@aifabrix/builder 2.7.0 → 2.8.0

package/lib/config.js

@@ -12,6 +12,7 @@ const fs = require('fs').promises;
 const path = require('path');
 const yaml = require('js-yaml');
 const os = require('os');
+const { encryptToken, decryptToken, isTokenEncrypted } = require('./utils/token-encryption');
 // Avoid importing paths here to prevent circular dependency.
 // Config location is always under OS home at ~/.aifabrix/config.yaml
 
@@ -26,11 +27,6 @@ const RUNTIME_CONFIG_FILE = path.join(RUNTIME_CONFIG_DIR, 'config.yaml');
 // Cache for developer ID - loaded when getConfig() is first called
 let cachedDeveloperId = null;
 
-/**
- * Get stored configuration
- * Loads developer ID and caches it as a property for easy access
- * @returns {Promise<Object>} Configuration object with new structure
- */
 async function getConfig() {
   try {
     const configContent = await fs.readFile(RUNTIME_CONFIG_FILE, 'utf8');
@@ -156,61 +152,37 @@ async function getDeveloperId() {
  */
 async function setDeveloperId(developerId) {
   const DEV_ID_DIGITS_REGEX = /^[0-9]+$/;
+  const errorMsg = 'Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)';
   let devIdString;
   if (typeof developerId === 'number') {
-    if (!Number.isFinite(developerId) || developerId < 0) {
-      throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
-    }
+    if (!Number.isFinite(developerId) || developerId < 0) throw new Error(errorMsg);
     devIdString = String(developerId);
   } else if (typeof developerId === 'string') {
-    if (!DEV_ID_DIGITS_REGEX.test(developerId)) {
-      throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
-    }
+    if (!DEV_ID_DIGITS_REGEX.test(developerId)) throw new Error(errorMsg);
     devIdString = developerId;
   } else {
-    throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
+    throw new Error(errorMsg);
   }
-  // Clear cache first to ensure we get fresh data from file
   cachedDeveloperId = null;
-  // Read file directly to avoid any caching issues
   const config = await getConfig();
-  // Update developer ID
   config['developer-id'] = devIdString;
-  // Update cache before saving
   cachedDeveloperId = devIdString;
-  // Save the entire config object to ensure all fields are preserved
   await saveConfig(config);
-  // Verify the file was saved correctly by reading it back
-  // This ensures the file system has written the data
-  // Add a small delay to ensure file system has flushed the write
   await new Promise(resolve => setTimeout(resolve, 100));
-  // Read file again with fresh file handle to avoid OS caching
   const savedContent = await fs.readFile(RUNTIME_CONFIG_FILE, 'utf8');
   const savedConfig = yaml.load(savedContent);
-  // YAML may parse numbers as numbers, so convert to string for comparison
   const savedDevIdString = String(savedConfig['developer-id']);
   if (savedDevIdString !== devIdString) {
     throw new Error(`Failed to save developer ID: expected ${devIdString}, got ${savedDevIdString}. File content: ${savedContent.substring(0, 200)}`);
   }
-  // Clear the cache to force reload from file on next getDeveloperId() call
-  // This ensures we get the value that was actually saved to disk
   cachedDeveloperId = null;
 }
 
-/**
- * Get current environment from root-level config
- * @returns {Promise<string>} Current environment (defaults to 'dev')
- */
 async function getCurrentEnvironment() {
   const config = await getConfig();
   return config.environment || 'dev';
 }
 
-/**
- * Set current environment in root-level config
- * @param {string} environment - Environment to set (e.g., 'miso', 'dev', 'tst', 'pro')
- * @returns {Promise<void>}
- */
 async function setCurrentEnvironment(environment) {
   if (!environment || typeof environment !== 'string') {
     throw new Error('Environment must be a non-empty string');
@@ -220,31 +192,45 @@ async function setCurrentEnvironment(environment) {
   await saveConfig(config);
 }
 
-/**
- * Check if token is expired
- * @param {string} expiresAt - ISO timestamp string
- * @returns {boolean} True if token is expired
- */
 function isTokenExpired(expiresAt) {
   if (!expiresAt) return true;
   const expirationTime = new Date(expiresAt).getTime();
   const now = Date.now();
-  return now >= (expirationTime - 5 * 60 * 1000); // 5 minute buffer
+  return now >= (expirationTime - 5 * 60 * 1000);
 }
 
