@aifabrix/builder 2.44.6 → 2.45.0

package/lib/app/show.js

@@ -14,7 +14,7 @@
 
 const path = require('path');
 const logger = require('../utils/logger');
-const { detectAppType, resolveApplicationConfigPath } = require('../utils/paths');
+const { detectAppType, resolveApplicationConfigPath, getBuilderPath } = require('../utils/paths');
 const { loadConfigFile } = require('../utils/config-format');
 const generator = require('../generator');
 const { getConfig, normalizeControllerUrl } = require('../core/config');
@@ -38,6 +38,58 @@ const {
   sanitizeCertificationForJson
 } = require('./certification-show-enrich');
 
+/**
+ * Attach `runReloadDefault` / `runProxyDefault` from ~/.aifabrix `applications.<appKey>`.
+ * @param {Object} summary
+ * @param {string} appKey
+ * @param {Object} userCfg
+ */
+function attachRunDefaultsFromUserConfig(summary, appKey, userCfg) {
+  const { isApplicationsReloadDefaultOn, getApplicationsRunProxyHint } = require('../utils/applications-config-defaults');
+  if (isApplicationsReloadDefaultOn(userCfg, appKey)) {
+    summary.runReloadDefault = true;
+  }
+  summary.runProxyDefault = getApplicationsRunProxyHint(userCfg, appKey);
+}
+
+/**
+ * Overlay `application.url` / `application.internalUrl` from declarative url:// rules (same profile as run `.env`, default `docker`).
+ * Used for offline and **online** show so controller metadata does not stale local proxy/TLS hints.
+ * @param {Object} summary
+ * @param {string} appKey
+ */
+async function attachDeclarativeUrlsToShowApplication(summary, appKey) {
+  if (!summary || summary.isExternal) return;
+  const t = summary.application && summary.application.type;
+  if (String(t || 'webapp').toLowerCase() === 'external') return;
+  try {
+    const { resolveDeclarativeShowUrlsForApp } = require('../core/secrets-env-declarative-expand');
+    const appPath = getBuilderPath(appKey);
+    const variablesPath = resolveApplicationConfigPath(appPath);
+    const urls = await resolveDeclarativeShowUrlsForApp(appKey, appPath, variablesPath, 'docker');
+    if (!urls) return;
+    summary.application.url = urls.publicUrl;
+    summary.application.internalUrl = urls.internalUrl;
+  } catch {
+    /* display-only */
+  }
+}
+
+/**
+ * Local manifest provenance for `--json` (plan 141); null when the app is not on disk locally.
+ * @param {string} appKey
+ * @returns {Promise<{ tier: string, tierLabel: string, configPath: string }|null>}
+ */
+async function tryGetLocalManifestSourceForJson(appKey) {
+  try {
+    const { getManifestSourcePayload } = require('../utils/manifest-source-emit');
+    const { appPath } = await detectAppType(appKey);
+    return getManifestSourcePayload(appKey, appPath);
+  } catch {
+    return { tier: 'unknown', tierLabel: 'unknown', configPath: '' };
+  }
+}
+
 /** Truncate deployment key for display */
 const DEPLOYMENT_KEY_TRUNCATE_LEN = 12;
 
@@ -651,16 +703,34 @@ async function loadOfflineShowSummary(appKey) {
   }
 }
 
+async function emitShowOfflineManifestLine(appKey, json) {
+  if (json) return;
+  try {
+    const { detectAppType } = require('../utils/paths');
+    const { emitManifestMetadataLineIfTTY } = require('../utils/manifest-source-emit');
+    const { appPath } = await detectAppType(appKey);
+    emitManifestMetadataLineIfTTY(logger, { appKey, appPath, envOnly: false, json: false });
+  } catch {
+    /* ignore */
+  }
+}
+
 async function runOffline(appKey, json, permissionsOnly, verifyCert = false) {
   const summary = await loadOfflineShowSummary(appKey);
+  await emitShowOfflineManifestLine(appKey, json);
+  const userCfg = await getConfig();
+  attachRunDefaultsFromUserConfig(summary, appKey, userCfg);
+  await attachDeclarativeUrlsToShowApplication(summary, appKey);
 
