npm - @aifabrix/builder - Versions diffs - 2.43.0 → 2.44.1 - Mend

@aifabrix/builder 2.43.0 → 2.44.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/.cursor/rules/anchor-docs.mdc +15 -0
package/.cursor/rules/cli-layout.mdc +75 -0
package/.cursor/rules/project-rules.mdc +8 -0
package/.npmrc.token +1 -0
package/.nyc_output/55e9d034-ddab-4579-a706-e02a91d75c91.json +1 -0
package/.nyc_output/processinfo/55e9d034-ddab-4579-a706-e02a91d75c91.json +1 -0
package/.nyc_output/processinfo/index.json +1 -0
package/README.md +1 -1
package/anchor-docs/README.md +10 -0
package/anchor-docs/_TEMPLATE +24 -0
package/bin/aifabrix.js +13 -4
package/integration/hubspot-test/README.md +31 -0
package/integration/hubspot-test/create-hubspot.js +5 -5
package/integration/hubspot-test/hubspot-test-datasource-company.json +58 -462
package/integration/hubspot-test/hubspot-test-datasource-contact.json +61 -555
package/integration/hubspot-test/hubspot-test-datasource-deal.json +63 -506
package/integration/hubspot-test/hubspot-test-datasource-users.json +42 -83
package/integration/hubspot-test/hubspot-test-deploy.json +3 -3
package/integration/hubspot-test/test-dataplane-down-tests.js +1 -7
package/integration/hubspot-test/test-dataplane-down.js +3 -3
package/integration/hubspot-test/test.js +35 -43
package/integration/hubspot-test/wizard-hubspot-test-headless.yaml +23 -0
package/integration/roundtrip-test-local/README.md +144 -0
package/integration/roundtrip-test-local/application.yaml +13 -0
package/integration/roundtrip-test-local/env.template +15 -0
package/integration/roundtrip-test-local/roundtrip-test-local-datasource-roundtrip-test-company.yaml +14 -0
package/integration/roundtrip-test-local/roundtrip-test-local-deploy.json +61 -0
package/integration/roundtrip-test-local/roundtrip-test-local-system.yaml +25 -0
package/integration/roundtrip-test-local2/README.md +144 -0
package/integration/roundtrip-test-local2/application.yaml +13 -0
package/integration/roundtrip-test-local2/env.template +15 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-datasource-company.yaml +31 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-deploy.json +86 -0
package/integration/roundtrip-test-local2/roundtrip-test-local2-system.yaml +25 -0
package/integration/test/wizard.yaml +8 -0
package/jest.config.default.js +10 -0
package/jest.config.integration.fixtures.js +22 -0
package/jest.config.integration.js +21 -18
package/jest.config.isolated.js +10 -0
package/jest.projects.js +301 -0
package/lib/api/certificates.api.js +62 -0
package/lib/api/datasources-core.api.js +3 -3
package/lib/api/dev-mtls-request.js +110 -0
package/lib/api/dev-server-https.js +145 -0
package/lib/api/dev.api.js +133 -144
package/lib/api/index.js +11 -3
package/lib/api/pipeline.api.js +67 -20
package/lib/api/types/certificates.types.js +48 -0
package/lib/api/types/dev.types.js +4 -3
package/lib/api/types/pipeline.types.js +8 -5
package/lib/api/types/validation-run.types.js +56 -0
package/lib/api/validation-run.api.js +111 -0
package/lib/api/validation-runner.js +109 -0
package/lib/app/certification-show-enrich.js +129 -0
package/lib/app/certification-verify-rows.js +60 -0
package/lib/app/config.js +1 -1
package/lib/app/deploy-status-display.js +2 -2
package/lib/app/deploy.js +7 -6
package/lib/app/display.js +2 -1
package/lib/app/dockerfile.js +3 -2
package/lib/app/down.js +2 -1
package/lib/app/helpers.js +6 -5
package/lib/app/index.js +27 -8
package/lib/app/list.js +7 -6
package/lib/app/push.js +4 -3
package/lib/app/register.js +16 -7
package/lib/app/rotate-secret.js +14 -13
package/lib/app/run-container-start.js +184 -0
package/lib/app/run-docker-fallback.js +108 -0
package/lib/app/run-env-compose.js +30 -42
package/lib/app/run-helpers.js +49 -126
package/lib/app/run-infra-requirements.js +30 -0
package/lib/app/run-resolve-image.js +21 -0
package/lib/app/run.js +74 -21
package/lib/app/show-display.js +44 -1
package/lib/app/show.js +93 -9
package/lib/build/index.js +13 -10
package/lib/certification/cli-cert-sync-skip.js +21 -0
package/lib/certification/merge-certification-from-artifact.js +185 -0
package/lib/certification/post-unified-cert-sync.js +33 -0
package/lib/certification/sync-after-external-command.js +52 -0
package/lib/certification/sync-system-certification.js +197 -0
package/lib/cli/index.js +2 -0
package/lib/cli/setup-app.help.js +67 -0
package/lib/cli/setup-app.js +61 -121
package/lib/cli/setup-app.test-commands.js +195 -0
package/lib/cli/setup-auth.js +19 -5
package/lib/cli/setup-credential-deployment.js +22 -8
package/lib/cli/setup-dev-path-commands.js +124 -0
package/lib/cli/setup-dev.js +170 -113
package/lib/cli/setup-environment.js +7 -1
package/lib/cli/setup-external-system.js +84 -23
package/lib/cli/setup-infra.js +126 -47
package/lib/cli/setup-parameters.js +32 -0
package/lib/cli/setup-secrets.js +137 -18
package/lib/cli/setup-service-user.js +1 -1
package/lib/cli/setup-utility.js +54 -22
package/lib/commands/app-down.js +5 -7
package/lib/commands/app-install.js +14 -7
package/lib/commands/app-logs.js +13 -10
package/lib/commands/app-shell.js +4 -1
package/lib/commands/app-test.js +25 -19
package/lib/commands/app.js +32 -11
package/lib/commands/auth-config.js +6 -6
package/lib/commands/auth-status.js +4 -3
package/lib/commands/credential-env.js +4 -3
package/lib/commands/credential-list.js +5 -4
package/lib/commands/credential-push.js +4 -3
package/lib/commands/datasource-unified-test-cli.js +428 -0
package/lib/commands/datasource-unified-test-cli.options.js +191 -0
package/lib/commands/datasource-unified-test-e2e-cli-helpers.js +106 -0
package/lib/commands/datasource-validation-cli.js +143 -0
