npm - @aifabrix/builder - Versions diffs - 2.43.0 → 2.44.0 - Mend

@aifabrix/builder 2.43.0 → 2.44.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (346) hide show

package/.cursor/rules/anchor-docs.mdc +15 -0
package/README.md +1 -1
package/anchor-docs/README.md +10 -0
package/anchor-docs/_TEMPLATE +24 -0
package/bin/aifabrix.js +13 -4
package/integration/hubspot-test/README.md +31 -0
package/integration/hubspot-test/create-hubspot.js +5 -5
package/integration/hubspot-test/hubspot-test-datasource-company.json +58 -462
package/integration/hubspot-test/hubspot-test-datasource-contact.json +61 -555
package/integration/hubspot-test/hubspot-test-datasource-deal.json +63 -506
package/integration/hubspot-test/hubspot-test-datasource-users.json +42 -83
package/integration/hubspot-test/hubspot-test-deploy.json +3 -3
package/integration/hubspot-test/test-dataplane-down-tests.js +1 -7
package/integration/hubspot-test/test-dataplane-down.js +3 -3
package/integration/hubspot-test/test.js +35 -43
package/integration/hubspot-test/wizard-hubspot-test-headless.yaml +23 -0
package/integration/roundtrip-test-local/README.md +144 -0
package/integration/roundtrip-test-local/application.yaml +13 -0
package/integration/roundtrip-test-local/env.template +15 -0
package/integration/roundtrip-test-local/roundtrip-test-local-datasource-roundtrip-test-company.yaml +14 -0
package/integration/roundtrip-test-local/roundtrip-test-local-deploy.json +61 -0
package/integration/roundtrip-test-local/roundtrip-test-local-system.yaml +25 -0
package/integration/roundtrip-test-local2/README.md +144 -0
package/integration/roundtrip-test-local2/application.yaml +13 -0
package/integration/roundtrip-test-local2/env.template +15 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-datasource-company.yaml +31 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-deploy.json +86 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-system.yaml +25 -0
package/integration/test/wizard.yaml +8 -0
package/jest.config.default.js +10 -0
package/jest.config.integration.fixtures.js +22 -0
package/jest.config.integration.js +21 -18
package/jest.config.isolated.js +10 -0
package/jest.projects.js +288 -0
package/lib/api/datasources-core.api.js +3 -3
package/lib/api/dev-mtls-request.js +110 -0
package/lib/api/dev-server-https.js +145 -0
package/lib/api/dev.api.js +133 -144
package/lib/api/index.js +0 -1
package/lib/api/pipeline.api.js +67 -20
package/lib/api/types/dev.types.js +4 -3
package/lib/api/types/pipeline.types.js +8 -5
package/lib/api/types/validation-run.types.js +56 -0
package/lib/api/validation-run.api.js +99 -0
package/lib/api/validation-runner.js +99 -0
package/lib/app/config.js +1 -1
package/lib/app/deploy-status-display.js +2 -2
package/lib/app/deploy.js +7 -6
package/lib/app/display.js +2 -1
package/lib/app/dockerfile.js +3 -2
package/lib/app/down.js +2 -1
package/lib/app/helpers.js +6 -5
package/lib/app/index.js +27 -8
package/lib/app/list.js +7 -6
package/lib/app/push.js +4 -3
package/lib/app/register.js +16 -7
package/lib/app/rotate-secret.js +14 -13
package/lib/app/run-container-start.js +184 -0
package/lib/app/run-docker-fallback.js +108 -0
package/lib/app/run-env-compose.js +30 -42
package/lib/app/run-helpers.js +49 -126
package/lib/app/run-infra-requirements.js +30 -0
package/lib/app/run-resolve-image.js +21 -0
package/lib/app/run.js +74 -21
package/lib/app/show-display.js +1 -1
package/lib/app/show.js +1 -1
package/lib/build/index.js +13 -10
package/lib/cli/index.js +2 -0
package/lib/cli/setup-app.help.js +67 -0
package/lib/cli/setup-app.js +57 -121
package/lib/cli/setup-app.test-commands.js +179 -0
package/lib/cli/setup-auth.js +19 -5
package/lib/cli/setup-credential-deployment.js +22 -8
package/lib/cli/setup-dev-path-commands.js +124 -0
package/lib/cli/setup-dev.js +170 -113
package/lib/cli/setup-environment.js +7 -1
package/lib/cli/setup-external-system.js +62 -22
package/lib/cli/setup-infra.js +126 -47
package/lib/cli/setup-parameters.js +32 -0
package/lib/cli/setup-secrets.js +106 -8
package/lib/cli/setup-service-user.js +1 -1
package/lib/cli/setup-utility.js +36 -20
package/lib/commands/app-down.js +5 -7
package/lib/commands/app-install.js +14 -7
package/lib/commands/app-logs.js +13 -10
package/lib/commands/app-shell.js +4 -1
package/lib/commands/app-test.js +25 -19
package/lib/commands/app.js +22 -10
package/lib/commands/auth-config.js +6 -6
package/lib/commands/auth-status.js +4 -3
package/lib/commands/credential-env.js +4 -3
package/lib/commands/credential-list.js +5 -4
package/lib/commands/credential-push.js +4 -3
package/lib/commands/datasource-unified-test-cli.js +495 -0
package/lib/commands/datasource-unified-test-cli.options.js +149 -0
package/lib/commands/datasource-validation-cli.js +129 -0
package/lib/commands/datasource.js +105 -98
package/lib/commands/deployment-list.js +6 -5
package/lib/commands/dev-cli-handlers.js +122 -18
package/lib/commands/dev-down.js +4 -3
package/lib/commands/dev-init.js +231 -116
package/lib/commands/dev-show-display.js +473 -0
package/lib/commands/login-credentials.js +3 -2
package/lib/commands/login-device.js +4 -3
package/lib/commands/login.js +5 -4
package/lib/commands/logout.js +8 -7
package/lib/commands/parameters-validate.js +54 -0
package/lib/commands/repair-datasource.js +314 -68
package/lib/commands/repair-env-template.js +2 -2
package/lib/commands/repair.js +21 -3
package/lib/commands/secrets-list.js +23 -12
package/lib/commands/secrets-remove-all.js +220 -0
