@aifabrix/builder 2.43.0 → 2.44.0

package/lib/api/types/pipeline.types.js

@@ -131,13 +131,16 @@
  */
 
 /**
- * Dataplane pipeline upload response (publication result; no uploadId).
+ * Dataplane pipeline upload API envelope (makeApiCall / ApiClient).
+ * Body in `data` matches dataplane PublicationResult (uploadId, uploadStatus, system, datasources, generateMcpContract, …).
  * @typedef {Object} PipelineUploadResponse
  * @property {boolean} success - Request success flag
- * @property {Object} [data] - Publication result (system, datasources, warnings)
- * @property {string} [data.systemKey] - Published system key
- * @property {string[]} [data.datasourceKeys] - Published datasource keys
- * @property {string[]} [data.warnings] - Warnings if any
+ * @property {Object} [data] - PublicationResult from dataplane (not a generic wrapper with datasourceKeys/warnings)
+ * @property {string} [data.uploadId] - Upload / publication id
+ * @property {string} [data.uploadStatus] - e.g. published
+ * @property {Object} [data.system] - Published external system
+ * @property {Object[]} [data.datasources] - Published datasources
+ * @property {boolean} [data.generateMcpContract] - MCP generation flag
  * @property {string} [formattedError] - Formatted error message on failure
  */
 

package/lib/api/types/validation-run.types.js

@@ -0,0 +1,56 @@
+/**
+ * @fileoverview JSDoc types for unified validation run (POST /api/v1/validation/run).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * @typedef {'externalSystem'|'externalDataSource'} ValidationScope
+ */
+
+/**
+ * @typedef {'test'|'integration'|'e2e'} ValidationRunKind
+ */
+
+/**
+ * Request body for POST /api/v1/validation/run (camelCase; see Dataplane OpenAPI).
+ * @typedef {Object} ValidationRunRequestBody
+ * @property {string} [systemIdOrKey]
+ * @property {string} [systemKey]
+ * @property {string[]} [datasourceKeys]
+ * @property {string} [datasourceKey]
+ * @property {boolean} [explain]
+ * @property {boolean} [includeLiveChecks]
+ * @property {boolean} [includeLiveDebug]
+ * @property {boolean} [showCapabilities]
+ * @property {boolean} [explainMetrics]
+ * @property {boolean} [explainCertification]
+ * @property {boolean} [includeMetrics]
+ * @property {boolean} [includeCertification]
+ * @property {Object} [systemConfig]
+ * @property {Object[]} [datasourceConfigs]
+ * @property {ValidationScope} [validationScope]
+ * @property {ValidationRunKind} [runType]
+ * @property {Object} [payloadTemplate]
+ * @property {boolean} [asyncRun]
+ * @property {Object} [e2eOptions]
+ * @property {boolean} [includeDebug]
+ */
+
+/**
+ * Minimal DatasourceTestRun shape for CLI exit / display (full schema in lib/schema).
+ * @typedef {Object} DatasourceTestRunLike
+ * @property {string} [reportVersion]
+ * @property {string} datasourceKey
+ * @property {string} systemKey
+ * @property {ValidationRunKind} runType
+ * @property {'ok'|'warn'|'fail'|'skipped'} status
+ * @property {'minimal'|'partial'|'full'} [reportCompleteness]
+ * @property {string} [runId]
+ * @property {string} [testRunId]
+ * @property {Object} [certificate]
+ * @property {string} [certificate.status]
+ * @property {Object} [developer]
+ */
+
+module.exports = {};

