@aifabrix/builder 2.44.5 → 2.44.6

package/lib/commands/teardown.js

@@ -0,0 +1,228 @@
+/**
+ * `aifabrix teardown` — full teardown of local infra and CLI state.
+ *
+ * Performs:
+ *   1. `down-infra -v` (stop infra + apps, remove all Docker volumes).
+ *   2. Remove every entry inside `~/.aifabrix/` (or the equivalent
+ *      `getAifabrixSystemDir()`-resolved directory) except `config.yaml`.
+ *      This includes `secrets.local.yaml`, `admin-secrets.env`,
+ *      auth/token files, and any `infra-dev*` directories.
+ *
+ * Confirmation is required by default; pass `--yes` / `-y` to skip.
+ *
+ * @fileoverview aifabrix teardown handler
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const inquirer = require('inquirer');
+const chalk = require('chalk');
+const ora = require('ora');
+
+const config = require('../core/config');
+const infra = require('../infrastructure');
+const pathsUtil = require('../utils/paths');
+const logger = require('../utils/logger');
+const { withMutedLogger } = require('../utils/with-muted-logger');
+const {
+  formatSuccessLine,
+  formatSuccessParagraph,
+  formatProgress,
+  successGlyph
+} = require('../utils/cli-test-layout-chalk');
+
+/** File name kept by teardown (lowercase exact match). */
+const PRESERVE_FILE = 'config.yaml';
+/** Directory preserved by teardown (holds developer TLS client certs). */
+const PRESERVE_CERTS_DIR = 'certs';
+
+const PRESERVE_ENTRY_NAMES = new Set([PRESERVE_FILE, PRESERVE_CERTS_DIR]);
+
+const SEPARATOR = '────────────────────────────────────────';
+
+function title(text) {
+  return chalk.bold(text);
+}
+
+function shouldUseSpinner() {
+  return Boolean(process && process.stdout && process.stdout.isTTY);
+}
+
+function startSpinner(text) {
+  if (!shouldUseSpinner()) {
+    logger.log(formatProgress(text));
+    return null;
+  }
+  return ora({ text, spinner: 'dots' }).start();
+}
+
+function stopSpinnerSuccess(spinner, text) {
+  if (!spinner) {
+    logger.log(formatSuccessLine(text));
+    return;
+  }
+  spinner.succeed(text);
+}
+
+/**
+ * Ask the user to confirm teardown unless `assumeYes` is true.
+ * @async
+ * @param {boolean} assumeYes
+ * @returns {Promise<boolean>}
+ */
+async function confirmTeardown(assumeYes) {
+  if (assumeYes) return true;
+  const { ok } = await inquirer.prompt([
+    {
+      type: 'confirm',
+      name: 'ok',
+      message:
+        'This will stop all infra + apps, DELETE every Docker volume, and remove every file in ~/.aifabrix/ except config.yaml and certs/. Continue?',
+      default: false
+    }
+  ]);
+  return ok === true;
+}
+
+/**
+ * Remove every entry in the AI Fabrix system directory except `config.yaml`.
+ * Each removal is logged. Errors per entry are caught and logged so the
+ * teardown surfaces partial-success information instead of bailing on the
+ * first ENOENT/EBUSY.
+ *
+ * @returns {{ removed: string[], failed: string[] }}
+ */
+function cleanAifabrixSystemDir() {
+  const dir = pathsUtil.getAifabrixSystemDir();
+  const removed = [];
+  const failed = [];
+  if (!fs.existsSync(dir)) {
+    return { removed, failed };
+  }
+  const entries = fs.readdirSync(dir, { withFileTypes: true });
+  for (const entry of entries) {
+    if (PRESERVE_ENTRY_NAMES.has(entry.name)) continue;
+    const target = path.join(dir, entry.name);