package/lib/commands/secrets-remove.js +21 -12
package/lib/commands/secrets-set.js +21 -12
package/lib/commands/secrets-validate.js +4 -4
package/lib/commands/secure.js +10 -9
package/lib/commands/service-user.js +26 -25
package/lib/commands/test-e2e-external.js +27 -1
package/lib/commands/up-common.js +3 -2
package/lib/commands/up-dataplane.js +29 -16
package/lib/commands/up-miso.js +19 -29
package/lib/commands/upload.js +138 -39
package/lib/commands/wizard-core-helpers.js +1 -1
package/lib/commands/wizard-dataplane.js +4 -3
package/lib/commands/wizard-helpers.js +3 -3
package/lib/commands/wizard.js +2 -2
package/lib/core/admin-secrets.js +14 -5
package/lib/core/audit-logger.js +12 -4
package/lib/core/config-attach-extensions.js +46 -0
package/lib/core/config-runtime-paths.js +29 -0
package/lib/core/config.js +55 -56
package/lib/core/diff.js +3 -2
package/lib/core/ensure-encryption-key.js +1 -1
package/lib/core/secrets-ensure-infra.js +77 -0
package/lib/core/secrets-ensure.js +120 -64
package/lib/core/secrets-env-write.js +35 -7
package/lib/core/secrets-infra-placeholder-sync.js +61 -0
package/lib/core/secrets.js +200 -37
package/lib/core/templates-env.js +4 -3
package/lib/datasource/abac-validator.js +1 -10
package/lib/datasource/deploy.js +75 -53
package/lib/datasource/field-reference-validator.js +9 -6
package/lib/datasource/integration-context.js +63 -0
package/lib/datasource/list.js +8 -7
package/lib/datasource/log-viewer.js +84 -53
package/lib/datasource/resolve-app.js +4 -4
package/lib/datasource/test-e2e.js +95 -146
package/lib/datasource/test-integration.js +114 -122
package/lib/datasource/unified-validation-run-body.js +65 -0
package/lib/datasource/unified-validation-run-post.js +23 -0
package/lib/datasource/unified-validation-run-resolve.js +43 -0
package/lib/datasource/unified-validation-run.js +92 -0
package/lib/datasource/validate.js +157 -13
package/lib/deployment/deployer.js +4 -3
package/lib/deployment/environment.js +7 -6
package/lib/deployment/push.js +17 -8
package/lib/external-system/delete.js +4 -3
package/lib/external-system/deploy.js +131 -53
package/lib/external-system/download-helpers.js +1 -1
package/lib/external-system/download.js +7 -6
package/lib/external-system/generator.js +92 -6
package/lib/external-system/integration-test-dispatch.js +26 -0
package/lib/external-system/test-execution.js +5 -1
package/lib/external-system/test-helpers.js +0 -4
package/lib/external-system/test-system-level-helpers.js +110 -0
package/lib/external-system/test-system-level.js +83 -44
package/lib/external-system/test.js +59 -8
package/lib/generator/builders.js +23 -11
package/lib/generator/deploy-manifest-azure-kv.js +81 -0
package/lib/generator/external.js +16 -4
package/lib/generator/helpers.js +58 -3
package/lib/generator/index.js +4 -0
package/lib/generator/split-readme.js +12 -7
package/lib/generator/split-variables.js +2 -1
package/lib/generator/split.js +1 -1
package/lib/generator/wizard-readme.js +3 -3
package/lib/generator/wizard.js +8 -8
package/lib/infrastructure/compose.js +60 -6
package/lib/infrastructure/helpers.js +201 -29
package/lib/infrastructure/index.js +28 -17
package/lib/infrastructure/services.js +21 -15
package/lib/internal/fs-real-sync.js +104 -0
package/lib/internal/node-fs.js +98 -0
package/lib/parameters/database-secret-values.js +173 -0
package/lib/parameters/infra-kv-discovery.js +121 -0
package/lib/parameters/infra-parameter-catalog.js +458 -0
package/lib/parameters/infra-parameter-validate.js +64 -0
package/lib/schema/application-schema.json +37 -17
package/lib/schema/datasource-test-run.schema.json +493 -0
package/lib/schema/deployment-rules.yaml +102 -63
package/lib/schema/external-datasource.schema.json +1200 -442
package/lib/schema/external-system.schema.json +181 -5
package/lib/schema/flag-map-validation-run.json +31 -0
package/lib/schema/infra-parameter.schema.json +106 -0
package/lib/schema/infra.parameter.yaml +421 -0
package/lib/schema/type/credential-auth-templates.json +40 -0
package/lib/schema/type/document-storage.json +213 -0
package/lib/schema/type/message-service.json +123 -0
package/lib/schema/type/vector-store.json +88 -0
package/lib/utils/aifabrix-runtime-config-dir.js +132 -0
package/lib/utils/api-error-handler.js +2 -2
package/lib/utils/api.js +49 -14
package/lib/utils/app-register-api.js +3 -2
package/lib/utils/app-register-auth.js +1 -1
package/lib/utils/app-register-config.js +4 -4
package/lib/utils/app-register-display.js +3 -2
package/lib/utils/app-register-validator.js +3 -2
package/lib/utils/app-run-containers.js +26 -22
package/lib/utils/app-scoped-config.js +31 -0
package/lib/utils/app-service-env-from-builder.js +164 -0
package/lib/utils/build-copy.js +1 -1
package/lib/utils/build-helpers.js +20 -20
package/lib/utils/build-resolve-image.js +165 -0
package/lib/utils/cli-layout-chalk.js +8 -0
package/lib/utils/cli-test-layout-chalk.js +267 -0
package/lib/utils/cli-utils.js +88 -11
package/lib/utils/compose-db-passwords.js +138 -0
package/lib/utils/compose-generate-docker-compose.js +216 -0
package/lib/utils/compose-generator.js +197 -291
package/lib/utils/compose-miso-env.js +18 -0
package/lib/utils/compose-traefik-ingress-base.js +158 -0
package/lib/utils/config-paths.js +166 -7
package/lib/utils/config-scoped-resources-preference.js +41 -0
package/lib/utils/controller-deployment-outcome.js +68 -0
package/lib/utils/credential-display.js +2 -2
package/lib/utils/dataplane-pipeline-warning.js +4 -3
