@aifabrix/builder 2.44.6 → 2.45.0

package/.cursor/rules/cli-layout.mdc

@@ -12,7 +12,7 @@ When you touch **CLI surface** (`bin/aifabrix.js`, `lib/cli.js`, `lib/cli/**`, `
 | Document | Role |
 | -------- | ---- |
 | [layout.md](./layout.md) | Visual and semantic spec: colors, sections, glyphs, blocking vs warning, non-TTY/CI, helper map to `cli-test-layout-chalk.js`. |
-| [cli-output-command-matrix.md](./cli-output-command-matrix.md) | **One row per leaf command**: expected **output profile** (layout-blocks, tty-summary, stream-logs, json-opt, stdout-only, delegate). |
+| [cli-output-command-matrix.md](./cli-output-command-matrix.md) | **One row per leaf command**: expected **output profile** (layout-blocks, tty-summary, stream-logs, json-opt, stdout-only, delegate) and **Manifest roots (141)** (when to emit gray manifest path line — see plan 141). |
 
 If implementation and `layout.md` disagree, **fix implementation** or **update docs** in the same change so they stay one story.
 
@@ -27,9 +27,13 @@ Use the matrix row for your command to decide UX:
 - **stdout-only** — Stable, script-friendly stdout; minimal chalk; often used for diffs or piping.
 - **delegate** — Output comes from delegated library (wizard, etc.); still avoid forbidden glyphs and spurious decoration in anything you add.
 
-**New leaf command:** add a row to [cli-output-command-matrix.md](./cli-output-command-matrix.md) with the correct profile combination.
+**New leaf command:** add a row to [cli-output-command-matrix.md](./cli-output-command-matrix.md) with the correct profile combination and **Manifest roots (141)** code (`141`, `141+`, `int`, `cfg`, `—`).
 
-## Glyphs and semantics (terminal only)
+## Manifest path visibility (plan 141)
+
+When a command’s matrix cell is **141**, **141+**, or **int** and the implementation reads an `application.yaml` (or integration equivalent), print **one** gray metadata line for humans (e.g. `Manifest: cwd/builder — /abs/path/application.yaml`) using `metadata()` or a small helper from `cli-test-layout-chalk.js`. Do not spam per-substep. Follow [.cursor/plans/141-manifest-location.plan.md](../plans/141-manifest-location.plan.md).
+
+**`aifabrix setup`:** destructive / conflict prompts that list folders to be replaced must use **resolved absolute paths** for every directory (plan § Guided setup — not only `builder/<app>/` under an otherwise absolute builder root).
 
 From [layout.md](./layout.md) contributor appendix:
 

