@aifabrix/builder 2.44.4 → 2.44.6

package/lib/commands/upload.js

@@ -1,6 +1,14 @@
-const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
+const {
+  formatSuccessLine,
+  formatWarningLine,
+  formatProgress,
+  sectionTitle,
+  headerKeyValue,
+  metadata
+} = require('../utils/cli-test-layout-chalk');
 /**
- * Upload external system to dataplane (single pipeline upload: validate → publish → controller register).
+ * Upload external system to dataplane (sync local `integration/<systemKey>/openapi/*.json` when present,
+ * then single pipeline upload: validate → publish → controller register).
  *
  * @fileoverview Upload command handler for aifabrix upload <systemKey>
  * @author AI Fabrix Team
@@ -10,6 +18,8 @@ const { formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 const path = require('path');
 const chalk = require('chalk');
 const logger = require('../utils/logger');
+
+const SEP = chalk.gray('────────────────────────────────────────');
 const { resolveControllerUrl } = require('../utils/controller-url');
 const { getDeploymentAuth, requireBearerForDataplanePipeline } = require('../utils/token-manager');
 const { resolveDataplaneUrl } = require('../utils/dataplane-resolver');
@@ -38,6 +48,7 @@ const {
 } = require('../utils/external-system-readiness-display');
 const { maybeSyncSystemCertificationFromDataplane } = require('../certification/sync-system-certification');
 const { cliOptsSkipCertSync } = require('../certification/cli-cert-sync-skip');
+const { maybeSyncOpenApiFilesForMcp } = require('./repair-openapi-sync');
 
 /**
  * Validates system-key format (same as download).
@@ -86,7 +97,7 @@ async function resolveDataplaneAndAuth(systemKey, opts = {}) {
   }
 
   if (!silent) {
-    logger.log(chalk.gray('Resolving dataplane URL...'));
+    logger.log(metadata('Resolving dataplane URL...'));
   }
   const dataplaneUrl = await resolveDataplaneUrl(controllerUrl, environment, authConfig, { silent });
   return { dataplaneUrl, authConfig, environment };
@@ -168,7 +179,9 @@ async function pushAndLogCredentialSecrets(dataplaneUrl, authConfig, systemKey,
   });
   if (pushResult.pushed > 0) {
     const keyList = pushResult.keys?.length ? ` (${pushResult.keys.join(', ')})` : '';
-    logger.log(chalk.green(`Pushed ${pushResult.pushed} credential secret(s) to dataplane${keyList}.`));
+    logger.log(
+      formatSuccessLine(`Pushed ${pushResult.pushed} credential secret(s) to dataplane${keyList}.`)
+    );
   } else {
     logger.log(chalk.yellow('Secret push skipped'));
   }
@@ -223,7 +236,10 @@ const UPLOAD_PROBE_TEST_DATA = {};
  * @param {number|undefined} probeTimeoutMs
  */
 async function maybeRunUploadProbe(dataplaneUrl, systemKey, authConfig, probeTimeoutMs) {
-  logger.log(chalk.blue('\nRunning runtime checks (--probe)...'));
+  logger.log('');
+  logger.log(sectionTitle('Runtime checks (--probe)'));
+  logger.log(SEP);
+  logger.log(formatProgress('Running runtime checks...'));
   const timeoutMs = probeTimeoutMs === undefined || probeTimeoutMs === null ? 120000 : probeTimeoutMs;
   try {
     const pr = await testSystemViaPipeline(
@@ -246,10 +262,13 @@ async function maybeRunUploadProbe(dataplaneUrl, systemKey, authConfig, probeTim
 
 /**
  * Local validation, manifest, payload, and configuration resolution.
+ * Does not write *-deploy.json; run `aifabrix json <systemKey>` to regenerate the deployment manifest from sources.
+ *
  * @param {string} systemKey
+ * @param {{ dryRun?: boolean }} [_opts] - Reserved for callers (e.g. dry-run); manifest is always built from current disk files
  * @returns {Promise<{ manifest: Object, payload: Object }>}
  */
-async function buildValidatedUploadManifestPayload(systemKey) {
+async function buildValidatedUploadManifestPayload(systemKey, _opts = {}) {
   const validationResult = await validateExternalSystemComplete(systemKey, { type: 'external' });
   throwIfValidationFailed(validationResult);
   logger.log(formatSuccessLine('Local validation passed'));
@@ -260,24 +279,52 @@ async function buildValidatedUploadManifestPayload(systemKey) {
 }
 