package/lib/utils/datasource-test-run-capability-scope.js +43 -0
package/lib/utils/datasource-test-run-debug-display.js +137 -0
package/lib/utils/datasource-test-run-debug-slice.js +93 -0
package/lib/utils/datasource-test-run-display.js +442 -0
package/lib/utils/datasource-test-run-exit.js +58 -0
package/lib/utils/datasource-test-run-legacy-adapter.js +93 -0
package/lib/utils/datasource-test-run-report-version.js +51 -0
package/lib/utils/datasource-test-run-schema-sync.js +59 -0
package/lib/utils/datasource-test-run-tty-log.js +81 -0
package/lib/utils/datasource-validation-watch.js +266 -0
package/lib/utils/declarative-url-ports.js +47 -0
package/lib/utils/derive-env-key-from-client-id.js +41 -0
package/lib/utils/dev-ca-install.js +185 -23
package/lib/utils/dev-cert-helper.js +266 -17
package/lib/utils/dev-hosts-helper.js +307 -0
package/lib/utils/dev-init-cert-hints.js +37 -0
package/lib/utils/dev-init-health-messages.js +52 -0
package/lib/utils/dev-init-resolve.js +86 -0
package/lib/utils/dev-init-ssh-merge.js +65 -0
package/lib/utils/dev-ssh-config-helper.js +196 -0
package/lib/utils/dev-user-groups.js +93 -0
package/lib/utils/docker-build.js +42 -17
package/lib/utils/docker-exec.js +28 -0
package/lib/utils/docker-manifest-public-port.js +116 -0
package/lib/utils/docker-not-running-hint.js +52 -0
package/lib/utils/docker.js +98 -11
package/lib/utils/ensure-dev-certs-for-remote-docker.js +192 -0
package/lib/utils/env-config-loader.js +10 -91
package/lib/utils/env-copy.js +19 -10
package/lib/utils/env-map.js +35 -8
package/lib/utils/env-template.js +2 -2
package/lib/utils/environment-scoped-resources.js +144 -0
package/lib/utils/error-formatter.js +92 -13
package/lib/utils/error-formatters/http-status-errors.js +6 -5
package/lib/utils/error-formatters/network-errors.js +2 -1
package/lib/utils/error-formatters/permission-errors.js +2 -1
package/lib/utils/error-formatters/validation-errors.js +2 -1
package/lib/utils/external-readme.js +8 -1
package/lib/utils/external-system-display.js +234 -136
package/lib/utils/external-system-local-test-tty.js +389 -0
package/lib/utils/external-system-readiness-core.js +377 -0
package/lib/utils/external-system-readiness-deploy-display.js +270 -0
package/lib/utils/external-system-readiness-display-internals.js +150 -0
package/lib/utils/external-system-readiness-display.js +186 -0
package/lib/utils/external-system-test-helpers.js +24 -6
package/lib/utils/external-system-validators.js +30 -12
package/lib/utils/health-check-url.js +119 -0
package/lib/utils/health-check.js +59 -25
package/lib/utils/help-builder.js +11 -8
package/lib/utils/image-version.js +4 -8
package/lib/utils/infra-containers.js +4 -7
package/lib/utils/infra-env-defaults.js +162 -0
package/lib/utils/infra-status-display.js +167 -0
package/lib/utils/infra-status.js +16 -8
package/lib/utils/local-secrets.js +3 -4
package/lib/utils/paths.js +134 -47
package/lib/utils/port-resolver.js +10 -23
package/lib/utils/redis-env-scope.js +62 -0
package/lib/utils/register-aifabrix-shell-env.js +204 -0
package/lib/utils/remote-builder-validation.js +99 -0
package/lib/utils/remote-dev-auth.js +117 -21
package/lib/utils/remote-docker-env.js +67 -15
package/lib/utils/remote-secrets-loader.js +13 -4
package/lib/utils/resolve-docker-image-ref.js +124 -0
package/lib/utils/schema-loader.js +22 -9
package/lib/utils/secrets-bash-kv.js +25 -0
package/lib/utils/secrets-generator.js +169 -49
package/lib/utils/secrets-helpers.js +70 -59
package/lib/utils/secrets-kv-scope.js +60 -0
package/lib/utils/secrets-utils.js +32 -38
package/lib/utils/secrets-validation.js +3 -1
package/lib/utils/secrets-yaml-preserve.js +109 -0
package/lib/utils/ssh-key-helper.js +4 -2
package/lib/utils/template-helpers.js +2 -2
package/lib/utils/test-log-writer.js +3 -3
package/lib/utils/token-manager.js +1 -2
package/lib/utils/url-declarative-public-base.js +188 -0
package/lib/utils/url-declarative-resolve-build.js +493 -0
package/lib/utils/url-declarative-resolve-load-doc.js +51 -0
package/lib/utils/url-declarative-resolve.js +220 -0
package/lib/utils/url-declarative-token-parse.js +74 -0
package/lib/utils/url-declarative-url-flags.js +50 -0
package/lib/utils/url-declarative-vdir-inactive-env.js +99 -0
package/lib/utils/url-public-path-prefix.js +34 -0
package/lib/utils/urls-local-registry.js +220 -0
package/lib/utils/validation-report-tty-kit.js +77 -0
package/lib/utils/validation-run-poll.js +89 -0
package/lib/utils/validation-run-post-retry.js +73 -0
package/lib/utils/validation-run-request.js +98 -0
package/lib/utils/variable-transformer.js +21 -4
package/lib/utils/yaml-preserve.js +33 -14
package/lib/validation/datasource-warnings.js +56 -0
package/lib/validation/env-template-auth.js +1 -1
package/lib/validation/external-manifest-validator.js +27 -7
package/lib/validation/validate-display.js +37 -31
package/lib/validation/validate.js +4 -13
package/lib/validation/validator-unresolved-placeholders.js +98 -0
package/lib/validation/validator.js +22 -65
package/lib/validation/wizard-config-validator.js +2 -1
package/package.json +7 -3
package/scripts/check-datasource-test-run-schema-sync.js +34 -0
package/scripts/diagnose-cli.js +150 -0
package/scripts/install-local.js +304 -55
package/templates/README.md +15 -2
package/templates/applications/dataplane/application.yaml +52 -2
package/templates/applications/dataplane/env.template +75 -17
package/templates/applications/dataplane/rbac.yaml +8 -0
package/templates/applications/keycloak/application.yaml +9 -1