+    try {
+      fs.rmSync(target, { recursive: true, force: true });
+      removed.push(target);
+    } catch (err) {
+      failed.push(target);
+    }
+  }
+  return { removed, failed };
+}
+
+/**
+ * Stop infra with `down-infra -v` semantics. Tolerates already-down state.
+ * @async
+ * @returns {Promise<void>}
+ */
+async function stopInfraQuietly() {
+  try {
+    const spin = startSpinner('Stopping infrastructure (down-infra -v)...');
+    await withMutedLogger(async() => {
+      await infra.stopInfraWithVolumes();
+    });
+    stopSpinnerSuccess(spin, 'Infrastructure stopped and volumes removed');
+  } catch (err) {
+    logger.log(
+      chalk.yellow(
+        `Infrastructure already down or could not be stopped cleanly: ${err.message}`
+      )
+    );
+  }
+}
+
+function logFooterStart(label) {
+  logger.log('');
+  logger.log(SEPARATOR);
+  logger.log(title(label));
+  logger.log(SEPARATOR);
+  logger.log('');
+}
+
+function logFooterEnd() {
+  logger.log(SEPARATOR);
+}
+
+function logSection(label, value) {
+  logger.log(title(label));
+  logger.log(`  ${value}`);
+  logger.log('');
+}
+
+async function buildDeveloperLabel() {
+  const developerId = await config.getDeveloperId();
+  const idNum = typeof developerId === 'string' ? parseInt(developerId, 10) : developerId;
+  if (!Number.isFinite(idNum)) return 'unknown';
+  return `dev${String(idNum).padStart(2, '0')} (id: ${idNum})`;
+}
+
+function logTeardownHeader() {
+  logger.log('');
+  logger.log(title('AI Fabrix Shutdown'));
+  logger.log(SEPARATOR);
+  logger.log('');
+}
+
+function logTeardownFooter({ devStr, removedCount, failedCount }) {
+  logFooterStart('Stopped');
+  logSection('Developer', devStr);
+  logSection(
+    'Cleaned',
+    `${successGlyph()} Removed ${removedCount} item(s) (${PRESERVE_FILE} and ${PRESERVE_CERTS_DIR}/ preserved)`
+  );
+  logger.log(chalk.yellow('⚠ Volumes removed: all local data deleted'));
+  logger.log('');
+  if (failedCount > 0) {
+    logger.log(chalk.yellow(`⚠ Could not remove ${failedCount} item(s)`));
+    logger.log('');
+  }
+  logFooterEnd();
+}
+
+function cleanFilesWithSpinner() {
+  const cleanSpin = startSpinner('Removing installation files...');
+  const result = cleanAifabrixSystemDir();
+  stopSpinnerSuccess(cleanSpin, `Removed ${result.removed.length} installation item(s)`);
+  return result;
+}
+
+/**
+ * Run the teardown.
+ *
+ * @async
+ * @function handleTeardown
+ * @param {Object} [options] - Commander options
+ * @param {boolean} [options.yes] - Skip the confirmation prompt
+ * @returns {Promise<void>}
+ */
+async function handleTeardown(options = {}) {
+  const assumeYes = options.yes === true || options.assumeYes === true;
+  logTeardownHeader();
+
+  const ok = await confirmTeardown(assumeYes);
+  if (!ok) {
+    logger.log(chalk.yellow('Aborted by user.'));
+    return;
+  }
+  await stopInfraQuietly();
+  const { removed, failed } = cleanFilesWithSpinner();
+  const devStr = await buildDeveloperLabel();
+  logTeardownFooter({ devStr, removedCount: removed.length, failedCount: failed.length });
+
+  logger.log(formatSuccessParagraph('aifabrix teardown complete.'));
+}
+
+module.exports = {
+  handleTeardown,
+  cleanAifabrixSystemDir,
+  stopInfraQuietly,
+  PRESERVE_FILE,
+  PRESERVE_CERTS_DIR
+};

