@celilo/cli 0.1.0

package/src/ansible/validation.test.ts

@@ -0,0 +1,92 @@
+import { describe, expect, test } from 'bun:test';
+import {
+  isAnsibleInventoryAvailable,
+  isAnsibleLintAvailable,
+  isAnsiblePlaybookAvailable,
+  validateInventory,
+  validatePlaybookSyntax,
+  validateWithAnsibleLint,
+} from './validation';
+
+describe('Ansible Tool Availability', () => {
+  test('checks if ansible-lint is available', () => {
+    const available = isAnsibleLintAvailable();
+    expect(typeof available).toBe('boolean');
+    // Note: May be false in environments without ansible-lint
+  });
+
+  test('checks if ansible-playbook is available', () => {
+    const available = isAnsiblePlaybookAvailable();
+    expect(typeof available).toBe('boolean');
+  });
+
+  test('checks if ansible-inventory is available', () => {
+    const available = isAnsibleInventoryAvailable();
+    expect(typeof available).toBe('boolean');
+  });
+});
+
+describe('validateWithAnsibleLint', () => {
+  test('returns error when path does not exist', async () => {
+    const result = await validateWithAnsibleLint('/nonexistent/path');
+    expect(result.success).toBe(false);
+    // Could be either missing path or missing ansible-lint
+    expect(result.error).toBeDefined();
+  });
+
+  test('returns error when playbook.yml not found', async () => {
+    const result = await validateWithAnsibleLint('/tmp');
+    expect(result.success).toBe(false);
+    // Could be either missing playbook or missing ansible-lint
+    expect(result.error).toBeDefined();
+  });
+
+  test('returns error when ansible-lint not installed', async () => {
+    if (!isAnsibleLintAvailable()) {
+      const result = await validateWithAnsibleLint('/tmp');
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('ansible-lint command not found');
+    } else {
+      // If ansible-lint IS installed, test passes (can't test "not installed" case)
+      expect(true).toBe(true);
+    }
+  });
+});
+
+describe('validatePlaybookSyntax', () => {
+  test('returns error when playbook does not exist', async () => {
+    const result = await validatePlaybookSyntax('/nonexistent/playbook.yml', '/tmp');
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Playbook not found');
+  });
+
+  test('returns error when inventory does not exist', async () => {
+    const result = await validatePlaybookSyntax('/tmp/playbook.yml', '/nonexistent/inventory');
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('not found');
+  });
+
+  test('returns error when ansible-playbook not installed', async () => {
+    if (!isAnsiblePlaybookAvailable()) {
+      const result = await validatePlaybookSyntax('/tmp/playbook.yml', '/tmp');
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('ansible-playbook command not found');
+    }
+  });
+});
+
+describe('validateInventory', () => {
+  test('returns error when inventory does not exist', async () => {
+    const result = await validateInventory('/nonexistent/inventory');
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Inventory not found');
+  });
+
+  test('returns error when ansible-inventory not installed', async () => {
+    if (!isAnsibleInventoryAvailable()) {
+      const result = await validateInventory('/tmp');
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('ansible-inventory command not found');
+    }
+  });
+});