package/lib/commands/datasource.js +125 -95
package/lib/commands/deployment-list.js +6 -5
package/lib/commands/dev-cli-handlers.js +122 -18
package/lib/commands/dev-down.js +4 -3
package/lib/commands/dev-init.js +231 -116
package/lib/commands/dev-show-display.js +473 -0
package/lib/commands/login-credentials.js +3 -2
package/lib/commands/login-device.js +4 -3
package/lib/commands/login.js +5 -4
package/lib/commands/logout.js +8 -7
package/lib/commands/parameters-validate.js +54 -0
package/lib/commands/repair-datasource.js +314 -68
package/lib/commands/repair-env-template.js +2 -2
package/lib/commands/repair.js +21 -3
package/lib/commands/secrets-list.js +23 -12
package/lib/commands/secrets-remove-all.js +220 -0
package/lib/commands/secrets-remove.js +21 -12
package/lib/commands/secrets-set.js +21 -12
package/lib/commands/secrets-validate.js +4 -4
package/lib/commands/secure.js +10 -9
package/lib/commands/service-user.js +26 -25
package/lib/commands/test-e2e-external.js +27 -1
package/lib/commands/up-common.js +3 -2
package/lib/commands/up-dataplane.js +29 -16
package/lib/commands/up-miso.js +19 -29
package/lib/commands/upload.js +149 -39
package/lib/commands/wizard-core-helpers.js +1 -1
package/lib/commands/wizard-dataplane.js +4 -3
package/lib/commands/wizard-helpers.js +3 -3
package/lib/commands/wizard.js +2 -2
package/lib/core/admin-secrets.js +14 -5
package/lib/core/audit-logger.js +12 -4
package/lib/core/config-attach-extensions.js +46 -0
package/lib/core/config-runtime-paths.js +29 -0
package/lib/core/config.js +55 -56
package/lib/core/diff.js +3 -2
package/lib/core/ensure-encryption-key.js +1 -1
package/lib/core/secrets-ensure-infra.js +77 -0
package/lib/core/secrets-ensure.js +120 -64
package/lib/core/secrets-env-write.js +35 -7
package/lib/core/secrets-infra-placeholder-sync.js +61 -0
package/lib/core/secrets.js +200 -37
package/lib/core/templates-env.js +4 -3
package/lib/datasource/abac-validator.js +1 -10
package/lib/datasource/deploy.js +75 -53
package/lib/datasource/field-reference-validator.js +9 -6
package/lib/datasource/integration-context.js +63 -0
package/lib/datasource/list.js +8 -7
package/lib/datasource/log-viewer.js +189 -67
package/lib/datasource/resolve-app.js +4 -4
package/lib/datasource/test-e2e.js +113 -146
package/lib/datasource/test-integration.js +114 -122
package/lib/datasource/unified-validation-run-body.js +68 -0
package/lib/datasource/unified-validation-run-post.js +23 -0
package/lib/datasource/unified-validation-run-resolve.js +43 -0
package/lib/datasource/unified-validation-run.js +93 -0
package/lib/datasource/validate.js +157 -13
package/lib/deployment/deployer.js +4 -3
package/lib/deployment/environment.js +7 -6
package/lib/deployment/push.js +17 -8
package/lib/external-system/delete.js +4 -3
package/lib/external-system/deploy.js +166 -53
package/lib/external-system/download-helpers.js +1 -1
package/lib/external-system/download.js +7 -6
package/lib/external-system/generator.js +92 -6
package/lib/external-system/integration-test-dispatch.js +26 -0
package/lib/external-system/test-execution.js +5 -1
package/lib/external-system/test-helpers.js +0 -4
package/lib/external-system/test-system-level-helpers.js +110 -0
package/lib/external-system/test-system-level.js +83 -44
package/lib/external-system/test.js +59 -8
package/lib/generator/builders.js +23 -11
package/lib/generator/deploy-manifest-azure-kv.js +81 -0
package/lib/generator/external.js +16 -4
package/lib/generator/helpers.js +58 -3
package/lib/generator/index.js +4 -0
package/lib/generator/split-readme.js +12 -7
package/lib/generator/split-variables.js +2 -1
package/lib/generator/split.js +1 -1
package/lib/generator/wizard-readme.js +3 -3
package/lib/generator/wizard.js +8 -8
package/lib/infrastructure/compose.js +70 -7
package/lib/infrastructure/helpers-docker-check.js +67 -0
package/lib/infrastructure/helpers.js +203 -42
package/lib/infrastructure/index.js +31 -18
package/lib/infrastructure/services.js +21 -67
package/lib/internal/fs-real-sync.js +104 -0
package/lib/internal/node-fs.js +98 -0
package/lib/parameters/database-secret-values.js +173 -0
package/lib/parameters/infra-kv-discovery.js +121 -0
package/lib/parameters/infra-parameter-catalog.js +458 -0
package/lib/parameters/infra-parameter-validate.js +64 -0
package/lib/schema/application-schema.json +37 -17
package/lib/schema/datasource-test-run.schema.json +493 -0
package/lib/schema/deployment-rules.yaml +102 -63
package/lib/schema/external-datasource.schema.json +1200 -442
package/lib/schema/external-system.schema.json +203 -5
package/lib/schema/flag-map-validation-run.json +31 -0
package/lib/schema/infra-parameter.schema.json +106 -0
package/lib/schema/infra.parameter.yaml +421 -0
package/lib/schema/type/credential-auth-templates.json +40 -0
package/lib/schema/type/document-storage.json +226 -0
package/lib/schema/type/message-service.json +123 -0
package/lib/schema/type/vector-store.json +88 -0
package/lib/utils/aifabrix-runtime-config-dir.js +132 -0
package/lib/utils/api-error-handler.js +2 -2
package/lib/utils/api.js +77 -17
package/lib/utils/app-register-api.js +3 -2
package/lib/utils/app-register-auth.js +1 -1
package/lib/utils/app-register-config.js +4 -4
package/lib/utils/app-register-display.js +3 -2
package/lib/utils/app-register-validator.js +3 -2
package/lib/utils/app-run-containers.js +26 -22
package/lib/utils/app-scoped-config.js +31 -0
package/lib/utils/app-service-env-from-builder.js +164 -0
package/lib/utils/build-copy.js +1 -1
package/lib/utils/build-helpers.js +20 -20
package/lib/utils/build-resolve-image.js +165 -0
package/lib/utils/cli-layout-chalk.js +8 -0
package/lib/utils/cli-test-layout-chalk.js +267 -0