package/lib/commands/up-common.js

@@ -20,6 +20,7 @@ const { loadConfigFile, writeConfigFile } = require('../utils/config-format');
 const { isYamlPath } = require('../utils/config-format');
 const { copyTemplateFiles } = require('../validation/template');
 const { ensureReadmeForAppPath, ensureReadmeForApp } = require('../app/readme');
+const { refreshUrlsLocalRegistryFromBuilder } = require('../utils/urls-local-registry');
 
 /**
  * Copy template to a target path if application config is missing there.
@@ -98,8 +99,9 @@ function patchEnvOutputPathInFile(configPath) {
 function validateEnvOutputPathFolderOrNull(appName) {
   if (!appName || typeof appName !== 'string') return;
   const pathsToPatch = [pathsUtil.getBuilderPath(appName)];
+  const envBuilderRoot = process.env.AIFABRIX_BUILDER_DIR && String(process.env.AIFABRIX_BUILDER_DIR).trim();
   const cwdBuilderPath = path.join(process.cwd(), 'builder', appName);
-  if (path.resolve(cwdBuilderPath) !== path.resolve(pathsToPatch[0])) {
+  if (envBuilderRoot && path.resolve(cwdBuilderPath) !== path.resolve(pathsToPatch[0])) {
     pathsToPatch.push(cwdBuilderPath);
   }
   for (const appPath of pathsToPatch) {
@@ -176,49 +178,83 @@ function patchEnvOutputPathForDeployOnly(appName) {
  *
  * @returns {Promise<void>}
  */
-async function applyUpPlatformForceConfig() {
+async function applyUpPlatformForceConfig(opts = {}) {
+  const silent = Boolean(opts.silent);
   const deviceCleared = await config.clearAllDeviceTokens();
   const clientCleared = await config.clearAllClientTokens();
   await config.setCurrentEnvironment('dev');
   const defaultControllerUrl = await getDefaultControllerUrl();
   await config.setControllerUrl(defaultControllerUrl);
-  logger.log(
-    chalk.blue(
-      `--force: cleared ${deviceCleared} device token(s) and ${clientCleared} client token(s); ` +
-        `environment set to dev; default controller set to ${defaultControllerUrl} (run aifabrix login after platform is up)`
-    )
-  );
+
+  const summary = { deviceCleared, clientCleared, defaultControllerUrl, environment: 'dev' };
+  if (!silent) {
+    logger.log(
+      chalk.blue(
+        `--force: cleared ${deviceCleared} device token(s) and ${clientCleared} client token(s); ` +
+          `environment set to dev; default controller set to ${defaultControllerUrl} (run aifabrix login after platform is up)`
+      )
+    );
+  }
+  return summary;
+}
+
+/**
+ * True when resolved path is the root itself or a subdirectory of an allowed builder root.
+ * @param {string} resolvedAppPath
+ * @param {string[]} allowedRoots - Absolute resolved directory roots
+ * @returns {boolean}
+ */
+function isUnderAllowedBuilderRoot(resolvedAppPath, allowedRoots) {
+  for (const root of allowedRoots) {
+    const r = path.resolve(root);
+    if (resolvedAppPath === r || resolvedAppPath.startsWith(r + path.sep)) {
+      return true;
+    }
+  }
+  return false;
 }
 
