@aifabrix/builder 2.44.0 → 2.44.1

package/lib/utils/validation-run-poll.js

@@ -4,6 +4,8 @@
  * @version 2.0.0
  */
 
+const chalk = require('chalk');
+const logger = require('./logger');
 const { getValidationRunWithTransportRetry } = require('./validation-run-post-retry');
 
 const INITIAL_INTERVAL_MS = 2000;
@@ -23,6 +25,19 @@ function sleep(ms) {
   return new Promise(resolve => setTimeout(resolve, ms));
 }
 
+function maybeLogPollProgress(envelope, verbosePoll, lastProgressLogAtRef) {
+  if (!verbosePoll || !envelope || typeof envelope !== 'object') return;
+  const now = Date.now();
+  if (now - lastProgressLogAtRef[0] < 5000) return;
+  lastProgressLogAtRef[0] = now;
+  const st = envelope.status !== undefined && envelope.status !== null ? String(envelope.status) : '?';
+  const c =
+    envelope.reportCompleteness !== undefined && envelope.reportCompleteness !== null
+      ? String(envelope.reportCompleteness)
+      : '?';
+  logger.log(chalk.gray(`  Polling validation run… completeness=${c} status=${st}`));
+}
+
 /**
  * Whether polling should stop on this envelope.
  * @param {Object} envelope - DatasourceTestRun-like
@@ -42,6 +57,8 @@ function isTerminalReportCompleteness(envelope) {
  * @param {string} opts.testRunId
  * @param {number} opts.budgetMs - Remaining wall-clock budget for polls only (POST excluded)
  * @param {typeof getValidationRunWithTransportRetry} [opts.fetchRun] - Inject for tests (default: GET with transport retry)
+ * @param {boolean} [opts.verbosePoll] - Log throttled progress (plan §3.13)
+ * @param {number} [opts.pollRequestTimeoutMs] - Per-GET HTTP timeout (match validation aggregate budget)
  * @returns {Promise<{ envelope: Object|null, timedOut: boolean, lastApiResult: Object|null }>}
  */
 async function pollValidationRunUntilComplete(opts) {
@@ -50,18 +67,22 @@ async function pollValidationRunUntilComplete(opts) {
     authConfig,
     testRunId,
     budgetMs,
-    fetchRun = getValidationRunWithTransportRetry
+    fetchRun = getValidationRunWithTransportRetry,
+    verbosePoll = false,
+    pollRequestTimeoutMs
   } = opts;
+  const pollTransportOpts =
+    Number.isFinite(pollRequestTimeoutMs) && pollRequestTimeoutMs > 0
+      ? { timeoutMs: pollRequestTimeoutMs }
+      : {};
   const deadline = Date.now() + Math.max(0, budgetMs);
   let attempt = 0;
   let lastApiResult = null;
   let envelope = null;
+  const lastProgressLogAtRef = [0];
 
   while (Date.now() < deadline) {
-    const remaining = deadline - Date.now();
-    if (remaining <= 0) break;
-
-    lastApiResult = await fetchRun(dataplaneUrl, authConfig, testRunId);
+    lastApiResult = await fetchRun(dataplaneUrl, authConfig, testRunId, pollTransportOpts);
     if (!lastApiResult.success) {
       return { envelope: null, timedOut: false, lastApiResult };
     }
@@ -70,6 +91,8 @@ async function pollValidationRunUntilComplete(opts) {
       return { envelope, timedOut: false, lastApiResult };
     }
 
+    maybeLogPollProgress(envelope, verbosePoll, lastProgressLogAtRef);
+
     const delay = Math.min(nextPollDelayMs(attempt), Math.max(0, deadline - Date.now()));
     attempt += 1;
     if (delay > 0) {

package/lib/utils/validation-run-post-retry.js

@@ -33,18 +33,24 @@ function sleep(ms) {
  * @param {string} dataplaneUrl
  * @param {Object} authConfig
  * @param {Object} body
+ * @param {Object} [transportOpts] - forwarded to ``postValidationRun`` (e.g. ``timeoutMs``)
  * @returns {Promise<Object>}
  */
-async function postValidationRunWithTransportRetry(dataplaneUrl, authConfig, body) {
-  let last = await postValidationRun(dataplaneUrl, authConfig, body);
+async function postValidationRunWithTransportRetry(
+  dataplaneUrl,
+  authConfig,
+  body,
+  transportOpts = {}
+) {
+  let last = await postValidationRun(dataplaneUrl, authConfig, body, transportOpts);
   if (last.success || !isRetryablePostFailure(last)) return last;
 
