@aifabrix/builder 2.43.0 → 2.44.1

package/lib/api/types/certificates.types.js

@@ -0,0 +1,48 @@
+/**
+ * @fileoverview JSDoc typedefs for dataplane Trust / integration certificate APIs (camelCase).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * Integration certificate artifact (dataplane OpenAPI **CertificateArtifactResponse**).
+ *
+ * @typedef {Object} CertificateArtifactResponse
+ * @property {string|{id?: string}} [certificateId]
+ * @property {string} [systemKey]
+ * @property {string} [datasourceKey]
+ * @property {string} [version]
+ * @property {string|null} [certificateVersion]
+ * @property {string|null} [systemVersion]
+ * @property {string} [certificationLevel]
+ * @property {Object} [metrics]
+ * @property {string|null} [contractHash]
+ * @property {string|null} [integrationHash]
+ * @property {string} [issuedAt]
+ * @property {string} [issuedBy]
+ * @property {string} [licenseLevelIssuer]
+ * @property {string} [dataplaneVersion]
+ * @property {('RS256'|'HS256')} [algorithm] RS256 production; HS256 local dev HMAC signer only
+ * @property {string|null} [publicKey]
+ * @property {string|null} [publicKeyFingerprint]
+ * @property {Object} [metadata]
+ */
+
+/**
+ * @typedef {Object} CertificateVerificationResponse
+ * @property {boolean} validSignature
+ * @property {boolean} validHash
+ * @property {boolean} overallValid
+ * @property {string[]} [reasons]
+ */
+
+/**
+ * @typedef {Object} CertificateVerifyRequest
+ * @property {string|null} [certificateId]
+ * @property {Object|null} [certificate]
+ * @property {boolean} [verifyHash]
+ * @property {string|null} [systemIdOrKey]
+ * @property {string|null} [datasourceKey]
+ */
+
+module.exports = {};

package/lib/api/types/dev.types.js

@@ -27,10 +27,11 @@
  * @typedef {Object} SettingsResponseDto
  * @property {string} user-mutagen-folder - Server path to workspace root (no app segment)
  * @property {string} secrets-encryption - Encryption key (hex)
- * @property {string} aifabrix-secrets - Path or URL for secrets
+ * @property {string} aifabrix-secrets - Local filesystem path or https URL for shared secrets (file vs remote API)
  * @property {string} aifabrix-env-config - Env config path
  * @property {string} remote-server - Builder-server base URL
  * @property {string} docker-endpoint - Docker API endpoint
+ * @property {boolean} [docker-tls-skip-verify] - When true and ca.pem is absent, Docker uses DOCKER_TLS_VERIFY=0; if ca.pem exists, daemon is always verified
  * @property {string} sync-ssh-user - SSH user for Mutagen
  * @property {string} sync-ssh-host - SSH host for Mutagen
  */
@@ -44,7 +45,7 @@
  * @property {string} createdAt - ISO 8601
  * @property {boolean} certificateIssued - Whether cert was issued
  * @property {string} [certificateValidNotAfter] - Cert validity end (optional)
- * @property {string[]} groups - Access groups (admin, secret-manager, developer)
+ * @property {string[]} groups - Access groups (admin, secret-manager, developer, docker)
  */
 
 /**
@@ -53,7 +54,7 @@
  * @property {string} developerId - Unique developer ID (numeric string)
  * @property {string} name - Display name
  * @property {string} email - Email
- * @property {string[]} [groups] - Default [developer]
+ * @property {string[]} [groups] - Default [developer]; tokens: admin, secret-manager, developer, docker
  */
 