 /**
- * Upload path after dry-run check.
+ * Upload local `integration/<systemKey>/openapi/*.json` specs when present so pipeline can resolve
+ * each datasource `openapi.documentKey` (same behavior as repair --api OpenAPI sync).
+ *
  * @param {string} systemKey
- * @param {Object} options
  * @param {Object} manifest
- * @param {Object} payload
+ * @returns {Promise<void>}
  */
-async function runUploadPublishAndSummary(systemKey, options, manifest, payload) {
-  const { dataplaneUrl, authConfig, environment } = await resolveDataplaneAndAuth(systemKey);
-  requireBearerForDataplanePipeline(authConfig);
-  logger.log(chalk.gray('Target:'));
-  logger.log(chalk.gray(`Environment: ${environment}`));
-  logger.log(chalk.gray(`Dataplane: ${dataplaneUrl}`));
-  logDataplanePipelineWarning();
-  if (options.verbose) {
-    await maybeRunVerboseServerValidation(dataplaneUrl, authConfig, payload);
+async function logAndSyncLocalOpenApiForUpload(systemKey, manifest) {
+  const appPath = getIntegrationPath(systemKey);
+  const ei = manifest && manifest.externalIntegration;
+  const datasourceFiles = ei && Array.isArray(ei.dataSources) ? ei.dataSources : [];
+  const openapiSyncLines = await maybeSyncOpenApiFilesForMcp({
+    enabled: true,
+    dryRun: false,
+    appPath,
+    systemKey,
+    datasourceFiles
+  });
+  for (const line of openapiSyncLines) {
+    logger.log(line.startsWith('Skipped') ? formatWarningLine(line) : formatSuccessLine(line));
   }
-  await pushAndLogCredentialSecrets(dataplaneUrl, authConfig, systemKey, payload);
-  const rawRes = await runUploadValidatePublish(dataplaneUrl, authConfig, payload);
+}
+
+/**
+ * @param {Object} ctx
+ * @param {string} ctx.systemKey
+ * @param {Object} ctx.options
+ * @param {Object} ctx.manifest
+ * @param {Object} ctx.payload
+ * @param {string} ctx.environment
+ * @param {string} ctx.dataplaneUrl
+ * @param {Object} ctx.authConfig
+ * @param {Object} ctx.rawRes
+ * @returns {Promise<void>}
+ */
+async function handlePublicationAndFollowups(ctx) {
+  const {
+    systemKey,
+    options,
+    manifest,
+    payload,
+    environment,
+    dataplaneUrl,
+    authConfig,
+    rawRes
+  } = ctx;
   const publication = unwrapPublicationResult(rawRes);
   if (!publication) {
     throw new Error(
@@ -296,7 +343,6 @@ async function runUploadPublishAndSummary(systemKey, options, manifest, payload)
   if (options.probe) {
     await maybeRunUploadProbe(dataplaneUrl, systemKey, authConfig, options.probeTimeout);
   }
-
   const dsKeys = (payload.dataSources || []).map((ds) => ds && ds.key).filter(Boolean);
   await maybeSyncSystemCertificationFromDataplane({
     label: 'upload',
@@ -308,6 +354,41 @@ async function runUploadPublishAndSummary(systemKey, options, manifest, payload)
   });
 }
 