   await sleep(1000);
-  last = await postValidationRun(dataplaneUrl, authConfig, body);
+  last = await postValidationRun(dataplaneUrl, authConfig, body, transportOpts);
   if (last.success || !isRetryablePostFailure(last)) return last;
 
   await sleep(2000);
-  return postValidationRun(dataplaneUrl, authConfig, body);
+  return postValidationRun(dataplaneUrl, authConfig, body, transportOpts);
 }
 
 /**
@@ -52,18 +58,24 @@ async function postValidationRunWithTransportRetry(dataplaneUrl, authConfig, bod
  * @param {string} dataplaneUrl
  * @param {Object} authConfig
  * @param {string} testRunId
+ * @param {Object} [transportOpts] - forwarded to ``getValidationRun`` (e.g. ``timeoutMs``)
  * @returns {Promise<Object>}
  */
-async function getValidationRunWithTransportRetry(dataplaneUrl, authConfig, testRunId) {
-  let last = await getValidationRun(dataplaneUrl, authConfig, testRunId);
+async function getValidationRunWithTransportRetry(
+  dataplaneUrl,
+  authConfig,
+  testRunId,
+  transportOpts = {}
+) {
+  let last = await getValidationRun(dataplaneUrl, authConfig, testRunId, transportOpts);
   if (last.success || !isRetryablePostFailure(last)) return last;
 
   await sleep(1000);
-  last = await getValidationRun(dataplaneUrl, authConfig, testRunId);
+  last = await getValidationRun(dataplaneUrl, authConfig, testRunId, transportOpts);
   if (last.success || !isRetryablePostFailure(last)) return last;
 
   await sleep(2000);
-  return getValidationRun(dataplaneUrl, authConfig, testRunId);
+  return getValidationRun(dataplaneUrl, authConfig, testRunId, transportOpts);
 }
 
 module.exports = {

package/lib/utils/validation-run-request.js

@@ -16,6 +16,21 @@ function includeDebugForRequest(debugOpt) {
   return true;
 }
 
+/**
+ * @param {Object} e2e
+ * @param {string} key
+ * @param {*} raw
+ */
+function assignOptionalNonNegativeInt(e2e, key, raw) {
+  if (raw === undefined || raw === null || raw === '') {
+    return;
+  }
+  const n = Number(raw);
+  if (Number.isFinite(n) && n >= 0) {
+    e2e[key] = n;
+  }
+}
+
 /**
  * Merge E2E options from CLI flags into e2eOptions for ExternalDataSourceE2ETestRequest (dataplane).
  * @param {Object} options - CLI-derived options
@@ -41,6 +56,9 @@ function buildE2eOptionsFromCli(options = {}) {
   if (options.primaryKeyValue !== undefined && options.primaryKeyValue !== null) {
     e2e.primaryKeyValue = options.primaryKeyValue;
   }
+  assignOptionalNonNegativeInt(e2e, 'minVectorHits', options.minVectorHits);
+  assignOptionalNonNegativeInt(e2e, 'minProcessed', options.minProcessed);
+  assignOptionalNonNegativeInt(e2e, 'minRecordCount', options.minRecordCount);
   if (options.e2eOptionsExtra && typeof options.e2eOptionsExtra === 'object') {
     Object.assign(e2e, options.e2eOptionsExtra);
   }

package/lib/validation/validate-external-cert-sync.js

@@ -0,0 +1,23 @@
+/**
+ * @fileoverview Optional certification sync after external validate (keeps validate.js under max-lines).
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+'use strict';
+
+/**
+ * @param {string} appName
+ * @param {Object} options
+ * @param {function(string, Object): Promise<Object>} validateExternalSystemComplete
+ */
+async function runExternalValidateWithOptionalCertSync(appName, options, validateExternalSystemComplete) {
+  const result = await validateExternalSystemComplete(appName, options);
+  if (result.valid && options.certSync === true) {
+    const { trySyncCertificationFromDataplaneForExternalApp } = require('../certification/sync-after-external-command');
+    await trySyncCertificationFromDataplaneForExternalApp(appName, 'validate');
+  }
+  return result;
+}
+
+module.exports = { runExternalValidateWithOptionalCertSync };

package/lib/validation/validate.js

@@ -28,6 +28,7 @@ const {
   validateOAuth2GrantTypeAndAuthorizationUrl,
   validateConfigurationNoStandardAuthVariables
 } = require('./external-system-auth-rules');
+const { runExternalValidateWithOptionalCertSync } = require('./validate-external-cert-sync');
 
