@celilo/cli 0.1.0

package/src/variables/resolver.ts

@@ -0,0 +1,282 @@
+import { parseVariables } from './parser';
+import type {
+  ResolutionContext,
+  ResolveResult,
+  TemplateResolveResult,
+  VariableReference,
+} from './types';
+
+/**
+ * Get nested value from object using dot notation
+ *
+ * @param obj - Object to search
+ * @param path - Dot-separated path (e.g., 'dns_registrar.primary_domain')
+ * @returns Value if found, undefined otherwise
+ */
+function getNestedValue(obj: Record<string, unknown>, path: string): unknown {
+  const parts = path.split('.');
+  let current: unknown = obj;
+
+  for (const part of parts) {
+    if (current === null || current === undefined) {
+      return undefined;
+    }
+    if (typeof current !== 'object') {
+      return undefined;
+    }
+    current = (current as Record<string, unknown>)[part];
+  }
+
+  return current;
+}
+
+/**
+ * Resolve a single variable reference
+ *
+ * Execution function (Rule 10.1) - may perform database access for capability secrets
+ *
+ * @param variable - Variable reference to resolve
+ * @param context - Resolution context with all data sources
+ * @param db - Database connection
+ * @returns Resolved value or error
+ */
+export async function resolveVariable(
+  variable: VariableReference,
+  context: ResolutionContext,
+  db: ReturnType<typeof import('../db/client').getDb>,
+): Promise<ResolveResult> {
+  switch (variable.type) {
+    case 'self': {
+      const value = context.selfConfig[variable.path];
+      if (value === undefined) {
+        return {
+          success: false,
+          variable: variable.raw,
+          error: `Self variable '${variable.path}' not found in module configuration`,
+        };
+      }
+      return { success: true, value };
+    }
+
+    case 'system': {
+      const value = context.systemConfig[variable.path];
+      if (value === undefined) {
+        return {
+          success: false,
+          variable: variable.raw,
+          error: `System variable '${variable.path}' not found`,
+        };
+      }
+      return { success: true, value };
+    }
+
+    case 'system_secret': {
+      const value = context.systemSecrets[variable.path];
+      if (value === undefined) {
+        return {
+          success: false,
+          variable: variable.raw,
+          error: `System secret '${variable.path}' not found`,
+        };
+      }
+      return { success: true, value };
+    }
+
+    case 'secret': {
+      const value = context.secrets[variable.path];
+      if (value === undefined) {
+        return {
+          success: false,
+          variable: variable.raw,
+          error: `Secret '${variable.path}' not found for module ${context.moduleId}`,
+        };
+      }
+      return { success: true, value };
+    }
+
+    case 'capability': {
+      // Format: capability_name.path.to.value
+      const [capabilityName, ...pathParts] = variable.path.split('.');
+
+      if (!capabilityName) {
+        return {
+          success: false,
+          variable: variable.raw,
+          error:
+            'Capability variable must specify capability name (e.g., dns_registrar.primary_domain)',
+        };
+      }
+
+      if (pathParts.length === 0) {
+        return {
+          success: false,
+          variable: variable.raw,
+          error: `Capability variable must specify data path (e.g., ${capabilityName}.nameserver)`,
+        };
+      }
+
+      const fieldPath = pathParts.join('.');
+
+      // Check if this field is a secret
+      const { isCapabilityFieldSecret, checkCapabilitySecretAccess, getCapabilitySecret } =
+        await import('../capabilities/secrets');
+
+      const isSecret = isCapabilityFieldSecret(capabilityName, fieldPath, db.$client);
+
+      if (isSecret) {
+        // This is a secret - validate access and decrypt
+        const canAccess = checkCapabilitySecretAccess(
+          context.moduleId,
+          capabilityName,
+          fieldPath,
+          db.$client,
+        );
+
+        if (!canAccess) {
+          return {
+            success: false,
+            variable: variable.raw,
+            error: `Module '${context.moduleId}' does not have permission to access secret '${fieldPath}' from capability '${capabilityName}'`,
+          };
+        }
+
+        try {
+          const secretValue = await getCapabilitySecret(capabilityName, fieldPath, db.$client);
+          return { success: true, value: secretValue };
+        } catch (error) {
+          return {
+            success: false,
+            variable: variable.raw,
+            error: `Failed to retrieve secret '${fieldPath}' from capability '${capabilityName}': ${error instanceof Error ? error.message : 'Unknown error'}`,
+          };
+        }
+      }
+
+      // Not a secret - access capability data normally
+      const capabilityData = context.capabilities[capabilityName];
+      if (!capabilityData) {
+        return {
+          success: false,
+          variable: variable.raw,
+          error: `Capability '${capabilityName}' not found or not registered`,
+        };
+      }
+
+      const value = getNestedValue(capabilityData, fieldPath);
+      if (value === undefined) {
+        return {
+          success: false,
+          variable: variable.raw,
+          error: `Capability data '${fieldPath}' not found in '${capabilityName}'`,
+        };
+      }
+
+      // Check if value contains unresolved $self: variable (lazy resolution)
+      if (typeof value === 'string' && value.startsWith('$self:')) {
+        // Get provider module's config to resolve the variable
+        const selfVarPath = value.substring(6); // Remove "$self:" prefix
+
+        // Get provider module ID
+        const providerQuery = db.$client.prepare(
+          `SELECT p.id FROM modules p
+           JOIN capabilities c ON p.id = c.module_id
+           WHERE c.capability_name = ?
+           LIMIT 1`,
+        );
+        const providerResult = providerQuery.get(capabilityName) as { id: string } | undefined;
+
+        if (!providerResult) {
+          return {
+            success: false,
+            variable: variable.raw,
+            error: `Provider module not found for capability '${capabilityName}'`,
+          };
+        }
+
+        // Get provider module's config value
+        const configQuery = db.$client.prepare(
+          'SELECT value FROM module_configs WHERE module_id = ? AND key = ?',
+        );
+        const configResult = configQuery.get(providerResult.id, selfVarPath) as
+          | { value: string }
+          | undefined;
+
+        if (!configResult) {
+          return {
+            success: false,
+            variable: variable.raw,
+            error: `Provider module '${providerResult.id}' has not configured '${selfVarPath}' (required by capability '${capabilityName}')`,
+          };
+        }
+
+        return { success: true, value: configResult.value };
+      }
+
+      // Convert value to string
+      if (typeof value === 'string') {
+        return { success: true, value };
+      }
+      if (typeof value === 'number' || typeof value === 'boolean') {
+        return { success: true, value: String(value) };
+      }
+
+      return {
+        success: false,
+        variable: variable.raw,
+        error: `Capability data '${fieldPath}' is not a primitive value (got ${typeof value})`,
+      };
+    }
+
+    default: {
+      return {
+        success: false,
+        variable: variable.raw,
+        error: `Unknown variable type: ${(variable as VariableReference).type}`,
+      };
+    }
+  }
+}
+
+/**
+ * Resolve all variables in a template
+ *
+ * Orchestration function (Rule 10.1) - coordinates parsing and resolution
+ *
+ * @param content - Template content with variables
+ * @param context - Resolution context
+ * @param db - Database connection
+ * @returns Resolved template or errors
+ */
+export async function resolveTemplate(
+  content: string,
+  context: ResolutionContext,
+  db: ReturnType<typeof import('../db/client').getDb>,
+): Promise<TemplateResolveResult> {
+  // Parse all variables
+  const variables = parseVariables(content);
+
+  if (variables.length === 0) {
+    return { success: true, content };
+  }
+
+  const errors: Array<{ variable: string; error: string }> = [];
+  let resolvedContent = content;
+
+  // Resolve each variable
+  for (const variable of variables) {
+    const result = await resolveVariable(variable, context, db);
+
+    if (!result.success) {
+      errors.push({ variable: result.variable, error: result.error });
+    } else {
+      // Replace all occurrences of this variable
+      resolvedContent = resolvedContent.replaceAll(variable.raw, result.value);
+    }
+  }
+
+  if (errors.length > 0) {
+    return { success: false, errors };
+  }
+
+  return { success: true, content: resolvedContent };
+}

