@aifabrix/builder 2.8.0 → 2.10.0

package/templates/applications/miso-controller/env.template

@@ -28,13 +28,21 @@ ONBOARDING_ADMIN_EMAIL=kv://miso-controller-admin-emailKeyVault
 # APPLICATION ENVIRONMENT
 # =============================================================================
 
-NODE_ENV=development
-PORT=3000
+# NODE_ENV: production for Docker (serves pre-built static files), development for local dev
+# In Docker, this should be production to prevent Vite dev server initialization
+NODE_ENV=${NODE_ENV}
+PORT=${MISO_PORT}
 AUTO_CREATE_TABLES=true
 FAST_STARTUP=false
-ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173
+ALLOWED_ORIGINS=http://localhost:*
 ENABLE_API_DOCS=true
 
+# Rate Limiting Configuration (for local development)
+# Set DISABLE_RATE_LIMIT=true to disable rate limiting entirely (local development only)
+DISABLE_RATE_LIMIT=true
+# RATE_LIMIT_WINDOW_MS=900000  # 15 minutes in milliseconds (default: 900000)
+# RATE_LIMIT_MAX=100           # Max requests per window (default: 100)
+
 # Package Version (auto-set by npm/pnpm, optional override)
 # npm_package_version=1.0.0
 
@@ -72,6 +80,7 @@ REDIS_PERMISSIONS_TTL=900
 
 KEYCLOAK_REALM=aifabrix
 KEYCLOAK_SERVER_URL=kv://keycloak-server-urlKeyVault
+KEYCLOAK_PUBLIC_SERVER_URL=kv://keycloak-public-server-urlKeyVault
 KEYCLOAK_CLIENT_ID=miso-controller
 KEYCLOAK_CLIENT_SECRET=kv://keycloak-client-secretKeyVault
 KEYCLOAK_ADMIN_USERNAME=admin
@@ -96,8 +105,9 @@ AZURE_SERVICE_NAME=kv://azure-service-nameKeyVault
 AZURE_CLIENT_ID=kv://azure-client-idKeyVault
 AZURE_CLIENT_SECRET=kv://azure-client-secretKeyVault
 
-# Mock Mode (set to false for production)
-MOCK=true
+# Mock Mode (defaults to false - set to true only for testing/development)
+# Set MOCK=true to prevent actual Azure resource creation (for testing)
+MOCK=false
 
 # =============================================================================
 # SECURITY & ENCRYPTION
@@ -117,11 +127,14 @@ API_KEY=kv://miso-controller-api-key-secretKeyVault
 # =============================================================================
 
 # MISO Controller URL
-MISO_CONTROLLER_URL=kv://miso-controller-url
-
-# Web Server URL (for OpenAPI documentation server URLs)
-# Used to generate correct server URLs in OpenAPI spec
-WEB_SERVER_URL=kv://miso-controller-web-server-url
+MISO_CONTROLLER_URL=http://${MISO_HOST}:${MISO_PORT}
+
+# Web Server URL (for OpenAPI documentation server URLs and Keycloak callbacks)
+# This is the PUBLIC-FACING URL that browsers/users access (e.g., http://localhost:3100)
+# Used to generate correct server URLs in OpenAPI spec and Keycloak callback URLs
+# For Docker: use localhost with mapped port (e.g., localhost:3100)
+# For production: use public domain (e.g., https://miso.example.com)
+MISO_WEB_SERVER_URL=kv://miso-controller-web-server-url
 