package/jest.projects.js

@@ -141,6 +141,34 @@ const defaultProject = {
       '\\\\tests\\\\lib\\\\utils\\\\url-declarative-vdir-inactive-env.test.js',
       'lib/utils/url-declarative-vdir-inactive-env.test.js',
       'url-declarative-vdir-inactive-env\\.test\\.js',
+      '/tests/lib/utils/url-declarative-user-cfg-per-app-proxy.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\url-declarative-user-cfg-per-app-proxy.test.js',
+      'lib/utils/url-declarative-user-cfg-per-app-proxy.test.js',
+      'url-declarative-user-cfg-per-app-proxy\\.test\\.js',
+      '/tests/lib/utils/url-declarative-expand-traefik-off-no-usercfg.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\url-declarative-expand-traefik-off-no-usercfg.test.js',
+      'lib/utils/url-declarative-expand-traefik-off-no-usercfg.test.js',
+      'url-declarative-expand-traefik-off-no-usercfg\\.test\\.js',
+      '/tests/lib/core/secrets-env-declarative-show-urls.test.js',
+      '\\\\tests\\\\lib\\\\core\\\\secrets-env-declarative-show-urls.test.js',
+      'lib/core/secrets-env-declarative-show-urls.test.js',
+      'secrets-env-declarative-show-urls\\.test\\.js',
+      '/tests/lib/utils/url-declarative-registry-internal-docker-origin.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\url-declarative-registry-internal-docker-origin.test.js',
+      'lib/utils/url-declarative-registry-internal-docker-origin.test.js',
+      'url-declarative-registry-internal-docker-origin\\.test\\.js',
+      '/tests/lib/commands/platform-urls-registry.validation.test.js',
+      '\\\\tests\\\\lib\\\\commands\\\\platform-urls-registry.validation.test.js',
+      'lib/commands/platform-urls-registry.validation.test.js',
+      'platform-urls-registry\\.validation\\.test\\.js',
+      '/tests/lib/utils/env-copy-resolve-output.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\env-copy-resolve-output.test.js',
+      'lib/utils/env-copy-resolve-output.test.js',
+      'env-copy-resolve-output\\.test\\.js',
+      '/tests/lib/utils/write-env-output-reload.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\write-env-output-reload.test.js',
+      'lib/utils/write-env-output-reload.test.js',
+      'write-env-output-reload\\.test\\.js',
       '/tests/lib/utils/app-service-env-from-builder.test.js',
       '\\\\tests\\\\lib\\\\utils\\\\app-service-env-from-builder.test.js',
       'lib/utils/app-service-env-from-builder.test.js',
@@ -165,6 +193,18 @@ const defaultProject = {
       '\\\\tests\\\\lib\\\\utils\\\\paths-system-builder-resolution.test.js',
       'lib/utils/paths-system-builder-resolution.test.js',
       'paths-system-builder-resolution\\.test\\.js',
+      '/tests/lib/utils/manifest-location.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\manifest-location.test.js',
+      'lib/utils/manifest-location.test.js',
+      'manifest-location\\.test\\.js',
+      '/tests/lib/utils/installation-log.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\installation-log.test.js',
+      'lib/utils/installation-log.test.js',
+      'installation-log\\.test\\.js',
+      '/tests/lib/utils/manifest-source-emit.test.js',
+      '\\\\tests\\\\lib\\\\utils\\\\manifest-source-emit.test.js',
+      'lib/utils/manifest-source-emit.test.js',
+      'manifest-source-emit\\.test\\.js',
       '/tests/lib/utils/secrets-ancestor-paths.test.js',
       '\\\\tests\\\\lib\\\\utils\\\\secrets-ancestor-paths.test.js',
       'lib/utils/secrets-ancestor-paths.test.js',
@@ -263,6 +303,8 @@ const isolatedProjects = [
   makeIsolatedProject('paths-system-builder-resolution', [
     '**/tests/lib/utils/paths-system-builder-resolution.test.js'
   ]),
+  makeIsolatedProject('manifest-location', ['**/tests/lib/utils/manifest-location.test.js']),
+  makeIsolatedProject('installation-log', ['**/tests/lib/utils/installation-log.test.js']),
   makeIsolatedProject('secrets-ancestor-paths', ['**/tests/lib/utils/secrets-ancestor-paths.test.js']),
   makeIsolatedProject('datasource-validation-watch', [
     '**/tests/lib/utils/datasource-validation-watch.test.js'
@@ -272,6 +314,7 @@ const isolatedProjects = [
     '**/tests/lib/datasource/log-viewer-structural.test.js',
     '**/tests/lib/datasource/log-viewer-run.test.js'
   ]),
+  makeIsolatedProject('manifest-source-emit', ['**/tests/lib/utils/manifest-source-emit.test.js']),
   makeIsolatedProject('register-aifabrix-shell-env', [
     '**/tests/lib/utils/register-aifabrix-shell-env.test.js'
   ]),
@@ -314,6 +357,19 @@ const isolatedProjects = [
   makeIsolatedProject('url-declarative-vdir-inactive-env', [
     '**/tests/lib/utils/url-declarative-vdir-inactive-env.test.js'
   ]),
+  makeIsolatedProject('url-declarative-user-cfg-per-app-proxy', [
+    '**/tests/lib/utils/url-declarative-user-cfg-per-app-proxy.test.js'
+  ]),
+  makeIsolatedProject('declarative-url-paths-spy-suites', [
+    '**/tests/lib/utils/url-declarative-expand-traefik-off-no-usercfg.test.js',
+    '**/tests/lib/core/secrets-env-declarative-show-urls.test.js',
+    '**/tests/lib/utils/url-declarative-registry-internal-docker-origin.test.js'
+  ]),
+  makeIsolatedProject('platform-urls-registry-validation', [
+    '**/tests/lib/commands/platform-urls-registry.validation.test.js'
+  ]),
+  makeIsolatedProject('env-copy-resolve-output', ['**/tests/lib/utils/env-copy-resolve-output.test.js']),
+  makeIsolatedProject('write-env-output-reload', ['**/tests/lib/utils/write-env-output-reload.test.js']),
   makeIsolatedProject('app-service-env-from-builder', [
     '**/tests/lib/utils/app-service-env-from-builder.test.js'
   ]),