package/src/variables/types.ts

@@ -0,0 +1,59 @@
+/**
+ * Variable types and interfaces for template resolution
+ */
+
+/**
+ * Variable reference parsed from template
+ * Example: $self:container_ip -> { type: 'self', path: 'container_ip', raw: '$self:container_ip' }
+ */
+export interface VariableReference {
+  type: 'self' | 'system' | 'system_secret' | 'secret' | 'capability';
+  path: string;
+  raw: string;
+}
+
+/**
+ * Resolution context - provides data sources for variable resolution
+ */
+export interface ResolutionContext {
+  moduleId: string;
+  selfConfig: Record<string, string>;
+  systemConfig: Record<string, string>;
+  systemSecrets: Record<string, string>;
+  secrets: Record<string, string>;
+  capabilities: Record<string, Record<string, unknown>>;
+}
+
+/**
+ * Variable resolution result
+ */
+export interface ResolveSuccess {
+  success: true;
+  value: string;
+}
+
+export interface ResolveError {
+  success: false;
+  variable: string;
+  error: string;
+}
+
+export type ResolveResult = ResolveSuccess | ResolveError;
+
+/**
+ * Template resolution result
+ */
+export interface TemplateResolveSuccess {
+  success: true;
+  content: string;
+}
+
+export interface TemplateResolveError {
+  success: false;
+  errors: Array<{
+    variable: string;
+    error: string;
+  }>;
+}
+
+export type TemplateResolveResult = TemplateResolveSuccess | TemplateResolveError;