   if (json) {
+    const manifestSource = await tryGetLocalManifestSourceForJson(appKey);
     if (permissionsOnly) {
       const out = {
         source: summary.source,
         path: summary.path,
         appKey: summary.appKey,
-        permissions: summary.permissions || []
+        permissions: summary.permissions || [],
+        manifestSource
       };
       logger.log(JSON.stringify(out, null, 2));
       return;
@@ -669,6 +739,9 @@ async function runOffline(appKey, json, permissionsOnly, verifyCert = false) {
       source: summary.source,
       path: summary.path,
       appKey: summary.appKey,
+      runReloadDefault: Boolean(summary.runReloadDefault),
+      runProxyDefault: Boolean(summary.runProxyDefault),
+      manifestSource,
       application: {
         ...summary.application,
         roles: summary.roles,
@@ -717,13 +790,14 @@ async function fetchExternalSystemForOnline(controllerUrl, appKey, authConfig) {
   }
 }
 
-function outputOnlineJson(summary, permissionsOnly) {
+function outputOnlineJson(summary, permissionsOnly, manifestSource) {
   if (permissionsOnly) {
     const out = {
       source: summary.source,
       controllerUrl: summary.controllerUrl,
       appKey: summary.appKey,
-      permissions: summary.permissions || []
+      permissions: summary.permissions || [],
+      manifestSource
     };
     logger.log(JSON.stringify(out, null, 2));
     return;
@@ -733,6 +807,7 @@ function outputOnlineJson(summary, permissionsOnly) {
     source: summary.source,
     controllerUrl: summary.controllerUrl,
     appKey: summary.appKey,
+    manifestSource,
     application: {
       key: app.key,
       displayName: app.displayName,
@@ -751,6 +826,10 @@ function outputOnlineJson(summary, permissionsOnly) {
     }
   };
   if (app.version !== undefined && app.version !== null) out.application.version = app.version;
+  if (summary.runReloadDefault) {
+    out.runReloadDefault = true;
+  }
+  out.runProxyDefault = Boolean(summary.runProxyDefault);
   if (summary.externalSystem !== undefined && summary.externalSystem !== null) {
     out.externalSystem = summary.externalSystem && summary.externalSystem.error
       ? { error: summary.externalSystem.error }
@@ -787,8 +866,11 @@ async function runOnline(appKey, json, permissionsOnly, verifyCert = false) {
     token: authConfig.token,
     controllerUrl: authResult.actualControllerUrl
   });
+  attachRunDefaultsFromUserConfig(summary, appKey, await getConfig());
+  await attachDeclarativeUrlsToShowApplication(summary, appKey);
   if (json) {
-    outputOnlineJson(summary, permissionsOnly);
+    const manifestSource = await tryGetLocalManifestSourceForJson(appKey);
+    outputOnlineJson(summary, permissionsOnly, manifestSource);
     return;
   }
   displayShow(summary, { permissionsOnly: !!permissionsOnly });

package/lib/build/index.js

@@ -196,12 +196,13 @@ async function generateDockerfile(appNameOrPath, language, config, buildConfig =
 
 async function postBuildTasks(appName, buildConfig) {
   try {
-    const envPath = await secrets.generateEnvFile(appName, buildConfig.secrets, 'docker');
-    logger.log(formatSuccessLine(`Generated .env file: ${envPath}`));
-    // Note: processEnvVariables is already called by generateEnvFile to generate local .env
-    // at the envOutputPath, so we don't need to manually copy the docker .env file
+    // Validate that env.template + secrets resolve cleanly, but never write <appPath>/.env or
+    // envOutputPath. Build args still flow through resolveAndGetEnvMap (in-memory). Run
+    // `aifabrix resolve <app>` to materialize an on-disk .env.
+    await secrets.generateEnvFile(appName, buildConfig.secrets, 'docker', false, { noWrite: true });
+    logger.log(formatSuccessLine('Env resolution validated (in-memory only; run "aifabrix resolve ' + appName + '" for on-disk .env)'));
   } catch (error) {
-    logger.log(formatWarningLine(`Could not generate .env file: ${error.message}`));
+    logger.log(formatWarningLine(`Could not resolve env: ${error.message}`));
   }
 }
 