-/**
- * Check if token should be refreshed proactively (within 15 minutes of expiry)
- * Helps keep Keycloak sessions alive by refreshing before SSO Session Idle timeout (30 minutes)
- * @param {string} expiresAt - ISO timestamp string
- * @returns {boolean} True if token should be refreshed proactively
- */
 function shouldRefreshToken(expiresAt) {
   if (!expiresAt) return true;
   const expirationTime = new Date(expiresAt).getTime();
   const now = Date.now();
-  return now >= (expirationTime - 15 * 60 * 1000); // 15 minutes buffer
+  return now >= (expirationTime - 15 * 60 * 1000);
+}
+async function encryptTokenValue(value) {
+  if (!value || typeof value !== 'string') return value;
+  try {
+    const encryptionKey = await getSecretsEncryptionKey();
+    if (!encryptionKey) return value;
+    if (isTokenEncrypted(value)) return value;
+    const encrypted = encryptToken(value, encryptionKey);
+    // Ensure we never return undefined for valid inputs
+    return encrypted !== undefined && encrypted !== null ? encrypted : value;
+  } catch (error) {
+    return value;
+  }
+}
+async function decryptTokenValue(value) {
+  if (!value || typeof value !== 'string') return value;
+  try {
+    const encryptionKey = await getSecretsEncryptionKey();
+    if (!encryptionKey) return value;
+    if (!isTokenEncrypted(value)) return value;
+    const decrypted = decryptToken(value, encryptionKey);
+    // Ensure we never return undefined for valid inputs
+    return decrypted !== undefined && decrypted !== null ? decrypted : value;
+  } catch (error) {
+    return value;
+  }
 }
-
 /**
  * Get device token for controller
  * @param {string} controllerUrl - Controller URL
@@ -254,10 +240,37 @@ async function getDeviceToken(controllerUrl) {
   const config = await getConfig();
   if (!config.device || !config.device[controllerUrl]) return null;
   const deviceToken = config.device[controllerUrl];
+
+  // Migration: If tokens are plain text and encryption key exists, encrypt them first
+  const encryptionKey = await getSecretsEncryptionKey();
+  if (encryptionKey) {
+    let needsSave = false;
+
+    if (deviceToken.token && !isTokenEncrypted(deviceToken.token)) {
+      // Token is plain text, encrypt it
+      deviceToken.token = await encryptTokenValue(deviceToken.token);
+      needsSave = true;
+    }
+
+    if (deviceToken.refreshToken && !isTokenEncrypted(deviceToken.refreshToken)) {
+      // Refresh token is plain text, encrypt it
+      deviceToken.refreshToken = await encryptTokenValue(deviceToken.refreshToken);
+      needsSave = true;
+    }
+
+    if (needsSave) {
+      // Save encrypted tokens back to config
+      await saveConfig(config);
+    }
+  }
+  // Decrypt tokens if encrypted (for return value)
+  const token = deviceToken.token ? await decryptTokenValue(deviceToken.token) : undefined;
+  const refreshToken = deviceToken.refreshToken ? await decryptTokenValue(deviceToken.refreshToken) : null;
+
   return {
     controller: controllerUrl,
-    token: deviceToken.token,
-    refreshToken: deviceToken.refreshToken,
+    token: token,
+    refreshToken: refreshToken,
     expiresAt: deviceToken.expiresAt
   };
 }
@@ -272,7 +285,26 @@ async function getClientToken(environment, appName) {
   const config = await getConfig();
   if (!config.environments || !config.environments[environment]) return null;
   if (!config.environments[environment].clients || !config.environments[environment].clients[appName]) return null;
-  return config.environments[environment].clients[appName];
+
+  const clientToken = config.environments[environment].clients[appName];
+
+  // Migration: If token is plain text and encryption key exists, encrypt it first
+  const encryptionKey = await getSecretsEncryptionKey();
+  if (encryptionKey && clientToken.token && !isTokenEncrypted(clientToken.token)) {
+    // Token is plain text, encrypt it
+    clientToken.token = await encryptTokenValue(clientToken.token);
+    // Save encrypted token back to config
+    await saveConfig(config);
+  }
+
+  // Decrypt token if encrypted (for return value)
+  const token = await decryptTokenValue(clientToken.token);
+
+  return {
+    controller: clientToken.controller,
+    token: token,
+    expiresAt: clientToken.expiresAt
+  };
 }
 