package/lib/app/helpers.js

@@ -14,7 +14,7 @@ const path = require('path');
 const chalk = require('chalk');
 const { validateTemplate, copyTemplateFiles, copyAppFiles } = require('../validation/template');
 const logger = require('../utils/logger');
-const { getIntegrationPath, getBuilderPath } = require('../utils/paths');
+const paths = require('../utils/paths');
 
 /**
  * Validates that no app or external system with this name exists in integration/ or builder/.
@@ -25,8 +25,8 @@ const { getIntegrationPath, getBuilderPath } = require('../utils/paths');
  * @throws {Error} If integration/<systemKey> or builder/<appKey> already exists
  */
 async function validateAppOrExternalNameNotExists(appName) {
-  const integrationPath = getIntegrationPath(appName);
-  const builderPath = getBuilderPath(appName);
+  const integrationPath = paths.getIntegrationPath(appName);
+  const builderPath = paths.getBuilderPath(appName);
   try {
     await fs.access(integrationPath);
     throw new Error(

package/lib/app/index.js

@@ -21,7 +21,7 @@ const { loadTemplateVariables, updateTemplateVariables, mergeTemplateVariables }
 const { validateTemplate } = require('../validation/template');
 const auditLogger = require('../core/audit-logger');
 const { downApp } = require('./down');
-const { getAppPath } = require('../utils/paths');
+const paths = require('../utils/paths');
 const { displaySuccessMessage } = require('./display');
 const {
   validateAppDirectoryNotExists,
@@ -93,7 +93,7 @@ function validateAppNameAndSetup(appName, options) {
 
   const initialType = options.type || 'external';
   const baseDir = getBaseDirForAppType(initialType);
-  const appPath = getAppPath(appName, initialType);
+  const appPath = paths.getAppPath(appName, initialType);
 
   return { initialType, baseDir, appPath };
 }
@@ -124,7 +124,7 @@ async function handleTemplateSetup(options) {
  */
 async function prepareFinalAppPath(appName, config, initialAppPath) {
   const finalBaseDir = getBaseDirForAppType(config.type);
-  const finalAppPath = getAppPath(appName, config.type);
+  const finalAppPath = paths.getAppPath(appName, config.type);
 
   // If path changed, validate the new path
   if (finalAppPath !== initialAppPath) {

package/lib/app/register.js

@@ -94,19 +94,20 @@ async function saveLocalCredentials(responseData, apiUrl) {
     await saveLocalSecret(clientIdKey, responseData.credentials.clientId);
     await saveLocalSecret(clientSecretKey, responseData.credentials.clientSecret);
 
-    // Update env.template
+    // Update env.template (kv:// refs only; no resolved values touch disk)
     await updateEnvTemplate(registeredAppKey, clientIdKey, clientSecretKey, apiUrl);
 