+/**
+ * Upload path after dry-run check.
+ * @param {string} systemKey
+ * @param {Object} options
+ * @param {Object} manifest
+ * @param {Object} payload
+ */
+async function runUploadPublishAndSummary(systemKey, options, manifest, payload) {
+  const { dataplaneUrl, authConfig, environment } = await resolveDataplaneAndAuth(systemKey);
+  requireBearerForDataplanePipeline(authConfig);
+  logger.log('');
+  logger.log(sectionTitle('Target'));
+  logger.log(SEP);
+  logger.log(headerKeyValue('Environment:', environment));
+  logger.log(headerKeyValue('Dataplane:', dataplaneUrl));
+  logDataplanePipelineWarning();
+  if (options.verbose) {
+    await maybeRunVerboseServerValidation(dataplaneUrl, authConfig, payload);
+  }
+  await pushAndLogCredentialSecrets(dataplaneUrl, authConfig, systemKey, payload);
+  await logAndSyncLocalOpenApiForUpload(systemKey, manifest);
+
+  const rawRes = await runUploadValidatePublish(dataplaneUrl, authConfig, payload);
+  await handlePublicationAndFollowups({
+    systemKey,
+    options,
+    manifest,
+    payload,
+    environment,
+    dataplaneUrl,
+    authConfig,
+    rawRes
+  });
+}
+
 /**
  * Uploads external system: publishes to dataplane and registers with controller (draft).
  * @param {string} systemKey - External system key (integration/<systemKey>/)
@@ -322,8 +403,13 @@ async function runUploadPublishAndSummary(systemKey, options, manifest, payload)
  */
 async function uploadExternalSystem(systemKey, options = {}) {
   validateSystemKeyFormat(systemKey);
-  logger.log(chalk.blue(`\nUploading external system: ${chalk.bold(systemKey)}`));
-  const { manifest, payload } = await buildValidatedUploadManifestPayload(systemKey);
+  logger.log('');
+  logger.log(sectionTitle('Upload external system'));
+  logger.log(SEP);
+  logger.log(headerKeyValue('System:', systemKey));
+  const { manifest, payload } = await buildValidatedUploadManifestPayload(systemKey, {
+    dryRun: !!options.dryRun
+  });
   if (options.dryRun) {
     logger.log(chalk.yellow('Dry run: would upload payload (no API calls).'));
     logger.log(

package/lib/commands/wizard-core-helpers.js

@@ -15,6 +15,7 @@ const { getIntegrationPath } = require('../utils/paths');
 const { parseOpenApi, testMcpConnection, credentialSelection } = require('../api/wizard.api');
 const { listCredentials } = require('../api/credentials.api');
 const { listExternalSystems, getExternalSystem } = require('../api/external-systems.api');
+const { formatSuccessLine } = require('../utils/cli-layout-chalk');
 
 /**
  * Parse OpenAPI file or URL
@@ -35,7 +36,7 @@ async function parseOpenApiSource(dataplaneUrl, authConfig, sourceType, sourceDa
     if (!parseResponse.success) {
       throw new Error(`OpenAPI parsing failed: ${parseResponse.error || parseResponse.formattedError}`);
     }
-    logger.log(chalk.green(`\u2713 OpenAPI ${isUrl ? 'URL' : 'file'} parsed successfully`));
+    logger.log(formatSuccessLine(`OpenAPI ${isUrl ? 'URL' : 'file'} parsed successfully`));
     return parseResponse.data?.spec;
   } catch (error) {
     spinner.stop();
@@ -61,7 +62,7 @@ async function testMcpServerConnection(dataplaneUrl, authConfig, sourceData) {
     if (!testResponse.success || !testResponse.data?.connected) {
       throw new Error(`MCP connection failed: ${testResponse.data?.error || 'Unable to connect'}`);
     }
-    logger.log(chalk.green('\u2713 MCP server connection successful'));
+    logger.log(formatSuccessLine('MCP server connection successful'));
   } catch (error) {
     spinner.stop();
     throw error;
@@ -145,7 +146,7 @@ async function runCredentialSelectionLoop(dataplaneUrl, authConfig, selectionDat
     }
     if (response.success) {
       const actionText = selectionData.action === 'create' ? 'created' : 'selected';
-      logger.log(chalk.green(`\u2713 Credential ${actionText}`));
+      logger.log(formatSuccessLine(`Credential ${actionText}`));
       return response.data?.credentialIdOrKey || null;
     }
     const errorMsg = response.error || response.formattedError || response.message || 'Unknown error';
@@ -308,18 +309,19 @@ function throwConfigGenerationError(generateResponse, options = {}) {
 }
 