 /**

package/lib/api/types/pipeline.types.js

@@ -131,13 +131,16 @@
  */
 
 /**
- * Dataplane pipeline upload response (publication result; no uploadId).
+ * Dataplane pipeline upload API envelope (makeApiCall / ApiClient).
+ * Body in `data` matches dataplane PublicationResult (uploadId, uploadStatus, system, datasources, generateMcpContract, …).
  * @typedef {Object} PipelineUploadResponse
  * @property {boolean} success - Request success flag
- * @property {Object} [data] - Publication result (system, datasources, warnings)
- * @property {string} [data.systemKey] - Published system key
- * @property {string[]} [data.datasourceKeys] - Published datasource keys
- * @property {string[]} [data.warnings] - Warnings if any
+ * @property {Object} [data] - PublicationResult from dataplane (not a generic wrapper with datasourceKeys/warnings)
+ * @property {string} [data.uploadId] - Upload / publication id
+ * @property {string} [data.uploadStatus] - e.g. published
+ * @property {Object} [data.system] - Published external system
+ * @property {Object[]} [data.datasources] - Published datasources
+ * @property {boolean} [data.generateMcpContract] - MCP generation flag
  * @property {string} [formattedError] - Formatted error message on failure
  */
 

package/lib/api/types/validation-run.types.js

@@ -0,0 +1,56 @@
+/**
+ * @fileoverview JSDoc types for unified validation run (POST /api/v1/validation/run).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+/**
+ * @typedef {'externalSystem'|'externalDataSource'} ValidationScope
+ */
+
+/**
+ * @typedef {'test'|'integration'|'e2e'} ValidationRunKind
+ */
+
+/**
+ * Request body for POST /api/v1/validation/run (camelCase; see Dataplane OpenAPI).
+ * @typedef {Object} ValidationRunRequestBody
+ * @property {string} [systemIdOrKey]
+ * @property {string} [systemKey]
+ * @property {string[]} [datasourceKeys]
+ * @property {string} [datasourceKey]
+ * @property {boolean} [explain]
+ * @property {boolean} [includeLiveChecks]
+ * @property {boolean} [includeLiveDebug]
+ * @property {boolean} [showCapabilities]
+ * @property {boolean} [explainMetrics]
+ * @property {boolean} [explainCertification]
+ * @property {boolean} [includeMetrics]
+ * @property {boolean} [includeCertification]
+ * @property {Object} [systemConfig]
+ * @property {Object[]} [datasourceConfigs]
+ * @property {ValidationScope} [validationScope]
+ * @property {ValidationRunKind} [runType]
+ * @property {Object} [payloadTemplate]
+ * @property {boolean} [asyncRun]
+ * @property {Object} [e2eOptions]
+ * @property {boolean} [includeDebug]
+ */
+
+/**
+ * Minimal DatasourceTestRun shape for CLI exit / display (full schema in lib/schema).
+ * @typedef {Object} DatasourceTestRunLike
+ * @property {string} [reportVersion]
+ * @property {string} datasourceKey
+ * @property {string} systemKey
+ * @property {ValidationRunKind} runType
+ * @property {'ok'|'warn'|'fail'|'skipped'} status
+ * @property {'minimal'|'partial'|'full'} [reportCompleteness]
+ * @property {string} [runId]
+ * @property {string} [testRunId]
+ * @property {Object} [certificate]
+ * @property {string} [certificate.status]
+ * @property {Object} [developer]
+ */
+
+module.exports = {};