 /**
@@ -286,7 +318,16 @@ async function getClientToken(environment, appName) {
 async function saveDeviceToken(controllerUrl, token, refreshToken, expiresAt) {
   const config = await getConfig();
   if (!config.device) config.device = {};
-  config.device[controllerUrl] = { token, refreshToken, expiresAt };
+
+  // Encrypt tokens before saving
+  const encryptedToken = await encryptTokenValue(token);
+  const encryptedRefreshToken = refreshToken ? await encryptTokenValue(refreshToken) : null;
+
+  config.device[controllerUrl] = {
+    token: encryptedToken,
+    refreshToken: encryptedRefreshToken,
+    expiresAt
+  };
   await saveConfig(config);
 }
 
@@ -304,7 +345,15 @@ async function saveClientToken(environment, appName, controllerUrl, token, expir
   if (!config.environments) config.environments = {};
   if (!config.environments[environment]) config.environments[environment] = { clients: {} };
   if (!config.environments[environment].clients) config.environments[environment].clients = {};
-  config.environments[environment].clients[appName] = { controller: controllerUrl, token, expiresAt };
+
+  // Encrypt token before saving
+  const encryptedToken = await encryptTokenValue(token);
+
+  config.environments[environment].clients[appName] = {
+    controller: controllerUrl,
+    token: encryptedToken,
+    expiresAt
+  };
   await saveConfig(config);
 }
 
@@ -349,100 +398,56 @@ async function setSecretsEncryptionKey(key) {
   await saveConfig(config);
 }
 
-/**
- * Get general secrets path from configuration
- * Returns aifabrix-secrets path from config.yaml if configured
- * @returns {Promise<string|null>} Secrets path or null if not set
- */
 async function getSecretsPath() {
   const config = await getConfig();
-  // Backward compatibility: prefer new key, fallback to legacy
   return config['aifabrix-secrets'] || config['secrets-path'] || null;
 }
 
-/**
- * Set general secrets path in configuration
- * @param {string} secretsPath - Path to general secrets file
- * @returns {Promise<void>}
- */
 async function setSecretsPath(secretsPath) {
   if (!secretsPath || typeof secretsPath !== 'string') {
     throw new Error('Secrets path is required and must be a string');
   }
-
   const config = await getConfig();
-  // Store under new canonical key
   config['aifabrix-secrets'] = secretsPath;
   await saveConfig(config);
 }
 
-/**
- * Get aifabrix-home override from configuration
- * @returns {Promise<string|null>} Home override path or null if not set
- */
-async function getAifabrixHomeOverride() {
+async function getPathConfig(key) {
   const config = await getConfig();
-  return config['aifabrix-home'] || null;
+  return config[key] || null;
 }
 
-/**
- * Set aifabrix-home override in configuration
- * @param {string} homePath - Base directory path for AI Fabrix files
- * @returns {Promise<void>}
- */
-async function setAifabrixHomeOverride(homePath) {
-  if (!homePath || typeof homePath !== 'string') {
-    throw new Error('Home path is required and must be a string');
+async function setPathConfig(key, value, errorMsg) {
+  if (!value || typeof value !== 'string') {
+    throw new Error(errorMsg);
   }
   const config = await getConfig();
-  config['aifabrix-home'] = homePath;
+  config[key] = value;
   await saveConfig(config);
 }
 
-/**
- * Get aifabrix-secrets path from configuration (canonical)
- * @returns {Promise<string|null>} Secrets path or null if not set
- */
+async function getAifabrixHomeOverride() {
+  return getPathConfig('aifabrix-home');
+}
+
+async function setAifabrixHomeOverride(homePath) {
+  await setPathConfig('aifabrix-home', homePath, 'Home path is required and must be a string');
+}
+
 async function getAifabrixSecretsPath() {
-  const config = await getConfig();
-  return config['aifabrix-secrets'] || null;
+  return getPathConfig('aifabrix-secrets');
 }
 