 /**
- * Removes builder app directories for the given app names. Only removes paths under the builder root
- * to prevent path traversal. Uses getBuilderPath for each app and validates before removal.
+ * Removes builder app directories for the given app names. Only removes paths under an allowed
+ * builder root (project `builder/` or `~/.aifabrix/builder/`) to prevent path traversal.
+ * Uses {@link pathsUtil.getBuilderPath} for each app (system apps may resolve under the config dir).
  *
  * @param {string[]} appNames - Application names (e.g. ['keycloak', 'miso-controller', 'dataplane'])
  * @returns {Promise<void>}
- * @throws {Error} If any path is outside builder root (path traversal attempt)
+ * @throws {Error} If any path is outside allowed builder roots (path traversal attempt)
  */
-async function cleanBuilderAppDirs(appNames) {
+async function cleanBuilderAppDirs(appNames, opts = {}) {
+  const silent = Boolean(opts.silent);
   if (!Array.isArray(appNames) || appNames.length === 0) return;
-  const builderRoot = path.resolve(pathsUtil.getBuilderRoot());
+  const allowedRoots = [path.resolve(pathsUtil.getBuilderRoot()), path.resolve(pathsUtil.getSystemBuilderRoot())];
+  const cleaned = [];
   for (const appName of appNames) {
     if (!appName || typeof appName !== 'string') continue;
     const appPath = path.resolve(pathsUtil.getBuilderPath(appName));
-    if (!appPath.startsWith(builderRoot + path.sep) && appPath !== builderRoot) {
-      throw new Error(`Path ${appPath} is outside builder root ${builderRoot}; refusing to clean`);
+    if (!isUnderAllowedBuilderRoot(appPath, allowedRoots)) {
+      throw new Error(
+        `Path ${appPath} is outside allowed builder roots (${allowedRoots.join(', ')}); refusing to clean`
+      );
     }
     if (fs.existsSync(appPath)) {
       fs.rmSync(appPath, { recursive: true });
-      logger.log(chalk.blue(`Cleaned builder/${appName}`));
+      cleaned.push(appName);
+      if (!silent) {
+        logger.log(chalk.blue(`Cleaned builder/${appName}`));
+      }
     }
   }
+  return cleaned;
 }
 
 /**
  * Ensures builder app directory exists from template if application config is missing.
  * If builder/<appName>/application config does not exist, copies from templates/applications/<appName>.
  * Uses AIFABRIX_BUILDER_DIR when set (e.g. by up-miso/up-dataplane from config aifabrix-env-config).
- * When using a custom builder dir, also populates cwd/builder/<appName> so the repo's builder/ is not empty.
+ * When `process.env.AIFABRIX_BUILDER_DIR` is set and the primary app path differs from
+ * `cwd/builder/<appName>`, also copies into `cwd/builder/<appName>` so the repo tree is not empty
+ * while using a custom builder root. Skips that extra copy when no custom dir is in use (e.g.
+ * platform apps materialized only under the system builder root).
  *
  * @async
  * @function ensureAppFromTemplate
@@ -241,8 +277,12 @@ async function ensureAppFromTemplate(appName) {
     logger.log(formatSuccessLine(`Copied template for ${appName}`));
   }
 
+  const envBuilderRoot = process.env.AIFABRIX_BUILDER_DIR && String(process.env.AIFABRIX_BUILDER_DIR).trim();
   const cwdBuilderPath = path.join(process.cwd(), 'builder', appName);
-  if (path.resolve(cwdBuilderPath) !== path.resolve(appPath)) {
+  if (
+    envBuilderRoot &&
+    path.resolve(cwdBuilderPath) !== path.resolve(appPath)
+  ) {
     const cwdCopied = await ensureTemplateAtPath(appName, cwdBuilderPath);
     if (cwdCopied) {
       logger.log(chalk.blue(`Creating builder/${appName} in project (from template)...`));
@@ -254,11 +294,31 @@ async function ensureAppFromTemplate(appName) {
   return primaryCopied;
 }
 