package/lib/api/validation-run.api.js

@@ -0,0 +1,99 @@
+/**
+ * @fileoverview Unified dataplane validation API — POST /api/v1/validation/run and poll GET.
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const { ApiClient } = require('./index');
+
+const POST_PATH = '/api/v1/validation/run';
+
+function buildClientCredentialHeaders(authConfig) {
+  if (!authConfig || typeof authConfig !== 'object') return null;
+  if (authConfig.type !== 'client-credentials') return null;
+  if (!authConfig.clientId || !authConfig.clientSecret) return null;
+  return {
+    'x-client-id': String(authConfig.clientId),
+    'x-client-secret': String(authConfig.clientSecret)
+  };
+}
+
+/**
+ * Normalize auth for dataplane: Bearer user token, x-client-token app token, or API key as Bearer.
+ * @param {Object} authConfig - Auth configuration
+ * @returns {Object} Auth for ApiClient
+ */
+function normalizeDataplaneAuth(authConfig) {
+  if (!authConfig || typeof authConfig !== 'object') {
+    throw new Error('authConfig is required');
+  }
+  if (authConfig.token) {
+    return authConfig;
+  }
+  if (authConfig.apiKey) {
+    return { ...authConfig, token: authConfig.apiKey, type: authConfig.type || 'bearer' };
+  }
+  throw new Error(
+    'Validation run requires Bearer token or API key. Run \'aifabrix login\' or configure API key.'
+  );
+}
+
+/**
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @function postValidationRun
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Authentication (token or apiKey)
+ * @param {import('./types/validation-run.types').ValidationRunRequestBody} body - Request JSON body
+ * @returns {Promise<Object>} ApiClient result: { success, data, status, ... }
+ */
+async function postValidationRun(dataplaneUrl, authConfig, body) {
+  const hdrs = buildClientCredentialHeaders(authConfig);
+  const clientAuth = hdrs ? {} : normalizeDataplaneAuth(authConfig);
+  const client = new ApiClient(dataplaneUrl, clientAuth);
+  return client.post(POST_PATH, { body, headers: hdrs || undefined });
+}
+
+/**
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @function getValidationRun
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Authentication
+ * @param {string} testRunId - Poll id from 202 / envelope
+ * @returns {Promise<Object>} ApiClient result
+ */
+async function getValidationRun(dataplaneUrl, authConfig, testRunId) {
+  if (!testRunId || typeof testRunId !== 'string') {
+    throw new Error('testRunId is required for validation run poll');
+  }
+  const hdrs = buildClientCredentialHeaders(authConfig);
+  const clientAuth = hdrs ? {} : normalizeDataplaneAuth(authConfig);
+  const client = new ApiClient(dataplaneUrl, clientAuth);
+  const path = `${POST_PATH}/${encodeURIComponent(testRunId)}`;
+  return client.get(path, { headers: hdrs || undefined });
+}
+
+/**
+ * Extract async poll id from POST 202 body or partial DatasourceTestRun.
+ * @param {Object} data - Parsed JSON body
+ * @returns {string|null}
+ */
+function extractTestRunId(data) {
+  if (!data || typeof data !== 'object') return null;
+  if (typeof data.testRunId === 'string' && data.testRunId.trim()) return data.testRunId.trim();
+  if (data.testRunId && typeof data.testRunId === 'object') {
+    const id = data.testRunId.id || data.testRunId.key;
+    if (typeof id === 'string' && id.trim()) return id.trim();
+  }
+  return null;
+}
+
+module.exports = {
+  postValidationRun,
+  getValidationRun,
+  extractTestRunId,
+  normalizeDataplaneAuth,
+  buildClientCredentialHeaders,
+  POST_PATH
+};