package/lib/utils/cli-utils.js +88 -11
package/lib/utils/compose-db-passwords.js +138 -0
package/lib/utils/compose-generate-docker-compose.js +216 -0
package/lib/utils/compose-generator.js +197 -291
package/lib/utils/compose-miso-env.js +18 -0
package/lib/utils/compose-traefik-ingress-base.js +158 -0
package/lib/utils/config-paths.js +166 -7
package/lib/utils/config-scoped-resources-preference.js +41 -0
package/lib/utils/configuration-env-resolver.js +11 -8
package/lib/utils/controller-deployment-outcome.js +68 -0
package/lib/utils/credential-display.js +2 -2
package/lib/utils/credential-secrets-env.js +5 -5
package/lib/utils/dataplane-pipeline-warning.js +4 -3
package/lib/utils/datasource-test-run-capability-scope.js +43 -0
package/lib/utils/datasource-test-run-certificate-tty.js +82 -0
package/lib/utils/datasource-test-run-debug-display.js +137 -0
package/lib/utils/datasource-test-run-debug-slice.js +93 -0
package/lib/utils/datasource-test-run-display.js +459 -0
package/lib/utils/datasource-test-run-exit.js +83 -0
package/lib/utils/datasource-test-run-legacy-adapter.js +93 -0
package/lib/utils/datasource-test-run-report-version.js +51 -0
package/lib/utils/datasource-test-run-schema-sync.js +59 -0
package/lib/utils/datasource-test-run-tty-log.js +81 -0
package/lib/utils/datasource-validation-watch.js +266 -0
package/lib/utils/declarative-url-ports.js +47 -0
package/lib/utils/derive-env-key-from-client-id.js +41 -0
package/lib/utils/dev-ca-install.js +185 -23
package/lib/utils/dev-cert-helper.js +266 -17
package/lib/utils/dev-hosts-helper.js +307 -0
package/lib/utils/dev-init-cert-hints.js +37 -0
package/lib/utils/dev-init-health-messages.js +52 -0
package/lib/utils/dev-init-resolve.js +86 -0
package/lib/utils/dev-init-ssh-merge.js +65 -0
package/lib/utils/dev-ssh-config-helper.js +196 -0
package/lib/utils/dev-user-groups.js +93 -0
package/lib/utils/docker-build.js +42 -17
package/lib/utils/docker-exec.js +28 -0
package/lib/utils/docker-manifest-public-port.js +116 -0
package/lib/utils/docker-not-running-hint.js +52 -0
package/lib/utils/docker.js +98 -11
package/lib/utils/ensure-dev-certs-for-remote-docker.js +192 -0
package/lib/utils/env-config-loader.js +10 -91
package/lib/utils/env-copy.js +19 -10
package/lib/utils/env-map.js +35 -8
package/lib/utils/env-template.js +2 -2
package/lib/utils/environment-scoped-resources.js +144 -0
package/lib/utils/error-formatter.js +92 -13
package/lib/utils/error-formatters/http-status-errors.js +6 -5
package/lib/utils/error-formatters/network-errors.js +2 -1
package/lib/utils/error-formatters/permission-errors.js +2 -1
package/lib/utils/error-formatters/validation-errors.js +2 -1
package/lib/utils/external-readme.js +8 -1
package/lib/utils/external-system-display.js +242 -136
package/lib/utils/external-system-local-test-tty.js +389 -0
package/lib/utils/external-system-readiness-core.js +377 -0
package/lib/utils/external-system-readiness-deploy-display.js +270 -0
package/lib/utils/external-system-readiness-display-internals.js +150 -0
package/lib/utils/external-system-readiness-display.js +186 -0
package/lib/utils/external-system-system-test-tty-overview.js +120 -0
package/lib/utils/external-system-system-test-tty.js +417 -0
package/lib/utils/external-system-test-helpers.js +24 -6
package/lib/utils/external-system-validators.js +30 -12
package/lib/utils/health-check-url.js +119 -0
package/lib/utils/health-check.js +59 -25
package/lib/utils/help-builder.js +11 -8
package/lib/utils/image-version.js +4 -8
package/lib/utils/infra-containers.js +4 -7
package/lib/utils/infra-env-defaults.js +162 -0
package/lib/utils/infra-status-display.js +167 -0
package/lib/utils/infra-status.js +16 -8
package/lib/utils/local-secrets.js +3 -4
package/lib/utils/paths.js +148 -47
package/lib/utils/port-resolver.js +10 -23
package/lib/utils/redis-env-scope.js +62 -0
package/lib/utils/register-aifabrix-shell-env.js +204 -0
package/lib/utils/remote-builder-validation.js +99 -0
package/lib/utils/remote-dev-auth.js +117 -21
package/lib/utils/remote-docker-env.js +67 -15
package/lib/utils/remote-secrets-loader.js +13 -4
package/lib/utils/resolve-docker-image-ref.js +124 -0
package/lib/utils/schema-loader.js +22 -9
package/lib/utils/secrets-bash-kv.js +25 -0
package/lib/utils/secrets-generator.js +169 -49
package/lib/utils/secrets-helpers.js +70 -59
package/lib/utils/secrets-kv-scope.js +60 -0
package/lib/utils/secrets-utils.js +32 -38
package/lib/utils/secrets-validation.js +3 -1
package/lib/utils/secrets-yaml-preserve.js +109 -0
package/lib/utils/ssh-key-helper.js +4 -2
package/lib/utils/template-helpers.js +2 -2
package/lib/utils/test-log-writer.js +3 -3
package/lib/utils/token-manager.js +1 -2
package/lib/utils/url-declarative-public-base.js +188 -0
package/lib/utils/url-declarative-resolve-build.js +493 -0
package/lib/utils/url-declarative-resolve-load-doc.js +51 -0
package/lib/utils/url-declarative-resolve.js +220 -0
package/lib/utils/url-declarative-token-parse.js +74 -0
package/lib/utils/url-declarative-url-flags.js +50 -0
package/lib/utils/url-declarative-vdir-inactive-env.js +99 -0
package/lib/utils/url-public-path-prefix.js +34 -0
package/lib/utils/urls-local-registry.js +220 -0
package/lib/utils/validation-report-tty-kit.js +77 -0
package/lib/utils/validation-run-poll.js +112 -0
package/lib/utils/validation-run-post-retry.js +85 -0
package/lib/utils/validation-run-request.js +116 -0
package/lib/utils/variable-transformer.js +21 -4
package/lib/utils/yaml-preserve.js +33 -14
package/lib/validation/datasource-warnings.js +56 -0
package/lib/validation/env-template-auth.js +1 -1
package/lib/validation/external-manifest-validator.js +27 -7