 /**
- * Write debug log to integration/<systemKey>/debug.log
+ * Write debug log to integration/<systemKey>/logs/debug.log
  * @async
  * @param {string} appName - Application name
  * @param {string} content - Debug log content
  */
 async function writeDebugLog(appName, content) {
   try {
-    const dir = getIntegrationPath(appName);
+    const appDir = getIntegrationPath(appName);
+    const dir = path.join(appDir, 'logs');
     await fs.mkdir(dir, { recursive: true });
     const debugPath = path.join(dir, 'debug.log');
     await fs.writeFile(debugPath, content, 'utf8');
-    logger.log(chalk.gray(`  Debug log saved to integration/${appName}/debug.log`));
+    logger.log(chalk.gray(`  Debug log saved to integration/${appName}/logs/debug.log`));
   } catch (e) {
     logger.warn(`Could not save debug.log: ${e.message}`);
   }
@@ -336,13 +338,14 @@ async function writeDebugLog(appName, content) {
 async function writeDebugManifest(appName, systemConfig, datasourceConfig) {
   const saved = [];
   try {
-    const dir = getIntegrationPath(appName);
+    const appDir = getIntegrationPath(appName);
+    const dir = path.join(appDir, 'logs');
     await fs.mkdir(dir, { recursive: true });
     if (systemConfig && typeof systemConfig === 'object') {
       const systemPath = path.join(dir, 'debug-system.yaml');
       await fs.writeFile(systemPath, yaml.dump(systemConfig, { lineWidth: -1 }), 'utf8');
       saved.push('debug-system.yaml');
-      logger.log(chalk.gray(`  Debug manifest saved to integration/${appName}/debug-system.yaml`));
+      logger.log(chalk.gray(`  Debug manifest saved to integration/${appName}/logs/debug-system.yaml`));
     }
     if (datasourceConfig !== undefined && datasourceConfig !== null) {
       const configs = Array.isArray(datasourceConfig) ? datasourceConfig : [datasourceConfig];
@@ -351,7 +354,7 @@ async function writeDebugManifest(appName, systemConfig, datasourceConfig) {
         const toWrite = configs.length === 1 ? configs[0] : configs;
         await fs.writeFile(datasourcePath, yaml.dump(toWrite, { lineWidth: -1 }), 'utf8');
         saved.push('debug-datasource.yaml');
-        logger.log(chalk.gray(`  Debug manifest saved to integration/${appName}/debug-datasource.yaml`));
+        logger.log(chalk.gray(`  Debug manifest saved to integration/${appName}/logs/debug-datasource.yaml`));
       }
     }
   } catch (e) {
@@ -381,7 +384,7 @@ async function saveDebugManifestOnErrorAndThrow(generateResponse, opts) {
     const savedManifest = await writeDebugManifest(appName, systemConfig, datasourceConfig);
     if (debugLog || savedManifest.length > 0) {
       const files = [debugLog && 'debug.log', ...savedManifest].filter(Boolean).join(', ');
-      debugManifestHint = `Debug manifest saved to integration/${appName}/ (${files}). Review the log and fix the manifest manually, then run: aifabrix wizard ${appName}`;
+      debugManifestHint = `Debug manifest saved to integration/${appName}/logs/ (${files}). Review the log and fix the manifest manually, then run: aifabrix wizard ${appName}`;
     }
   }
   throwConfigGenerationError(generateResponse, { debugManifestHint });
@@ -398,7 +401,7 @@ async function throwValidationFailureWithDebug(validateResponse, systemConfig, c
   );
   if (!debugLog && savedManifest.length === 0) throw new Error(`Configuration validation failed: ${errorMsg}`);
   const files = [debugLog && 'debug.log', ...savedManifest].filter(Boolean).join(', ');
-  throw new Error(`Configuration validation failed: ${errorMsg}\n\nDebug manifest saved to integration/${options.appName}/ (${files}). Review the log and fix the manifest manually, then run: aifabrix wizard ${options.appName}`);
+  throw new Error(`Configuration validation failed: ${errorMsg}\n\nDebug manifest saved to integration/${options.appName}/logs/ (${files}). Review the log and fix the manifest manually, then run: aifabrix wizard ${options.appName}`);
 }
 
 /**

package/lib/commands/wizard-core.js

@@ -13,6 +13,7 @@ const logger = require('../utils/logger');
 const { getDeploymentAuth, requireBearerForDataplanePipeline } = require('../utils/token-manager');
 const { resolveControllerUrl } = require('../utils/controller-url');
 const { normalizeWizardConfigs } = require('./wizard-config-normalizer');
+const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-layout-chalk');
 const {
   createWizardSession,
   updateWizardSession,
@@ -143,7 +144,7 @@ async function handleModeSelection(dataplaneUrl, authConfig, configMode = null,
     throw new Error(fullMsg);
   }
   const sessionId = extractSessionId(sessionResponse.data);
-  logger.log(chalk.green(`\u2713 Session created: ${sessionId}`));
+  logger.log(formatSuccessLine(`Session created: ${sessionId}`));
   return { mode, sessionId };
 }
 