package/lib/api/validation-run.api.js

@@ -0,0 +1,111 @@
+/**
+ * @fileoverview Unified dataplane validation API — POST /api/v1/validation/run and poll GET.
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const { ApiClient } = require('./index');
+
+const POST_PATH = '/api/v1/validation/run';
+
+function buildClientCredentialHeaders(authConfig) {
+  if (!authConfig || typeof authConfig !== 'object') return null;
+  if (authConfig.type !== 'client-credentials') return null;
+  if (!authConfig.clientId || !authConfig.clientSecret) return null;
+  return {
+    'x-client-id': String(authConfig.clientId),
+    'x-client-secret': String(authConfig.clientSecret)
+  };
+}
+
+/**
+ * Normalize auth for dataplane: Bearer user token, x-client-token app token, or API key as Bearer.
+ * @param {Object} authConfig - Auth configuration
+ * @returns {Object} Auth for ApiClient
+ */
+function normalizeDataplaneAuth(authConfig) {
+  if (!authConfig || typeof authConfig !== 'object') {
+    throw new Error('authConfig is required');
+  }
+  if (authConfig.token) {
+    return authConfig;
+  }
+  if (authConfig.apiKey) {
+    return { ...authConfig, token: authConfig.apiKey, type: authConfig.type || 'bearer' };
+  }
+  throw new Error(
+    'Validation run requires Bearer token or API key. Run \'aifabrix login\' or configure API key.'
+  );
+}
+
+/**
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @function postValidationRun
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Authentication (token or apiKey)
+ * @param {import('./types/validation-run.types').ValidationRunRequestBody} body - Request JSON body
+ * @param {Object} [transportOpts]
+ * @param {number} [transportOpts.timeoutMs] - Per-request HTTP timeout (validation E2E POST can exceed 30s)
+ * @returns {Promise<Object>} ApiClient result: { success, data, status, ... }
+ */
+async function postValidationRun(dataplaneUrl, authConfig, body, transportOpts = {}) {
+  const hdrs = buildClientCredentialHeaders(authConfig);
+  const clientAuth = hdrs ? {} : normalizeDataplaneAuth(authConfig);
+  const client = new ApiClient(dataplaneUrl, clientAuth);
+  const postOpts = { body, headers: hdrs || undefined };
+  if (Number.isFinite(transportOpts.timeoutMs) && transportOpts.timeoutMs > 0) {
+    postOpts.timeoutMs = transportOpts.timeoutMs;
+  }
+  return client.post(POST_PATH, postOpts);
+}
+
+/**
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @function getValidationRun
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Authentication
+ * @param {string} testRunId - Poll id from 202 / envelope
+ * @param {Object} [transportOpts]
+ * @param {number} [transportOpts.timeoutMs] - Per-request HTTP timeout (align with aggregate validation budget)
+ * @returns {Promise<Object>} ApiClient result
+ */
+async function getValidationRun(dataplaneUrl, authConfig, testRunId, transportOpts = {}) {
+  if (!testRunId || typeof testRunId !== 'string') {
+    throw new Error('testRunId is required for validation run poll');
+  }
+  const hdrs = buildClientCredentialHeaders(authConfig);
+  const clientAuth = hdrs ? {} : normalizeDataplaneAuth(authConfig);
+  const client = new ApiClient(dataplaneUrl, clientAuth);
+  const path = `${POST_PATH}/${encodeURIComponent(testRunId)}`;
+  const getOpts = { headers: hdrs || undefined };
+  if (Number.isFinite(transportOpts.timeoutMs) && transportOpts.timeoutMs > 0) {
+    getOpts.timeoutMs = transportOpts.timeoutMs;
+  }
+  return client.get(path, getOpts);
+}
+
+/**
+ * Extract async poll id from POST 202 body or partial DatasourceTestRun.
+ * @param {Object} data - Parsed JSON body
+ * @returns {string|null}
+ */
+function extractTestRunId(data) {
+  if (!data || typeof data !== 'object') return null;
+  if (typeof data.testRunId === 'string' && data.testRunId.trim()) return data.testRunId.trim();
+  if (data.testRunId && typeof data.testRunId === 'object') {
+    const id = data.testRunId.id || data.testRunId.key;
+    if (typeof id === 'string' && id.trim()) return id.trim();
+  }
+  return null;
+}
+
+module.exports = {
+  postValidationRun,
+  getValidationRun,
+  extractTestRunId,
+  normalizeDataplaneAuth,
+  buildClientCredentialHeaders,
+  POST_PATH
+};