-/**
- * Set aifabrix-secrets path in configuration (canonical)
- * @param {string} secretsPath - Path to default secrets file
- * @returns {Promise<void>}
- */
 async function setAifabrixSecretsPath(secretsPath) {
-  if (!secretsPath || typeof secretsPath !== 'string') {
-    throw new Error('Secrets path is required and must be a string');
-  }
-  const config = await getConfig();
-  config['aifabrix-secrets'] = secretsPath;
-  await saveConfig(config);
+  await setPathConfig('aifabrix-secrets', secretsPath, 'Secrets path is required and must be a string');
 }
 
-/**
- * Get aifabrix-env-config path from configuration
- * @returns {Promise<string|null>} Env config path or null if not set
- */
 async function getAifabrixEnvConfigPath() {
-  const config = await getConfig();
-  return config['aifabrix-env-config'] || null;
+  return getPathConfig('aifabrix-env-config');
 }
 
-/**
- * Set aifabrix-env-config path in configuration
- * @param {string} envConfigPath - Path to user env-config file
- * @returns {Promise<void>}
- */
 async function setAifabrixEnvConfigPath(envConfigPath) {
-  if (!envConfigPath || typeof envConfigPath !== 'string') {
-    throw new Error('Env config path is required and must be a string');
-  }
-  const config = await getConfig();
-  config['aifabrix-env-config'] = envConfigPath;
-  await saveConfig(config);
+  await setPathConfig('aifabrix-env-config', envConfigPath, 'Env config path is required and must be a string');
 }
 
 // Create exports object
@@ -461,6 +466,8 @@ const exportsObj = {
   getClientToken,
   saveDeviceToken,
   saveClientToken,
+  encryptTokenValue,
+  decryptTokenValue,
   getSecretsEncryptionKey,
   setSecretsEncryptionKey,
   getSecretsPath,