 /**
  * Validates a file path (detects type and validates)
@@ -462,7 +463,9 @@ async function validateAppOrFile(appOrFile, options = {}) {
   const { appPath, isExternal } = await detectAppType(appName);
   logOfflinePathWhenType(appPath);
 
-  if (isExternal) return await validateExternalSystemComplete(appName, options);
+  if (isExternal) {
+    return await runExternalValidateWithOptionalCertSync(appName, options, validateExternalSystemComplete);
+  }
 
   const appValidation = await validator.validateApplication(appName, options);
   const rbacValidation = await validateRbacForExternalSystem(isExternal, appName);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.44.0",
+  "version": "2.44.1",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {
@@ -29,7 +29,7 @@
     "lint:ci": "eslint . --ext .js --format json --output-file eslint-report.json",
     "dev": "node bin/aifabrix.js",
     "build": "npm run lint && npm run test",
-    "build:ci": "npm run lint && npm run test:ci",
+    "build:ci": "npm run lint && npm run check:schema-sync && npm run check:flags && npm run test:ci",
     "pack": "npm run build && npm pack",
     "validate": "npm run build",
     "prepublishOnly": "npm run validate",
@@ -37,7 +37,8 @@
     "install:local": "node scripts/install-local.js && which aifabrix && which af",
     "uninstall:local": "node scripts/install-local.js uninstall && which aifabrix && which af",
     "diagnose:cli": "node scripts/diagnose-cli.js",
-    "check:schema-sync": "node scripts/check-datasource-test-run-schema-sync.js"
+    "check:schema-sync": "node scripts/check-datasource-test-run-schema-sync.js",
+    "check:flags": "jest tests/lib/schema/flag-map-validation-run.test.js --runInBand --config jest.config.default.js"
   },
   "keywords": [
     "aifabrix",

package/scripts/install-local.js

@@ -15,6 +15,8 @@ const fs = require('fs');
 const os = require('os');
 const path = require('path');
 
+const { runPnpmGlobalRemove } = require('./pnpm-global-remove');
+
 const PACKAGE_NAME = '@aifabrix/builder';
 /** Primary CLI name used for “current version” before link */
 const PRIMARY_BIN = 'aifabrix';
@@ -465,7 +467,8 @@ function uninstallLocal() {
 
   try {
     if (pm === 'pnpm') {
-      execSync(`pnpm unlink --global ${PACKAGE_NAME}`, { stdio: 'inherit', env: pnpmEnv() });
+      const env = { ...pnpmEnv(), CI: 'true' };
+      runPnpmGlobalRemove(env, PACKAGE_NAME);
       displayUninstallSuccess(pm, currentVersion);
     } else {
       execSync(`npm unlink -g ${PACKAGE_NAME}`, { stdio: 'inherit' });