package/lib/api/validation-runner.js

@@ -0,0 +1,109 @@
+/**
+ * @fileoverview Single reusable module for unified validation POST + optional poll.
+ *
+ * Used by datasource- and system-scoped CLI flows to enforce plan §9 behavior consistently.
+ */
+
+'use strict';
+
+const { extractTestRunId } = require('./validation-run.api');
+const { postValidationRunWithTransportRetry } = require('../utils/validation-run-post-retry');
+const { pollValidationRunUntilComplete } = require('../utils/validation-run-poll');
+
+/**
+ * POST /api/v1/validation/run and (when async) poll GET until reportCompleteness is full.
+ *
+ * @param {Object} opts
+ * @param {string} opts.dataplaneUrl
+ * @param {Object} opts.authConfig
+ * @param {Object} opts.body
+ * @param {number} opts.timeoutMs
+ * @param {boolean} opts.useAsync
+ * @param {boolean} opts.noAsync
+ * @returns {Promise<{ envelope: Object|null, apiError: Object|null, pollTimedOut: boolean, incompleteNoAsync: boolean }>}
+ */
+/* eslint-disable max-lines-per-function, max-statements, complexity -- POST + poll orchestration */
+async function postValidationRunAndOptionalPoll(opts) {
+  const { dataplaneUrl, authConfig, body, timeoutMs, useAsync, noAsync, verbosePoll } = opts;
+  const started = Date.now();
+  const transportOpts =
+    Number.isFinite(timeoutMs) && timeoutMs > 0 ? { timeoutMs } : {};
+  const postRes = await postValidationRunWithTransportRetry(
+    dataplaneUrl,
+    authConfig,
+    body,
+    transportOpts
+  );
+  if (!postRes.success) {
+    return {
+      envelope: null,
+      apiError: postRes,
+      pollTimedOut: false,
+      incompleteNoAsync: false
+    };
+  }
+
+  let envelope = postRes.data;
+  const httpStatus = postRes.status;
+  const testRunId = extractTestRunId(envelope);
+  const completeness = envelope && envelope.reportCompleteness;
+  const needsPoll =
+    httpStatus === 202 ||
+    (testRunId && completeness && completeness !== 'full' && useAsync);
+
+  if (needsPoll && testRunId) {
+    const elapsed = Date.now() - started;
+    const remaining = Math.max(0, timeoutMs - elapsed);
+    const pollResult = await pollValidationRunUntilComplete({
+      dataplaneUrl,
+      authConfig,
+      testRunId,
+      budgetMs: remaining,
+      verbosePoll: verbosePoll === true,
+      pollRequestTimeoutMs:
+        Number.isFinite(timeoutMs) && timeoutMs > 0 ? timeoutMs : undefined
+    });
+    if (!pollResult.lastApiResult || !pollResult.lastApiResult.success) {
+      return {
+        envelope: pollResult.envelope,
+        apiError: pollResult.lastApiResult,
+        pollTimedOut: pollResult.timedOut,
+        incompleteNoAsync: false
+      };
+    }
+    envelope = pollResult.envelope;
+    if (pollResult.timedOut) {
+      return {
+        envelope,
+        apiError: null,
+        pollTimedOut: true,
+        incompleteNoAsync: false
+      };
+    }
+  }
+
+  if (
+    noAsync &&
+    envelope &&
+    envelope.reportCompleteness &&
+    envelope.reportCompleteness !== 'full'
+  ) {
+    return {
+      envelope,
+      apiError: null,
+      pollTimedOut: false,
+      incompleteNoAsync: true
+    };
+  }
+
+  return {
+    envelope,
+    apiError: null,
+    pollTimedOut: false,
+    incompleteNoAsync: false
+  };
+}
+/* eslint-enable max-lines-per-function, max-statements, complexity */
+
+module.exports = { postValidationRunAndOptionalPoll };
+