package/lib/api/validation-runner.js

@@ -0,0 +1,99 @@
+/**
+ * @fileoverview Single reusable module for unified validation POST + optional poll.
+ *
+ * Used by datasource- and system-scoped CLI flows to enforce plan §9 behavior consistently.
+ */
+
+'use strict';
+
+const { extractTestRunId } = require('./validation-run.api');
+const { postValidationRunWithTransportRetry } = require('../utils/validation-run-post-retry');
+const { pollValidationRunUntilComplete } = require('../utils/validation-run-poll');
+
+/**
+ * POST /api/v1/validation/run and (when async) poll GET until reportCompleteness is full.
+ *
+ * @param {Object} opts
+ * @param {string} opts.dataplaneUrl
+ * @param {Object} opts.authConfig
+ * @param {Object} opts.body
+ * @param {number} opts.timeoutMs
+ * @param {boolean} opts.useAsync
+ * @param {boolean} opts.noAsync
+ * @returns {Promise<{ envelope: Object|null, apiError: Object|null, pollTimedOut: boolean, incompleteNoAsync: boolean }>}
+ */
+/* eslint-disable max-lines-per-function, max-statements, complexity -- POST + poll orchestration */
+async function postValidationRunAndOptionalPoll(opts) {
+  const { dataplaneUrl, authConfig, body, timeoutMs, useAsync, noAsync } = opts;
+  const started = Date.now();
+  const postRes = await postValidationRunWithTransportRetry(dataplaneUrl, authConfig, body);
+  if (!postRes.success) {
+    return {
+      envelope: null,
+      apiError: postRes,
+      pollTimedOut: false,
+      incompleteNoAsync: false
+    };
+  }
+
+  let envelope = postRes.data;
+  const httpStatus = postRes.status;
+  const testRunId = extractTestRunId(envelope);
+  const completeness = envelope && envelope.reportCompleteness;
+  const needsPoll =
+    httpStatus === 202 ||
+    (testRunId && completeness && completeness !== 'full' && useAsync);
+
+  if (needsPoll && testRunId) {
+    const elapsed = Date.now() - started;
+    const remaining = Math.max(0, timeoutMs - elapsed);
+    const pollResult = await pollValidationRunUntilComplete({
+      dataplaneUrl,
+      authConfig,
+      testRunId,
+      budgetMs: remaining
+    });
+    if (!pollResult.lastApiResult || !pollResult.lastApiResult.success) {
+      return {
+        envelope: pollResult.envelope,
+        apiError: pollResult.lastApiResult,
+        pollTimedOut: pollResult.timedOut,
+        incompleteNoAsync: false
+      };
+    }
+    envelope = pollResult.envelope;
+    if (pollResult.timedOut) {
+      return {
+        envelope,
+        apiError: null,
+        pollTimedOut: true,
+        incompleteNoAsync: false
+      };
+    }
+  }
+
+  if (
+    noAsync &&
+    envelope &&
+    envelope.reportCompleteness &&
+    envelope.reportCompleteness !== 'full'
+  ) {
+    return {
+      envelope,
+      apiError: null,
+      pollTimedOut: false,
+      incompleteNoAsync: true
+    };
+  }
+
+  return {
+    envelope,
+    apiError: null,
+    pollTimedOut: false,
+    incompleteNoAsync: false
+  };
+}
+/* eslint-enable max-lines-per-function, max-statements, complexity */
+
+module.exports = { postValidationRunAndOptionalPoll };
+

package/lib/app/config.js

@@ -135,7 +135,7 @@ async function generateEnvTemplateFile(appPath, appName, config, existingEnv) {
       envTemplate = envResult.template;
 
       if (envResult.warnings.length > 0) {
-        logger.log(chalk.yellow('\n⚠️  Environment conversion warnings:'));
+        logger.log(chalk.yellow('\n⚠  Environment conversion warnings:'));
         envResult.warnings.forEach(warning => logger.log(chalk.yellow(`  - ${warning}`)));
       }
     } else {

package/lib/app/deploy-status-display.js

@@ -69,9 +69,9 @@ async function displayAppUrlFromController(controllerUrl, envKey, appKey, authCo
     url = buildAppUrlFromControllerAndPort(controllerUrl, port);
   }
   if (url) {
-    logger.log(chalk.green(`   ✓ App running at ${url}`));
+    logger.log(chalk.green(`   ✔ App running at ${url}`));
   } else {
-    logger.log(chalk.blue('   ✓ App deployed. Get URL from controller dashboard.'));
+    logger.log(chalk.blue('   ✔ App deployed. Get URL from controller dashboard.'));
   }
 }
 