package/templates/applications/keycloak/env.template +15 -6
package/templates/applications/miso-controller/application.yaml +10 -2
package/templates/applications/miso-controller/env.template +42 -12
package/templates/applications/miso-controller/rbac.yaml +5 -0
package/templates/external-system/README.md.hbs +20 -7
package/templates/external-system/deploy.js.hbs +5 -5
package/templates/external-system/external-datasource.yaml.hbs +197 -118
package/templates/infra/compose.yaml.hbs +20 -4
package/templates/python/docker-compose.hbs +16 -0
package/templates/typescript/docker-compose.hbs +16 -0
package/lib/api/external-test.api.js +0 -111
package/lib/schema/env-config.yaml +0 -60

package/lib/commands/secrets-remove-all.js ADDED Viewed

@@ -0,0 +1,220 @@
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
+/**
+ * @fileoverview aifabrix secret remove-all – remove every secret (user file, shared file, or remote API)
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+const path = require('path');
+const fs = require('fs');
+const readline = require('readline');
+const yaml = require('js-yaml');
+const chalk = require('chalk');
+const logger = require('../utils/logger');
+const { getAifabrixSecretsPath } = require('../core/config');
+const pathsUtil = require('../utils/paths');
+const remoteDevAuth = require('../utils/remote-dev-auth');
+const devApi = require('../api/dev.api');
+/**
+ * @param {string} question
+ * @returns {Promise<string>}
+ */
+function promptLine(question) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise(resolve => {
+    rl.question(question, answer => {
+      rl.close();
+      resolve((answer || '').trim());
+    });
+  });
+}
+/**
+ * Read secret keys from a YAML secrets file.
+ * @param {string} filePath - Absolute path
+ * @returns {string[]} Sorted unique keys
+ */
+function listKeysFromYamlFile(filePath) {
+  if (!fs.existsSync(filePath)) {
+    return [];
+  }
+  try {
+    const content = fs.readFileSync(filePath, 'utf8');
+    const data = yaml.load(content) || {};
+    if (typeof data !== 'object' || Array.isArray(data)) {
+      return [];
+    }
+    return Object.keys(data).sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' }));
+  } catch {
+    return [];
+  }
+}
+/**
+ * Write an empty secrets map to file (same options as single-key remove).
+ * @param {string} filePath - Absolute path
+ */
+function writeEmptySecretsFile(filePath) {
+  const yamlContent = yaml.dump({}, { indent: 2, lineWidth: -1, noRefs: true, sortKeys: false });
+  fs.writeFileSync(filePath, yamlContent, { mode: 0o600 });
+}
+/**
+ * @param {boolean} skipPrompt - When true (--yes), skip confirmation
+ * @param {string} whereLabel - Human-readable target
+ * @param {number} count - Number of keys
+ * @returns {Promise<boolean>}
+ */
+async function confirmRemoveAll(skipPrompt, whereLabel, count) {
+  if (skipPrompt) {
+    return true;
+  }
+  logger.log(chalk.yellow(`\nThis will permanently remove all ${count} secret key(s) from ${whereLabel}.`));
+  logger.log(chalk.gray('This cannot be undone.\n'));
+  const answer = (await promptLine(chalk.bold('Type "yes" to confirm (anything else cancels): '))).toLowerCase();
+  return answer === 'yes';
+}
+/**
+ * @param {Object} auth - Remote dev auth (serverUrl, clientCertPem, serverCaPem)
+ * @param {string} target - Secrets endpoint URL
+ * @returns {Promise<string[]>}
+ */
+async function listRemoteSecretKeys(auth, target) {
+  const items = await devApi.listSecrets(
+    auth.serverUrl,
+    auth.clientCertPem,
+    auth.serverCaPem || undefined,
+    target
+  );
+  return (Array.isArray(items) ? items : [])
+    .map(i => i.name || i.key || '')
+    .filter(k => typeof k === 'string' && k.length > 0)
+    .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' }));
+}
+/**
+ * @param {string} target - Secrets endpoint URL
+ * @returns {string}
+ */
+function labelForRemoteSharedSecrets(target) {
+  const host = remoteDevAuth.getSharedSecretsRemoteHostname(target);
+  return host ? `shared secrets (remote - ${host})` : 'shared secrets (remote)';
+}
+/**
+ * @param {Object} auth
+ * @param {string[]} keys
+ * @param {string} target
+ * @returns {Promise<void>}
+ */
+async function deleteRemoteSecretKeys(auth, keys, target) {
+  const ca = auth.serverCaPem || undefined;
+  for (const key of keys) {
+    await devApi.deleteSecret(auth.serverUrl, auth.clientCertPem, key, ca, target);
+  }
+}
+/**
+ * Remove every shared secret via remote API.
+ * @param {string} target - Resolved secrets endpoint URL
+ * @param {Object} options - { yes?: boolean }
+ * @returns {Promise<void>}
+ */
+async function removeAllRemoteSharedSecrets(target, options) {
+  const auth = await remoteDevAuth.getRemoteDevAuth();
+  if (!auth) {
+    throw new Error('Remote server not configured or certificate missing. Run "aifabrix dev init" first.');
+  }
+  const keys = await listRemoteSecretKeys(auth, target);
+  if (keys.length === 0) {
+    logger.log(chalk.gray('No shared secrets to remove.'));
+    return;
+  }
+  const where = labelForRemoteSharedSecrets(target);
+  const ok = await confirmRemoveAll(!!options.yes, where, keys.length);
+  if (!ok) {
+    logger.log(chalk.gray('Cancelled. No secrets were removed.'));
+    return;
+  }
+  await deleteRemoteSecretKeys(auth, keys, target);
+  logger.log(formatSuccessLine(`Removed ${keys.length} secret key(s) from ${where}.`));
+}
+/**
+ * Remove every key from a shared secrets YAML file.
