@aifabrix/builder 2.5.0 → 2.5.2

package/lib/commands/secure.js

@@ -22,7 +22,7 @@ const { encryptYamlValues } = require('../utils/yaml-preserve');
 
 /**
  * Finds all secrets.local.yaml files to encrypt
- * Includes user secrets file and build secrets from all apps
+ * Includes user secrets file and general secrets from config.yaml
  *
  * @async
  * @function findSecretsFiles
@@ -37,45 +37,10 @@ async function findSecretsFiles() {
     files.push({ path: userSecretsPath, type: 'user' });
   }
 
-  // Find all apps and check for build.secrets
-  // Scan builder directory for apps
+  // Check config.yaml for aifabrix-secrets
   try {
-    const builderDir = path.join(process.cwd(), 'builder');
-    if (fs.existsSync(builderDir)) {
-      const entries = fs.readdirSync(builderDir, { withFileTypes: true });
-      for (const entry of entries) {
-        if (entry.isDirectory()) {
-          const appName = entry.name;
-          const variablesPath = path.join(builderDir, appName, 'variables.yaml');
-          if (fs.existsSync(variablesPath)) {
-            try {
-              const variablesContent = fs.readFileSync(variablesPath, 'utf8');
-              const variables = yaml.load(variablesContent);
-
-              if (variables?.build?.secrets) {
-                const buildSecretsPath = path.resolve(
-                  path.dirname(variablesPath),
-                  variables.build.secrets
-                );
-                if (fs.existsSync(buildSecretsPath)) {
-                  files.push({ path: buildSecretsPath, type: `app:${appName}` });
-                }
-              }
-            } catch (error) {
-              // Ignore errors, continue
-            }
-          }
-        }
-      }
-    }
-  } catch (error) {
-    // Ignore errors, continue
-  }
-
-  // Check config.yaml for general secrets-path
-  try {
-    const { getSecretsPath } = require('../config');
-    const generalSecretsPath = await getSecretsPath();
+    const { getAifabrixSecretsPath } = require('../config');
+    const generalSecretsPath = await getAifabrixSecretsPath();
     if (generalSecretsPath) {
       const resolvedPath = path.isAbsolute(generalSecretsPath)
         ? generalSecretsPath
@@ -205,7 +170,7 @@ async function handleSecure(options) {
 
   if (secretsFiles.length === 0) {
     logger.log(chalk.yellow('⚠️  No secrets files found to encrypt'));
-    logger.log(chalk.gray('   Create ~/.aifabrix/secrets.local.yaml or configure build.secrets in variables.yaml'));
+    logger.log(chalk.gray('   Create ~/.aifabrix/secrets.local.yaml or configure aifabrix-secrets in config.yaml'));
     return;
   }
 

package/lib/config.js

@@ -363,7 +363,7 @@ async function setSecretsEncryptionKey(key) {
 
 /**
  * Get general secrets path from configuration
- * Used as fallback when build.secrets is not set in variables.yaml
+ * Returns aifabrix-secrets path from config.yaml if configured
  * @returns {Promise<string|null>} Secrets path or null if not set
  */
 async function getSecretsPath() {