@@ -250,7 +251,7 @@ async function handleTypeDetection(dataplaneUrl, authConfig, openapiSpec) {
     if (detectResponse.success && detectResponse.data) {
       const detectedType = detectResponse.data;
       const recommendedType = detectedType.recommendedType || detectedType.apiType || 'unknown';
-      logger.log(chalk.green(`\u2713 API type detected: ${recommendedType}`));
+      logger.log(formatSuccessLine(`API type detected: ${recommendedType}`));
       return detectedType;
     }
   } catch (error) {
@@ -275,7 +276,8 @@ async function handleTypeDetection(dataplaneUrl, authConfig, openapiSpec) {
  * @param {string} [options.systemIdOrKey] - System ID or key (optional)
  * @param {string} [options.sourceType] - Source type (use 'known-platform' to call platforms config endpoint)
  * @param {string} [options.platformKey] - Platform key for known-platform (e.g. 'hubspot')
- * @param {string} [options.appName] - App name for writing debug.log when debug=true
+ * @param {string} [options.appName] - Integration app key; for create-system, used as systemIdOrKey
+ *   when not set so kv paths match the folder (avoids spec-title keys like "companies")
  * @returns {Promise<Object>} Generated configuration
  */
 async function callGenerateApi(dataplaneUrl, authConfig, options, prefs) {
@@ -291,13 +293,19 @@ async function callGenerateApi(dataplaneUrl, authConfig, options, prefs) {
     });
     return await getPlatformConfig(dataplaneUrl, authConfig, options.platformKey, platformPayload);
   }
+  // Headless/interactive create-system uses appName as integration folder key; OpenAPI title alone
+  // can yield a wrong system key (e.g. title "Companies" → "companies"). Prefer appName when set.
+  let systemIdOrKeyForPayload = options.systemIdOrKey;
+  if (options.mode === 'create-system' && options.appName) {
+    systemIdOrKeyForPayload = systemIdOrKeyForPayload || options.appName;
+  }
   const configPayload = buildConfigPayload({
     openapiSpec: options.openapiSpec,
     detectedType: options.detectedType,
     mode: options.mode,
     prefs,
     credentialIdOrKey: options.credentialIdOrKey,
-    systemIdOrKey: options.systemIdOrKey,
+    systemIdOrKey: systemIdOrKeyForPayload,
     entityName: options.entityName,
     systemDisplayName: options.systemDisplayName
   });
@@ -322,7 +330,7 @@ async function handleConfigurationGeneration(dataplaneUrl, authConfig, options)
         await writeDebugLog(options.appName, debugLog);
       }
     }
-    logger.log(chalk.green('\u2713 Configuration generated successfully'));
+    logger.log(formatSuccessLine('Configuration generated successfully'));
     return { systemConfig: normalized.systemConfig, datasourceConfigs: normalized.datasourceConfigs, systemKey: result.systemKey };
   } catch (error) {
     spinner.stop();
@@ -361,7 +369,7 @@ async function validateWizardConfiguration(dataplaneUrl, authConfig, systemConfi
       if (validateResponse.data?.warnings?.length > 0) warnings.push(...validateResponse.data.warnings);
     }
     spinner.stop();
-    logger.log(chalk.green('\u2713 Configuration validated successfully'));
+    logger.log(formatSuccessLine('Configuration validated successfully'));
     if (warnings.length > 0) logger.log(chalk.yellow('\n\u26A0 Warnings:\n' + warnings.map(w => `  - ${w.message || w}`).join('\n')));
   } catch (error) {
     spinner.stop();
@@ -410,6 +418,39 @@ async function tryUpdateReadmeFromDeploymentDocs(appPath, appName, dataplaneUrl,
   }
 }
 