@@ -411,6 +412,9 @@ async function resolveDockerBuildArgsForApp(appName) {
  */
 async function runStandardDockerBuild(appName, options) {
   const { buildConfig } = await buildHelpers.loadAndValidateConfig(appName);
+  const { emitManifestMetadataLineIfTTY } = require('../utils/manifest-source-emit');
+  const { appPath } = await detectAppType(appName);
+  emitManifestMetadataLineIfTTY(logger, { appKey: appName, appPath, envOnly: false, json: false });
   const { devDir, effectiveImageName, imageName, appConfig } = await prepareDevDirectory(appName, buildConfig, options);
   const contextPath = prepareBuildContext(buildConfig, devDir);
   const dockerfilePath = await handleDockerfileGeneration(appName, {

package/lib/cli/infra-guided.js

@@ -23,6 +23,9 @@ const { handleLogin } = require('../commands/login');
 const healthCheck = require('../utils/health-check');
 const { prepareUrlsLocalRegistryForUpPlatform } = require('../commands/up-common');
 const { assertDevInfraUp } = require('../commands/dev-infra-gate');
+const {
+  emitSystemBuilderAppManifestLineIfTTY
+} = require('../utils/manifest-source-emit');
 
 const SEPARATOR = '────────────────────────────────────────';
 
@@ -67,22 +70,23 @@ async function hasErrorLogs(appName, opts = {}) {
 
 async function validateAppErrorLogs(appNames) {
   const names = Array.isArray(appNames) ? appNames : [];
-  const results = await Promise.all(
-    names.map(async(name) => {
-      try {
-        const hasErrors = await hasErrorLogs(name, { tailLines: 300 });
-        return { name, hasErrors };
-      } catch {
-        return { name, hasErrors: false };
+  const bad = [];
+  for (const name of names) {
+    try {
+      const hasErrors = await hasErrorLogs(name, { tailLines: 300 });
+      if (hasErrors) {
+        bad.push(name);
       }
-    })
-  );
-  const bad = results.filter(r => r && r.hasErrors);
-  if (bad.length === 0) return;
-
+    } catch {
+      // ignore per-app log failures
+    }
+  }
+  if (bad.length === 0) {
+    return;
+  }
   logger.log(chalk.yellow('⚠ Some services reported error logs'));
-  for (const r of bad) {
-    logger.log(chalk.gray(`  Run: aifabrix logs ${r.name} -l error`));
+  for (const name of bad) {
+    logger.log(chalk.gray(`  Run: aifabrix logs ${name} -l error`));
   }
   logger.log('');
 }
@@ -158,7 +162,7 @@ async function computeAppBaseUrl(appName) {
     return joinUrlPath(publicBase, mount);
   }
 
-  // No Traefik front-door routing: publicBase already includes correct scheme/host/port (localhost or remote-server).
+  // No Traefik front-door routing: publicBase is localhost + published port unless Traefik/proxy opts into remote.
   return String(publicBase).replace(/\/+$/, '');
 }
 
@@ -226,7 +230,9 @@ async function getInfraHostAndPorts() {
   const developerId = await config.getDeveloperId();
   const idNum = typeof developerId === 'string' ? parseInt(developerId, 10) : developerId;
   const ports = devConfig.getDevPorts(idNum);
-  const remoteServer = await config.getRemoteServer();
+  const cfg = await config.getConfig();
+  const traefikOn = Boolean(cfg && cfg.traefik === true);
+  const remoteServer = traefikOn ? await config.getRemoteServer() : null;
   const host = resolveInfraHost(remoteServer);
   return { idNum, ports, host };
 }
@@ -308,6 +314,7 @@ async function runGuidedUpDataplane(options, handleUpDataplane) {
   await runGuidedAuthStep(handleLogin);
 
   logger.log('');
+  emitSystemBuilderAppManifestLineIfTTY(logger, 'dataplane');
   const dpSpin = startSpinner('Starting Dataplane...');
   await withMutedLogger(() =>
     handleUpDataplane({ ...options, platformInstall: true, skipInfraCheck: true })
@@ -346,6 +353,7 @@ function logGuidedPlatformSetupHeader() {
   logger.log('');
   logger.log(title('AI Fabrix Platform Setup'));
   logger.log(SEPARATOR);
+  logger.log(chalk.gray('This may take a few minutes...'));
   logger.log('');
 }
 