package/lib/secrets.js

@@ -109,13 +109,13 @@ async function decryptSecretsObject(secrets) {
 /**
  * Loads secrets with cascading lookup
  * Supports both user secrets (~/.aifabrix/secrets.local.yaml) and project overrides
- * User's file takes priority, then falls back to build.secrets from variables.yaml
+ * User's file takes priority, then falls back to aifabrix-secrets from config.yaml
  * Automatically decrypts values with secure:// prefix
  *
  * @async
  * @function loadSecrets
  * @param {string} [secretsPath] - Path to secrets file (optional, for explicit override)
- * @param {string} [appName] - Application name (optional, for variables.yaml lookup)
+ * @param {string} [appName] - Application name (optional, for backward compatibility)
  * @returns {Promise<Object>} Loaded secrets object with decrypted values
  * @throws {Error} If no secrets file found and no fallback available
  *
@@ -158,7 +158,7 @@ async function loadSecrets(secretsPath, _appName) {
  * @param {string} [environment='local'] - Environment context (docker/local)
  * @param {Object|string|null} [secretsFilePaths] - Paths object with userPath and buildPath, or string path (for backward compatibility)
  * @param {string} [secretsFilePaths.userPath] - User's secrets file path
- * @param {string|null} [secretsFilePaths.buildPath] - App's build.secrets file path (if configured)
+ * @param {string|null} [secretsFilePaths.buildPath] - App's aifabrix-secrets file path (from config.yaml, if configured)
  * @param {string} [appName] - Application name (optional, for error messages)
  * @returns {Promise<string>} Resolved environment content
  * @throws {Error} If kv:// reference cannot be resolved

package/lib/utils/secrets-helpers.js

@@ -311,7 +311,7 @@ async function applyCanonicalSecretsOverride(currentSecrets) {
  */
 function ensureNonEmptySecrets(secrets) {
   if (Object.keys(secrets || {}).length === 0) {
-    throw new Error('No secrets file found. Please create ~/.aifabrix/secrets.local.yaml or configure build.secrets in variables.yaml');
+    throw new Error('No secrets file found. Please create ~/.aifabrix/secrets.local.yaml or configure aifabrix-secrets in config.yaml');
   }
 }
 

package/lib/utils/secrets-utils.js

@@ -17,7 +17,7 @@ const logger = require('./logger');
 
 /**
  * Loads secrets from file with cascading lookup support
- * First checks ~/.aifabrix/secrets.local.yaml, then build.secrets from variables.yaml
+ * First checks ~/.aifabrix/secrets.local.yaml, then aifabrix-secrets from config.yaml
  *
  * @async
  * @function loadSecretsFromFile

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.5.0",
+  "version": "2.5.2",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {

package/templates/applications/README.md.hbs

@@ -167,7 +167,7 @@ aifabrix-secrets: "/path/to/secrets.yaml"
 - **"Not logged in"** → Run `aifabrix login` first
 - **"Port already in use"** → Use `--port` flag or change `build.localPort` in `variables.yaml` (default: {{port}})
 - **"Authentication failed"** → Run `aifabrix login` again
-- **"Build fails"** → Check Docker is running and `variables.yaml` → `build.secrets` path is correct
+- **"Build fails"** → Check Docker is running and `aifabrix-secrets` in `config.yaml` is configured correctly
 - **"Can't connect"** → Verify infrastructure is running{{#if hasDatabase}} and PostgreSQL is accessible{{/if}}
 
 **Regenerate files:**

package/templates/infra/compose.yaml

@@ -13,7 +13,7 @@ services:
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
       POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
     ports:
-      - "5432:5432"
+      - "127.0.0.1:5432:5432"
     volumes:
       - postgres_data:/var/lib/postgresql/data
       - ./init-scripts:/docker-entrypoint-initdb.d
@@ -32,7 +32,7 @@ services:
     container_name: aifabrix-redis
     command: ["redis-server", "--appendonly", "yes"]
     ports:
-      - "6379:6379"
+      - "127.0.0.1:6379:6379"
     volumes:
       - redis_data:/data
     networks:
@@ -53,7 +53,7 @@ services:
       PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
       PGADMIN_CONFIG_SERVER_MODE: 'False'
     ports:
-      - "5050:80"
+      - "127.0.0.1:5050:80"
     volumes:
       - pgadmin_data:/var/lib/pgadmin
     restart: unless-stopped
@@ -73,7 +73,7 @@ services:
       HTTP_PASSWORD: ${REDIS_COMMANDER_PASSWORD}
       REDIS_PASSWORD: ""
     ports:
-      - "8081:8081"
+      - "127.0.0.1:8081:8081"
     restart: unless-stopped
     depends_on:
       redis:

