@aifabrix/builder 2.7.0 → 2.9.0

package/lib/cli.js

@@ -38,6 +38,8 @@ function setupCommands(program) {
     .option('--client-id <id>', 'Client ID (for credentials method, overrides secrets.local.yaml)')
     .option('--client-secret <secret>', 'Client Secret (for credentials method, overrides secrets.local.yaml)')
     .option('-e, --environment <env>', 'Environment key (updates root-level environment in config.yaml, e.g., miso, dev, tst, pro)')
+    .option('--offline', 'Request offline token (adds offline_access scope, device flow only)')
+    .option('--scope <scopes>', 'Custom OAuth2 scope string (device flow only, default: "openid profile email")')
     .action(async(options) => {
       try {
         await handleLogin(options);
@@ -103,12 +105,18 @@ function setupCommands(program) {
     .option('-a, --authentication', 'Requires authentication/RBAC')
     .option('-l, --language <lang>', 'Runtime language (typescript/python)')
     .option('-t, --template <name>', 'Template to use (e.g., miso-controller, keycloak)')
+    .option('--type <type>', 'Application type (webapp, api, service, functionapp, external)', 'webapp')
     .option('--app', 'Generate minimal application files (package.json, index.ts or requirements.txt, main.py)')
     .option('-g, --github', 'Generate GitHub Actions workflows')
     .option('--github-steps <steps>', 'Extra GitHub workflow steps (comma-separated, e.g., npm,test)')
     .option('--main-branch <branch>', 'Main branch name for workflows', 'main')
     .action(async(appName, options) => {
       try {
+        // Validate type if provided
+        const validTypes = ['webapp', 'api', 'service', 'functionapp', 'external'];
+        if (options.type && !validTypes.includes(options.type)) {
+          throw new Error(`Invalid type: ${options.type}. Must be one of: ${validTypes.join(', ')}`);
+        }
         await app.createApp(appName, options);
       } catch (error) {
         handleCommandError(error, 'create');
@@ -158,6 +166,46 @@ function setupCommands(program) {
       }
     });
 
+  // Environment deployment command
+  const environment = program
+    .command('environment')
+    .description('Manage environments');
+
+  const deployEnvHandler = async(envKey, options) => {
+    try {
+      const environmentDeploy = require('./environment-deploy');
+      await environmentDeploy.deployEnvironment(envKey, options);
+    } catch (error) {
+      handleCommandError(error, 'environment deploy');
+      process.exit(1);
+    }
+  };
+
+  environment
+    .command('deploy <env>')
+    .description('Deploy/setup environment in Miso Controller')
+    .option('-c, --controller <url>', 'Controller URL (required)')
+    .option('--config <file>', 'Environment configuration file')
+    .option('--skip-validation', 'Skip environment validation')
+    .option('--poll', 'Poll for deployment status', true)
+    .option('--no-poll', 'Do not poll for status')
+    .action(deployEnvHandler);
+
+  // Alias: env deploy (register as separate command since Commander.js doesn't support multi-word aliases)
+  const env = program
+    .command('env')
+    .description('Environment management (alias for environment)');
+
+  env
+    .command('deploy <env>')
+    .description('Deploy/setup environment in Miso Controller')
+    .option('-c, --controller <url>', 'Controller URL (required)')
+    .option('--config <file>', 'Environment configuration file')
+    .option('--skip-validation', 'Skip environment validation')
+    .option('--poll', 'Poll for deployment status', true)
+    .option('--no-poll', 'Do not poll for status')
+    .action(deployEnvHandler);
+
   program.command('deploy <app>')
     .description('Deploy to Azure via Miso Controller')
     .option('-c, --controller <url>', 'Controller URL')
@@ -293,12 +341,13 @@ function setupCommands(program) {
     });
 