 # MISO Environment Configuration (miso, dev, tst, pro)
 MISO_ENVIRONMENT=miso

package/templates/applications/miso-controller/rbac.yaml

@@ -1,230 +1,280 @@
 roles:
-  - name: "AI Fabrix Platform Admin"
-    value: "aifabrix-platform-admin"
-    description: "Full platform infrastructure management and enterprise controller access"
-    Groups: ["AI-Fabrix-Platform-Admins"]
-  
-  - name: "AI Fabrix Security Admin"
-    value: "aifabrix-security-admin"
-    description: "Security and compliance management for enterprise controller"
-    Groups: ["AI-Fabrix-Security-Admins"]
-  
-  - name: "AI Fabrix Infrastructure Admin"
-    value: "aifabrix-infrastructure-admin"
-    description: "Infrastructure deployment and management across environments"
-    Groups: ["AI-Fabrix-Infrastructure-Admins"]
-  
-  - name: "AI Fabrix Deployment Admin"
-    value: "aifabrix-deployment-admin"
-    description: "Application deployment orchestration and environment management"
-    Groups: ["AI-Fabrix-Deployment-Admins"]
-  
-  - name: "AI Fabrix Compliance Admin"
-    value: "aifabrix-compliance-admin"
-    description: "ISO 27001 compliance monitoring and audit management"
-    Groups: ["AI-Fabrix-Compliance-Admins"]
-  
-  - name: "AI Fabrix Developer"
-    value: "aifabrix-developer"
-    description: "Developer access to deploy applications via GitHub Actions"
-    Groups: ["AI-Fabrix-Developers"]
-  
-  - name: "AI Fabrix Observer"
-    value: "aifabrix-observer"
-    description: "Read-only access to monitoring, logs, and compliance reports"
-    Groups: ["AI-Fabrix-Observers"]
+  - name: 'AI Fabrix Platform Admin'
+    value: 'aifabrix-platform-admin'
+    description: 'Full platform infrastructure management and enterprise controller access'
+    Groups: ['AI-Fabrix-Platform-Admins']
+
+  - name: 'AI Fabrix Security Admin'
+    value: 'aifabrix-security-admin'
+    description: 'Security and compliance management for enterprise controller'
+    Groups: ['AI-Fabrix-Security-Admins']
+
+  - name: 'AI Fabrix Infrastructure Admin'
+    value: 'aifabrix-infrastructure-admin'
+    description: 'Infrastructure deployment and management across environments'
+    Groups: ['AI-Fabrix-Infrastructure-Admins']
+
+  - name: 'AI Fabrix Deployment Admin'
+    value: 'aifabrix-deployment-admin'
+    description: 'Application deployment orchestration and environment management'
+    Groups: ['AI-Fabrix-Deployment-Admins']
+
+  - name: 'AI Fabrix Compliance Admin'
+    value: 'aifabrix-compliance-admin'
+    description: 'ISO 27001 compliance monitoring and audit management'
+    Groups: ['AI-Fabrix-Compliance-Admins']
+
+  - name: 'AI Fabrix Developer'
+    value: 'aifabrix-developer'
+    description: 'Developer access to deploy applications via GitHub Actions'
+    Groups: ['AI-Fabrix-Developers']
+
+  - name: 'AI Fabrix Observer'
+    value: 'aifabrix-observer'
+    description: 'Read-only access to monitoring, logs, and compliance reports'
+    Groups: ['AI-Fabrix-Observers']
 