-    // Regenerate .env file with updated credentials
+    // Resolve in-memory so any missing-secret / kv:// error surfaces here, but never
+    // materialize <appPath>/.env or envOutputPath — that is only done by `aifabrix resolve`.
     try {
-      await generateEnvFile(registeredAppKey, null, 'local', true);
-      logger.log(formatSuccessLine('.env file updated with new credentials'));
+      await generateEnvFile(registeredAppKey, null, 'local', true, { noWrite: true });
     } catch (error) {
-      logger.warn(chalk.yellow(`⚠  Could not regenerate .env file: ${error.message}`));
+      logger.warn(chalk.yellow(`⚠  Could not validate env resolution: ${error.message}`));
     }
 
     logger.log(formatSuccessParagraph('Credentials saved to ~/.aifabrix/secrets.local.yaml'));
-    logger.log(formatSuccessLine('env.template updated with MISO_CLIENTID, MISO_CLIENTSECRET, and MISO_CONTROLLER_URL\n'));
+    logger.log(formatSuccessLine('env.template updated with MISO_CLIENTID, MISO_CLIENTSECRET, and MISO_CONTROLLER_URL'));
+    logger.log(formatSuccessLine('Run "aifabrix resolve ' + registeredAppKey + '" to materialize an on-disk .env\n'));
   } catch (error) {
     logger.warn(chalk.yellow(`⚠  Could not save credentials locally: ${error.message}`));
   }

package/lib/app/restart-display.js

@@ -13,6 +13,7 @@ const config = require('../core/config');
 const { execWithDockerEnv } = require('../utils/docker-exec');
 const { sectionTitle, headerKeyValue, metadata } = require('../utils/cli-test-layout-chalk');
 const { isReloadBindMountOnEngineHost } = require('../utils/docker-reload-mount');
+const { isApplicationsReloadDefaultOn } = require('../utils/applications-config-defaults');
 
 /**
  * @param {unknown} mounts - docker inspect .Mounts
@@ -54,42 +55,72 @@ async function fetchContainerMountsJson(containerName) {
   }
 }
 
+/**
+ * Log saved reload default for the app (same source as `aifabrix run` dev persist / `aifabrix show`).
+ * @param {string|null|undefined} appName - Application key (e.g. miso-controller)
+ * @returns {Promise<void>}
+ */
+async function logReloadConfigSummaryForRestart(appName) {
+  if (!appName || typeof appName !== 'string') {
+    return;
+  }
+  const userCfg = await config.getConfig();
+  const reloadOn = isApplicationsReloadDefaultOn(userCfg, appName);
+  logger.log('');
+  logger.log(sectionTitle('Reload (config)'));
+  logger.log(
+    headerKeyValue(
+      'Next dev run:',
+      reloadOn ? 'reload on (applications.<app>.reload in config)' : 'reload off'
+    )
+  );
+  logger.log(
+    metadata(
+      'Persisted when you last ran this app in dev with or without --reload. Use aifabrix show <app> to inspect.'
+    )
+  );
+  logger.log('');
+}
+
 /**
  * Log workspace transport after a successful container restart (mounts unchanged).
  * @param {string} containerName - Docker container name
+ * @param {string|null} [appName] - Application key; when set, logs reload default from config after mount info
  * @returns {Promise<void>}
  */
-async function logRestartDevMountSummary(containerName) {
+async function logRestartDevMountSummary(containerName, appName = null) {
   if (!containerName || typeof containerName !== 'string') {
+    await logReloadConfigSummaryForRestart(appName);
     return;
   }
   const mounts = await fetchContainerMountsJson(containerName);
   const appBind = findAppBindMount(mounts);
-  if (!appBind) {
-    return;
-  }
-  const endpoint = await config.getDockerEndpoint();
-  const localEngine = isReloadBindMountOnEngineHost(endpoint);
+  if (appBind) {
+    const endpoint = await config.getDockerEndpoint();
+    const localEngine = isReloadBindMountOnEngineHost(endpoint);
 