+/**
+ * Writes rbac.yaml / rbac.json from datasource resourceType + capabilities (same as `af repair --rbac`).
+ * @param {Object} generatedFiles - Result of generateWizardFiles (appPath, systemFilePath, datasourceFilePaths)
+ * @param {string} format - Project format: yaml | json
+ */
+function logWizardFileSaveFooter(appName, generatedFiles) {
+  logger.log(formatSuccessParagraph('Wizard completed successfully!'));
+  logger.log(chalk.green(`\nFiles created in: ${generatedFiles.appPath}`));
+  logger.log(chalk.blue('\nNext steps:'));
+  logger.log(chalk.gray(`  1. Review the generated files in integration/${appName}/`));
+  logger.log(chalk.gray('  2. Update env.template with your authentication details'));
+  logger.log(chalk.gray(`  3. Deploy using: node deploy.js or aifabrix deploy ${appName}`));
+}
+
+function mergeRbacAfterWizardFilesWritten(generatedFiles, format) {
+  const { mergeRbacFromDatasources, extractRbacFromSystem } = require('./repair-rbac');
+  const { loadConfigFile } = require('../utils/config-format');
+  const systemParsedForRbac = loadConfigFile(generatedFiles.systemFilePath);
+  const datasourceFileNames = (generatedFiles.datasourceFilePaths || []).map((p) => path.basename(p));
+  const rbacChanges = [];
+  const rbacUpdated = mergeRbacFromDatasources(
+    generatedFiles.appPath,
+    systemParsedForRbac,
+    datasourceFileNames,
+    extractRbacFromSystem,
+    { format: format === 'json' ? 'json' : 'yaml', dryRun: false, changes: rbacChanges }
+  );
+  if (rbacUpdated && rbacChanges.length) {
+    rbacChanges.forEach((c) => logger.log(chalk.gray(`  RBAC: ${c}`)));
+    logger.log(chalk.green('  RBAC file updated from datasource capabilities (enableRBAC).'));
+  }
+}
+
 /**
  * Handle file saving step
  * @async
@@ -418,17 +459,24 @@ async function tryUpdateReadmeFromDeploymentDocs(appPath, appName, dataplaneUrl,
  * @param {Object} systemConfig - System configuration
  * @param {Object[]} datasourceConfigs - Datasource configurations
  * @param {string} systemKey - System key
- * @param {string} dataplaneUrl - Dataplane URL
- * @param {Object} authConfig - Authentication configuration
+ * @param {{ dataplaneUrl: string, authConfig: Object, enableRBAC?: boolean }} ctx - Dataplane auth + optional RBAC generation
  * @returns {Promise<Object>} Generated files information
  */
-async function handleFileSaving(appName, systemConfig, datasourceConfigs, systemKey, dataplaneUrl, authConfig) {
+async function handleFileSaving(appName, systemConfig, datasourceConfigs, systemKey, ctx) {
+  const { dataplaneUrl, authConfig, enableRBAC = false } = ctx || {};
   logger.log(chalk.blue('\n\uD83D\uDCCB Step 7: Save Files'));
   const spinner = ora('Saving files...').start();
   try {
     const config = require('../core/config');
     const format = (await config.getFormat()) || 'yaml';
     const generatedFiles = await generateWizardFiles(appName, systemConfig, datasourceConfigs, systemKey, { aiGeneratedReadme: null, format });
+    if (enableRBAC && generatedFiles.appPath && generatedFiles.systemFilePath) {
+      try {
+        mergeRbacAfterWizardFilesWritten(generatedFiles, format);
+      } catch (e) {
+        logger.log(chalk.yellow(`  Could not generate RBAC file: ${e.message}`));
+      }
+    }
     if (systemKey && dataplaneUrl && authConfig && generatedFiles.appPath) {
       try {
         await tryUpdateReadmeFromDeploymentDocs(generatedFiles.appPath, appName, dataplaneUrl, authConfig, systemKey);
@@ -437,12 +485,7 @@ async function handleFileSaving(appName, systemConfig, datasourceConfigs, system
       }
     }
     spinner.stop();
-    logger.log(chalk.green('\n\u2713 Wizard completed successfully!'));
-    logger.log(chalk.green(`\nFiles created in: ${generatedFiles.appPath}`));
-    logger.log(chalk.blue('\nNext steps:'));
-    logger.log(chalk.gray(`  1. Review the generated files in integration/${appName}/`));
-    logger.log(chalk.gray('  2. Update env.template with your authentication details'));
-    logger.log(chalk.gray(`  3. Deploy using: node deploy.js or aifabrix deploy ${appName}`));
+    logWizardFileSaveFooter(appName, generatedFiles);
     return generatedFiles;
   } catch (error) {
     spinner.stop();

package/lib/commands/wizard-dataplane.js

@@ -6,7 +6,7 @@
 
 const chalk = require('chalk');
 const logger = require('../utils/logger');
-const { infoLine, formatSuccessLine } = require('../utils/cli-test-layout-chalk');
+const { formatProgress, formatSuccessLine } = require('../utils/cli-test-layout-chalk');
 const { getDataplaneUrl } = require('../datasource/deploy');
 const { listEnvironmentApplications } = require('../api/environments.api');
 