 permissions:
   # Service User Management
-  - name: "service-user:create"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Create service users and API clients"
-  
-  - name: "service-user:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-observer"]
-    description: "View service users and their configurations"
-  
-  - name: "service-user:update"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Update service user configurations and regenerate secrets"
-  
-  - name: "service-user:delete"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Deactivate service users"
-  
+  - name: 'service-user:create'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Create service users and API clients'
+
+  - name: 'service-user:read'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin', 'aifabrix-observer']
+    description: 'View service users and their configurations'
+
+  - name: 'service-user:update'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Update service user configurations and regenerate secrets'
+
+  - name: 'service-user:delete'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Deactivate service users'
+
   # User Management
-  - name: "users:create"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Create new users"
-  
-  - name: "users:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-observer"]
-    description: "View user information and profiles"
-  
-  - name: "users:update"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Update user information and manage group memberships"
-  
-  - name: "users:delete"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Delete users"
-  
+  - name: 'users:create'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Create new users'
+
+  - name: 'users:read'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin', 'aifabrix-observer']
+    description: 'View user information and profiles'
+
+  - name: 'users:update'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Update user information and manage group memberships'
+
+  - name: 'users:delete'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Delete users'
+
   # Group Management
-  - name: "groups:create"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Create new groups"
-  
-  - name: "groups:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-observer"]
-    description: "View group information and members"
-  
-  - name: "groups:update"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Update group information"
-  
-  - name: "groups:delete"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Delete groups"
-  
+  - name: 'groups:create'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Create new groups'
+
+  - name: 'groups:read'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin', 'aifabrix-observer']
+    description: 'View group information and members'
+
+  - name: 'groups:update'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Update group information'
+
+  - name: 'groups:delete'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Delete groups'
+
   # Administrative Permissions
-  - name: "admin:read"
-    roles: ["aifabrix-platform-admin"]
-    description: "Administrative read access to all resources"
-  
-  - name: "admin:write"
-    roles: ["aifabrix-platform-admin"]
-    description: "Administrative write access to all resources"
-  
-  - name: "admin:delete"
-    roles: ["aifabrix-platform-admin"]
-    description: "Administrative delete access to all resources"
-  
+  - name: 'admin:read'
+    roles: ['aifabrix-platform-admin']
+    description: 'Administrative read access to all resources'
+
+  - name: 'admin:write'
+    roles: ['aifabrix-platform-admin']
+    description: 'Administrative write access to all resources'
+
+  - name: 'admin:delete'
+    roles: ['aifabrix-platform-admin']
+    description: 'Administrative delete access to all resources'
+
   # Template Applications (environment = null)
-  - name: "applications:create"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin", "aifabrix-deployment-admin"]
-    description: "Register new application templates"
-  
-  - name: "applications:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin", "aifabrix-deployment-admin", "aifabrix-developer", "aifabrix-observer"]
-    description: "View application templates"
-  
-  - name: "applications:update"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin", "aifabrix-deployment-admin"]
-    description: "Update application templates"
-  
-  - name: "applications:delete"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin"]
-    description: "Remove application templates"
-  
+  - name: 'applications:create'
+    roles: ['aifabrix-platform-admin', 'aifabrix-infrastructure-admin', 'aifabrix-deployment-admin']
+    description: 'Register new application templates'
+
+  - name: 'applications:read'
+    roles:
+      [
+        'aifabrix-platform-admin',
+        'aifabrix-infrastructure-admin',
+        'aifabrix-deployment-admin',
+        'aifabrix-developer',
+        'aifabrix-observer'
+      ]
+    description: 'View application templates'
+
+  - name: 'applications:update'