package/lib/app/certification-show-enrich.js

@@ -0,0 +1,129 @@
+/**
+ * @fileoverview Load local `certification` and optional dataplane verify for `aifabrix show` (external).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+'use strict';
+
+const { resolvePrimarySystemFilePath } = require('../certification/sync-system-certification');
+const { loadConfigFile } = require('../utils/config-format');
+const { generateControllerManifest } = require('../generator/external-controller-manifest');
+const { verifyRowForDatasource } = require('./certification-verify-rows');
+
+const MAX_VERIFY_DATASOURCES = 12;
+
+/**
+ * @param {string} pem
+ * @param {number} maxLen
+ * @returns {string}
+ */
+function truncatePublicKeyPreview(pem, maxLen = 52) {
+  if (!pem || typeof pem !== 'string') return '—';
+  const s = pem.trim();
+  if (s.length <= maxLen) return s;
+  return `${s.slice(0, maxLen)}… (${s.length} chars)`;
+}
+
+/**
+ * @param {Object|null|undefined} cert
+ * @returns {Object|null}
+ */
+function sanitizeCertificationForJson(cert) {
+  if (!cert || typeof cert !== 'object') return null;
+  const pk = cert.publicKey;
+  return {
+    enabled: cert.enabled,
+    algorithm: cert.algorithm,
+    issuer: cert.issuer,
+    version: cert.version,
+    publicKeyPreview: truncatePublicKeyPreview(pk, 96)
+  };
+}
+
+/**
+ * @param {string} appKey
+ * @returns {Object|null}
+ */
+function loadLocalCertificationFromSystemFile(appKey) {
+  const r = resolvePrimarySystemFilePath(appKey);
+  if (!r || !r.systemFilePath) return null;
+  try {
+    const sys = loadConfigFile(r.systemFilePath);
+    const c = sys && sys.certification;
+    if (!c || typeof c !== 'object') return null;
+    return c;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * @param {Object} summary - show summary (mutated)
+ * @param {string} appKey
+ */
+function attachLocalCertification(summary, appKey) {
+  if (!summary || !summary.isExternal) return;
+  const cert = loadLocalCertificationFromSystemFile(appKey);
+  if (cert) summary.localCertification = cert;
+}
+
+/**
+ * Resolve dataplane URL + datasource keys for verify, or set summary errors.
+ * @returns {Promise<{ dataplaneUrl: string, authConfig: Object, systemKey: string, keys: string[] }|null>}
+ */
+async function resolveCertificationVerifyTargets(summary, appKey, authBundle) {
+  if (!authBundle || !authBundle.token || !authBundle.controllerUrl) {
+    summary.certificationVerifySkipped = true;
+    return null;
+  }
+  const { resolveEnvironment } = require('../core/config');
+  const { resolveDataplaneUrl } = require('../utils/dataplane-resolver');
+  const authConfig = { type: 'bearer', token: authBundle.token };
+  const environment = await resolveEnvironment();
+  let dataplaneUrl;
+  try {
+    dataplaneUrl = await resolveDataplaneUrl(authBundle.controllerUrl, environment, authConfig);
+  } catch (e) {
+    summary.certificationVerifyError = e.message || 'dataplane_unavailable';
+    return null;
+  }
+  let manifest;
+  try {
+    manifest = await generateControllerManifest(appKey, { type: 'external' });
+  } catch {
+    summary.certificationVerifyError = 'manifest_unavailable';
+    return null;
+  }
+  const systemKey = manifest.key || appKey;
+  const keys = (manifest.dataSources || []).map((ds) => ds && ds.key).filter(Boolean).slice(0, MAX_VERIFY_DATASOURCES);
+  return { dataplaneUrl, authConfig, systemKey, keys };
+}
+
+/**
+ * Populate **certificationVerifyRows** on summary (mutates).
+ *
+ * @async
+ * @param {Object} summary
+ * @param {string} appKey
+ * @param {{ token: string, controllerUrl: string }} authBundle
+ * @returns {Promise<void>}
+ */
+async function attachCertificationVerifyFromDataplane(summary, appKey, authBundle) {
+  if (!summary || !summary.isExternal) return;
+  const ctx = await resolveCertificationVerifyTargets(summary, appKey, authBundle);
+  if (!ctx) return;
+  const rows = [];
+  for (const dk of ctx.keys) {
+    rows.push(await verifyRowForDatasource(ctx.dataplaneUrl, ctx.authConfig, ctx.systemKey, dk));
+  }
+  summary.certificationVerifyRows = rows;
+}
+
+module.exports = {
+  attachLocalCertification,
+  attachCertificationVerifyFromDataplane,
+  sanitizeCertificationForJson,
+  truncatePublicKeyPreview,
+  loadLocalCertificationFromSystemFile
+};