package/lib/validation/validate-display.js +37 -31
package/lib/validation/validate-external-cert-sync.js +23 -0
package/lib/validation/validate.js +8 -14
package/lib/validation/validator-unresolved-placeholders.js +98 -0
package/lib/validation/validator.js +22 -65
package/lib/validation/wizard-config-validator.js +2 -1
package/package.json +9 -4
package/scripts/check-datasource-test-run-schema-sync.js +34 -0
package/scripts/diagnose-cli.js +150 -0
package/scripts/install-local.js +307 -55
package/scripts/pnpm-global-remove.js +48 -0
package/templates/README.md +15 -2
package/templates/applications/dataplane/application.yaml +52 -2
package/templates/applications/dataplane/env.template +79 -17
package/templates/applications/dataplane/rbac.yaml +8 -0
package/templates/applications/keycloak/application.yaml +9 -1
package/templates/applications/keycloak/env.template +15 -6
package/templates/applications/miso-controller/application.yaml +10 -2
package/templates/applications/miso-controller/env.template +42 -12
package/templates/applications/miso-controller/rbac.yaml +5 -0
package/templates/external-system/README.md.hbs +20 -7
package/templates/external-system/deploy.js.hbs +5 -5
package/templates/external-system/external-datasource.yaml.hbs +197 -118
package/templates/infra/compose.yaml.hbs +33 -16
package/templates/infra/servers.json.hbs +3 -1
package/templates/python/docker-compose.hbs +16 -0
package/templates/typescript/docker-compose.hbs +16 -0
package/lib/api/external-test.api.js +0 -111
package/lib/schema/env-config.yaml +0 -60

package/jest.projects.js ADDED Viewed

@@ -0,0 +1,301 @@
+/**
+ * Shared Jest project definitions (default + isolated). Split configs run in separate processes
+ * so `jest.mock('fs')` in the default suite cannot leak into isolated workers.
+ * @fileoverview
+ */
+// Detect CI environment (GitHub Actions, CI simulation, etc.)
+const isCI = process.env.CI === 'true' || process.env.CI_SIMULATION === 'true';
+const sharedTransform = {
+  '^.+\\.js$': ['babel-jest', {
+    configFile: false,
+    babelrc: false,
+    presets: [['@babel/preset-env', { targets: { node: 'current' } }]],
+    plugins: ['@babel/plugin-syntax-optional-chaining']
+  }]
+};
+/**
+ * Single-file Jest project (fresh module graph when run in a separate process).
+ * @param {string} displayName - Jest project display name
+ * @param {string[]} testMatch - Glob patterns for test files
+ * @returns {object} Jest project configuration object
+ */
+function makeIsolatedProject(displayName, testMatch) {
+  return {
+    displayName,
+    testEnvironment: 'node',
+    transform: sharedTransform,
+    testMatch,
+    testPathIgnorePatterns: ['/node_modules/', '\\\\node_modules\\\\'],
+    setupFiles: ['<rootDir>/tests/capture-real-fs.js'],
+    setupFilesAfterEnv: ['<rootDir>/tests/setup.js'],
+    testTimeout: isCI ? 10000 : 5000,
+    maxWorkers: 1
+  };
+}
+const defaultProject = {
+  displayName: 'default',
+  testEnvironment: 'node',
+  transform: sharedTransform,
+  testMatch: [
+    '**/tests/**/*.test.js',
+    '**/tests/**/*.spec.js'
+  ],
+  testPathIgnorePatterns: (() => {
+    const patterns = [
+      '/node_modules/',
+      '\\\\node_modules\\\\',
+      '/tests/integration/',
+      '\\\\tests\\\\integration\\\\',
+      '/tests/manual/',
+      '\\\\tests\\\\manual\\\\',
+      'lib/utils/cli-utils.test.js',
+      'lib/utils/external-system-display.test.js',
+      '/tests/lib/utils/cli-utils.test.js',
+      '/tests/lib/utils/external-system-display.test.js',
+      '/tests/lib/utils/dev-hosts-helper.test.js',
+      '/tests/lib/utils/declarative-url-matrix-d-reload.test.js',
+      '/tests/lib/utils/datasource-validation-watch.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\cli-utils.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\external-system-display.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\dev-hosts-helper.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\declarative-url-matrix-d-reload.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\datasource-validation-watch.test.js',
+      'lib/utils/dev-hosts-helper.test.js',
+      'lib/utils/declarative-url-matrix-d-reload.test.js',
+      'lib/utils/datasource-validation-watch.test.js',
+      'dev-hosts-helper\\.test\\.js',
+      'declarative-url-matrix-d-reload\\.test\\.js',
+      '/tests/lib/datasource/log-viewer.test.js',
+      '\\\\tests\\\\lib\\\\datasource\\\\log-viewer.test.js',
+      'lib/datasource/log-viewer.test.js',
+      '/tests/lib/commands/parameters-validate.test.js',
+      '\\\\tests\\\\lib\\\\commands\\\\parameters-validate.test.js',
+      'lib/commands/parameters-validate.test.js',
+      'parameters-validate\\.test\\.js',
+      '/tests/lib/utils/datasource-test-run-schema-sync.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\datasource-test-run-schema-sync.test.js',
+      'lib/utils/datasource-test-run-schema-sync.test.js',
+      '/tests/lib/parameters/infra-platform-contract.test.js',
+      '\\\\tests\\\\lib\\\\parameters\\\\infra-platform-contract.test.js',
+      'lib/parameters/infra-platform-contract.test.js',
+      '/tests/lib/parameters/database-secret-values.test.js',
+      '\\\\tests\\\\lib\\\\parameters\\\\database-secret-values.test.js',
+      'lib/parameters/database-secret-values.test.js',
+      'database-secret-values\\.test\\.js',
+      '/tests/lib/parameters/infra-parameter-validate.test.js',
+      '\\\\tests\\\\lib\\\\parameters\\\\infra-parameter-validate.test.js',
+      'lib/parameters/infra-parameter-validate.test.js',
+      'infra-parameter-validate\\.test\\.js',
+      '/tests/lib/parameters/infra-parameter-catalog.test.js',