+ * @param {string} resolvedPath - Absolute file path
+ * @param {Object} options - { yes?: boolean }
+ * @returns {Promise<void>}
+ */
+async function removeAllSharedFileSecrets(resolvedPath, options) {
+  const keys = listKeysFromYamlFile(resolvedPath);
+  if (keys.length === 0) {
+    logger.log(chalk.gray('No shared secrets to remove.'));
+    return;
+  }
+  const ok = await confirmRemoveAll(!!options.yes, `shared secrets file (${resolvedPath})`, keys.length);
+  if (!ok) {
+    logger.log(chalk.gray('Cancelled. No secrets were removed.'));
+    return;
+  }
+  writeEmptySecretsFile(resolvedPath);
+  logger.log(formatSuccessLine(`Removed ${keys.length} secret key(s) from shared secrets file.`));
+}
+/**
+ * Remove every key from shared store (remote API or file).
+ * @param {string} generalSecretsPath - Path or URL from config
+ * @param {Object} options - { yes?: boolean }
+ * @returns {Promise<void>}
+ */
+async function removeAllSharedSecrets(generalSecretsPath, options) {
+  const target = await remoteDevAuth.resolveSharedSecretsEndpoint(generalSecretsPath);
+  if (remoteDevAuth.isRemoteSecretsUrl(target)) {
+    await removeAllRemoteSharedSecrets(target, options);
+    return;
+  }
+  const resolvedPath = path.isAbsolute(target) ? target : path.resolve(process.cwd(), target);
+  await removeAllSharedFileSecrets(resolvedPath, options);
+}
+/**
+ * @param {Object} options - { yes?: boolean }
+ * @returns {Promise<void>}
+ */
+async function removeAllUserSecrets(options) {
+  const userSecretsPath = pathsUtil.getPrimaryUserSecretsLocalPath();
+  const keys = listKeysFromYamlFile(userSecretsPath);
+  if (keys.length === 0) {
+    logger.log(chalk.gray('No user secrets to remove.'));
+    return;
+  }
+  const ok = await confirmRemoveAll(!!options.yes, `user secrets (${userSecretsPath})`, keys.length);
+  if (!ok) {
+    logger.log(chalk.gray('Cancelled. No secrets were removed.'));
+    return;
+  }
+  writeEmptySecretsFile(userSecretsPath);
+  logger.log(formatSuccessLine(`Removed ${keys.length} secret key(s) from user secrets.`));
+}
+/**
+ * Handle secret remove-all command.
+ * @param {Object} options - { shared?: boolean, yes?: boolean }
+ * @returns {Promise<void>}
+ */
+async function handleSecretsRemoveAll(options) {
+  const isShared = options.shared || options['shared'] || false;
+  if (!isShared) {
+    await removeAllUserSecrets(options);
+    return;
+  }
+  const generalSecretsPath = await getAifabrixSecretsPath();
+  if (!generalSecretsPath) {
+    throw new Error('Shared secrets not configured. Set aifabrix-secrets in config.yaml.');
+  }
+  await removeAllSharedSecrets(generalSecretsPath, options);
+}
+module.exports = { handleSecretsRemoveAll };

package/lib/commands/secrets-remove.js CHANGED Viewed

@@ -4,14 +4,14 @@
  * @version 2.0.0
  */
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 const path = require('path');
 const fs = require('fs');
 const yaml = require('js-yaml');
-const chalk = require('chalk');
 const logger = require('../utils/logger');
 const { getAifabrixSecretsPath } = require('../core/config');
 const pathsUtil = require('../utils/paths');
-const { isRemoteSecretsUrl, getRemoteDevAuth } = require('../utils/remote-dev-auth');
+const remoteDevAuth = require('../utils/remote-dev-auth');
 const devApi = require('../api/dev.api');
 /**
@@ -44,27 +44,36 @@ function removeKeyFromFile(key, filePath) {
  * @returns {Promise<void>}
  */
 async function removeSharedSecret(key, generalSecretsPath) {
-  if (isRemoteSecretsUrl(generalSecretsPath)) {
-    const auth = await getRemoteDevAuth();
+  const target = await remoteDevAuth.resolveSharedSecretsEndpoint(generalSecretsPath);
+  if (remoteDevAuth.isRemoteSecretsUrl(target)) {
+    const auth = await remoteDevAuth.getRemoteDevAuth();
     if (!auth) {
       throw new Error('Remote server not configured or certificate missing. Run "aifabrix dev init" first.');
     }
     try {
-      await devApi.deleteSecret(auth.serverUrl, auth.clientCertPem, key);
+      await devApi.deleteSecret(
+        auth.serverUrl,
+        auth.clientCertPem,
+        key,
+        auth.serverCaPem || undefined,
+        target
+      );
     } catch (err) {
       if (err.status === 404) {
         throw new Error(`Secret '${key}' not found.`);
       }
       throw err;
     }
-    logger.log(chalk.green(`✓ Secret '${key}' removed from remote shared secrets.`));
+    const host = remoteDevAuth.getSharedSecretsRemoteHostname(target);
+    const where = host ? `shared secrets (remote - ${host})` : 'shared secrets (remote)';
+    logger.log(formatSuccessLine(`Secret '${key}' removed from ${where}.`));
     return;
   }
-  const resolvedPath = path.isAbsolute(generalSecretsPath)
-    ? generalSecretsPath
-    : path.resolve(process.cwd(), generalSecretsPath);
+  const resolvedPath = path.isAbsolute(target)
+    ? target
+    : path.resolve(process.cwd(), target);
   removeKeyFromFile(key, resolvedPath);
-  logger.log(chalk.green(`✓ Secret '${key}' removed from shared secrets file.`));
+  logger.log(formatSuccessLine(`Secret '${key}' removed from shared secrets file.`));
 }
 /**
@@ -88,9 +97,9 @@ async function handleSecretsRemove(key, options) {
     }
     await removeSharedSecret(key, generalSecretsPath);
   } else {
-    const userSecretsPath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
+    const userSecretsPath = pathsUtil.getPrimaryUserSecretsLocalPath();
     removeKeyFromFile(key, userSecretsPath);
-    logger.log(chalk.green(`✓ Secret '${key}' removed from user secrets.`));
+    logger.log(formatSuccessLine(`Secret '${key}' removed from user secrets.`));