package/templates/python/docker-compose.hbs

@@ -34,6 +34,7 @@ services:
   db-init:
     image: pgvector/pgvector:pg15
     container_name: {{containerName}}-db-init
+    entrypoint: []
     env_file:
       - ${ADMIN_SECRETS_PATH}
       - {{envFile}}
@@ -51,10 +52,15 @@ services:
       {{/if}}
     networks:
       - {{networkName}}
-    command: >
-      sh -c "
+    volumes: []
+    tmpfs:
+      - /var/lib/postgresql/data
+    command:
+      - sh
+      - -c
+      - |
         export PGHOST=postgres PGPORT=5432 PGUSER=pgadmin &&
-        export PGPASSWORD=\"${POSTGRES_PASSWORD}\" &&
+        export PGPASSWORD="${POSTGRES_PASSWORD}" &&
         echo 'Waiting for PostgreSQL to be ready...' &&
         counter=0 &&
         while [ ${counter:-0} -lt 30 ]; do
@@ -69,32 +75,41 @@ services:
         {{#if databases}}
         {{#each databases}}
         echo 'Creating {{name}} database and user...' &&
-        if psql -d postgres -tAc \"SELECT 1 FROM pg_database WHERE datname = '{{name}}'\" 2>/dev/null | grep -q '^1$'; then
-          echo 'Database \\\"{{name}}\\\" already exists, all ok.'
+        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{name}}'" 2>/dev/null | grep -q '^1$'; then
+          echo 'Database "{{name}}" already exists, all ok.'
         else
-          (psql -d postgres -c \"CREATE DATABASE \\\"{{name}}\\\";\" || true) &&
-          (psql -d postgres -c \"DROP USER IF EXISTS \\\"{{pgUserOld name}}\\\";\" || true) &&
-          (psql -d postgres -c \"CREATE USER {{pgUser name}} WITH PASSWORD '${DB_{{@index}}_PASSWORD}';\" || true) &&
-          psql -d postgres -c \"GRANT ALL PRIVILEGES ON DATABASE \\\"{{name}}\\\" TO {{pgUser name}};\" || true &&
-          psql -d {{name}} -c \"ALTER SCHEMA public OWNER TO {{pgUser name}};\" || true &&
-          psql -d {{name}} -c \"GRANT ALL ON SCHEMA public TO {{pgUser name}};\" || true
+          echo 'Creating database "{{name}}"...' &&
+          psql -d postgres -c "CREATE DATABASE \"{{name}}\";" &&
+          echo 'Dropping old user if exists...' &&
+          psql -d postgres -c "DROP USER IF EXISTS \"{{pgUserOld name}}\";" || true &&
+          echo 'Creating user "{{pgUserName name}}"...' &&
+          psql -d postgres -c 'CREATE USER "{{pgUserName name}}" WITH PASSWORD '\''${DB_{{@index}}_PASSWORD}'\'';' &&
+          echo 'Granting privileges...' &&
+          psql -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE \"{{name}}\" TO \"{{pgUserName name}}\";" &&
+          psql -d {{name}} -c "ALTER SCHEMA public OWNER TO \"{{pgUserName name}}\";" &&
+          psql -d {{name}} -c "GRANT ALL ON SCHEMA public TO \"{{pgUserName name}}\";" &&
+          echo 'Database "{{name}}" created successfully!'
         fi &&
         {{/each}}
         {{else}}
         echo 'Creating {{app.key}} database and user...' &&
-        if psql -d postgres -tAc \"SELECT 1 FROM pg_database WHERE datname = '{{app.key}}'\" 2>/dev/null | grep -q '^1$'; then
-          echo 'Database \\\"{{app.key}}\\\" already exists, all ok.'
+        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{app.key}}'" 2>/dev/null | grep -q '^1$'; then
+          echo 'Database "{{app.key}}" already exists, all ok.'
         else
-          (psql -d postgres -c \"CREATE DATABASE \\\"{{app.key}}\\\";\" || true) &&
-          (psql -d postgres -c \"DROP USER IF EXISTS \\\"{{pgUserOld app.key}}\\\";\" || true) &&
-          (psql -d postgres -c \"CREATE USER {{pgUser app.key}} WITH PASSWORD '${DB_0_PASSWORD:-${DB_PASSWORD}}';\" || true) &&
-          psql -d postgres -c \"GRANT ALL PRIVILEGES ON DATABASE \\\"{{app.key}}\\\" TO {{pgUser app.key}};\" || true &&
-          psql -d {{app.key}} -c \"ALTER SCHEMA public OWNER TO {{pgUser app.key}};\" || true &&
-          psql -d {{app.key}} -c \"GRANT ALL ON SCHEMA public TO {{pgUser app.key}};\" || true
+          echo 'Creating database "{{app.key}}"...' &&
+          psql -d postgres -c "CREATE DATABASE \"{{app.key}}\";" &&
+          echo 'Dropping old user if exists...' &&
+          psql -d postgres -c "DROP USER IF EXISTS \"{{pgUserOld app.key}}\";" || true &&
+          echo 'Creating user "{{pgUserName app.key}}"...' &&
+          psql -d postgres -c 'CREATE USER "{{pgUserName app.key}}" WITH PASSWORD '\''${DB_0_PASSWORD:-${DB_PASSWORD}}'\'';' &&
+          echo 'Granting privileges...' &&
+          psql -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE \"{{app.key}}\" TO \"{{pgUserName app.key}}\";" &&
+          psql -d {{app.key}} -c "ALTER SCHEMA public OWNER TO \"{{pgUserName app.key}}\";" &&
+          psql -d {{app.key}} -c "GRANT ALL ON SCHEMA public TO \"{{pgUserName app.key}}\";" &&
+          echo 'Database "{{app.key}}" created successfully!'
         fi &&
         {{/if}}
         echo 'Database initialization complete!'
-      "
     restart: "no"
   {{/if}}
 