+      '\\\\tests\\\\lib\\\\parameters\\\\infra-parameter-catalog.test.js',
+      'lib/parameters/infra-parameter-catalog.test.js',
+      'infra-parameter-catalog\\.test\\.js',
+      '/tests/lib/utils/urls-local-registry.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\urls-local-registry.test.js',
+      'lib/utils/urls-local-registry.test.js',
+      'urls-local-registry\\.test\\.js',
+      '/tests/lib/utils/aifabrix-runtime-config-dir.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\aifabrix-runtime-config-dir.test.js',
+      'lib/utils/aifabrix-runtime-config-dir.test.js',
+      'aifabrix-runtime-config-dir\\.test\\.js',
+      '/tests/lib/parameters/platform-env-template-kv-catalog.test.js',
+      '\\\\tests\\\\lib\\\\parameters\\\\platform-env-template-kv-catalog.test.js',
+      'lib/parameters/platform-env-template-kv-catalog.test.js',
+      'platform-env-template-kv-catalog\\.test\\.js',
+      '/tests/lib/infrastructure/resolve-infra-state-paths.test.js',
+      '\\\\tests\\\\lib\\\\infrastructure\\\\resolve-infra-state-paths.test.js',
+      'lib/infrastructure/resolve-infra-state-paths.test.js',
+      'resolve-infra-state-paths\\.test\\.js',
+      '/tests/lib/utils/dev-ssh-config-helper.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\dev-ssh-config-helper.test.js',
+      'lib/utils/dev-ssh-config-helper.test.js',
+      'dev-ssh-config-helper\\.test\\.js',
+      '/tests/lib/utils/ssh-key-helper.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\ssh-key-helper.test.js',
+      'lib/utils/ssh-key-helper.test.js',
+      'ssh-key-helper\\.test\\.js',
+      '/tests/lib/core/secrets-ensure-catalog-fallback.test.js',
+      '\\\\tests\\\\lib\\\\core\\\\secrets-ensure-catalog-fallback.test.js',
+      'lib/core/secrets-ensure-catalog-fallback.test.js',
+      'secrets-ensure-catalog-fallback\\.test\\.js',
+      '/tests/lib/core/secrets-ensure.test.js',
+      '\\\\tests\\\\lib\\\\core\\\\secrets-ensure.test.js',
+      'lib/core/secrets-ensure.test.js',
+      'secrets-ensure\\.test\\.js',
+      '/tests/lib/utils/url-declarative-vdir-inactive-env.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\url-declarative-vdir-inactive-env.test.js',
+      'lib/utils/url-declarative-vdir-inactive-env.test.js',
+      'url-declarative-vdir-inactive-env\\.test\\.js',
+      '/tests/lib/utils/app-service-env-from-builder.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\app-service-env-from-builder.test.js',
+      'lib/utils/app-service-env-from-builder.test.js',
+      'app-service-env-from-builder\\.test\\.js',
+      '/tests/lib/parameters/infra-kv-discovery.test.js',
+      '\\\\tests\\\\lib\\\\parameters\\\\infra-kv-discovery.test.js',
+      'lib/parameters/infra-kv-discovery.test.js',
+      'infra-kv-discovery\\.test\\.js',
+      '/tests/lib/utils/infra-env-defaults.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\infra-env-defaults.test.js',
+      'lib/utils/infra-env-defaults.test.js',
+      'infra-env-defaults\\.test\\.js',
+      '/tests/lib/infrastructure/compose-traefik-template.test.js',
+      '\\\\tests\\\\lib\\\\infrastructure\\\\compose-traefik-template.test.js',
+      'lib/infrastructure/compose-traefik-template.test.js',
+      'compose-traefik-template\\.test\\.js',
+      '/tests/lib/utils/paths-app-listing.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\paths-app-listing.test.js',
+      'lib/utils/paths-app-listing.test.js',
+      'paths-app-listing\\.test\\.js',
+      '/tests/lib/utils/url-declarative-truth-table-124.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\url-declarative-truth-table-124.test.js',
+      'lib/utils/url-declarative-truth-table-124.test.js',
+      'url-declarative-truth-table-124\\.test\\.js',
+      '/tests/lib/generator/generator-external-rbac.test.js',
+      '\\\\tests\\\\lib\\\\generator\\\\generator-external-rbac.test.js',
+      'lib/generator/generator-external-rbac.test.js',
+      'generator-external-rbac\\.test\\.js',
+      '/tests/lib/infrastructure/helpers-ensure-admin-secrets.test.js',
+      '\\\\tests\\\\lib\\\\infrastructure\\\\helpers-ensure-admin-secrets.test.js',
+      'lib/infrastructure/helpers-ensure-admin-secrets.test.js',
+      'helpers-ensure-admin-secrets\\.test\\.js',
+      '/tests/lib/utils/secrets-generator.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\secrets-generator.test.js',
+      'lib/utils/secrets-generator.test.js',
+      'secrets-generator\\.test\\.js',
+      '/tests/lib/app/app-uncovered-lines.test.js',
+      '\\\\tests\\\\lib\\\\app\\\\app-uncovered-lines.test.js',
+      'lib/app/app-uncovered-lines.test.js',
+      'app-uncovered-lines\\.test\\.js',
+      '/tests/lib/utils/ensure-dev-certs-for-remote-docker.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\ensure-dev-certs-for-remote-docker.test.js',
+      'lib/utils/ensure-dev-certs-for-remote-docker.test.js',
+      'ensure-dev-certs-for-remote-docker\\.test\\.js',
+      '/tests/lib/generator/generator-error-paths.test.js',
+      '\\\\tests\\\\lib\\\\generator\\\\generator-error-paths.test.js',
+      'lib/generator/generator-error-paths.test.js',
+      'generator-error-paths\\.test\\.js',
+      '/tests/lib/generator/generator-validation.test.js',
+      '\\\\tests\\\\lib\\\\generator\\\\generator-validation.test.js',
+      'lib/generator/generator-validation.test.js',
+      'generator-validation\\.test\\.js',
+      '/tests/lib/core/secrets-databaselog.test.js',
+      '\\\\tests\\\\lib\\\\core\\\\secrets-databaselog.test.js',
+      'lib/core/secrets-databaselog.test.js',
+      'secrets-databaselog\\.test\\.js',