@@ -102,7 +102,7 @@ async function tryFallbackDataplaneUrl(controllerUrl, environment, authConfig, s
 async function discoverDataplaneUrl(controllerUrl, environment, authConfig, opts = {}) {
   const silent = opts.silent === true;
   if (!silent) {
-    logger.log(infoLine('🌐 Getting dataplane URL from controller...'));
+    logger.log(formatProgress('Getting dataplane URL from controller...'));
   }
   try {
     const dataplaneAppKey = await findDataplaneServiceAppKey(controllerUrl, environment, authConfig);

package/lib/commands/wizard-entity-selection.js

@@ -9,31 +9,89 @@ const logger = require('../utils/logger');
 const { discoverEntities } = require('../api/wizard.api');
 const { validateEntityNameForOpenApi } = require('../validation/wizard-datasource-validation');
 const { promptForEntitySelection } = require('../generator/wizard-prompts');
+const { formatSuccessLine } = require('../utils/cli-layout-chalk');
+
+/**
+ * If wizard.yaml entity name matches discover-entities list, use it; else warn.
+ * @param {string} trimmed - Trimmed entity name from prefill
+ * @param {Array<{name: string}>} entities - Discovered entities
+ * @returns {string|null} Resolved name or null to prompt
+ */
+function resolvePrefillEntityName(trimmed, entities) {
+  const prefillCheck = validateEntityNameForOpenApi(trimmed, entities);
+  if (prefillCheck.valid) {
+    logger.log(chalk.gray(
+      `Using entity from wizard.yaml (${trimmed}). Skipping entity prompts.`
+    ));
+    logger.log(formatSuccessLine(`Selected entity: ${trimmed}`));
+    return trimmed;
+  }
+  logger.log(chalk.yellow(
+    `Warning: wizard.yaml source.entityName '${trimmed}' is not in the discover-entities list; choose manually.`
+  ));
+  return null;
+}
+
+/**
+ * Prompt for entity and validate against list.
+ * @param {Array<{name: string}>} entities - Discovered entities
+ * @returns {Promise<string>} Valid entity name
+ */
+async function promptForValidatedEntity(entities) {
+  const entityName = await promptForEntitySelection(entities);
+  const validation = validateEntityNameForOpenApi(entityName, entities);
+  if (!validation.valid) {
+    throw new Error(`Invalid entity '${entityName}'. Available: ${entities.map(e => e.name).join(', ')}`);
+  }
+  logger.log(formatSuccessLine(`Selected entity: ${entityName}`));
+  return entityName;
+}
+
+/**
+ * Discover entities and select one (single-entity shortcut, prefill, or prompt).
+ * @param {string} dataplaneUrl - Dataplane URL
+ * @param {Object} authConfig - Authentication configuration
+ * @param {Object} openapiSpec - OpenAPI specification
+ * @param {string} [prefillEntityName] - From wizard.yaml `source.entityName` when valid
+ * @returns {Promise<string|null>} Selected entity name or null (skip)
+ */
+async function discoverAndSelectEntity(dataplaneUrl, authConfig, openapiSpec, prefillEntityName) {
+  const response = await discoverEntities(dataplaneUrl, authConfig, openapiSpec);
+  const entities = response?.data?.entities;
+  if (!Array.isArray(entities) || entities.length === 0) return null;
+
+  logger.log(chalk.blue('\n\uD83D\uDCCB Step 4.5: Select Entity'));
+
+  if (entities.length === 1) {
+    const only = entities[0].name;
+    logger.log(formatSuccessLine(`Only one entity discovered; using: ${only}`));
+    return only;
+  }
+
+  const trimmed =
+    typeof prefillEntityName === 'string' ? prefillEntityName.trim() : '';
+  if (trimmed) {
+    const resolved = resolvePrefillEntityName(trimmed, entities);
+    if (resolved) return resolved;
+  }
+
+  return promptForValidatedEntity(entities);
+}
 