package/templates/typescript/docker-compose.hbs

@@ -34,6 +34,7 @@ services:
   db-init:
     image: pgvector/pgvector:pg15
     container_name: {{containerName}}-db-init
+    entrypoint: []
     env_file:
       - ${ADMIN_SECRETS_PATH}
       - {{envFile}}
@@ -51,10 +52,15 @@ services:
       {{/if}}
     networks:
       - {{networkName}}
-    command: >
-      sh -c "
+    volumes: []
+    tmpfs:
+      - /var/lib/postgresql/data
+    command:
+      - sh
+      - -c
+      - |
         export PGHOST=postgres PGPORT=5432 PGUSER=pgadmin &&
-        export PGPASSWORD=\"${POSTGRES_PASSWORD}\" &&
+        export PGPASSWORD="${POSTGRES_PASSWORD}" &&
         echo 'Waiting for PostgreSQL to be ready...' &&
         counter=0 &&
         while [ ${counter:-0} -lt 30 ]; do
@@ -69,32 +75,41 @@ services:
         {{#if databases}}
         {{#each databases}}
         echo 'Creating {{name}} database and user...' &&
-        if psql -d postgres -tAc \"SELECT 1 FROM pg_database WHERE datname = '{{name}}'\" 2>/dev/null | grep -q '^1$'; then
-          echo 'Database \\\"{{name}}\\\" already exists, all ok.'
+        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{name}}'" 2>/dev/null | grep -q '^1$'; then
+          echo 'Database "{{name}}" already exists, all ok.'
         else
-          (psql -d postgres -c \"CREATE DATABASE \\\"{{name}}\\\";\" || true) &&
-          (psql -d postgres -c \"DROP USER IF EXISTS \\\"{{pgUserOld name}}\\\";\" || true) &&
-          (psql -d postgres -c \"CREATE USER {{pgUser name}} WITH PASSWORD '${DB_{{@index}}_PASSWORD}';\" || true) &&
-          psql -d postgres -c \"GRANT ALL PRIVILEGES ON DATABASE \\\"{{name}}\\\" TO {{pgUser name}};\" || true &&
-          psql -d {{name}} -c \"ALTER SCHEMA public OWNER TO {{pgUser name}};\" || true &&
-          psql -d {{name}} -c \"GRANT ALL ON SCHEMA public TO {{pgUser name}};\" || true
+          echo 'Creating database "{{name}}"...' &&
+          psql -d postgres -c "CREATE DATABASE \"{{name}}\";" &&
+          echo 'Dropping old user if exists...' &&
+          psql -d postgres -c "DROP USER IF EXISTS \"{{pgUserOld name}}\";" || true &&
+          echo 'Creating user "{{pgUserName name}}"...' &&
+          psql -d postgres -c 'CREATE USER "{{pgUserName name}}" WITH PASSWORD '\''${DB_{{@index}}_PASSWORD}'\'';' &&
+          echo 'Granting privileges...' &&
+          psql -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE \"{{name}}\" TO \"{{pgUserName name}}\";" &&