package/lib/app/deploy.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder Application Deployment Module
  *
@@ -79,7 +80,7 @@ async function validatePushPrerequisites(appName, registry) {
  */
 async function executePush(appName, registry, tags) {
   if (await pushUtils.checkACRAuthentication(registry)) {
-    logger.log(chalk.green(`✓ Already authenticated with ${registry}`));
+    logger.log(formatSuccessLine(`Already authenticated with ${registry}`));
   } else {
     await pushUtils.authenticateACR(registry);
   }
@@ -98,7 +99,7 @@ async function executePush(appName, registry, tags) {
  * @param {string} appName - Application name
  */
 function verifyPushResult(tags, registry, appName) {
-  logger.log(chalk.green(`\n✓ Successfully pushed ${tags.length} tag(s) to ${registry}`));
+  logger.log(formatSuccessParagraph(`Successfully pushed ${tags.length} tag(s) to ${registry}`));
   logger.log(chalk.gray(`Image: ${registry}/${appName}:*`));
   logger.log(chalk.gray(`Tags: ${tags.join(', ')}`));
 }
@@ -173,7 +174,7 @@ async function generateAndValidateManifest(appName, options = {}) {
  * @param {string} manifestPath - Path to manifest file
  */
 function displayDeploymentInfo(manifest, manifestPath) {
-  logger.log(chalk.green(`✓ Manifest generated: ${manifestPath}`));
+  logger.log(formatSuccessLine(`Manifest generated: ${manifestPath}`));
   logger.log(chalk.blue(`   Key: ${manifest.key}`));
   logger.log(chalk.blue(`   Display Name: ${manifest.displayName}`));
   logger.log(chalk.blue(`   Image: ${manifest.image}`));
@@ -216,8 +217,8 @@ function displayDeploymentResults(result) {
     logger.log(chalk.blue(`   Deployment ID: ${result.deploymentId}`));
   }
   if (result.status) {
-    const statusIcon = result.status.status === 'completed' ? '✅' :
-      result.status.status === 'failed' ? '❌' : '⏳';
+    const statusIcon = result.status.status === 'completed' ? '✔' :
+      result.status.status === 'failed' ? '✖' : '⏳';
     logger.log(chalk.blue(`   Status: ${statusIcon} ${result.status.status}`));
   }
 }
@@ -368,7 +369,7 @@ async function executeStandardDeployment(appName, options) {
 }
 
 /**
- * Tries external deploy when builder/<app> does not exist but integration/<app> does.
+ * Tries external deploy when builder/<appKey> does not exist but integration/<systemKey> does.
  * @async
  * @param {string} appName - Application name
  * @param {Object} options - Deployment options

package/lib/app/display.js

@@ -1,3 +1,4 @@
+const { formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Display Utilities
  *
@@ -64,7 +65,7 @@ function displayWebappSuccess(appName, config, envConversionMessage) {
  * @param {string} appPath - Application path
  */
 function displaySuccessMessage(appName, config, envConversionMessage, hasAppFiles = false, appPath = null) {
-  logger.log(chalk.green('\n✓ Application created successfully!'));
+  logger.log(formatSuccessParagraph('Application created successfully!'));
   logger.log(chalk.blue(`\nApplication: ${appName}`));
 
   // Determine location based on app type

package/lib/app/dockerfile.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Dockerfile Generation
  *
@@ -74,7 +75,7 @@ async function generateAndCopyDockerfile(appPath, dockerfilePath, config) {
   const buildConfig = config.build || {};
   const generatedPath = await build.generateDockerfile(appPath, config.language, config, buildConfig);
   await fs.copyFile(generatedPath, dockerfilePath);
-  logger.log(chalk.green('✓ Generated Dockerfile from template'));
+  logger.log(formatSuccessLine('Generated Dockerfile from template'));
   return dockerfilePath;
 }
 
@@ -90,7 +91,7 @@ async function generateDockerfileForApp(appName, options = {}) {
   try {
     const { isExternal } = await detectAppType(appName);
     if (isExternal) {
-      logger.log(chalk.yellow('⚠️  External systems don\'t require Dockerfiles. Skipping...'));
+      logger.log(chalk.yellow('⚠  External systems don\'t require Dockerfiles. Skipping...'));
       return null;
     }
   } catch (error) {

package/lib/app/down.js

@@ -10,6 +10,7 @@
  */
 
 'use strict';
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 
 const chalk = require('chalk');
 const { exec } = require('child_process');
@@ -104,7 +105,7 @@ async function downApp(appName, options = {}) {
         logger.log(chalk.yellow(`Removing volume ${volumeName}...`));
         try {
           await execAsync(`docker volume rm -f ${volumeName}`);
-          logger.log(chalk.green(`✓ Volume ${volumeName} removed`));
+          logger.log(formatSuccessLine(`Volume ${volumeName} removed`));
         } catch (volErr) {
           // Swallow errors for missing volume; provide neutral message
           logger.log(chalk.gray(`Volume ${volumeName} not found or already removed`));

package/lib/app/helpers.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Helper Utilities
  *
@@ -21,7 +22,7 @@ const { getIntegrationPath, getBuilderPath } = require('../utils/paths');
  *
  * @async
  * @param {string} appName - Application or external system name
- * @throws {Error} If integration/<appName> or builder/<appName> already exists
+ * @throws {Error} If integration/<systemKey> or builder/<appKey> already exists
  */
 async function validateAppOrExternalNameNotExists(appName) {
   const integrationPath = getIntegrationPath(appName);
@@ -104,7 +105,7 @@ async function handleGitHubWorkflows(options, config) {
     }
   );
 