+/**
+ * For `aifabrix up-platform` only: align builder dir env with up-miso/up-dataplane, materialize all three
+ * platform apps from templates if missing, then refresh `~/.aifabrix/urls.local.yaml` so declarative
+ * `url://` expansion (e.g. cross-references between miso-controller, dataplane, keycloak) sees every
+ * app's port and pattern before Keycloak or Miso resolve their `.env` files.
+ *
+ * @returns {Promise<void>}
+ */
+async function prepareUrlsLocalRegistryForUpPlatform() {
+  const builderDir = await config.getAifabrixBuilderDir();
+  if (builderDir) {
+    process.env.AIFABRIX_BUILDER_DIR = path.resolve(builderDir);
+  }
+  await ensureAppFromTemplate('keycloak');
+  await ensureAppFromTemplate('miso-controller');
+  await ensureAppFromTemplate('dataplane');
+  refreshUrlsLocalRegistryFromBuilder(pathsUtil.getProjectRoot());
+}
+
 module.exports = {
   applyUpPlatformForceConfig,
   cleanBuilderAppDirs,
   ensureAppFromTemplate,
   patchEnvOutputPathForDeployOnly,
   validateEnvOutputPathFolderOrNull,
-  getEnvOutputPathFolder
+  getEnvOutputPathFolder,
+  prepareUrlsLocalRegistryForUpPlatform
 };

package/lib/commands/up-dataplane.js

@@ -2,10 +2,10 @@ const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test
 /**
  * AI Fabrix Builder - Up Dataplane Command
  *
- * Always local deployment: registers or rotates dataplane app in dev, sends
- * deployment manifest to Miso Controller, then runs the dataplane app locally
- * (same as aifabrix deploy dataplane --local). If app is already
- * registered, uses rotate-secret; otherwise registers.
+ * Always local deployment: requires dev infra (same gate as up-miso), then registers or
+ * rotates dataplane in dev, sends deployment manifest to Miso Controller, then runs dataplane
+ * locally (same as aifabrix deploy dataplane --local). If app is already registered, uses
+ * rotate-secret; otherwise registers.
  *
  * @fileoverview up-dataplane command implementation
  * @author AI Fabrix Team
@@ -29,6 +29,7 @@ const { checkApplicationExists } = require('../utils/app-existence');
 const { checkHealthEndpoint } = require('../utils/health-check');
 const { validateControllerUrl } = require('../utils/auth-config-validator');
 const app = require('../app');
+const { assertDevInfraUp } = require('./dev-infra-gate');
 const { ensureAppFromTemplate, validateEnvOutputPathFolderOrNull } = require('./up-common');
 
 const CONTROLLER_HEALTH_PATH = '/health';
@@ -130,7 +131,14 @@ async function registerOrRotateDataplane(options, controllerUrl, environmentKey,
  */
 async function deployDataplaneToController(options) {
   const imageOverride = options.image || buildDataplaneImageRef(options);
-  const deployOpts = { imageOverride, image: imageOverride, registryMode: options.registryMode };
+  const deployOpts = {
+    imageOverride,
+    image: imageOverride,
+    registryMode: options.registryMode,
+    // Guided up-platform already shows a top-level spinner for the dataplane step.
+    // Avoid nested deploy polling spinners/logs.
+    silentPoll: options.platformInstall === true
+  };
   await app.deployApp('dataplane', deployOpts);
 }
 
@@ -160,6 +168,17 @@ function buildDataplaneImageRef(options = {}) {
   }
 }
 
+/**
+ * Sets `AIFABRIX_BUILDER_DIR` when configured (shared by deploy/run paths).
+ * @returns {Promise<void>}
+ */
+async function applyAifabrixBuilderDirEnv() {
+  const builderDir = await config.getAifabrixBuilderDir();
+  if (builderDir) {
+    process.env.AIFABRIX_BUILDER_DIR = path.resolve(builderDir);
+  }
+}
+
 /**
  * Handle up-dataplane command: ensure logged in, environment dev, ensure dataplane,
  * register or rotate (if already registered), deploy (send manifest to controller),
@@ -171,16 +190,18 @@ function buildDataplaneImageRef(options = {}) {
  * @param {string} [options.registry] - Override registry for dataplane
  * @param {string} [options.registryMode] - Override registry mode (acr|external)
  * @param {string} [options.image] - Override image reference for dataplane
+ * @param {boolean} [options.skipInfraCheck] - When true, skip Postgres/Redis gate (caller already verified, e.g. guided up-dataplane).
  * @returns {Promise<void>}
- * @throws {Error} If not logged in, environment not dev, or any step fails
+ * @throws {Error} If infra not up, controller unavailable, not logged in, environment not dev, or any step fails
  */
 async function handleUpDataplane(options = {}) {
-  const builderDir = await config.getAifabrixBuilderDir();
-  if (builderDir) {
-    process.env.AIFABRIX_BUILDER_DIR = path.resolve(builderDir);
-  }
+  await applyAifabrixBuilderDirEnv();
   logger.log(chalk.blue('Starting up-dataplane (register/rotate, deploy, then run dataplane locally)...\n'));
 