+          psql -d {{name}} -c "ALTER SCHEMA public OWNER TO \"{{pgUserName name}}\";" &&
+          psql -d {{name}} -c "GRANT ALL ON SCHEMA public TO \"{{pgUserName name}}\";" &&
+          echo 'Database "{{name}}" created successfully!'
         fi &&
         {{/each}}
         {{else}}
         echo 'Creating {{app.key}} database and user...' &&
-        if psql -d postgres -tAc \"SELECT 1 FROM pg_database WHERE datname = '{{app.key}}'\" 2>/dev/null | grep -q '^1$'; then
-          echo 'Database \\\"{{app.key}}\\\" already exists, all ok.'
+        if psql -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = '{{app.key}}'" 2>/dev/null | grep -q '^1$'; then
+          echo 'Database "{{app.key}}" already exists, all ok.'
         else
-          (psql -d postgres -c \"CREATE DATABASE \\\"{{app.key}}\\\";\" || true) &&
-          (psql -d postgres -c \"DROP USER IF EXISTS \\\"{{pgUserOld app.key}}\\\";\" || true) &&
-          (psql -d postgres -c \"CREATE USER {{pgUser app.key}} WITH PASSWORD '${DB_0_PASSWORD:-${DB_PASSWORD}}';\" || true) &&
-          psql -d postgres -c \"GRANT ALL PRIVILEGES ON DATABASE \\\"{{app.key}}\\\" TO {{pgUser app.key}};\" || true &&
-          psql -d {{app.key}} -c \"ALTER SCHEMA public OWNER TO {{pgUser app.key}};\" || true &&
-          psql -d {{app.key}} -c \"GRANT ALL ON SCHEMA public TO {{pgUser app.key}};\" || true
+          echo 'Creating database "{{app.key}}"...' &&
+          psql -d postgres -c "CREATE DATABASE \"{{app.key}}\";" &&
+          echo 'Dropping old user if exists...' &&
+          psql -d postgres -c "DROP USER IF EXISTS \"{{pgUserOld app.key}}\";" || true &&
+          echo 'Creating user "{{pgUserName app.key}}"...' &&
+          psql -d postgres -c 'CREATE USER "{{pgUserName app.key}}" WITH PASSWORD '\''${DB_0_PASSWORD:-${DB_PASSWORD}}'\'';' &&
+          echo 'Granting privileges...' &&
+          psql -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE \"{{app.key}}\" TO \"{{pgUserName app.key}}\";" &&
+          psql -d {{app.key}} -c "ALTER SCHEMA public OWNER TO \"{{pgUserName app.key}}\";" &&
+          psql -d {{app.key}} -c "GRANT ALL ON SCHEMA public TO \"{{pgUserName app.key}}\";" &&
+          echo 'Database "{{app.key}}" created successfully!'
         fi &&
         {{/if}}
         echo 'Database initialization complete!'
-      "
     restart: "no"
   {{/if}}