-  logger.log('');
-  logger.log(sectionTitle('Dev workspace (unchanged by restart)'));
-  if (localEngine) {
-    logger.log(headerKeyValue('Transport:', 'Direct bind mount on the Docker host (no Mutagen).'));
-    logger.log(headerKeyValue('Host path → container:', `${appBind.Source} → /app`));
-    logger.log(metadata('Edits under the host path are visible inside the container immediately.'));
-  } else {
-    logger.log(
-      headerKeyValue(
-        'Transport:',
-        'Bind mount on the Docker engine (see path below; Mutagen may sync to this path when using --reload).'
-      )
-    );
-    logger.log(headerKeyValue('Engine path → container:', `${appBind.Source} → /app`));
+    logger.log('');
+    logger.log(sectionTitle('Dev workspace (unchanged by restart)'));
+    if (localEngine) {
+      logger.log(headerKeyValue('Transport:', 'Direct bind mount on the Docker host (no Mutagen).'));
+      logger.log(headerKeyValue('Host path → container:', `${appBind.Source} → /app`));
+      logger.log(metadata('Edits under the host path are visible inside the container immediately.'));
+    } else {
+      logger.log(
+        headerKeyValue(
+          'Transport:',
+          'Bind mount on the Docker engine (see path below; Mutagen may sync to this path when using --reload).'
+        )
+      );
+      logger.log(headerKeyValue('Engine path → container:', `${appBind.Source} → /app`));
+    }
+    logger.log('');
   }
-  logger.log('');
+  await logReloadConfigSummaryForRestart(appName);
 }
 
 module.exports = {
   findAppBindMount,
+  logReloadConfigSummaryForRestart,
   logRestartDevMountSummary
 };

package/lib/app/rotate-secret.js

@@ -281,20 +281,21 @@ async function saveCredentialsLocally(appKey, credentials, actualControllerUrl)
     await saveLocalSecret(clientIdKey, credentials.clientId);
     await saveLocalSecret(clientSecretKey, credentials.clientSecret);
 
-    // Update env.template if localhost
+    // Update env.template if localhost (kv:// refs only; no resolved values touch disk)
     if (isLocalhost(actualControllerUrl)) {
       await updateEnvTemplate(appKey, clientIdKey, clientSecretKey, actualControllerUrl);
 
-      // Regenerate .env file with updated credentials
+      // Resolve in-memory so any missing-secret / kv:// error surfaces here, but never
+      // materialize <appPath>/.env or envOutputPath — that is only done by `aifabrix resolve`.
       try {
-        await generateEnvFile(appKey, null, 'local', true);
-        logger.log(formatSuccessLine('.env file updated with new credentials'));
+        await generateEnvFile(appKey, null, 'local', true, { noWrite: true });
       } catch (error) {
-        logger.warn(chalk.yellow(`⚠  Could not regenerate .env file: ${error.message}`));
+        logger.warn(chalk.yellow(`⚠  Could not validate env resolution: ${error.message}`));
       }
 
       logger.log(formatSuccessParagraph('Credentials saved to ~/.aifabrix/secrets.local.yaml'));
-      logger.log(formatSuccessLine('env.template updated with MISO_CLIENTID, MISO_CLIENTSECRET, and MISO_CONTROLLER_URL\n'));
+      logger.log(formatSuccessLine('env.template updated with MISO_CLIENTID, MISO_CLIENTSECRET, and MISO_CONTROLLER_URL'));
+      logger.log(formatSuccessLine('Run "aifabrix resolve ' + appKey + '" to materialize an on-disk .env\n'));
     } else {
       logger.log(formatSuccessParagraph('Credentials saved to ~/.aifabrix/secrets.local.yaml\n'));
     }

package/lib/app/run-helpers.js

@@ -38,6 +38,7 @@ const { resolveEnvOutputPath, writeEnvOutputForReload, writeEnvOutputForLocal }
 const { resolveVersionForApp } = require('../utils/image-version');
 const healthCheckUtil = require('../utils/health-check');
 const { computeTraefikPublicAppUrl } = require('../utils/health-check-url');
+const { isFrontDoorRoutingEnabledInDoc } = require('../utils/url-declarative-vdir-inactive-env');
 