+      '/tests/lib/validation/schema-241-alignment.test.js',
+      '\\\\tests\\\\lib\\\\validation\\\\schema-241-alignment.test.js',
+      'lib/validation/schema-241-alignment.test.js',
+      'schema-241-alignment\\.test\\.js',
+      '/tests/lib/app/app.test.js',
+      '\\\\tests\\\\lib\\\\app\\\\app.test.js',
+      'lib/app/app.test.js',
+      '/tests/lib/core/admin-secrets.test.js',
+      '\\\\tests\\\\lib\\\\core\\\\admin-secrets.test.js',
+      'lib/core/admin-secrets.test.js'
+    ];
+    if (process.env.INCLUDE_LOCAL_TESTS !== 'true') {
+      patterns.push('/tests/local/');
+      patterns.push('\\\\tests\\\\local\\\\');
+    }
+    return patterns;
+  })(),
+  setupFiles: ['<rootDir>/tests/capture-real-fs.js'],
+  setupFilesAfterEnv: ['<rootDir>/tests/setup.js'],
+  testTimeout: isCI ? 10000 : 5000,
+  detectOpenHandles: true,
+  maxWorkers: 1
+};
+const isolatedProjects = [
+  makeIsolatedProject('cli-utils', ['**/tests/lib/utils/cli-utils.test.js']),
+  makeIsolatedProject('external-system-display', ['**/tests/lib/utils/external-system-display.test.js']),
+  makeIsolatedProject('dev-hosts-helper', ['**/tests/lib/utils/dev-hosts-helper.test.js']),
+  makeIsolatedProject('declarative-url-matrix-d-reload', [
+    '**/tests/lib/utils/declarative-url-matrix-d-reload.test.js'
+  ]),
+  makeIsolatedProject('parameters-validate', ['**/tests/lib/commands/parameters-validate.test.js']),
+  makeIsolatedProject('paths-app-listing', ['**/tests/lib/utils/paths-app-listing.test.js']),
+  makeIsolatedProject('datasource-validation-watch', [
+    '**/tests/lib/utils/datasource-validation-watch.test.js'
+  ]),
+  makeIsolatedProject('log-viewer', ['**/tests/lib/datasource/log-viewer.test.js']),
+  makeIsolatedProject('datasource-test-run-schema-sync', [
+    '**/tests/lib/utils/datasource-test-run-schema-sync.test.js'
+  ]),
+  makeIsolatedProject('infra-platform-contract', [
+    '**/tests/lib/parameters/infra-platform-contract.test.js'
+  ]),
+  makeIsolatedProject('database-secret-values', [
+    '**/tests/lib/parameters/database-secret-values.test.js'
+  ]),
+  makeIsolatedProject('infra-parameter-validate', [
+    '**/tests/lib/parameters/infra-parameter-validate.test.js'
+  ]),
+  makeIsolatedProject('infra-parameter-catalog', [
+    '**/tests/lib/parameters/infra-parameter-catalog.test.js'
+  ]),
+  makeIsolatedProject('urls-local-registry', ['**/tests/lib/utils/urls-local-registry.test.js']),
+  makeIsolatedProject('aifabrix-runtime-config-dir', [
+    '**/tests/lib/utils/aifabrix-runtime-config-dir.test.js'
+  ]),
+  makeIsolatedProject('platform-env-template-kv-catalog', [
+    '**/tests/lib/parameters/platform-env-template-kv-catalog.test.js'
+  ]),
+  makeIsolatedProject('resolve-infra-state-paths', [
+    '**/tests/lib/infrastructure/resolve-infra-state-paths.test.js'
+  ]),
+  makeIsolatedProject('dev-ssh-config-helper', [
+    '**/tests/lib/utils/dev-ssh-config-helper.test.js'
+  ]),
+  makeIsolatedProject('ssh-key-helper', ['**/tests/lib/utils/ssh-key-helper.test.js']),
+  makeIsolatedProject('secrets-ensure-catalog-fallback', [
+    '**/tests/lib/core/secrets-ensure-catalog-fallback.test.js'
+  ]),
+  makeIsolatedProject('secrets-ensure', ['**/tests/lib/core/secrets-ensure.test.js']),
+  makeIsolatedProject('url-declarative-vdir-inactive-env', [
+    '**/tests/lib/utils/url-declarative-vdir-inactive-env.test.js'
+  ]),
+  makeIsolatedProject('app-service-env-from-builder', [
+    '**/tests/lib/utils/app-service-env-from-builder.test.js'
+  ]),
+  makeIsolatedProject('infra-kv-discovery', ['**/tests/lib/parameters/infra-kv-discovery.test.js']),
+  makeIsolatedProject('infra-env-defaults', ['**/tests/lib/utils/infra-env-defaults.test.js']),
+  makeIsolatedProject('compose-traefik-template', [
+    '**/tests/lib/infrastructure/compose-traefik-template.test.js'
+  ]),
+  makeIsolatedProject('generator-external-rbac', [
+    '**/tests/lib/generator/generator-external-rbac.test.js'
+  ]),
+  makeIsolatedProject('helpers-ensure-admin-secrets', [
+    '**/tests/lib/infrastructure/helpers-ensure-admin-secrets.test.js'
+  ]),
+  makeIsolatedProject('url-declarative-truth-table-124', [
+    '**/tests/lib/utils/url-declarative-truth-table-124.test.js'
+  ]),
+  makeIsolatedProject('secrets-generator', ['**/tests/lib/utils/secrets-generator.test.js']),
+  makeIsolatedProject('app-uncovered-lines', ['**/tests/lib/app/app-uncovered-lines.test.js']),
+  makeIsolatedProject('ensure-dev-certs-for-remote-docker', [
+    '**/tests/lib/utils/ensure-dev-certs-for-remote-docker.test.js'
+  ]),
+  makeIsolatedProject('generator-error-paths', ['**/tests/lib/generator/generator-error-paths.test.js']),
+  makeIsolatedProject('generator-validation', ['**/tests/lib/generator/generator-validation.test.js']),
+  makeIsolatedProject('secrets-databaselog', ['**/tests/lib/core/secrets-databaselog.test.js']),
+  makeIsolatedProject('schema-241-alignment', ['**/tests/lib/validation/schema-241-alignment.test.js']),
+  makeIsolatedProject('app-module', ['**/tests/lib/app/app.test.js']),
+  makeIsolatedProject('admin-secrets', ['**/tests/lib/core/admin-secrets.test.js'])
+];
+const allProjects = [defaultProject, ...isolatedProjects];
+module.exports = {
+  isCI,
+  sharedTransform,
+  makeIsolatedProject,
+  defaultProject,
+  isolatedProjects,
+  allProjects
+};

package/lib/api/certificates.api.js ADDED Viewed

@@ -0,0 +1,62 @@
+/**
+ * @fileoverview Dataplane Trust API — integration certificates (active, list, verify).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+const { ApiClient } = require('./index');
+/**
+ * Get active trusted integration certificate for a datasource.