@@ -364,32 +372,39 @@ async function runGuidedAuthStep(handleLogin) {
   if (spin) spin.stop();
 }
 
-async function runGuidedUpPlatform(options, handleUpMiso, handleUpDataplane, handleLogin, forceCleanSummary = null) {
-  logGuidedPlatformSetupHeader();
-  if (forceCleanSummary && forceCleanSummary.forceSummary) {
-    logUpPlatformForceCleanSummary(forceCleanSummary.forceSummary, forceCleanSummary.cleanedApps);
-  }
-
-  await withMutedLogger(() => prepareUrlsLocalRegistryForUpPlatform());
-
+async function runGuidedKeycloakAndMisoControllerPhase(options, handleUpMiso) {
+  emitSystemBuilderAppManifestLineIfTTY(logger, 'keycloak');
   const kcSpin = startSpinner('Starting Keycloak...');
   await withMutedLogger(() => handleUpMiso({ ...options, platformInstall: true }));
   stopSpinnerSuccess(kcSpin, 'Keycloak ready');
   logger.log('');
-
+  emitSystemBuilderAppManifestLineIfTTY(logger, 'miso-controller');
   const mcSpin = startSpinner('Starting Miso Controller...');
   await waitForAppReady('miso-controller', { timeoutSeconds: 120 });
   stopSpinnerSuccess(mcSpin, 'Miso Controller ready');
   logger.log('');
+}
 
-  await runGuidedAuthStep(handleLogin);
-
+async function runGuidedDataplaneInstallPhase(options, handleUpDataplane) {
   logger.log('');
+  emitSystemBuilderAppManifestLineIfTTY(logger, 'dataplane');
   const dpSpin = startSpinner('Starting Dataplane...');
   await withMutedLogger(() =>
     handleUpDataplane({ ...options, platformInstall: true, skipInfraCheck: true })
   );
   stopSpinnerSuccess(dpSpin, 'Dataplane ready');
+}
+
+async function runGuidedUpPlatform(options, handleUpMiso, handleUpDataplane, handleLogin, forceCleanSummary = null) {
+  logGuidedPlatformSetupHeader();
+  if (forceCleanSummary && forceCleanSummary.forceSummary) {
+    logUpPlatformForceCleanSummary(forceCleanSummary.forceSummary, forceCleanSummary.cleanedApps);
+  }
+
+  await withMutedLogger(() => prepareUrlsLocalRegistryForUpPlatform());
+  await runGuidedKeycloakAndMisoControllerPhase(options, handleUpMiso);
+  await runGuidedAuthStep(handleLogin);
+  await runGuidedDataplaneInstallPhase(options, handleUpDataplane);
   await validateAppErrorLogs(['miso-controller', 'dataplane']);
   await logPlatformReadyFooter();
 }