package/lib/environment-deploy.js

@@ -0,0 +1,305 @@
+/**
+ * AI Fabrix Builder Environment Deployment Module
+ *
+ * Handles environment deployment/setup in Miso Controller.
+ * Sets up environment infrastructure before applications can be deployed.
+ *
+ * @fileoverview Environment deployment for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const chalk = require('chalk');
+const logger = require('./utils/logger');
+const config = require('./config');
+const { validateControllerUrl, validateEnvironmentKey } = require('./utils/deployment-validation');
+const { getOrRefreshDeviceToken } = require('./utils/token-manager');
+const { authenticatedApiCall } = require('./utils/api');
+const { handleDeploymentErrors } = require('./utils/deployment-errors');
+const auditLogger = require('./audit-logger');
+
+/**
+ * Validates environment deployment prerequisites
+ * @param {string} envKey - Environment key
+ * @param {string} controllerUrl - Controller URL
+ * @throws {Error} If prerequisites are not met
+ */
+function validateEnvironmentPrerequisites(envKey, controllerUrl) {
+  if (!envKey || typeof envKey !== 'string') {
+    throw new Error('Environment key is required');
+  }
+
+  if (!controllerUrl || typeof controllerUrl !== 'string') {
+    throw new Error('Controller URL is required');
+  }
+
+  // Validate environment key format
+  validateEnvironmentKey(envKey);
+
+  // Validate controller URL
+  validateControllerUrl(controllerUrl);
+}
+
+/**
+ * Gets authentication for environment deployment
+ * Uses device token (not app-specific client credentials)
+ * @async
+ * @param {string} controllerUrl - Controller URL
+ * @returns {Promise<Object>} Authentication configuration
+ * @throws {Error} If authentication is not available
+ */
+async function getEnvironmentAuth(controllerUrl) {
+  const validatedUrl = validateControllerUrl(controllerUrl);
+
+  // Get or refresh device token
+  const deviceToken = await getOrRefreshDeviceToken(validatedUrl);
+
+  if (!deviceToken || !deviceToken.token) {
+    throw new Error('Device token is required for environment deployment. Run "aifabrix login" first to authenticate.');
+  }
+
+  return {
+    type: 'device',
+    token: deviceToken.token,
+    controller: deviceToken.controller || validatedUrl
+  };
+}
+
+/**
+ * Sends environment deployment request to controller
+ * @async
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} envKey - Environment key
+ * @param {Object} authConfig - Authentication configuration
+ * @param {Object} options - Deployment options
+ * @returns {Promise<Object>} Deployment result
+ * @throws {Error} If deployment fails
+ */
+async function sendEnvironmentDeployment(controllerUrl, envKey, authConfig, options = {}) {
+  const validatedUrl = validateControllerUrl(controllerUrl);
+  const validatedEnvKey = validateEnvironmentKey(envKey);
+
+  // Build environment deployment request
+  const deploymentRequest = {
+    key: validatedEnvKey,
+    displayName: `${validatedEnvKey.charAt(0).toUpperCase() + validatedEnvKey.slice(1)} Environment`,
+    description: `${validatedEnvKey.charAt(0).toUpperCase() + validatedEnvKey.slice(1)} environment for application deployments`
+  };
+
+  // Add configuration if provided
+  if (options.config) {
+    // TODO: Load and parse config file if provided
+    // For now, just include the config path in description
+    deploymentRequest.description += ` (config: ${options.config})`;
+  }
+
+  // API endpoint: POST /api/v1/environments/{env}/deploy
+  // Alternative: POST /api/v1/environments/deploy with environment in body
+  const endpoint = `${validatedUrl}/api/v1/environments/${validatedEnvKey}/deploy`;
+
+  // Log deployment attempt for audit
+  await auditLogger.logDeploymentAttempt(validatedEnvKey, validatedUrl, options);
+
+  try {
+    const response = await authenticatedApiCall(
+      endpoint,
+      {
+        method: 'POST',
+        body: JSON.stringify(deploymentRequest)
+      },
+      authConfig.token
+    );
+
+    if (!response.success) {
+      const error = new Error(response.formattedError || response.error || 'Environment deployment failed');
+      error.status = response.status;
+      error.data = response.errorData;
+      throw error;
+    }
+
+    // Handle response structure
+    const responseData = response.data || {};
+    return {
+      success: true,
+      environment: validatedEnvKey,
+      deploymentId: responseData.deploymentId || responseData.id,
+      status: responseData.status || 'initiated',
+      url: responseData.url || `${validatedUrl}/environments/${validatedEnvKey}`,
+      message: responseData.message
+    };
+  } catch (error) {
+    // Use unified error handler
+    await handleDeploymentErrors(error, validatedEnvKey, validatedUrl, false);
+    throw error;
+  }
+}
+
+/**
+ * Polls environment deployment status
+ * @async
+ * @param {string} deploymentId - Deployment ID
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} envKey - Environment key
+ * @param {Object} authConfig - Authentication configuration
+ * @param {Object} options - Polling options
+ * @returns {Promise<Object>} Final deployment status
+ */
+async function pollEnvironmentStatus(deploymentId, controllerUrl, envKey, authConfig, options = {}) {
+  const validatedUrl = validateControllerUrl(controllerUrl);
+  const validatedEnvKey = validateEnvironmentKey(envKey);
+
+  const pollInterval = options.pollInterval || 5000;
+  const maxAttempts = options.maxAttempts || 60;