package/scripts/pnpm-global-remove.js

@@ -0,0 +1,48 @@
+#!/usr/bin/env node
+/* eslint-disable no-console */
+
+/**
+ * pnpm global remove with virtual-store repair retry (pnpm 9+ global layout).
+ * @fileoverview Used by install-local.js uninstall path
+ * @author AI Fabrix Team
+ */
+
+const { execSync } = require('child_process');
+
+/**
+ * @param {unknown} error - Thrown from execSync
+ * @returns {boolean} True when `pnpm i -g` repair may fix the failure
+ */
+function isPnpmUnexpectedVirtualStoreError(error) {
+  const msg =
+    error && typeof error === 'object' && 'message' in error ? String(error.message) : String(error);
+  return msg.includes('ERR_PNPM_UNEXPECTED_VIRTUAL_STORE');
+}
+
+/**
+ * @param {NodeJS.ProcessEnv} env - Environment
+ * @returns {void} Nothing
+ */
+function repairPnpmGlobalInstall(env) {
+  execSync('pnpm i -g', { stdio: 'inherit', env });
+}
+
+/**
+ * @param {NodeJS.ProcessEnv} env - pnpm env (e.g. pnpmEnv + CI)
+ * @param {string} packageName - Scoped package name to remove globally
+ * @returns {void} Nothing
+ */
+function runPnpmGlobalRemove(env, packageName) {
+  try {
+    execSync(`pnpm remove -g ${packageName}`, { stdio: 'inherit', env });
+  } catch (firstError) {
+    if (!isPnpmUnexpectedVirtualStoreError(firstError)) throw firstError;
+    console.log(
+      '\n⚠️  pnpm global virtual store layout mismatch. Running `pnpm i -g` to repair, then retrying remove...\n'
+    );
+    repairPnpmGlobalInstall(env);
+    execSync(`pnpm remove -g ${packageName}`, { stdio: 'inherit', env });
+  }
+}
+
+module.exports = { runPnpmGlobalRemove };

package/templates/applications/dataplane/env.template

@@ -185,6 +185,10 @@ CERTIFICATE_PUBLIC_KEY=
 # Optional public key identifier for issued certificates; default if unset: dataplane-signing-key
 CERTIFICATE_PUBLIC_KEY_ID=
 
+# After a successful POST /api/v1/validation/run (validation engine with certification passed, or E2E success),
+# persist an active integration certificate without a separate issue call. Set false to require explicit issue only.
+VALIDATION_AUTO_ISSUE_INTEGRATION_CERTIFICATE=true
+
 # =============================================================================
 # CIP EXECUTION CONFIGURATION
 # =============================================================================

package/templates/infra/compose.yaml.hbs

@@ -56,28 +56,29 @@ services:
       PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
       PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
       PGADMIN_CONFIG_SERVER_MODE: 'False'
+      # Docker has no OS password store; without this pgAdmin prompts for a master password on each restart.
+      PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
+      # load-servers runs without --user in desktop mode; servers attach to DESKTOP_USER (default pgadmin4@pgadmin.org).
+      # Must match PGADMIN_DEFAULT_EMAIL or the tree stays empty after login.
+      PGADMIN_CONFIG_DESKTOP_USER: "'${PGADMIN_DEFAULT_EMAIL}'"
       PGADMIN_SERVER_JSON_FILE: /pgadmin4/servers.json
       PGADMIN_REPLACE_SERVERS_ON_STARTUP: 'True'
-      PGPASS_FILE: /pgpass
+      PGPASS_FILE: /pgadmin4/bootstrap.pgpass
     ports:
       - "{{pgadminPort}}:80"
     volumes:
       - {{#if (eq devId 0)}}pgadmin_data{{else}}dev{{devId}}_pgadmin_data{{/if}}:/var/lib/pgadmin
+      # File binds under /pgadmin4 (image paths). pgpass must exist before first entrypoint run.
       - type: bind
-        source: "{{infraDirBind}}"
-        target: /host-config
+        source: "{{serversJsonBind}}"
+        target: /pgadmin4/servers.json
         read_only: true
-    command: >
-      sh -c "
-      if [ -f /host-config/servers.json ]; then
-        cp /host-config/servers.json /pgadmin4/servers.json;
-      fi &&
-      if [ -f /host-config/pgpass ]; then
-        cp /host-config/pgpass /pgpass;
-        chmod 600 /pgpass;
-      fi &&
-      /entrypoint.sh
-      "
+{{#if pgadmin.pgpassBootstrapBind}}
+      - type: bind
+        source: "{{pgadmin.pgpassBootstrapBind}}"
+        target: /pgadmin4/bootstrap.pgpass
+        read_only: true
+{{/if}}
     restart: unless-stopped
     depends_on:
       postgres:

package/templates/infra/servers.json.hbs

@@ -7,8 +7,10 @@
       "Port": 5432,
       "MaintenanceDB": "postgres",
       "Username": "pgadmin",
-      "PassFile": "/pgpass",
       "SSLMode": "prefer",
+      "ConnectionParameters": {
+        "passfile": "/pgadmin4/bootstrap.pgpass"
+      },
       "Comment": "Auto-registered PostgreSQL server with pgvector extension"
     }
   }