-  logger.log(chalk.green('✓ Generated GitHub Actions workflows:'));
+  logger.log(formatSuccessLine('Generated GitHub Actions workflows:'));
   workflowFiles.forEach(file => logger.log(chalk.gray(`  - ${file}`)));
 }
 
@@ -157,7 +158,7 @@ async function processTemplateFiles(template, appPath, appName, options, config)
 
   await validateTemplate(template);
   const copiedFiles = await copyTemplateFiles(template, appPath);
-  logger.log(chalk.green(`✓ Copied ${copiedFiles.length} file(s) from template '${template}'`));
+  logger.log(formatSuccessLine(`Copied ${copiedFiles.length} file(s) from template '${template}'`));
   const { updateTemplateVariables } = require('../utils/template-helpers');
   await updateTemplateVariables(appPath, appName, options, config);
 }
@@ -190,7 +191,7 @@ async function updateVariablesForAppFlag(appPath, appName) {
     writeConfigFile(variablesPath, variables);
   } catch (error) {
     if (!error.message.includes('not found')) {
-      logger.warn(chalk.yellow(`⚠️  Warning: Could not update application config: ${error.message}`));
+      logger.warn(chalk.yellow(`⚠  Warning: Could not update application config: ${error.message}`));
     }
   }
 }
@@ -239,7 +240,7 @@ async function setupAppFiles(appName, appPath, config, options) {
 
   const language = await getLanguageForAppFiles(config.language || options.language, appPath);
   const copiedFiles = await copyAppFiles(language, appsPath);
-  logger.log(chalk.green(`✓ Copied ${copiedFiles.length} application file(s) to apps/${appName}/`));
+  logger.log(formatSuccessLine(`Copied ${copiedFiles.length} application file(s) to apps/${appName}/`));
 }
 
 module.exports = {

package/lib/app/index.js

@@ -10,7 +10,7 @@
  */
 
 const fs = require('fs').promises;
-const { readExistingEnv } = require('../core/env-reader');
+const envReaderModule = require('../core/env-reader');
 const build = require('../build');
 const appRun = require('./run');
 const { promptForOptions } = require('./prompts');
@@ -34,6 +34,29 @@ const {
 const path = require('path');
 const secretsEnsure = require('../core/secrets-ensure');
 
+/**
+ * Ensures secrets from env.template. On EACCES (e.g. secrets path under a read-only tree), uses getPrimaryUserSecretsLocalPath().
+ * @param {string} envTemplatePath - Path to env.template
+ * @returns {Promise<void>}
+ */
+async function ensureSecretsFromNewAppEnvTemplate(envTemplatePath) {
+  try {
+    await secretsEnsure.ensureSecretsFromEnvTemplate(envTemplatePath, {});
+  } catch (err) {
+    if (err.code === 'ENOENT') {
+      return;
+    }
+    if (err.code === 'EACCES' || (err.message && String(err.message).includes('EACCES'))) {
+      const { getPrimaryUserSecretsLocalPath } = require('../utils/paths');
+      await secretsEnsure.ensureSecretsFromEnvTemplate(envTemplatePath, {
+        preferredFilePath: getPrimaryUserSecretsLocalPath()
+      });
+      return;
+    }
+    throw err;
+  }
+}
+
 /**
  * Creates new application with scaffolded configuration files
  * Prompts for configuration options and generates builder/ folder structure
@@ -125,19 +148,15 @@ async function generateApplicationFiles(finalAppPath, appName, config, options)
   await fs.mkdir(finalAppPath, { recursive: true });
   await processTemplateFiles(options.template, finalAppPath, appName, options, config);
 