+    roles: ['aifabrix-platform-admin', 'aifabrix-infrastructure-admin', 'aifabrix-deployment-admin']
+    description: 'Update application templates'
+
+  - name: 'applications:delete'
+    roles: ['aifabrix-platform-admin', 'aifabrix-infrastructure-admin']
+    description: 'Remove application templates'
+
   # Environments
-  - name: "environments:create"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin"]
-    description: "Create new environments (dev, tst, pro, miso)"
-  
-  - name: "environments:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin", "aifabrix-deployment-admin", "aifabrix-developer", "aifabrix-observer"]
-    description: "View environments and their status"
-  
-  - name: "environments:update"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin"]
-    description: "Update environment configuration"
-  
-  - name: "environments:delete"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin"]
-    description: "Delete environments"
-  
+  - name: 'environments:create'
+    roles: ['aifabrix-platform-admin', 'aifabrix-infrastructure-admin']
+    description: 'Create new environments (dev, tst, pro, miso)'
+
+  - name: 'environments:read'
+    roles:
+      [
+        'aifabrix-platform-admin',
+        'aifabrix-infrastructure-admin',
+        'aifabrix-deployment-admin',
+        'aifabrix-developer',
+        'aifabrix-observer'
+      ]
+    description: 'View environments and their status'
+
+  - name: 'environments:update'
+    roles: ['aifabrix-platform-admin', 'aifabrix-infrastructure-admin']
+    description: 'Update environment configuration'
+
+  - name: 'environments:delete'
+    roles: ['aifabrix-platform-admin', 'aifabrix-infrastructure-admin']
+    description: 'Delete environments'
+
   # Environment Applications
-  - name: "environments-applications:create"
-    roles: ["aifabrix-platform-admin", "aifabrix-deployment-admin", "aifabrix-developer"]
-    description: "Create applications within environments"
-  
-  - name: "environments-applications:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-deployment-admin", "aifabrix-developer", "aifabrix-observer"]
-    description: "View applications within environments"
-  
-  - name: "environments-applications:update"
-    roles: ["aifabrix-platform-admin", "aifabrix-deployment-admin", "aifabrix-developer"]
-    description: "Update applications within environments"
-  
-  - name: "environments-applications:delete"
-    roles: ["aifabrix-platform-admin", "aifabrix-deployment-admin"]
-    description: "Remove applications from environments"
-  
+  - name: 'environments-applications:create'
+    roles: ['aifabrix-platform-admin', 'aifabrix-deployment-admin', 'aifabrix-developer']
+    description: 'Create applications within environments'
+
+  - name: 'environments-applications:read'
+    roles:
+      [
+        'aifabrix-platform-admin',
+        'aifabrix-deployment-admin',
+        'aifabrix-developer',
+        'aifabrix-observer'
+      ]
+    description: 'View applications within environments'
+
+  - name: 'environments-applications:update'
+    roles: ['aifabrix-platform-admin', 'aifabrix-deployment-admin', 'aifabrix-developer']
+    description: 'Update applications within environments'
+
+  - name: 'environments-applications:delete'
+    roles: ['aifabrix-platform-admin', 'aifabrix-deployment-admin']
+    description: 'Remove applications from environments'
+
   # Pipeline & Deployment
-  - name: "applications:deploy"
-    roles: ["aifabrix-platform-admin", "aifabrix-deployment-admin", "aifabrix-developer"]
-    description: "Deploy applications to environments"
-  
-  - name: "deployments:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-deployment-admin", "aifabrix-developer", "aifabrix-observer"]
-    description: "View deployment history and status"
-  
+  - name: 'applications:deploy'
+    roles: ['aifabrix-platform-admin', 'aifabrix-deployment-admin', 'aifabrix-developer']
+    description: 'Deploy applications to environments'
+
+  - name: 'deployments:read'
+    roles:
+      [
+        'aifabrix-platform-admin',
+        'aifabrix-deployment-admin',
+        'aifabrix-developer',
+        'aifabrix-observer'
+      ]
+    description: 'View deployment history and status'
+
   # Controller Operations
-  - name: "controller:admin"
-    roles: ["aifabrix-platform-admin"]
-    description: "Full administrative access to controller operations"
-  
-  - name: "controller:deploy"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin", "aifabrix-deployment-admin"]
-    description: "Deploy infrastructure and manage environments"
-  
-  - name: "controller:monitor"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-observer"]
-    description: "Monitor system health and view logs"
-  
-  - name: "controller:compliance"
-    roles: ["aifabrix-platform-admin", "aifabrix-compliance-admin"]
-    description: "Access compliance reports and audit logs"
-  
+  - name: 'controller:admin'
+    roles: ['aifabrix-platform-admin']
+    description: 'Full administrative access to controller operations'
+
+  - name: 'controller:deploy'
+    roles: ['aifabrix-platform-admin', 'aifabrix-infrastructure-admin', 'aifabrix-deployment-admin']