package/lib/app/certification-verify-rows.js

@@ -0,0 +1,60 @@
+/**
+ * @fileoverview Build per-datasource certificate verify rows for show / enrich (small helpers for lint limits).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+'use strict';
+
+const { unwrapApiData } = require('../utils/external-system-readiness-core');
+const { getActiveIntegrationCertificate, verifyIntegrationCertificate } = require('../api/certificates.api');
+
+/**
+ * @param {*} id
+ * @returns {string|null}
+ */
+function certificateIdString(id) {
+  if (id === undefined || id === null) return null;
+  if (typeof id === 'string') return id.trim() || null;
+  if (typeof id === 'object' && id !== null && typeof id.id === 'string') return id.id.trim() || null;
+  return null;
+}
+
+/**
+ * @param {string} dataplaneUrl
+ * @param {Object} authConfig
+ * @param {string} systemKey
+ * @param {string} dk
+ * @returns {Promise<Object>}
+ */
+async function verifyRowForDatasource(dataplaneUrl, authConfig, systemKey, dk) {
+  const activeRes = await getActiveIntegrationCertificate(dataplaneUrl, authConfig, systemKey, dk);
+  if (!activeRes || activeRes.success === false) {
+    return { datasourceKey: dk, error: 'active_unavailable' };
+  }
+  const art = unwrapApiData(activeRes);
+  const cid = certificateIdString(art && art.certificateId);
+  if (!cid) {
+    return { datasourceKey: dk, error: 'no_certificate_id' };
+  }
+  const verRes = await verifyIntegrationCertificate(dataplaneUrl, authConfig, {
+    certificateId: cid,
+    verifyHash: true,
+    systemIdOrKey: systemKey,
+    datasourceKey: dk
+  });
+  if (!verRes || verRes.success === false) {
+    return { datasourceKey: dk, certificateId: cid, error: 'verify_request_failed' };
+  }
+  const v = unwrapApiData(verRes);
+  return {
+    datasourceKey: dk,
+    certificateId: cid,
+    overallValid: !!(v && v.overallValid),
+    validSignature: !!(v && v.validSignature),
+    validHash: !!(v && v.validHash),
+    reasons: Array.isArray(v && v.reasons) ? v.reasons : []
+  };
+}
+
+module.exports = { verifyRowForDatasource, certificateIdString };

package/lib/app/config.js

@@ -135,7 +135,7 @@ async function generateEnvTemplateFile(appPath, appName, config, existingEnv) {
       envTemplate = envResult.template;
 
       if (envResult.warnings.length > 0) {
-        logger.log(chalk.yellow('\n⚠️  Environment conversion warnings:'));
+        logger.log(chalk.yellow('\n⚠  Environment conversion warnings:'));
         envResult.warnings.forEach(warning => logger.log(chalk.yellow(`  - ${warning}`)));
       }
     } else {

package/lib/app/deploy-status-display.js

@@ -69,9 +69,9 @@ async function displayAppUrlFromController(controllerUrl, envKey, appKey, authCo
     url = buildAppUrlFromControllerAndPort(controllerUrl, port);
   }
   if (url) {
-    logger.log(chalk.green(`   ✓ App running at ${url}`));
+    logger.log(chalk.green(`   ✔ App running at ${url}`));
   } else {
-    logger.log(chalk.blue('   ✓ App deployed. Get URL from controller dashboard.'));
+    logger.log(chalk.blue('   ✔ App deployed. Get URL from controller dashboard.'));
   }
 }
 