package/lib/cli/installation-log-command.js

@@ -0,0 +1,73 @@
+/**
+ * Shared completion hook for infra/platform CLI commands (installation.log).
+ *
+ * @fileoverview installation.log CLI helper
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+'use strict';
+
+const config = require('../core/config');
+const installationLog = require('../utils/installation-log');
+
+/**
+ * @param {Object} params
+ * @param {string} params.command
+ * @param {Object} params.options
+ * @param {Date} params.startedAt
+ * @param {'success'|'failure'} params.outcome
+ * @param {Error} [params.error]
+ * @param {string[]} [params.platformAppList]
+ * @param {Object} [params.cleanup]
+ * @param {boolean} [params.upPlatformForce]
+ * @param {boolean} [params.omitInfraSection]
+ * @returns {Promise<void>}
+ */
+async function recordInfraInstallationCommand(params) {
+  const {
+    command,
+    options,
+    startedAt,
+    outcome,
+    error,
+    platformAppList,
+    cleanup,
+    upPlatformForce,
+    omitInfraSection
+  } = params;
+
+  const completedAt = new Date();
+  let cfg = {};
+  try {
+    cfg = await config.getConfig();
+  } catch {
+    cfg = {};
+  }
+
+  try {
+    await installationLog.appendInstallationRecord({
+      command,
+      outcome,
+      startedAt,
+      completedAt,
+      options,
+      infra: !omitInfraSection && cfg ? { cfg, options } : undefined,
+      platformAppList,
+      cleanup,
+      upPlatformForce: upPlatformForce === true,
+      configExtra: {
+        controllerUrl: await installationLog.resolveControllerUrlForLog(),
+        adminEmail: await installationLog.resolveAdminEmailPresence()
+      },
+      error,
+      errorCode: error && error.code ? String(error.code) : undefined
+    });
+  } catch {
+    // never block CLI on log failure
+  }
+}
+
+module.exports = {
+  recordInfraInstallationCommand
+};

package/lib/cli/setup-app.js

@@ -207,7 +207,8 @@ Examples:
   $ aifabrix run myapp --env tst
   $ aifabrix run myapp --tag v1.0.0
   $ aifabrix run myapp --base
-  $ aifabrix run myapp --reload`;
+  $ aifabrix run myapp --reload
+  $ aifabrix run myapp --no-proxy   # same as --proxy false: localhost for Docker declarative public URLs; saves applications.<app>.proxy: false`;
   program.command('run <app>')
     .description('Run app locally or on remote Docker host')
     .option('-p, --port <port>', 'Override local port')
@@ -216,6 +217,15 @@ Examples:
     .option('-e, --env <env>', 'Environment: dev (default), tst, or pro', 'dev')
     .option('--base', 'Use manifest base image only (skip local developer-scoped tag preference)')
     .option('--reload', 'In dev: mount workspace into container (Mutagen only if docker-endpoint is a remote host)')
+    .option(
+      '--proxy',
+      'Use Traefik/front-door public URL hints when infra has Traefik and application.yaml enables frontDoorRouting (default: on)',
+      true
+    )
+    .option(
+      '--no-proxy',
+      'Docker declarative public url://* use localhost + published port (saves applications.<app>.proxy: false); overrides --proxy'
+    )
     .addHelpText('after', runHelp)
     .action(async(appName, options) => {
       try {

package/lib/cli/setup-auth.js

@@ -23,12 +23,97 @@ Examples:
 const AUTH_HELP_AFTER = `
 Without options: show auth status (same as: aifabrix auth status).
 With --set-controller or --set-environment: write defaults to config.yaml.
+Omit the URL on --set-controller to pick from controllers already stored in config (device logins + default).
+For details on omitting the URL: aifabrix auth set-controller -h
 Aliases:
-  aifabrix auth set-controller <url>
+  aifabrix auth set-controller [url]
   aifabrix auth set-environment <env>
 Subcommand: auth status [--validate] for CI/scripts.
 `;
 