 /** Template apps (keycloak, miso-controller, dataplane) - never update application config when running */
 const TEMPLATE_APP_KEYS = ['keycloak', 'miso-controller', 'dataplane'];
@@ -72,7 +73,7 @@ function checkBuilderDirectory(appName) {
 
 /**
  * Load and validate config file exists
- * Uses paths.getBuilderPath so AIFABRIX_BUILDER_DIR (e.g. from up-miso) is respected.
+ * Uses paths.getBuilderPath (cwd / material `builder/` only; no `AIFABRIX_BUILDER_DIR` override).
  * @param {string} appName - Application name
  * @returns {Object} Application configuration
  * @throws {Error} If config file not found
@@ -299,12 +300,15 @@ async function generateComposeFile(appName, appConfig, composeOptions, devDir) {
 }
 
 /**
- * Writes .env to envOutputPath when application.yaml build.envOutputPath is set.
+ * Writes `build.envOutputPath` after each `aifabrix run`: **local**-flavored env for the host/IDE
+ * when not using `--reload`; with **`--reload`**, merges container `.env.run` into the existing file
+ * (preserves resolve comments) without appending run-only keys missing from the template.
+ *
  * @async
  * @param {string} appName - Application name
  * @param {Object} appConfig - Application configuration
- * @param {string} runEnvPath - Path to .env.run
- * @param {Object} options - Run options (reload flag)
+ * @param {string} runEnvPath - Path to `.env.run`
+ * @param {Object} options - Run options (`reload`, `skipEnvOutputPath`)
  */
 async function writeEnvOutputIfConfigured(appName, appConfig, runEnvPath, options) {
   if (options && options.skipEnvOutputPath === true) return;
@@ -318,8 +322,8 @@ async function writeEnvOutputIfConfigured(appName, appConfig, runEnvPath, option
   if (!fsSync.existsSync(outputDir)) {
     await fs.mkdir(outputDir, { recursive: true });
   }
-  if (options.reload) {
-    await writeEnvOutputForReload(outputPath, runEnvPath);
+  if (options && options.reload === true) {
+    await writeEnvOutputForReload(outputPath, runEnvPath, appName);
   } else {
     await writeEnvOutputForLocal(appName, outputPath);
   }
@@ -362,7 +366,8 @@ async function prepareEnvironment(appName, appConfig, options) {
     envFilePath: runEnvPath,
     dbInitEnvFilePath: runEnvAdminPath,
     effectiveEnvironmentScopedResources,
-    env: runEnvKey
+    env: runEnvKey,
+    omitAppTraefikLabels: userCfg.traefik === false
   };
   composeOptions.port = calculateComposePort(composeOptions, appConfig, developerId);
   const composePath = await generateComposeFile(appName, appConfig, composeOptions, devDir);
@@ -383,7 +388,9 @@ async function prepareEnvironment(appName, appConfig, options) {
 async function displayRunStatus(appName, port, appConfig, runScopeOpts = null, runOptions = {}) {
   const containerName = containerHelpers.getContainerName(appName, appConfig.developerId, runScopeOpts);
   const ro = runOptions && typeof runOptions === 'object' ? runOptions : {};
-  const wantsPublic = Boolean(ro.probeViaTraefik === true || ro.traefikEnabled === true);
+  const frontDoorOn = isFrontDoorRoutingEnabledInDoc(appConfig);
+  const wantsPublic =
+    frontDoorOn && Boolean(ro.probeViaTraefik === true || ro.traefikEnabled === true);
 
   let primaryAppUrl = `http://localhost:${port}`;
   if (wantsPublic) {

package/lib/app/run.js

@@ -28,6 +28,7 @@ const helpers = require('./run-helpers');
 const { ensureReloadSync, logReloadDevSummary } = require('./run-reload-sync');
 const { logRestartDevMountSummary } = require('./restart-display');
 const { execWithDockerEnv } = require('../utils/docker-exec');
+const { isRunCliNoProxy } = require('../utils/run-cli-flags');
 