   }
 }

package/lib/commands/secrets-set.js CHANGED Viewed

@@ -9,13 +9,13 @@
  * @version 2.0.0
  */
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 const path = require('path');
-const chalk = require('chalk');
 const logger = require('../utils/logger');
 const { getAifabrixSecretsPath } = require('../core/config');
 const { saveLocalSecret, saveSecret } = require('../utils/local-secrets');
 const pathsUtil = require('../utils/paths');
-const { isRemoteSecretsUrl, getRemoteDevAuth } = require('../utils/remote-dev-auth');
+const remoteDevAuth = require('../utils/remote-dev-auth');
 const devApi = require('../api/dev.api');
 /**
@@ -39,20 +39,29 @@ const devApi = require('../api/dev.api');
  * @returns {Promise<void>}
  */
 async function setSharedSecret(key, value, generalSecretsPath) {
-  if (isRemoteSecretsUrl(generalSecretsPath)) {
-    const auth = await getRemoteDevAuth();
+  const target = await remoteDevAuth.resolveSharedSecretsEndpoint(generalSecretsPath);
+  if (remoteDevAuth.isRemoteSecretsUrl(target)) {
+    const auth = await remoteDevAuth.getRemoteDevAuth();
     if (!auth) {
       throw new Error('Remote server not configured or certificate missing. Run "aifabrix dev init" first.');
     }
-    await devApi.addSecret(auth.serverUrl, auth.clientCertPem, { key, value });
-    logger.log(chalk.green(`✓ Secret '${key}' saved to remote secrets (shared).`));
+    await devApi.addSecret(
+      auth.serverUrl,
+      auth.clientCertPem,
+      { key, value },
+      auth.serverCaPem || undefined,
+      target
+    );
+    const host = remoteDevAuth.getSharedSecretsRemoteHostname(target);
+    const where = host ? `shared secrets (remote - ${host})` : 'shared secrets (remote)';
+    logger.log(formatSuccessLine(`Secret '${key}' saved to ${where}.`));
     return;
   }
-  const resolvedPath = path.isAbsolute(generalSecretsPath)
-    ? generalSecretsPath
-    : path.resolve(process.cwd(), generalSecretsPath);
+  const resolvedPath = path.isAbsolute(target)
+    ? target
+    : path.resolve(process.cwd(), target);
   await saveSecret(key, value, resolvedPath);
-  logger.log(chalk.green(`✓ Secret '${key}' saved to general secrets file: ${resolvedPath}`));
+  logger.log(formatSuccessLine(`Secret '${key}' saved to general secrets file: ${resolvedPath}`));
 }
 async function handleSecretsSet(key, value, options) {
@@ -80,8 +89,8 @@ async function handleSecretsSet(key, value, options) {
     await setSharedSecret(key, value, generalSecretsPath);
   } else {
     await saveLocalSecret(key, value);
-    const userSecretsPath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
-    logger.log(chalk.green(`✓ Secret '${key}' saved to user secrets file: ${userSecretsPath}`));
+    const userSecretsPath = pathsUtil.getPrimaryUserSecretsLocalPath();
+    logger.log(formatSuccessLine(`Secret '${key}' saved to user secrets file: ${userSecretsPath}`));
   }
 }

package/lib/commands/secrets-validate.js CHANGED Viewed

@@ -1,3 +1,4 @@
+const { formatBlockingError, formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder – Secrets validate command
  *
@@ -9,7 +10,6 @@
  */
 const chalk = require('chalk');
-const path = require('path');
 const logger = require('../utils/logger');
 const { validateSecretsFile } = require('../utils/secrets-validation');
 const { validateDataplaneSecrets } = require('../utils/token-manager');
@@ -34,7 +34,7 @@ async function handleSecretsValidate(pathArg, options = {}) {
     if (target.type === 'file' && target.filePath) {
       filePath = target.filePath;
     } else {
-      filePath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
+      filePath = pathsUtil.getPrimaryUserSecretsLocalPath();
     }
   }
@@ -42,9 +42,9 @@ async function handleSecretsValidate(pathArg, options = {}) {
   const dataplaneResult = validateDataplaneSecrets(filePath);
   const allValid = result.valid && dataplaneResult.valid;
   if (result.valid) {
-    logger.log(chalk.green(`✓ Secrets file is valid: ${result.path}`));
+    logger.log(formatSuccessLine(`Secrets file is valid: ${result.path}`));
   } else {
-    logger.log(chalk.red(`✗ Validation failed: ${result.path}`));
+    logger.log(formatBlockingError(`Validation failed: ${result.path}`));
     result.errors.forEach((err) => logger.log(chalk.yellow(`  • ${err}`)));
   }
   if (!dataplaneResult.valid) {

package/lib/commands/secure.js CHANGED Viewed

@@ -1,3 +1,4 @@
+const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder - Secure Command
  *
@@ -32,7 +33,7 @@ async function findSecretsFiles() {
   const files = [];
   // User's secrets file
-  const userSecretsPath = path.join(pathsUtil.getAifabrixHome(), 'secrets.local.yaml');
+  const userSecretsPath = pathsUtil.getPrimaryUserSecretsLocalPath();
   if (fs.existsSync(userSecretsPath)) {
     files.push({ path: userSecretsPath, type: 'user' });
   }
@@ -131,7 +132,7 @@ async function getEncryptionKey(options) {
     // Check if key already exists in config
     const existingKey = await getSecretsEncryptionKey();
     if (existingKey) {
-      logger.log(chalk.yellow('⚠️  Encryption key already configured in config.yaml'));
+      logger.log(chalk.yellow('⚠  Encryption key already configured in config.yaml'));
       const useExisting = await inquirer.prompt([{
         type: 'confirm',
         name: 'use',
@@ -143,18 +144,18 @@ async function getEncryptionKey(options) {
       } else {
         encryptionKey = await promptForEncryptionKey();
         await setSecretsEncryptionKey(encryptionKey);
-        logger.log(chalk.green('✓ Encryption key saved to config.yaml'));