   program.command('json <app>')
-    .description('Generate deployment JSON')
+    .description('Generate deployment JSON (aifabrix-deploy.json for normal apps, application-schema.json for external systems)')
     .action(async(appName) => {
       try {
         const result = await generator.generateDeployJsonWithValidation(appName);
         if (result.success) {
-          logger.log(`✓ Generated deployment JSON: ${result.path}`);
+          const fileName = result.path.includes('application-schema.json') ? 'application-schema.json' : 'deployment JSON';
+          logger.log(`✓ Generated ${fileName}: ${result.path}`);
 
           if (result.validation.warnings && result.validation.warnings.length > 0) {
             logger.log('\n⚠️  Warnings:');
@@ -515,6 +564,64 @@ function setupCommands(program) {
         process.exit(1);
       }
     });
+
+  // External system download command
+  program.command('download <system-key>')
+    .description('Download external system from dataplane to local development structure')
+    .option('-e, --environment <env>', 'Environment (dev, tst, pro)', 'dev')
+    .option('-c, --controller <url>', 'Controller URL')
+    .option('--dry-run', 'Show what would be downloaded without actually downloading')
+    .action(async(systemKey, options) => {
+      try {
+        const download = require('./external-system-download');
+        await download.downloadExternalSystem(systemKey, options);
+      } catch (error) {
+        handleCommandError(error, 'download');
+        process.exit(1);
+      }
+    });
+
+  // Unit test command (local validation)
+  program.command('test <app>')
+    .description('Run unit tests for external system (local validation, no API calls)')
+    .option('-d, --datasource <key>', 'Test specific datasource only')
+    .option('-v, --verbose', 'Show detailed validation output')
+    .action(async(appName, options) => {
+      try {
+        const test = require('./external-system-test');
+        const results = await test.testExternalSystem(appName, options);
+        test.displayTestResults(results, options.verbose);
+        if (!results.valid) {
+          process.exit(1);
+        }
+      } catch (error) {
+        handleCommandError(error, 'test');
+        process.exit(1);
+      }
+    });
+
+  // Integration test command (via dataplane)
+  program.command('test-integration <app>')
+    .description('Run integration tests via dataplane pipeline API')
+    .option('-d, --datasource <key>', 'Test specific datasource only')
+    .option('-p, --payload <file>', 'Path to custom test payload file')
+    .option('-e, --environment <env>', 'Environment (dev, tst, pro)', 'dev')
+    .option('-c, --controller <url>', 'Controller URL')
+    .option('-v, --verbose', 'Show detailed test output')
+    .option('--timeout <ms>', 'Request timeout in milliseconds', '30000')
+    .action(async(appName, options) => {
+      try {
+        const test = require('./external-system-test');
+        const results = await test.testExternalSystemIntegration(appName, options);
+        test.displayIntegrationTestResults(results, options.verbose);
+        if (!results.success) {
+          process.exit(1);
+        }
+      } catch (error) {
+        handleCommandError(error, 'test-integration');
+        process.exit(1);
+      }
+    });
 }
 
 module.exports = {

package/lib/commands/login.js

@@ -302,20 +302,51 @@ async function pollAndSaveDeviceCodeToken(controllerUrl, deviceCode, interval, e
   }
 }
 
+/**
+ * Build scope string from options
+ * @param {boolean} [offline] - Whether to request offline_access
+ * @param {string} [customScope] - Custom scope string
+ * @returns {string} Scope string
+ */
+function buildScope(offline, customScope) {
+  const defaultScope = 'openid profile email';
+
+  if (customScope) {
+    // If custom scope provided, use it and optionally add offline_access
+    if (offline && !customScope.includes('offline_access')) {
+      return `${customScope} offline_access`;
+    }
+    return customScope;
+  }
+
+  // Default scope with optional offline_access
+  if (offline) {
+    return `${defaultScope} offline_access`;
+  }
+
+  return defaultScope;
+}
+
 /**
  * Handle device code flow login
  * @async
  * @param {string} controllerUrl - Controller URL
  * @param {string} [environment] - Environment key from options
+ * @param {boolean} [offline] - Whether to request offline_access scope
+ * @param {string} [scope] - Custom scope string
  * @returns {Promise<{token: string, environment: string}>} Token and environment
  */
-async function handleDeviceCodeLogin(controllerUrl, environment) {
+async function handleDeviceCodeLogin(controllerUrl, environment, offline, scope) {
   const envKey = await getEnvironmentKey(environment);
+  const requestScope = buildScope(offline, scope);
 