 /**
  * True if host is localhost or 127.0.0.1 (case-insensitive).
@@ -68,7 +69,7 @@ function isLocalhostEndpoint(urlOrEndpoint) {
  * @async
  * @param {string} appName - Application name
  * @param {boolean} _debug - Debug flag (unused)
- * @returns {Promise<boolean>} True if should continue, false if external system
+ * @returns {Promise<boolean>} True if run should continue, false if app is integration-scoped or external (not a runnable container app)
  * @throws {Error} If app name is invalid
  */
 async function validateAppForRun(appName, _debug) {
@@ -88,9 +89,16 @@ async function validateAppForRun(appName, _debug) {
         formatWarningLine('External integrations are not started as local Docker containers.')
       );
       logger.log(
-        metadata('Build and deploy the integration, then use its APIs from your environment.')
+        metadata(
+          'Publish config to the dataplane (upload) or through the controller (deploy), then use the integration APIs from your environment.'
+        )
+      );
+      logger.log(
+        formatNextActions([
+          `aifabrix upload ${appName}`,
+          `aifabrix deploy ${appName}`
+        ])
       );
-      logger.log(formatNextActions([`aifabrix build ${appName}`]));
       return false;
     }
   } catch (error) {
@@ -263,12 +271,12 @@ async function resolveRunOptions(appName, appConfig, options, envKey, debug, eff
 }
 
 /**
- * When Traefik is enabled in user config, pass through for health checks (DNS + localhost order).
+ * When Traefik is enabled in user config and this run should use proxy hints (`runOptions.noProxy` is false), enable Traefik/DNS URL hints.
  * @param {Object} runOptions
  * @param {Object} userCfg
  */
 function applyTraefikFlagToRunOptions(runOptions, userCfg) {
-  if (userCfg && userCfg.traefik === true) {
+  if (userCfg && userCfg.traefik === true && !runOptions.noProxy) {
     runOptions.traefikEnabled = true;
   }
 }
@@ -335,10 +343,28 @@ async function computeRunPreparationCore(appName, appConfig, options, envKey, us
   return result;
 }
 
+/**
+ * Gray **Manifest:** line before container start (skipped when orchestration already emitted).
+ * @param {string} appName
+ * @param {Object} options
+ * @returns {void}
+ */
+function emitRunManifestMetadataIfRequested(appName, options) {
+  if (options.skipManifestMetadataLine === true) return;
+  const { emitManifestMetadataLineIfTTY } = require('../utils/manifest-source-emit');
+  emitManifestMetadataLineIfTTY(logger, {
+    appKey: appName,
+    appPath: pathsUtil.getBuilderPath(appName),
+    envOnly: false,
+    json: false
+  });
+}
+
 /**
  * Prepare run: validate app, load config, check prereqs, stop existing container, resolve port and reload, prepare env.
  * @param {string} appName - Application name
  * @param {Object} options - Run options
+ * @param {boolean} [options.skipManifestMetadataLine] - When true, skip gray **Manifest:** line (caller already emitted for platform orchestration)
  * @param {boolean} debug - Debug flag
  * @returns {Promise<{ appConfig: Object, tempComposePath: string, hostPort: number }|null>} Prepared run context or null if should not continue
  */
@@ -349,12 +375,25 @@ async function prepareAppRun(appName, options, debug) {
   if (!shouldContinue) {
     return null;
   }
+  let userCfg = await config.getConfig();
+  const appsDefaults = require('../utils/applications-config-defaults');
+  await appsDefaults.persistApplicationRunProxyFlag(appName, !isRunCliNoProxy(options));
+  if (envKey === 'dev') {
+    await appsDefaults.persistApplicationReloadFlag(appName, options.reload === true);
+  }
+  userCfg = await config.getConfig();
+  const savedProxyHint = appsDefaults.getApplicationsRunProxyHint(userCfg, appName);
+  const mergedOpts = {
+    ...options,
+    reload: options.reload === true,
+    noProxy: isRunCliNoProxy(options) || !savedProxyHint
+  };
   logger.log('');
   logger.log(sectionTitle('Run'));
   logger.log(headerKeyValue('Application:', appName));
   const appConfig = await loadAndConfigureApp(appName, debug);
-  const userCfg = await config.getConfig();
-  return computeRunPreparationCore(appName, appConfig, options, envKey, userCfg, debug);
+  emitRunManifestMetadataIfRequested(appName, options);
+  return computeRunPreparationCore(appName, appConfig, mergedOpts, envKey, userCfg, debug);
 }
 