+ * GET /api/v1/systems/{systemKey}/datasources/{datasourceKey}/certificates/active
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Auth (Bearer)
+ * @param {string} systemKey - External system key
+ * @param {string} datasourceKey - Datasource key
+ * @returns {Promise<Object>} API envelope `{ success, data?, status, ... }`
+ */
+async function getActiveIntegrationCertificate(dataplaneUrl, authConfig, systemKey, datasourceKey) {
+  const client = new ApiClient(dataplaneUrl, authConfig);
+  const path = `/api/v1/systems/${encodeURIComponent(systemKey)}/datasources/${encodeURIComponent(
+    datasourceKey
+  )}/certificates/active`;
+  return await client.get(path);
+}
+/**
+ * List integration certificates (optional filters).
+ * GET /api/v1/certificates
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Auth
+ * @param {Object} [params] - Query: datasourceKey, systemIdOrKey, page, pageSize
+ * @returns {Promise<Object>}
+ */
+async function listIntegrationCertificates(dataplaneUrl, authConfig, params = {}) {
+  const client = new ApiClient(dataplaneUrl, authConfig);
+  return await client.get('/api/v1/certificates', { params });
+}
+/**
+ * Verify a stored integration certificate (signature and optional hash).
+ * POST /api/v1/certificates/verify
+ * @requiresPermission {Dataplane} external-system:read
+ * @async
+ * @param {string} dataplaneUrl - Dataplane base URL
+ * @param {Object} authConfig - Auth
+ * @param {import('./types/certificates.types').CertificateVerifyRequest} body - Verify request
+ * @returns {Promise<Object>}
+ */
+async function verifyIntegrationCertificate(dataplaneUrl, authConfig, body) {
+  const client = new ApiClient(dataplaneUrl, authConfig);
+  return await client.post('/api/v1/certificates/verify', { body: body || {} });
+}
+module.exports = {
+  getActiveIntegrationCertificate,
+  listIntegrationCertificates,
+  verifyIntegrationCertificate
+};

package/lib/api/datasources-core.api.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * @fileoverview Datasources Core API functions (Dataplane /api/v1/external/). All functions require Dataplane auth; scope per endpoint in dataplane OpenAPI (e.g. external-system:read, external-system:create).
+ * @fileoverview Datasources Core API functions (Dataplane /api/v1/external). All functions require Dataplane auth; scope per endpoint in dataplane OpenAPI (e.g. external-system:read, external-system:create).
  * @author AI Fabrix Team
  * @version 2.0.0
  */
@@ -9,12 +9,12 @@ const { ApiClient } = require('./index');
 /** @requiresPermission {Dataplane} external-system:read (datasource list) */
 async function listDatasources(dataplaneUrl, authConfig, options = {}) {
   const client = new ApiClient(dataplaneUrl, authConfig);
-  return await client.get('/api/v1/external/', { params: options });
+  return await client.get('/api/v1/external', { params: options });
 }
 /** @requiresPermission {Dataplane} external-system:create */
 async function createDatasource(dataplaneUrl, authConfig, datasourceData) {
   const client = new ApiClient(dataplaneUrl, authConfig);
-  return await client.post('/api/v1/external/', { body: datasourceData });
+  return await client.post('/api/v1/external', { body: datasourceData });
 }
 /** @requiresPermission {Dataplane} external-system:read */
 async function getDatasource(dataplaneUrl, sourceIdOrKey, authConfig) {

package/lib/api/dev-mtls-request.js ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * @fileoverview HTTPS requests to Builder Server with TLS client certificate (mTLS).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+const https = require('https');
+const { mergedCaForDevServer, DEFAULT_TIMEOUT_MS } = require('./dev-server-https');
+/**
+ * Build request options and TLS agent for mTLS request.
+ * @param {string} url - Full URL
+ * @param {Object} options - { method, headers, body }
+ * @param {string} certPem - PEM client certificate
+ * @param {string} keyPem - PEM client key
+ * @param {string} [serverCaPem] - Optional dev root CA
+ * @returns {{ urlObj: URL, method: string, headers: Object, body: string|undefined, agent: https.Agent, tlsOptions: Object }}
+ */
+function buildMtlsRequestOptions(url, options, certPem, keyPem, serverCaPem) {
+  const urlObj = new URL(url);
+  const method = (options.method || 'GET').toUpperCase();
+  const headers = { 'Content-Type': 'application/json', ...options.headers };
+  let body = options.body;
+  if (body !== undefined && typeof body !== 'string') {
+    body = JSON.stringify(body);
+  }
+  if (body) {
+    headers['Content-Length'] = Buffer.byteLength(body, 'utf8');
+  }
+  const merged = mergedCaForDevServer(serverCaPem);
+  const tlsOptions = { cert: certPem, key: keyPem, rejectUnauthorized: true };
+  if (merged) {
+    tlsOptions.ca = merged;
+  }
+  const agent = new https.Agent(tlsOptions);
+  return { urlObj, method, headers, body, agent, tlsOptions };
+}
+/**
+ * @param {import('http').IncomingMessage} res - HTTP response
+ * @param {Function} resolve - Promise resolve
+ * @param {Function} reject - Promise reject
+ */
+function handleMtlsResponse(res, resolve, reject) {
+  const chunks = [];
+  res.on('data', (c) => chunks.push(c));
+  res.on('end', () => {
+    const raw = Buffer.concat(chunks).toString('utf8');
+    let data;
+    try {
+      data = raw ? JSON.parse(raw) : {};
+    } catch {
+      data = raw;
+    }
+    if (res.statusCode < 200 || res.statusCode >= 300) {
+      const msg = (data && (data.message || data.error)) || res.statusMessage || `Request failed (${res.statusCode})`;
+      const err = new Error(msg);
+      err.status = res.statusCode;
+      err.errorData = data;
+      reject(err);
+    } else {
+      resolve(data);
+    }
+  });
+}
+/**
+ * mTLS JSON request (https only). Sends X-Client-Cert header from options if present.