   logger.log(chalk.blue('\n📱 Initiating device code flow...\n'));
+  if (offline) {
+    logger.log(chalk.gray(`Requesting offline token (scope: ${requestScope})\n`));
+  }
 
   try {
-    const deviceCodeResponse = await initiateDeviceCodeFlow(controllerUrl, envKey);
+    const deviceCodeResponse = await initiateDeviceCodeFlow(controllerUrl, envKey, requestScope);
 
     displayDeviceCodeInfo(deviceCodeResponse.user_code, deviceCodeResponse.verification_uri, logger, chalk);
 
@@ -369,6 +400,12 @@ async function handleLogin(options) {
   let token;
   let expiresAt;
 
+  // Validate scope options - only applicable to device flow
+  if (method === 'credentials' && (options.offline || options.scope)) {
+    logger.log(chalk.yellow('⚠️  Warning: --offline and --scope options are only available for device flow'));
+    logger.log(chalk.gray('   These options will be ignored for credentials method\n'));
+  }
+
   if (method === 'credentials') {
     if (!options.app) {
       logger.error(chalk.red('❌ --app is required for credentials login method'));
@@ -379,7 +416,7 @@ async function handleLogin(options) {
     expiresAt = loginResult.expiresAt;
     await saveCredentialsLoginConfig(controllerUrl, token, expiresAt, environment, options.app);
   } else if (method === 'device') {
-    const result = await handleDeviceCodeLogin(controllerUrl, options.environment);
+    const result = await handleDeviceCodeLogin(controllerUrl, options.environment, options.offline, options.scope);
     token = result.token;
     environment = result.environment;
     return; // Early return for device flow (already saved config)

package/lib/config.js

@@ -12,6 +12,7 @@ const fs = require('fs').promises;
 const path = require('path');
 const yaml = require('js-yaml');
 const os = require('os');
+const { encryptToken, decryptToken, isTokenEncrypted } = require('./utils/token-encryption');
 // Avoid importing paths here to prevent circular dependency.
 // Config location is always under OS home at ~/.aifabrix/config.yaml
 
@@ -26,11 +27,6 @@ const RUNTIME_CONFIG_FILE = path.join(RUNTIME_CONFIG_DIR, 'config.yaml');
 // Cache for developer ID - loaded when getConfig() is first called
 let cachedDeveloperId = null;
 