+        logger.log(formatSuccessLine('Encryption key saved to config.yaml'));
       }
     } else {
       encryptionKey = await promptForEncryptionKey();
       await setSecretsEncryptionKey(encryptionKey);
-      logger.log(chalk.green('✓ Encryption key saved to config.yaml'));
+      logger.log(formatSuccessLine('Encryption key saved to config.yaml'));
     }
   } else {
     // Validate and save the provided key
     validateEncryptionKey(encryptionKey);
     await setSecretsEncryptionKey(encryptionKey);
-    logger.log(chalk.green('✓ Encryption key saved to config.yaml'));
+    logger.log(formatSuccessLine('Encryption key saved to config.yaml'));
   }
   return encryptionKey;
 }
@@ -178,12 +179,12 @@ async function processSecretsFiles(secretsFiles, encryptionKey) {
       totalValues += result.total;
       if (result.encrypted > 0) {
-        logger.log(chalk.green(`  ✓ Encrypted ${result.encrypted} of ${result.total} values`));
+        logger.log(chalk.green(`  ✔ Encrypted ${result.encrypted} of ${result.total} values`));
       } else {
         logger.log(chalk.gray(`  - All values already encrypted (${result.total} total)`));
       }
     } catch (error) {
-      logger.log(chalk.red(`  ✗ Error: ${error.message}`));
+      logger.log(chalk.red(`  ✖ Error: ${error.message}`));
     }
   }
@@ -197,7 +198,7 @@ async function processSecretsFiles(secretsFiles, encryptionKey) {
  * @param {number} totalValues - Total number of values
  */
 function displayEncryptionSummary(filesCount, totalEncrypted, totalValues) {
-  logger.log(chalk.green('\n✅ Encryption complete!'));
+  logger.log(formatSuccessParagraph('Encryption complete!'));
   logger.log(chalk.gray(`   Files processed: ${filesCount}`));
   logger.log(chalk.gray(`   Values encrypted: ${totalEncrypted} of ${totalValues} total`));
   logger.log(chalk.gray('   Encryption key stored in: ~/.aifabrix/config.yaml\n'));
@@ -224,7 +225,7 @@ async function handleSecure(options) {
   const secretsFiles = await findSecretsFiles();
   if (secretsFiles.length === 0) {
-    logger.log(chalk.yellow('⚠️  No secrets files found to encrypt'));
+    logger.log(chalk.yellow('⚠  No secrets files found to encrypt'));
     logger.log(chalk.gray('   Create ~/.aifabrix/secrets.local.yaml or configure aifabrix-secrets in config.yaml'));
     return;
   }

package/lib/commands/service-user.js CHANGED Viewed

@@ -1,3 +1,4 @@
+const { formatBlockingError, formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * Service user create command – create service user and get one-time secret
  * POST /api/v1/service-users. Used by `aifabrix service-user create`.
@@ -75,14 +76,14 @@ function handleCreateError(response) {
   const status = response.status;
   const msg = response.formattedError || response.error || 'Request failed';
   if (status === 400) {
-    logger.error(chalk.red(`❌ Validation error: ${msg}`));
+    logger.error(formatBlockingError(`Validation error: ${msg}`));
   } else if (status === 401) {
-    logger.error(chalk.red('❌ Unauthorized. Run "aifabrix login" and try again.'));
+    logger.error(formatBlockingError('Unauthorized. Run "aifabrix login" and try again.'));
   } else if (status === 403) {
-    logger.error(chalk.red('❌ Missing permission: service-user:create'));
+    logger.error(formatBlockingError('Missing permission: service-user:create'));
     logger.error(chalk.gray('Your account needs the service-user:create permission on the controller.'));
   } else {
-    logger.error(chalk.red(`❌ Failed to create service user: ${msg}`));
+    logger.error(formatBlockingError(`Failed to create service user: ${msg}`));
   }
   process.exit(1);
 }
@@ -96,20 +97,20 @@ function handleServiceUserApiError(response, permissionScope) {
   const status = response.status;
   const msg = response.formattedError || response.error || 'Request failed';
   if (status === 400) {
-    logger.error(chalk.red(`❌ Validation error: ${msg}`));
+    logger.error(formatBlockingError(`Validation error: ${msg}`));
   } else if (status === 401) {
-    logger.error(chalk.red('❌ Unauthorized. Run "aifabrix login" and try again.'));
+    logger.error(formatBlockingError('Unauthorized. Run "aifabrix login" and try again.'));
   } else if (status === 403) {
-    logger.error(chalk.red(`❌ Missing permission: service-user:${permissionScope}`));
+    logger.error(formatBlockingError(`Missing permission: service-user:${permissionScope}`));
     logger.error(chalk.gray(`Your account needs the service-user:${permissionScope} permission on the controller.`));
   } else if (status === 404) {
-    logger.error(chalk.red('❌ Service user not found.'));
+    logger.error(formatBlockingError('Service user not found.'));
     const detail = response.error || '';
     if (detail) {
       logger.error(chalk.gray(detail));
     }
   } else {
-    logger.error(chalk.red(`❌ Request failed: ${msg}`));
+    logger.error(formatBlockingError(`Request failed: ${msg}`));
   }
   process.exit(1);
 }
@@ -123,12 +124,12 @@ function handleServiceUserApiError(response, permissionScope) {
 async function resolveControllerAndAuth(options) {
   const controllerUrl = options.controller || (await resolveControllerUrl());
   if (!controllerUrl) {
-    logger.error(chalk.red('❌ Controller URL is required. Run "aifabrix login" first.'));
+    logger.error(formatBlockingError('Controller URL is required. Run "aifabrix login" first.'));
     process.exit(1);
   }
   const authResult = await getServiceUserAuth(controllerUrl);
   if (!authResult || !authResult.token) {