 /**
@@ -367,6 +406,7 @@ async function prepareAppRun(appName, options, debug) {
  * @param {Object} options - Run options
  * @param {number} [options.port] - Override local port
  * @param {boolean} [options.debug] - Enable debug output
+ * @param {boolean} [options.skipManifestMetadataLine] - When true, skip gray **Manifest:** line in prepare (orchestration already emitted)
  * @returns {Promise<void>} Resolves when app is running
  * @throws {Error} If run fails or app is not built
  *
@@ -388,7 +428,7 @@ async function runApp(appName, options = {}) {
     if (debug) {
       logger.log(chalk.gray(`[DEBUG] Compose file generated: ${prepared.tempComposePath}`));
     }
-    logReloadDevSummary(Boolean(options.reload), prepared.mergedRunOptions.reloadSyncSummary);
+    logReloadDevSummary(Boolean(prepared.mergedRunOptions.reload), prepared.mergedRunOptions.reloadSyncSummary);
     await startAppContainer(appName, prepared.tempComposePath, prepared.hostPort, prepared.appConfig, {
       debug,
       runEnvPath: prepared.runEnvPath,
@@ -422,11 +462,18 @@ async function restartApp(appName) {
   if (!appName || typeof appName !== 'string') {
     throw new Error('Application name is required and must be a string');
   }
+  const { emitManifestMetadataLineIfTTY } = require('../utils/manifest-source-emit');
+  emitManifestMetadataLineIfTTY(logger, {
+    appKey: appName,
+    appPath: pathsUtil.getBuilderPath(appName),
+    envOnly: false,
+    json: false
+  });
   const developerId = await config.getDeveloperId();
   const containerName = containerHelpers.getContainerName(appName, developerId);
   try {
     await execWithDockerEnv(`docker restart ${containerName}`);
-    await logRestartDevMountSummary(containerName);
+    await logRestartDevMountSummary(containerName, appName);
   } catch (error) {
     const msg = (error.stderr || error.stdout || error.message || '').toLowerCase();
     if (msg.includes('no such container') || msg.includes('is not running')) {
@@ -439,6 +486,7 @@ async function restartApp(appName) {
 module.exports = {
   runApp,
   restartApp,
+  validateAppForRun,
   ensureReloadSync,
   isLocalhostHost,
   isLocalhostEndpoint,

package/lib/app/show-display.js

@@ -96,6 +96,13 @@ function logApplicationSection(a, summary) {
   } else {
     logApplicationFields(a);
   }
+  if (summary.runReloadDefault && !summary.isExternal) {
+    logger.log(`  ${'Run default:'.padEnd(16)} reload on (config)`);
+  }
+  if (!summary.isExternal) {
+    const proxyOn = summary.runProxyDefault === true;
+    logger.log(`  ${'Run default:'.padEnd(16)} proxy ${proxyOn ? 'on' : 'off'} (config)`);
+  }
   /* External integration is logged after Dataplane block in display() when external */
 }