-  const existingEnv = await readExistingEnv(process.cwd());
+  const existingEnv = await envReaderModule.readExistingEnv(finalAppPath);
   const envConversionMessage = existingEnv
-    ? '\n✓ Found existing .env file - sensitive values will be converted to kv:// references'
+    ? '\n✔ Found existing .env file - sensitive values will be converted to kv:// references'
     : '';
 
   await generateConfigFiles(finalAppPath, appName, config, existingEnv);
 
   const envTemplatePath = path.join(finalAppPath, 'env.template');
-  try {
-    await secretsEnsure.ensureSecretsFromEnvTemplate(envTemplatePath, {});
-  } catch (err) {
-    if (err.code !== 'ENOENT') throw err;
-  }
+  await ensureSecretsFromNewAppEnvTemplate(envTemplatePath);
 
   // Generate external system files if type is external
   if (config.type === 'external') {

package/lib/app/list.js

@@ -1,3 +1,4 @@
+const { formatBlockingError } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder - App List Command
  *
@@ -85,7 +86,7 @@ function extractApplications(response) {
     extractWrappedPaginatedItems(apiResponse);
 
   if (!applications) {
-    logger.error(chalk.red('❌ Invalid response: expected data array or items array'));
+    logger.error(formatBlockingError('Invalid response: expected data array or items array'));
     logger.error(chalk.gray('\nAPI response type:'), typeof apiResponse);
     logger.error(chalk.gray('API response:'), JSON.stringify(apiResponse, null, 2));
     logger.error(chalk.gray('\nFull response for debugging:'));
@@ -166,11 +167,11 @@ function displayApplications(applications, environment, controllerUrl) {
   applications.forEach((app) => {
     const isExternal = app.configuration?.type === 'external';
     const externalIcon = isExternal ? '🔗 ' : '';
-    const hasPipeline = app.configuration?.pipeline?.isActive ? '✓' : '✗';
+    const hasPipeline = app.configuration?.pipeline?.isActive ? '✔' : '✖';
     const urlAndPort = formatUrlAndPort(app);
     logger.log(`${externalIcon}${hasPipeline} ${chalk.cyan(app.key)} - ${app.displayName} (${app.status || 'unknown'})${urlAndPort}`);
   });
-  logger.log(chalk.gray('  To show details for an app: aifabrix app show <appKey>\n'));
+  logger.log(chalk.gray('  To show details for an app: aifabrix app show <app>\n'));
 }
 
 /**
@@ -246,7 +247,7 @@ async function getListAuthToken(controllerUrl, config) {
     const authResult = await tryGetTokenFromController(controllerUrl);
     if (!authResult || !authResult.token) {
       // No token found for explicitly provided controller URL
-      logger.error(chalk.red(`❌ No authentication token found for controller: ${controllerUrl}`));
+      logger.error(formatBlockingError(`No authentication token found for controller: ${controllerUrl}`));
       logger.error(chalk.gray('Please login to this controller using: aifabrix login'));
       process.exit(1);
       // Return to prevent further execution in tests where process.exit is mocked
@@ -300,7 +301,7 @@ async function listApplications(options = {}) {
 
   const controllerUrl = options.controller || (await resolveControllerUrl());
   if (!controllerUrl) {
-    logger.error(chalk.red('❌ Controller URL is required. Run "aifabrix login" to set the controller URL in config.yaml'));
+    logger.error(formatBlockingError('Controller URL is required. Run "aifabrix login" to set the controller URL in config.yaml'));
     process.exit(1);
     return;
   }
@@ -321,7 +322,7 @@ async function listApplications(options = {}) {
     const applications = handleListResponse(response, actualControllerUrl);
     displayApplications(applications, environment, actualControllerUrl);
   } catch (error) {
-    logger.error(chalk.red(`❌ Failed to list applications from controller: ${actualControllerUrl}`));
+    logger.error(formatBlockingError(`Failed to list applications from controller: ${actualControllerUrl}`));
     logger.error(chalk.gray(`Error: ${error.message}`));
     process.exit(1);
   }