+  if (options.skipInfraCheck !== true) {
+    await assertDevInfraUp();
+  }
+
   const controllerUrl = await resolveControllerUrlWithHealthCheck();
   const environmentKey = await resolveEnvironment();
   const authConfig = await checkAuthentication(controllerUrl, environmentKey, { throwOnFailure: true });
@@ -204,7 +225,8 @@ async function handleUpDataplane(options = {}) {
   logger.log('');
   await app.runApp('dataplane', {
     skipEnvOutputPath: true,
-    registry: options.registry || undefined
+    registry: options.registry || undefined,
+    base: options.base !== false
   });
 
   logger.log(formatSuccessParagraph('up-dataplane complete. Dataplane is registered, deployed in dev, and running locally.'));

package/lib/commands/up-miso.js

@@ -1,9 +1,9 @@
-const { formatSuccessLine, formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
+const { formatSuccessParagraph } = require('../utils/cli-test-layout-chalk');
 /**
  * AI Fabrix Builder - Up Miso Command
  *
  * Installs keycloak and miso-controller from images (no build). For dataplane, use up-dataplane.
- * Assumes infra is up; sets dev secrets and resolves (no force; existing .env values preserved).
+ * Ensures dev Postgres/Redis are up, then sets dev secrets and resolves (no force; existing .env values preserved).
  *
  * @fileoverview up-miso command implementation
  * @author AI Fabrix Team
@@ -14,8 +14,8 @@ const path = require('path');
 const chalk = require('chalk');
 const logger = require('../utils/logger');
 const config = require('../core/config');
-const infra = require('../infrastructure');
 const app = require('../app');
+const { assertDevInfraUp } = require('./dev-infra-gate');
 const { ensureAppFromTemplate, patchEnvOutputPathForDeployOnly, validateEnvOutputPathFolderOrNull } = require('./up-common');
 
 /**
@@ -45,11 +45,13 @@ function parseImageOptions(imageOpts) {
  */
 async function runMisoApps(options) {
   const imageMap = parseImageOptions(options.image);
+  const useBaseImage = options.base !== false;
   const common = {
     registry: options.registry,
     registryMode: options.registryMode,
     skipEnvOutputPath: true,
-    skipInfraCheck: true
+    skipInfraCheck: true,
+    base: useBaseImage
   };
   const keycloakRunOpts = { ...common };
   if (imageMap.keycloak) {
@@ -83,13 +85,7 @@ async function handleUpMiso(options = {}) {
     process.env.AIFABRIX_BUILDER_DIR = path.resolve(builderDir);
   }
   logger.log(chalk.blue('Starting up-miso (keycloak + miso-controller from images)...\n'));
-  // Strict: only this developer's infra (same as status), so up-miso and status agree
-  const health = await infra.checkInfraHealth(undefined, { strict: true });
-  const allHealthy = Object.values(health).every(status => status === 'healthy');
-  if (!allHealthy) {
-    throw new Error('Infrastructure is not up. Run \'aifabrix up-infra\' first.');
-  }
-  logger.log(formatSuccessLine('Infrastructure is up'));
+  await assertDevInfraUp();
   await ensureAppFromTemplate('keycloak');
   await ensureAppFromTemplate('miso-controller');
   // If envOutputPath target folder does not exist, set envOutputPath to null