+const AUTH_SET_CONTROLLER_HELP_AFTER = `
+Argument:
+  [url]   Optional. When omitted, the CLI uses controllers already known in your config file
+          (the default controller value plus each device-token key). Requires an interactive TTY.
+
+Behavior:
+  - No saved controllers: error; run aifabrix login first, or pass a URL.
+  - One saved controller: if it is already the default, prints confirmation; otherwise sets it.
+  - Several saved controllers: interactive list to choose the default.
+  - Non-interactive shell: pass the URL explicitly (piped/CI shells cannot pick without a URL).
+
+Examples:
+  $ aifabrix auth set-controller
+    Pick default controller from config (TTY), or set the only saved one.
+
+  $ aifabrix auth set-controller http://localhost:3600
+    Set default controller to that URL (validated; same rules as aifabrix auth --set-controller).
+
+  $ aifabrix auth --set-controller
+    Same as omitting the URL on this subcommand (parent command flag).
+`;
+
+function createAuthStatusAction() {
+  return async(options) => {
+    try {
+      await handleAuthStatus(options);
+    } catch (error) {
+      handleCommandError(error, 'auth status');
+      process.exit(1);
+    }
+  };
+}
+
+function createAuthParentAction() {
+  return async(options) => {
+    try {
+      const setController = options.setController || options['set-controller'];
+      const setEnvironment = options.setEnvironment || options['set-environment'];
+      if (setController || setEnvironment) {
+        await handleAuthConfig({
+          setController,
+          setEnvironment
+        });
+        return;
+      }
+      await handleAuthStatus(options);
+    } catch (error) {
+      handleCommandError(error, 'auth');
+      process.exit(1);
+    }
+  };
+}
+
+function registerAuthSetControllerSubcommand(auth) {
+  const setControllerCmd = auth.command('set-controller [url]').description(
+    'Set config.controller to a URL, or omit the URL to pick from controllers already stored in config'
+  );
+  if (typeof setControllerCmd.summary === 'function') {
+    setControllerCmd.summary('Set or pick default controller URL in config');
+  }
+  setControllerCmd.addHelpText('after', AUTH_SET_CONTROLLER_HELP_AFTER).action(async(url) => {
+    try {
+      await handleAuthConfig({ setController: url || true });
+    } catch (error) {
+      handleCommandError(error, 'auth set-controller');
+      process.exit(1);
+    }
+  });
+}
+
+function registerAuthSetEnvironmentSubcommand(auth) {
+  auth.command('set-environment <env>')
+    .description('Set default environment in config (alias for auth --set-environment)')
+    .action(async(env) => {
+      try {
+        await handleAuthConfig({ setEnvironment: env });
+      } catch (error) {
+        handleCommandError(error, 'auth set-environment');
+        process.exit(1);
+      }
+    });
+}
+
 function setupLoginCommand(program) {
   program.command('login')
     .description('Sign in to Miso Controller (device or credentials flow)')
@@ -68,63 +153,23 @@ function setupLogoutCommand(program) {
 }
 
 function setupAuthSubcommands(program) {
-  const authStatusHandler = async(options) => {
-    try {
-      await handleAuthStatus(options);
-    } catch (error) {
-      handleCommandError(error, 'auth status');
-      process.exit(1);
-    }
-  };
   const auth = program.command('auth')
     .description('Show auth status or set default controller/environment')
     .addHelpText('after', AUTH_HELP_AFTER)
-    .option('--set-controller <url>', 'Set default controller URL in config')
+    .option(
+      '--set-controller [url]',
+      'Set default controller URL in config; omit url to choose from controllers registered in config'
+    )
     .option('--set-environment <env>', 'Set default environment in config')
-    .action(async(options) => {
-      try {
-        const setController = options.setController || options['set-controller'];
-        const setEnvironment = options.setEnvironment || options['set-environment'];
-        if (setController || setEnvironment) {
-          await handleAuthConfig({
-            setController,
-            setEnvironment
-          });
-          return;
-        }
-        await handleAuthStatus(options);
-      } catch (error) {
-        handleCommandError(error, 'auth');
-        process.exit(1);
-      }
-    });
+    .action(createAuthParentAction());
 
-  auth.command('set-controller <url>')
-    .description('Set default controller URL in config (alias for auth --set-controller)')
-    .action(async(url) => {
-      try {
-        await handleAuthConfig({ setController: url });
-      } catch (error) {
-        handleCommandError(error, 'auth set-controller');
-        process.exit(1);
-      }
-    });
-
-  auth.command('set-environment <env>')
-    .description('Set default environment in config (alias for auth --set-environment)')
-    .action(async(env) => {
-      try {
-        await handleAuthConfig({ setEnvironment: env });
-      } catch (error) {
-        handleCommandError(error, 'auth set-environment');
-        process.exit(1);
-      }
-    });
+  registerAuthSetControllerSubcommand(auth);
+  registerAuthSetEnvironmentSubcommand(auth);
 
   auth.command('status')
     .description('Show tokens/session for current controller and environment')
     .option('--validate', 'Exit with code 1 when not authenticated (for scripted use, e.g. manual test setup)')
-    .action(authStatusHandler);
+    .action(createAuthStatusAction());
 }
 
 /**