package/lib/app/push.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Push Utilities
  *
@@ -143,7 +144,7 @@ async function validatePushConfig(registry, imageName, appName) {
  */
 async function authenticateWithRegistry(registry) {
   if (await pushUtils.checkACRAuthentication(registry)) {
-    logger.log(chalk.green(`✓ Already authenticated with ${registry}`));
+    logger.log(formatSuccessLine(`Already authenticated with ${registry}`));
   } else {
     await pushUtils.authenticateACR(registry);
   }
@@ -189,7 +190,7 @@ async function pushImageTags(imageName, registry, tags) {
  * @param {Array<string>} tags - Image tags
  */
 function displayPushResults(registry, imageName, tags) {
-  logger.log(chalk.green(`\n✓ Successfully pushed ${tags.length} tag(s) to ${registry}`));
+  logger.log(formatSuccessParagraph(`Successfully pushed ${tags.length} tag(s) to ${registry}`));
   logger.log(chalk.gray(`Image: ${registry}/${imageName}:*`));
   logger.log(chalk.gray(`Tags: ${tags.join(', ')}`));
 }
@@ -208,7 +209,7 @@ async function pushApp(appName, options = {}) {
   try {
     const { isExternal } = await detectAppType(appName);
     if (isExternal) {
-      logger.log(chalk.yellow('⚠️  External systems don\'t require Docker images. Skipping push...'));
+      logger.log(chalk.yellow('⚠  External systems don\'t require Docker images. Skipping push...'));
       return;
     }
   } catch (error) {

package/lib/app/register.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder - App Register Command
  *
@@ -22,6 +23,8 @@ const {
 const { checkAuthentication } = require('../utils/app-register-auth');
 const { callRegisterApi } = require('../utils/app-register-api');
 const { displayRegistrationResults, getEnvironmentPrefix } = require('../utils/app-register-display');
+const pathsUtil = require('../utils/paths');
+const { refreshUrlsLocalRegistryFromBuilder } = require('../utils/urls-local-registry');
 
 /**
  * Build registration data payload from app configuration
@@ -62,8 +65,8 @@ function buildRegistrationData(appConfig, options) {
       registrationData.image = imageValue;
     }
 
-    // URL: always set when we have port so controller DB has it. Precedence: --url, variables (app.url, deployment.dataplaneUrl, deployment.appUrl), else http://localhost:{localPort|port}
-    const portForUrl = appConfig.localPort ?? appConfig.port;
+    // URL: default uses manifest listen port; host mapping uses url:// in env.template at resolve time
+    const portForUrl = appConfig.port;
     if (portForUrl) {
       registrationData.url = options.url || appConfig.url || `http://localhost:${portForUrl}`;
     }
@@ -97,15 +100,15 @@ async function saveLocalCredentials(responseData, apiUrl) {
     // Regenerate .env file with updated credentials
     try {
       await generateEnvFile(registeredAppKey, null, 'local');
-      logger.log(chalk.green('✓ .env file updated with new credentials'));
+      logger.log(formatSuccessLine('.env file updated with new credentials'));
     } catch (error) {
-      logger.warn(chalk.yellow(`⚠️  Could not regenerate .env file: ${error.message}`));
+      logger.warn(chalk.yellow(`⚠  Could not regenerate .env file: ${error.message}`));
     }
 
-    logger.log(chalk.green('\n✓ Credentials saved to ~/.aifabrix/secrets.local.yaml'));
-    logger.log(chalk.green('✓ env.template updated with MISO_CLIENTID, MISO_CLIENTSECRET, and MISO_CONTROLLER_URL\n'));
+    logger.log(formatSuccessParagraph('Credentials saved to ~/.aifabrix/secrets.local.yaml'));
+    logger.log(formatSuccessLine('env.template updated with MISO_CLIENTID, MISO_CLIENTSECRET, and MISO_CONTROLLER_URL\n'));
   } catch (error) {
-    logger.warn(chalk.yellow(`⚠️  Could not save credentials locally: ${error.message}`));
+    logger.warn(chalk.yellow(`⚠  Could not save credentials locally: ${error.message}`));
   }
 }
 
@@ -179,6 +182,12 @@ async function registerApplication(appKey, options = {}) {
     registrationData
   );
 
+  try {
+    refreshUrlsLocalRegistryFromBuilder(pathsUtil.getProjectRoot());
+  } catch (error) {
+    logger.warn(chalk.yellow(`⚠  Could not refresh URLs registry: ${error.message}`));
+  }
+
   // Save credentials and display results (pass display name we sent so output shows it when API returns key as displayName)
   await saveLocalCredentials(responseData, authConfig.apiUrl);
   displayRegistrationResults(responseData, authConfig.apiUrl, environment, registrationData.displayName);