-/**
- * Get stored configuration
- * Loads developer ID and caches it as a property for easy access
- * @returns {Promise<Object>} Configuration object with new structure
- */
 async function getConfig() {
   try {
     const configContent = await fs.readFile(RUNTIME_CONFIG_FILE, 'utf8');
@@ -156,61 +152,37 @@ async function getDeveloperId() {
  */
 async function setDeveloperId(developerId) {
   const DEV_ID_DIGITS_REGEX = /^[0-9]+$/;
+  const errorMsg = 'Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)';
   let devIdString;
   if (typeof developerId === 'number') {
-    if (!Number.isFinite(developerId) || developerId < 0) {
-      throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
-    }
+    if (!Number.isFinite(developerId) || developerId < 0) throw new Error(errorMsg);
     devIdString = String(developerId);
   } else if (typeof developerId === 'string') {
-    if (!DEV_ID_DIGITS_REGEX.test(developerId)) {
-      throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
-    }
+    if (!DEV_ID_DIGITS_REGEX.test(developerId)) throw new Error(errorMsg);
     devIdString = developerId;
   } else {
-    throw new Error('Developer ID must be a non-negative digit string or number (0 = default infra, > 0 = developer-specific)');
+    throw new Error(errorMsg);
   }
-  // Clear cache first to ensure we get fresh data from file
   cachedDeveloperId = null;
-  // Read file directly to avoid any caching issues
   const config = await getConfig();
-  // Update developer ID
   config['developer-id'] = devIdString;
-  // Update cache before saving
   cachedDeveloperId = devIdString;
-  // Save the entire config object to ensure all fields are preserved
   await saveConfig(config);
-  // Verify the file was saved correctly by reading it back
-  // This ensures the file system has written the data
-  // Add a small delay to ensure file system has flushed the write
   await new Promise(resolve => setTimeout(resolve, 100));
-  // Read file again with fresh file handle to avoid OS caching
   const savedContent = await fs.readFile(RUNTIME_CONFIG_FILE, 'utf8');
   const savedConfig = yaml.load(savedContent);
-  // YAML may parse numbers as numbers, so convert to string for comparison
   const savedDevIdString = String(savedConfig['developer-id']);
   if (savedDevIdString !== devIdString) {
     throw new Error(`Failed to save developer ID: expected ${devIdString}, got ${savedDevIdString}. File content: ${savedContent.substring(0, 200)}`);
   }
-  // Clear the cache to force reload from file on next getDeveloperId() call
-  // This ensures we get the value that was actually saved to disk
   cachedDeveloperId = null;
 }
 
-/**
- * Get current environment from root-level config
- * @returns {Promise<string>} Current environment (defaults to 'dev')
- */
 async function getCurrentEnvironment() {
   const config = await getConfig();
   return config.environment || 'dev';
 }
 
-/**
- * Set current environment in root-level config
- * @param {string} environment - Environment to set (e.g., 'miso', 'dev', 'tst', 'pro')
- * @returns {Promise<void>}
- */
 async function setCurrentEnvironment(environment) {
   if (!environment || typeof environment !== 'string') {
     throw new Error('Environment must be a non-empty string');
@@ -220,31 +192,45 @@ async function setCurrentEnvironment(environment) {
   await saveConfig(config);
 }
 
-/**
- * Check if token is expired
- * @param {string} expiresAt - ISO timestamp string
- * @returns {boolean} True if token is expired
- */
 function isTokenExpired(expiresAt) {
   if (!expiresAt) return true;
   const expirationTime = new Date(expiresAt).getTime();
   const now = Date.now();
-  return now >= (expirationTime - 5 * 60 * 1000); // 5 minute buffer
+  return now >= (expirationTime - 5 * 60 * 1000);
 }
 