+  const statusEndpoint = `${validatedUrl}/api/v1/environments/${validatedEnvKey}/status`;
+
+  logger.log(chalk.blue(`⏳ Polling environment status (${pollInterval}ms intervals)...`));
+
+  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    try {
+      await new Promise(resolve => setTimeout(resolve, pollInterval));
+
+      const response = await authenticatedApiCall(
+        statusEndpoint,
+        {
+          method: 'GET'
+        },
+        authConfig.token
+      );
+
+      if (response.success && response.data) {
+        const status = response.data.status || response.data.ready;
+        const isReady = status === 'ready' || status === 'completed' || response.data.ready === true;
+
+        if (isReady) {
+          return {
+            success: true,
+            environment: validatedEnvKey,
+            status: 'ready',
+            message: 'Environment is ready for application deployments'
+          };
+        }
+
+        // Check for terminal failure states
+        if (status === 'failed' || status === 'error') {
+          throw new Error(`Environment deployment failed: ${response.data.message || 'Unknown error'}`);
+        }
+      }
+    } catch (error) {
+      // If it's a terminal error (not a timeout), throw it
+      if (error.message && error.message.includes('failed')) {
+        throw error;
+      }
+      // Otherwise, continue polling
+    }
+
+    if (attempt < maxAttempts) {
+      logger.log(chalk.gray(`   Attempt ${attempt}/${maxAttempts}...`));
+    }
+  }
+
+  // Timeout
+  throw new Error(`Environment deployment timeout after ${maxAttempts} attempts. Check controller logs for status.`);
+}
+
+/**
+ * Displays environment deployment results
+ * @param {Object} result - Deployment result
+ */
+function displayDeploymentResults(result) {
+  logger.log(chalk.green('\n✅ Environment deployed successfully'));
+  logger.log(chalk.blue(`   Environment: ${result.environment}`));
+  logger.log(chalk.blue(`   Status: ${result.status === 'ready' ? '✅ ready' : result.status}`));
+  if (result.url) {
+    logger.log(chalk.blue(`   URL: ${result.url}`));
+  }
+  if (result.deploymentId) {
+    logger.log(chalk.blue(`   Deployment ID: ${result.deploymentId}`));
+  }
+  logger.log(chalk.green('\n✓ Environment is ready for application deployments'));
+}
+
+/**
+ * Deploys/setups an environment in the controller
+ * @async
+ * @function deployEnvironment
+ * @param {string} envKey - Environment key (miso, dev, tst, pro)
+ * @param {Object} options - Deployment options
+ * @param {string} options.controller - Controller URL (required)
+ * @param {string} [options.config] - Environment configuration file (optional)
+ * @param {boolean} [options.skipValidation] - Skip validation checks
+ * @param {boolean} [options.poll] - Poll for deployment status (default: true)
+ * @param {boolean} [options.noPoll] - Do not poll for status
+ * @returns {Promise<Object>} Deployment result
+ * @throws {Error} If deployment fails
+ *
+ * @example
+ * await deployEnvironment('dev', { controller: 'https://controller.aifabrix.ai' });
+ */
+async function deployEnvironment(envKey, options = {}) {
+  try {
+    // 1. Input validation
+    if (!envKey || typeof envKey !== 'string' || envKey.trim().length === 0) {
+      throw new Error('Environment key is required');
+    }
+
+    const controllerUrl = options.controller || options['controller-url'];
+    if (!controllerUrl) {
+      throw new Error('Controller URL is required. Use --controller flag');
+    }
+
+    // 2. Validate prerequisites
+    if (!options.skipValidation) {
+      validateEnvironmentPrerequisites(envKey, controllerUrl);
+    }
+
+    // 3. Update root-level environment in config.yaml
+    await config.setCurrentEnvironment(envKey);
+
+    // 4. Get authentication (device token)
+    logger.log(chalk.blue(`\n📋 Deploying environment '${envKey}' to ${controllerUrl}...`));
+    const authConfig = await getEnvironmentAuth(controllerUrl);
+    logger.log(chalk.green('✓ Environment validated'));
+    logger.log(chalk.green('✓ Authentication successful'));
+
+    // 5. Send environment deployment request
+    logger.log(chalk.blue('\n🚀 Deploying environment infrastructure...'));
+    const validatedControllerUrl = validateControllerUrl(authConfig.controller);
+    const result = await sendEnvironmentDeployment(validatedControllerUrl, envKey, authConfig, options);
+
+    logger.log(chalk.blue(`📤 Sending deployment request to ${validatedControllerUrl}/api/v1/environments/${envKey}/deploy...`));
+
+    // 6. Poll for status if enabled
+    const shouldPoll = options.poll !== false && !options.noPoll;
+    if (shouldPoll && result.deploymentId) {
+      const pollResult = await pollEnvironmentStatus(
+        result.deploymentId,
+        validatedControllerUrl,
+        envKey,
+        authConfig,
+        {
+          pollInterval: 5000,
+          maxAttempts: 60
+        }
+      );
+      result.status = pollResult.status;
+      result.message = pollResult.message;
+    }
+
+    // 7. Display results
+    displayDeploymentResults(result);
+
+    return result;
+  } catch (error) {
+    // Error handling is done in sendEnvironmentDeployment and pollEnvironmentStatus
+    // Re-throw with context
+    if (error._logged !== true) {
+      logger.error(chalk.red(`\n❌ Environment deployment failed: ${error.message}`));
+    }
+    throw error;
+  }
+}
+
+module.exports = {
+  deployEnvironment
+};
+