 /**
  * Handle entity selection step (OpenAPI multi-entity).
- * Calls discover-entities; if entities found, prompts user to select one.
+ * Calls discover-entities; prompts unless prefill or a single entity applies.
  * @async
  * @param {string} dataplaneUrl - Dataplane URL
  * @param {Object} authConfig - Authentication configuration
  * @param {Object} openapiSpec - OpenAPI specification
+ * @param {string} [prefillEntityName] - From wizard.yaml `source.entityName` when valid
  * @returns {Promise<string|null>} Selected entity name or null (skip)
  */
-async function handleEntitySelection(dataplaneUrl, authConfig, openapiSpec) {
+async function handleEntitySelection(dataplaneUrl, authConfig, openapiSpec, prefillEntityName) {
   if (!openapiSpec || typeof openapiSpec !== 'object') return null;
   try {
-    const response = await discoverEntities(dataplaneUrl, authConfig, openapiSpec);
-    const entities = response?.data?.entities;
-    if (!Array.isArray(entities) || entities.length === 0) return null;
-
-    logger.log(chalk.blue('\n\uD83D\uDCCB Step 4.5: Select Entity'));
-    const entityName = await promptForEntitySelection(entities);
-    const validation = validateEntityNameForOpenApi(entityName, entities);
-    if (!validation.valid) {
-      throw new Error(`Invalid entity '${entityName}'. Available: ${entities.map(e => e.name).join(', ')}`);
-    }
-    logger.log(chalk.green(`\u2713 Selected entity: ${entityName}`));
-    return entityName;
+    return await discoverAndSelectEntity(dataplaneUrl, authConfig, openapiSpec, prefillEntityName);
   } catch (error) {
     logger.log(chalk.yellow(`Warning: Entity discovery failed, using default: ${error.message}`));
     return null;

package/lib/commands/wizard-headless.js

@@ -6,6 +6,7 @@
 
 const chalk = require('chalk');
 const logger = require('../utils/logger');
+const { formatSuccessLine } = require('../utils/cli-layout-chalk');
 const {
   validateWizardConfig: validateWizardConfigFile,
   displayValidationResults
@@ -111,8 +112,11 @@ async function executeWizardFromConfig(wizardConfig, dataplaneUrl, authConfig, o
     systemConfig,
     datasourceConfigs,
     systemKey || appName,
-    dataplaneUrl,
-    authConfig
+    {
+      dataplaneUrl,
+      authConfig,
+      enableRBAC: Boolean(preferences?.enableRBAC)
+    }
   );
 }
 
@@ -138,7 +142,7 @@ async function handleWizardHeadless(options) {
     displayValidationResults(validationResult);
     throw new Error('Wizard configuration validation failed');
   }
-  logger.log(chalk.green('\u2713 Configuration file validated'));
+  logger.log(formatSuccessLine('Configuration file validated'));
 
   const wizardConfig = validationResult.config;
   const appName = wizardConfig.appName;

package/lib/commands/wizard-helpers.js

@@ -47,6 +47,12 @@ function buildSourceForSave(source) {
     out.token = source.token ? '(set)' : undefined;
   }
   if (source.type === 'known-platform' && source.platform) out.platform = source.platform;
+  if (
+    (source.type === 'openapi-file' || source.type === 'openapi-url') &&
+    source.entityName
+  ) {
+    out.entityName = source.entityName;
+  }
   return out;
 }
 
@@ -75,7 +81,13 @@ function buildWizardStateForSave(opts) {
 function formatSourceLine(source) {
   if (!source) return null;
   const s = source;
-  return s.type + (s.filePath ? ` (${s.filePath})` : s.url ? ` (${s.url})` : s.platform ? ` (${s.platform})` : '');
+  let line =
+    s.type +
+    (s.filePath ? ` (${s.filePath})` : s.url ? ` (${s.url})` : s.platform ? ` (${s.platform})` : '');
+  if (s.entityName && (s.type === 'openapi-file' || s.type === 'openapi-url')) {
+    line += ` [entity: ${s.entityName}]`;
+  }
+  return line;
 }
 
 /**