-/**
- * Check if token should be refreshed proactively (within 15 minutes of expiry)
- * Helps keep Keycloak sessions alive by refreshing before SSO Session Idle timeout (30 minutes)
- * @param {string} expiresAt - ISO timestamp string
- * @returns {boolean} True if token should be refreshed proactively
- */
 function shouldRefreshToken(expiresAt) {
   if (!expiresAt) return true;
   const expirationTime = new Date(expiresAt).getTime();
   const now = Date.now();
-  return now >= (expirationTime - 15 * 60 * 1000); // 15 minutes buffer
+  return now >= (expirationTime - 15 * 60 * 1000);
+}
+async function encryptTokenValue(value) {
+  if (!value || typeof value !== 'string') return value;
+  try {
+    const encryptionKey = await getSecretsEncryptionKey();
+    if (!encryptionKey) return value;
+    if (isTokenEncrypted(value)) return value;
+    const encrypted = encryptToken(value, encryptionKey);
+    // Ensure we never return undefined for valid inputs
+    return encrypted !== undefined && encrypted !== null ? encrypted : value;
+  } catch (error) {
+    return value;
+  }
+}
+async function decryptTokenValue(value) {
+  if (!value || typeof value !== 'string') return value;
+  try {
+    const encryptionKey = await getSecretsEncryptionKey();
+    if (!encryptionKey) return value;
+    if (!isTokenEncrypted(value)) return value;
+    const decrypted = decryptToken(value, encryptionKey);
+    // Ensure we never return undefined for valid inputs
+    return decrypted !== undefined && decrypted !== null ? decrypted : value;
+  } catch (error) {
+    return value;
+  }
 }
-
 /**
  * Get device token for controller
  * @param {string} controllerUrl - Controller URL
@@ -254,10 +240,37 @@ async function getDeviceToken(controllerUrl) {
   const config = await getConfig();
   if (!config.device || !config.device[controllerUrl]) return null;
   const deviceToken = config.device[controllerUrl];
+
+  // Migration: If tokens are plain text and encryption key exists, encrypt them first
+  const encryptionKey = await getSecretsEncryptionKey();
+  if (encryptionKey) {
+    let needsSave = false;
+
+    if (deviceToken.token && !isTokenEncrypted(deviceToken.token)) {
+      // Token is plain text, encrypt it
+      deviceToken.token = await encryptTokenValue(deviceToken.token);
+      needsSave = true;
+    }
+
+    if (deviceToken.refreshToken && !isTokenEncrypted(deviceToken.refreshToken)) {
+      // Refresh token is plain text, encrypt it
+      deviceToken.refreshToken = await encryptTokenValue(deviceToken.refreshToken);
+      needsSave = true;
+    }
+
+    if (needsSave) {
+      // Save encrypted tokens back to config
+      await saveConfig(config);
+    }
+  }
+  // Decrypt tokens if encrypted (for return value)
+  const token = deviceToken.token ? await decryptTokenValue(deviceToken.token) : undefined;
+  const refreshToken = deviceToken.refreshToken ? await decryptTokenValue(deviceToken.refreshToken) : null;
+
   return {
     controller: controllerUrl,
-    token: deviceToken.token,
-    refreshToken: deviceToken.refreshToken,
+    token: token,
+    refreshToken: refreshToken,
     expiresAt: deviceToken.expiresAt
   };
 }
@@ -272,7 +285,26 @@ async function getClientToken(environment, appName) {
   const config = await getConfig();
   if (!config.environments || !config.environments[environment]) return null;
   if (!config.environments[environment].clients || !config.environments[environment].clients[appName]) return null;
-  return config.environments[environment].clients[appName];
+
+  const clientToken = config.environments[environment].clients[appName];
+
+  // Migration: If token is plain text and encryption key exists, encrypt it first
+  const encryptionKey = await getSecretsEncryptionKey();
+  if (encryptionKey && clientToken.token && !isTokenEncrypted(clientToken.token)) {
+    // Token is plain text, encrypt it
+    clientToken.token = await encryptTokenValue(clientToken.token);
+    // Save encrypted token back to config
+    await saveConfig(config);
+  }
+
+  // Decrypt token if encrypted (for return value)
+  const token = await decryptTokenValue(clientToken.token);
+
+  return {
+    controller: clientToken.controller,
+    token: token,
+    expiresAt: clientToken.expiresAt
+  };
 }
 
 /**
@@ -286,7 +318,16 @@ async function getClientToken(environment, appName) {
 async function saveDeviceToken(controllerUrl, token, refreshToken, expiresAt) {
   const config = await getConfig();
   if (!config.device) config.device = {};
-  config.device[controllerUrl] = { token, refreshToken, expiresAt };
+
+  // Encrypt tokens before saving
+  const encryptedToken = await encryptTokenValue(token);
+  const encryptedRefreshToken = refreshToken ? await encryptTokenValue(refreshToken) : null;
+
+  config.device[controllerUrl] = {
+    token: encryptedToken,
+    refreshToken: encryptedRefreshToken,
+    expiresAt
+  };
   await saveConfig(config);
 }
 