+ * @param {string} url - Full https URL
+ * @param {Object} options - { method, headers, body }
+ * @param {string} certPem - Client certificate PEM
+ * @param {string} keyPem - Client key PEM
+ * @param {string} [serverCaPem] - Dev root CA PEM
+ * @returns {Promise<Object>}
+ */
+function requestWithClientCert(url, options, certPem, keyPem, serverCaPem) {
+  return new Promise((resolve, reject) => {
+    const urlObj = new URL(url);
+    if (urlObj.protocol !== 'https:') {
+      reject(new Error('mTLS request requires https URL'));
+      return;
+    }
+    const { method, headers, body, agent, tlsOptions } = buildMtlsRequestOptions(
+      url, options, certPem, keyPem, serverCaPem
+    );
+    const req = https.request(
+      {
+        hostname: urlObj.hostname,
+        port: urlObj.port || 443,
+        path: urlObj.pathname + urlObj.search,
+        method,
+        headers,
+        agent,
+        ...tlsOptions
+      },
+      (res) => handleMtlsResponse(res, resolve, reject)
+    );
+    req.on('error', reject);
+    req.setTimeout(DEFAULT_TIMEOUT_MS, () => {
+      req.destroy();
+      reject(new Error(`Request timed out after ${DEFAULT_TIMEOUT_MS}ms`));
+    });
+    if (body) {
+      req.write(body, 'utf8');
+    }
+    req.end();
+  });
+}
+module.exports = { requestWithClientCert };

package/lib/api/dev-server-https.js ADDED Viewed

@@ -0,0 +1,145 @@
+/**
+ * @fileoverview HTTPS JSON requests to Builder Server with dev root CA merged into Node TLS trust.
+ * Node does not use the Windows/macOS user trust store for fetch; OS CA install alone is insufficient.
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+const https = require('https');
+const tls = require('tls');
+const DEFAULT_TIMEOUT_MS = 15000;
+/**
+ * Merge Mozilla roots (bundled in Node) with the dev Builder Server root CA.
+ * @param {string} serverCaPem - PEM-encoded root CA
+ * @returns {string[]|null} CA array for tls/https.Agent
+ */
+function mergedCaForDevServer(serverCaPem) {
+  const pem = typeof serverCaPem === 'string' ? serverCaPem.trim() : '';
+  if (!pem) return null;
+  return [...tls.rootCertificates, pem];
+}
+/**
+ * Collect response body, parse JSON, resolve or reject.
+ * @param {import('http').IncomingMessage} res - HTTP response
+ * @param {Function} resolve - Promise resolve
+ * @param {Function} reject - Promise reject
+ */
+function handleJsonHttpsResponse(res, resolve, reject) {
+  const chunks = [];
+  res.on('data', (c) => chunks.push(c));
+  res.on('end', () => {
+    const raw = Buffer.concat(chunks).toString('utf8');
+    let data;
+    try {
+      data = raw ? JSON.parse(raw) : {};
+    } catch {
+      data = raw;
+    }
+    if (res.statusCode < 200 || res.statusCode >= 300) {
+      const msg = (data && (data.message || data.error)) || res.statusMessage || `Request failed (${res.statusCode})`;
+      const err = new Error(msg);
+      err.status = res.statusCode;
+      err.errorData = data;
+      reject(err);
+    } else {
+      resolve(data);
+    }
+  });
+}
+/**
+ * @param {string} url
+ * @param {{ method?: string, headers?: Object, body?: * }} options
+ * @param {string} serverCaPem
+ * @returns {{ urlObj: URL, method: string, headers: Object, body: string|undefined, ca: string[] }}
+ */
+function prepareHttpsJsonRequest(url, options, serverCaPem) {
+  const urlObj = new URL(url);
+  if (urlObj.protocol !== 'https:') {
+    throw new Error('Builder Server requests require https URL');
+  }
+  const ca = mergedCaForDevServer(serverCaPem);
+  if (!ca) {
+    throw new Error('serverCaPem is required for httpsJsonRequest');
+  }
+  const method = (options.method || 'GET').toUpperCase();
+  const headers = { 'Content-Type': 'application/json', ...options.headers };
+  let body = options.body;
+  if (body !== undefined && typeof body !== 'string') {
+    body = JSON.stringify(body);
+  }
+  if (body) {
+    headers['Content-Length'] = Buffer.byteLength(body, 'utf8');
+  }
+  return { urlObj, method, headers, body, ca };
+}
+/**
+ * HTTPS JSON request with dev-server root CA (no client cert).
+ * @param {string} url - Full https URL
+ * @param {{ method?: string, headers?: Object, body?: * }} options - Request options
+ * @param {string} serverCaPem - Dev root CA PEM
+ * @returns {Promise<Object>} Parsed JSON body on success
+ */
+function httpsJsonRequest(url, options, serverCaPem) {
+  return new Promise((resolve, reject) => {
+    let parts;
+    try {
+      parts = prepareHttpsJsonRequest(url, options, serverCaPem);
+    } catch (e) {
+      reject(e);
+      return;
+    }
+    const { urlObj, method, headers, body, ca } = parts;
+    const agent = new https.Agent({ ca, rejectUnauthorized: true });
+    const req = https.request(
+      {
+        hostname: urlObj.hostname,
+        port: urlObj.port || 443,
+        path: urlObj.pathname + urlObj.search,
+        method,
+        headers,
+        agent,
+        ca,
+        rejectUnauthorized: true
+      },
+      (res) => handleJsonHttpsResponse(res, resolve, reject)
+    );
+    req.on('error', reject);
+    req.setTimeout(DEFAULT_TIMEOUT_MS, () => {
+      req.destroy();
+      reject(new Error(`Request timed out after ${DEFAULT_TIMEOUT_MS}ms`));
+    });
+    if (body) {
+      req.write(body, 'utf8');
+    }
+    req.end();
+  });
+}
+/**
+ * Use TLS client cert in the handshake only for https URLs (plain HTTP cannot carry mTLS).
+ * @param {string} fullUrl - Request URL
+ * @param {string} [clientKeyPem] - Client private key PEM
+ * @returns {boolean}
+ */
+function shouldUseMtlsForUrl(fullUrl, clientKeyPem) {
+  if (!clientKeyPem || typeof clientKeyPem !== 'string') {
+    return false;
+  }
+  try {
+    return new URL(fullUrl).protocol === 'https:';
+  } catch {
+    return false;
+  }
+}
+module.exports = {
+  mergedCaForDevServer,
+  httpsJsonRequest,
+  DEFAULT_TIMEOUT_MS,
+  shouldUseMtlsForUrl
+};