async function setupAppFiles(appName, appPath, config, options) {
 
   const language = await getLanguageForAppFiles(config.language || options.language, appPath);
   const copiedFiles = await copyAppFiles(language, appsPath);
-  logger.log(chalk.green(`✓ Copied ${copiedFiles.length} application file(s) to apps/${appName}/`));
+  logger.log(formatSuccessLine(`Copied ${copiedFiles.length} application file(s) to apps/${appName}/`));
 }
 
 module.exports = {