@@ -304,7 +345,15 @@ async function saveClientToken(environment, appName, controllerUrl, token, expir
   if (!config.environments) config.environments = {};
   if (!config.environments[environment]) config.environments[environment] = { clients: {} };
   if (!config.environments[environment].clients) config.environments[environment].clients = {};
-  config.environments[environment].clients[appName] = { controller: controllerUrl, token, expiresAt };
+
+  // Encrypt token before saving
+  const encryptedToken = await encryptTokenValue(token);
+
+  config.environments[environment].clients[appName] = {
+    controller: controllerUrl,
+    token: encryptedToken,
+    expiresAt
+  };
   await saveConfig(config);
 }
 
@@ -349,100 +398,56 @@ async function setSecretsEncryptionKey(key) {
   await saveConfig(config);
 }
 
-/**
- * Get general secrets path from configuration
- * Returns aifabrix-secrets path from config.yaml if configured
- * @returns {Promise<string|null>} Secrets path or null if not set
- */
 async function getSecretsPath() {
   const config = await getConfig();
-  // Backward compatibility: prefer new key, fallback to legacy
   return config['aifabrix-secrets'] || config['secrets-path'] || null;
 }
 
-/**
- * Set general secrets path in configuration
- * @param {string} secretsPath - Path to general secrets file
- * @returns {Promise<void>}
- */
 async function setSecretsPath(secretsPath) {
   if (!secretsPath || typeof secretsPath !== 'string') {
     throw new Error('Secrets path is required and must be a string');
   }
-
   const config = await getConfig();
-  // Store under new canonical key
   config['aifabrix-secrets'] = secretsPath;
   await saveConfig(config);
 }
 
-/**
- * Get aifabrix-home override from configuration
- * @returns {Promise<string|null>} Home override path or null if not set
- */
-async function getAifabrixHomeOverride() {
+async function getPathConfig(key) {
   const config = await getConfig();
-  return config['aifabrix-home'] || null;
+  return config[key] || null;
 }
 
-/**
- * Set aifabrix-home override in configuration
- * @param {string} homePath - Base directory path for AI Fabrix files
- * @returns {Promise<void>}
- */
-async function setAifabrixHomeOverride(homePath) {
-  if (!homePath || typeof homePath !== 'string') {
-    throw new Error('Home path is required and must be a string');
+async function setPathConfig(key, value, errorMsg) {
+  if (!value || typeof value !== 'string') {
+    throw new Error(errorMsg);
   }
   const config = await getConfig();
-  config['aifabrix-home'] = homePath;
+  config[key] = value;
   await saveConfig(config);
 }
 
-/**
- * Get aifabrix-secrets path from configuration (canonical)
- * @returns {Promise<string|null>} Secrets path or null if not set
- */
+async function getAifabrixHomeOverride() {
+  return getPathConfig('aifabrix-home');
+}
+
+async function setAifabrixHomeOverride(homePath) {
+  await setPathConfig('aifabrix-home', homePath, 'Home path is required and must be a string');
+}
+
 async function getAifabrixSecretsPath() {
-  const config = await getConfig();
-  return config['aifabrix-secrets'] || null;
+  return getPathConfig('aifabrix-secrets');
 }
 
-/**
- * Set aifabrix-secrets path in configuration (canonical)
- * @param {string} secretsPath - Path to default secrets file
- * @returns {Promise<void>}
- */
 async function setAifabrixSecretsPath(secretsPath) {
-  if (!secretsPath || typeof secretsPath !== 'string') {
-    throw new Error('Secrets path is required and must be a string');
-  }
-  const config = await getConfig();
-  config['aifabrix-secrets'] = secretsPath;
-  await saveConfig(config);
+  await setPathConfig('aifabrix-secrets', secretsPath, 'Secrets path is required and must be a string');
 }
 