-    logger.error(chalk.red(`❌ No authentication token for controller: ${controllerUrl}`));
+    logger.error(formatBlockingError(`No authentication token for controller: ${controllerUrl}`));
     logger.error(chalk.gray('Run: aifabrix login'));
     process.exit(1);
   }
@@ -173,7 +174,7 @@ function displayServiceUserList(items) {
  * @param {string} clientSecret - One-time client secret
  */
 function displayCreateSuccess(clientId, clientSecret) {
-  logger.log(chalk.bold('\n✓ Service user created\n'));
+  logger.log(chalk.bold('\n✔ Service user created\n'));
   logger.log(chalk.cyan('  clientId:    ') + clientId);
   logger.log(chalk.cyan('  clientSecret: ') + clientSecret);
   logger.log('');
@@ -207,19 +208,19 @@ function validateServiceUserOptions(options) {
   const redirectUris = parseList(options.redirectUris);
   const groupNames = parseList(options.groupNames);
   if (!username) {
-    logger.error(chalk.red('❌ Username is required. Use --username <username>.'));
+    logger.error(formatBlockingError('Username is required. Use --username <username>.'));
     process.exit(1);
   }
   if (!email) {
-    logger.error(chalk.red('❌ Email is required. Use --email <email>.'));
+    logger.error(formatBlockingError('Email is required. Use --email <email>.'));
     process.exit(1);
   }
   if (redirectUris.length === 0) {
-    logger.error(chalk.red('❌ At least one redirect URI is required. Use --redirect-uris <uri1,uri2,...>.'));
+    logger.error(formatBlockingError('At least one redirect URI is required. Use --redirect-uris <uri1,uri2,...>.'));
     process.exit(1);
   }
   if (groupNames.length === 0) {
-    logger.error(chalk.red('❌ At least one group name is required. Use --group-names <name1,name2,...>.'));
+    logger.error(formatBlockingError('At least one group name is required. Use --group-names <name1,name2,...>.'));
     process.exit(1);
   }
   return {
@@ -241,12 +242,12 @@ async function resolveOptionsAndAuth(options) {
   const validated = validateServiceUserOptions(options);
   const controllerUrl = options.controller || (await resolveControllerUrl());
   if (!controllerUrl) {
-    logger.error(chalk.red('❌ Controller URL is required. Run "aifabrix login" first.'));
+    logger.error(formatBlockingError('Controller URL is required. Run "aifabrix login" first.'));
     process.exit(1);
   }
   const authResult = await getServiceUserAuth(controllerUrl);
   if (!authResult || !authResult.token) {
-    logger.error(chalk.red(`❌ No authentication token for controller: ${controllerUrl}`));
+    logger.error(formatBlockingError(`No authentication token for controller: ${controllerUrl}`));
     logger.error(chalk.gray('Run: aifabrix login'));
     process.exit(1);
   }
@@ -295,7 +296,7 @@ async function runServiceUserCreate(options = {}) {
 function requireServiceUserId(id) {
   const trimmed = (id && typeof id === 'string' ? id.trim() : '') || '';
   if (!trimmed) {
-    logger.error(chalk.red('❌ Service user ID is required. Use --id <uuid>.'));
+    logger.error(formatBlockingError('Service user ID is required. Use --id <uuid>.'));
     process.exit(1);
   }
   return trimmed;
@@ -343,7 +344,7 @@ async function runServiceUserRotateSecret(options = {}) {
   const payload = response?.data?.data ?? response?.data ?? response ?? {};
   const clientSecret = payload?.clientSecret ?? '';
   if (response && response.success === true) {
-    logger.log(chalk.bold('\n✓ Secret rotated\n'));
+    logger.log(chalk.bold('\n✔ Secret rotated\n'));
     logger.log(chalk.cyan('  clientSecret: ') + clientSecret);
     logger.log('');
     logger.log(chalk.yellow('⚠ ' + ONE_TIME_WARNING));
@@ -366,7 +367,7 @@ async function runServiceUserDelete(options = {}) {
     return;
   }
   if (response && response.success === true) {
-    logger.log(chalk.green('✓ Service user deactivated.\n'));
+    logger.log(formatSuccessLine('Service user deactivated.\n'));
   }
 }
@@ -380,7 +381,7 @@ async function runServiceUserUpdateGroups(options = {}) {
   const id = requireServiceUserId(options.id);
   const groupNames = parseList(options.groupNames);
   if (groupNames.length === 0) {
-    logger.error(chalk.red('❌ At least one group name is required. Use --group-names <name1,name2,...>.'));
+    logger.error(formatBlockingError('At least one group name is required. Use --group-names <name1,name2,...>.'));
     process.exit(1);
   }
   const { controllerUrl, authConfig } = await resolveControllerAndAuth(options);
@@ -390,7 +391,7 @@ async function runServiceUserUpdateGroups(options = {}) {
     return;
   }
   if (response && response.success === true) {
-    logger.log(chalk.green('✓ Service user groups updated.\n'));
+    logger.log(formatSuccessLine('Service user groups updated.\n'));
   }
 }
@@ -404,7 +405,7 @@ async function runServiceUserUpdateRedirectUris(options = {}) {
   const id = requireServiceUserId(options.id);
   const redirectUris = parseList(options.redirectUris);
   if (redirectUris.length === 0) {
-    logger.error(chalk.red('❌ At least one redirect URI is required. Use --redirect-uris <uri1,uri2,...>.'));
+    logger.error(formatBlockingError('At least one redirect URI is required. Use --redirect-uris <uri1,uri2,...>.'));
     process.exit(1);
   }
   const { controllerUrl, authConfig } = await resolveControllerAndAuth(options);
@@ -414,7 +415,7 @@ async function runServiceUserUpdateRedirectUris(options = {}) {
     return;
   }
   if (response && response.success === true) {
-    logger.log(chalk.green('✓ Service user redirect URIs updated.\n'));
+    logger.log(formatSuccessLine('Service user redirect URIs updated.\n'));
   }
 }