+    description: 'Deploy infrastructure and manage environments'
+
+  - name: 'controller:monitor'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin', 'aifabrix-observer']
+    description: 'Monitor system health and view logs'
+
+  - name: 'controller:compliance'
+    roles: ['aifabrix-platform-admin', 'aifabrix-compliance-admin']
+    description: 'Access compliance reports and audit logs'
+
   # Authentication & Authorization
-  - name: "auth:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-developer", "aifabrix-observer"]
-    description: "View user roles and permissions"
-  
+  - name: 'auth:read'
+    roles:
+      [
+        'aifabrix-platform-admin',
+        'aifabrix-security-admin',
+        'aifabrix-developer',
+        'aifabrix-observer'
+      ]
+    description: 'View user roles and permissions'
+
   # Logs
-  - name: "logs:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-compliance-admin", "aifabrix-observer"]
-    description: "View application and audit logs"
-  
-  - name: "logs:write"
-    roles: ["aifabrix-platform-admin", "aifabrix-developer"]
-    description: "Write audit and error logs"
-  
-  - name: "logs:export"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-compliance-admin"]
-    description: "Export logs for archival and compliance"
-  
-  - name: "audit:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-compliance-admin"]
-    description: "View audit trail logs"
-  
-  - name: "jobs:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin", "aifabrix-deployment-admin", "aifabrix-observer"]
-    description: "View job and performance logs"
-  
-  - name: "admin:export"
-    roles: ["aifabrix-platform-admin"]
-    description: "Administrative export access to all data"
-  
+  - name: 'logs:read'
+    roles:
+      [
+        'aifabrix-platform-admin',
+        'aifabrix-security-admin',
+        'aifabrix-compliance-admin',
+        'aifabrix-observer'
+      ]
+    description: 'View application and audit logs'
+
+  - name: 'logs:write'
+    roles: ['aifabrix-platform-admin', 'aifabrix-developer']
+    description: 'Write audit and error logs'
+
+  - name: 'logs:export'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin', 'aifabrix-compliance-admin']
+    description: 'Export logs for archival and compliance'
+
+  - name: 'audit:read'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin', 'aifabrix-compliance-admin']
+    description: 'View audit trail logs'
+
+  - name: 'jobs:read'
+    roles:
+      [
+        'aifabrix-platform-admin',
+        'aifabrix-infrastructure-admin',
+        'aifabrix-deployment-admin',
+        'aifabrix-observer'
+      ]
+    description: 'View job and performance logs'
+
+  - name: 'admin:export'
+    roles: ['aifabrix-platform-admin']
+    description: 'Administrative export access to all data'
+
   # Admin Operations
-  - name: "admin:sync"
-    roles: ["aifabrix-platform-admin", "aifabrix-infrastructure-admin"]
-    description: "Full system synchronization operations"
-  
-  - name: "admin:keycloak"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin"]
-    description: "Keycloak administration and configuration"
-  
+  - name: 'admin:sync'
+    roles: ['aifabrix-platform-admin', 'aifabrix-infrastructure-admin']
+    description: 'Full system synchronization operations'
+
+  - name: 'admin:keycloak'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin']
+    description: 'Keycloak administration and configuration'
+
   # Cache Management
-  - name: "cache:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-security-admin", "aifabrix-observer"]
-    description: "View cache statistics and performance metrics"
-  
-  - name: "cache:admin"
-    roles: ["aifabrix-platform-admin"]
-    description: "Manage cache (clear, invalidate patterns)"
-  
+  - name: 'cache:read'
+    roles: ['aifabrix-platform-admin', 'aifabrix-security-admin', 'aifabrix-observer']
+    description: 'View cache statistics and performance metrics'
+
+  - name: 'cache:admin'
+    roles: ['aifabrix-platform-admin']
+    description: 'Manage cache (clear, invalidate patterns)'
+
   # Dashboard
-  - name: "dashboard:read"
-    roles: ["aifabrix-platform-admin", "aifabrix-deployment-admin", "aifabrix-developer", "aifabrix-observer"]
-    description: "View dashboard summaries and aggregates"
+  - name: 'dashboard:read'
+    roles:
+      [
+        'aifabrix-platform-admin',
+        'aifabrix-deployment-admin',
+        'aifabrix-developer',
+        'aifabrix-observer'
+      ]
+    description: 'View dashboard summaries and aggregates'

package/templates/applications/miso-controller/variables.yaml

@@ -1,8 +1,8 @@
 # Application Metadata
 app:
   key: miso-controller
-  displayName: "Miso Controller"
-  description: "AI Fabrix Miso Controller - Backend API and orchestration service"
+  displayName: 'Miso Controller'
+  description: 'AI Fabrix Miso Controller - Backend API and orchestration service'
   type: webapp
 
 # Image Configuration
@@ -34,7 +34,7 @@ healthCheck:
 
 # Authentication
 authentication:
-  type: local
+  type: keycloak
   enableSSO: true
   requiredRoles:
     - aifabrix-user