-/**
- * Get aifabrix-env-config path from configuration
- * @returns {Promise<string|null>} Env config path or null if not set
- */
 async function getAifabrixEnvConfigPath() {
-  const config = await getConfig();
-  return config['aifabrix-env-config'] || null;
+  return getPathConfig('aifabrix-env-config');
 }
 
-/**
- * Set aifabrix-env-config path in configuration
- * @param {string} envConfigPath - Path to user env-config file
- * @returns {Promise<void>}
- */
 async function setAifabrixEnvConfigPath(envConfigPath) {
-  if (!envConfigPath || typeof envConfigPath !== 'string') {
-    throw new Error('Env config path is required and must be a string');
-  }
-  const config = await getConfig();
-  config['aifabrix-env-config'] = envConfigPath;
-  await saveConfig(config);
+  await setPathConfig('aifabrix-env-config', envConfigPath, 'Env config path is required and must be a string');
 }
 
 // Create exports object
@@ -461,6 +466,8 @@ const exportsObj = {
   getClientToken,
   saveDeviceToken,
   saveClientToken,
+  encryptTokenValue,
+  decryptTokenValue,
   getSecretsEncryptionKey,
   setSecretsEncryptionKey,
   getSecretsPath,

package/lib/datasource-deploy.js

@@ -129,39 +129,33 @@ async function deployDatasource(appKey, filePath, options) {
   const dataplaneUrl = await getDataplaneUrl(options.controller, appKey, options.environment, authConfig);
   logger.log(chalk.green(`✓ Dataplane URL: ${dataplaneUrl}`));
 
-  // Deploy to dataplane
-  logger.log(chalk.blue('\n🚀 Deploying to dataplane...'));
-  const deployEndpoint = `${dataplaneUrl}/api/v1/pipeline/${systemKey}/deploy`;
+  // Publish to dataplane (using publish endpoint)
+  logger.log(chalk.blue('\n🚀 Publishing datasource to dataplane...'));
+  const publishEndpoint = `${dataplaneUrl}/api/v1/pipeline/${systemKey}/publish`;
 
-  // Prepare deployment request
-  const deployRequest = {
-    datasource: datasourceConfig
-  };
-
-  // Make API call to dataplane
-  // This is a placeholder - actual API structure may vary
-  let deployResponse;
+  // Prepare publish request - send datasource configuration directly
+  let publishResponse;
   if (authConfig.type === 'bearer' && authConfig.token) {
-    deployResponse = await authenticatedApiCall(
-      deployEndpoint,
+    publishResponse = await authenticatedApiCall(
+      publishEndpoint,
       {
         method: 'POST',
-        body: JSON.stringify(deployRequest)
+        body: JSON.stringify(datasourceConfig)
       },
       authConfig.token
     );
   } else {
-    throw new Error('Bearer token authentication required for dataplane deployment');
+    throw new Error('Bearer token authentication required for dataplane publish');
   }
 
-  if (!deployResponse.success) {
-    const formattedError = deployResponse.formattedError || formatApiError(deployResponse);
-    logger.error(chalk.red('❌ Deployment failed:'));
+  if (!publishResponse.success) {
+    const formattedError = publishResponse.formattedError || formatApiError(publishResponse);
+    logger.error(chalk.red('❌ Publish failed:'));
     logger.error(formattedError);
-    throw new Error(`Dataplane deployment failed: ${formattedError}`);
+    throw new Error(`Dataplane publish failed: ${formattedError}`);
   }
 
-  logger.log(chalk.green('\n✓ Datasource deployed successfully!'));
+  logger.log(chalk.green('\n✓ Datasource published successfully!'));
   logger.log(chalk.blue(`\nDatasource: ${datasourceConfig.key || datasourceConfig.displayName}`));
   logger.log(chalk.blue(`System: ${systemKey}`));
   logger.log(chalk.blue(`Environment: ${options.environment}`));