package/lib/app/deploy.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder Application Deployment Module
  *
@@ -79,7 +80,7 @@ async function validatePushPrerequisites(appName, registry) {
  */
 async function executePush(appName, registry, tags) {
   if (await pushUtils.checkACRAuthentication(registry)) {
-    logger.log(chalk.green(`✓ Already authenticated with ${registry}`));
+    logger.log(formatSuccessLine(`Already authenticated with ${registry}`));
   } else {
     await pushUtils.authenticateACR(registry);
   }
@@ -98,7 +99,7 @@ async function executePush(appName, registry, tags) {
  * @param {string} appName - Application name
  */
 function verifyPushResult(tags, registry, appName) {
-  logger.log(chalk.green(`\n✓ Successfully pushed ${tags.length} tag(s) to ${registry}`));
+  logger.log(formatSuccessParagraph(`Successfully pushed ${tags.length} tag(s) to ${registry}`));
   logger.log(chalk.gray(`Image: ${registry}/${appName}:*`));
   logger.log(chalk.gray(`Tags: ${tags.join(', ')}`));
 }
@@ -173,7 +174,7 @@ async function generateAndValidateManifest(appName, options = {}) {
  * @param {string} manifestPath - Path to manifest file
  */
 function displayDeploymentInfo(manifest, manifestPath) {
-  logger.log(chalk.green(`✓ Manifest generated: ${manifestPath}`));
+  logger.log(formatSuccessLine(`Manifest generated: ${manifestPath}`));
   logger.log(chalk.blue(`   Key: ${manifest.key}`));
   logger.log(chalk.blue(`   Display Name: ${manifest.displayName}`));
   logger.log(chalk.blue(`   Image: ${manifest.image}`));
@@ -216,8 +217,8 @@ function displayDeploymentResults(result) {
     logger.log(chalk.blue(`   Deployment ID: ${result.deploymentId}`));
   }
   if (result.status) {
-    const statusIcon = result.status.status === 'completed' ? '✅' :
-      result.status.status === 'failed' ? '❌' : '⏳';
+    const statusIcon = result.status.status === 'completed' ? '✔' :
+      result.status.status === 'failed' ? '✖' : '⏳';
     logger.log(chalk.blue(`   Status: ${statusIcon} ${result.status.status}`));
   }
 }
@@ -368,7 +369,7 @@ async function executeStandardDeployment(appName, options) {
 }
 
 /**
- * Tries external deploy when builder/<app> does not exist but integration/<app> does.
+ * Tries external deploy when builder/<appKey> does not exist but integration/<systemKey> does.
  * @async
  * @param {string} appName - Application name
  * @param {Object} options - Deployment options

package/lib/app/display.js

@@ -1,3 +1,4 @@
+const { formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Display Utilities
  *
@@ -64,7 +65,7 @@ function displayWebappSuccess(appName, config, envConversionMessage) {
  * @param {string} appPath - Application path
  */
 function displaySuccessMessage(appName, config, envConversionMessage, hasAppFiles = false, appPath = null) {
-  logger.log(chalk.green('\n✓ Application created successfully!'));
+  logger.log(formatSuccessParagraph('Application created successfully!'));
   logger.log(chalk.blue(`\nApplication: ${appName}`));
 
   // Determine location based on app type

package/lib/app/dockerfile.js

@@ -1,3 +1,4 @@
+const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 /**
  * Application Dockerfile Generation
  *
@@ -74,7 +75,7 @@ async function generateAndCopyDockerfile(appPath, dockerfilePath, config) {
   const buildConfig = config.build || {};
   const generatedPath = await build.generateDockerfile(appPath, config.language, config, buildConfig);
   await fs.copyFile(generatedPath, dockerfilePath);
-  logger.log(chalk.green('✓ Generated Dockerfile from template'));
+  logger.log(formatSuccessLine('Generated Dockerfile from template'));
   return dockerfilePath;
 }
 
@@ -90,7 +91,7 @@ async function generateDockerfileForApp(appName, options = {}) {
   try {
     const { isExternal } = await detectAppType(appName);
     if (isExternal) {
-      logger.log(chalk.yellow('⚠️  External systems don\'t require Dockerfiles. Skipping...'));
+      logger.log(chalk.yellow('⚠  External systems don\'t require Dockerfiles. Skipping...'));
       return null;
     }
   } catch (error) {