package/src/ansible/validation.ts

@@ -0,0 +1,272 @@
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { AnsibleInventorySchema, parseJsonWithValidation } from '../validation/schemas';
+
+/**
+ * Validation result structure
+ */
+export interface ValidationResult {
+  success: boolean;
+  stdout?: string;
+  stderr?: string;
+  error?: string;
+  details?: unknown;
+}
+
+/**
+ * Check if ansible-lint is available
+ *
+ * Policy function (Rule 10.1) - validation only
+ *
+ * @returns True if ansible-lint is installed
+ */
+export function isAnsibleLintAvailable(): boolean {
+  const result = Bun.spawnSync(['which', 'ansible-lint'], {
+    stdout: 'pipe',
+    stderr: 'pipe',
+  });
+  return result.exitCode === 0;
+}
+
+/**
+ * Check if ansible-playbook is available
+ *
+ * Policy function - validation only
+ *
+ * @returns True if ansible-playbook is installed
+ */
+export function isAnsiblePlaybookAvailable(): boolean {
+  const result = Bun.spawnSync(['which', 'ansible-playbook'], {
+    stdout: 'pipe',
+    stderr: 'pipe',
+  });
+  return result.exitCode === 0;
+}
+
+/**
+ * Check if ansible-inventory is available
+ *
+ * Policy function - validation only
+ *
+ * @returns True if ansible-inventory is installed
+ */
+export function isAnsibleInventoryAvailable(): boolean {
+  const result = Bun.spawnSync(['which', 'ansible-inventory'], {
+    stdout: 'pipe',
+    stderr: 'pipe',
+  });
+  return result.exitCode === 0;
+}
+
+/**
+ * Validate generated Ansible with ansible-lint
+ *
+ * Execution function (Rule 10.1) - spawns external process
+ *
+ * Fails on BOTH warnings and errors (strict mode)
+ *
+ * @param ansiblePath - Path to ansible directory containing playbook
+ * @param vaultPasswordFile - Optional path to vault password file
+ * @returns Validation result
+ */
+export async function validateWithAnsibleLint(
+  ansiblePath: string,
+  vaultPasswordFile?: string,
+): Promise<ValidationResult> {
+  // Check if ansible-lint is available
+  if (!isAnsibleLintAvailable()) {
+    return {
+      success: false,
+      error:
+        'ansible-lint command not found. Please install ansible-lint: pip install ansible-lint',
+    };
+  }
+
+  // Check if path exists
+  if (!existsSync(ansiblePath)) {
+    return {
+      success: false,
+      error: `Ansible path does not exist: ${ansiblePath}`,
+    };
+  }
+
+  // Check if playbook exists
+  const playbookPath = join(ansiblePath, 'playbook.yml');
+  if (!existsSync(playbookPath)) {
+    return {
+      success: false,
+      error: `Playbook not found: ${playbookPath}`,
+    };
+  }
+
+  // Run ansible-lint
+  // Note: ansible-lint exits with non-zero on warnings AND errors
+  const args = ['ansible-lint', playbookPath];
+  const env = { ...process.env };
+
+  // If vault password file provided, set environment variable for ansible-vault
+  if (vaultPasswordFile) {
+    env.ANSIBLE_VAULT_PASSWORD_FILE = vaultPasswordFile;
+  }
+
+  const result = Bun.spawnSync(args, {
+    stdout: 'pipe',
+    stderr: 'pipe',
+    cwd: ansiblePath,
+    env,
+  });
+
+  const stdout = result.stdout ? new TextDecoder().decode(result.stdout) : '';
+  const stderr = result.stderr ? new TextDecoder().decode(result.stderr) : '';
+
+  if (result.exitCode !== 0) {
+    return {
+      success: false,
+      error: `ansible-lint found issues (exit code ${result.exitCode})`,
+      stdout,
+      stderr,
+    };
+  }
+
+  return {
+    success: true,
+    stdout,
+  };
+}
+
+/**
+ * Validate Ansible playbook syntax
+ *
+ * Execution function - spawns external process
+ *
+ * @param playbookPath - Path to playbook.yml
+ * @param inventoryPath - Path to inventory directory or file
+ * @param vaultPasswordFile - Optional path to vault password file
+ * @returns Validation result
+ */
+export async function validatePlaybookSyntax(
+  playbookPath: string,
+  inventoryPath: string,
+  vaultPasswordFile?: string,
+): Promise<ValidationResult> {
+  // Check if ansible-playbook is available
+  if (!isAnsiblePlaybookAvailable()) {
+    return {
+      success: false,
+      error:
+        'ansible-playbook command not found. Please install Ansible: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html',
+    };
+  }
+
+  // Check if files exist
+  if (!existsSync(playbookPath)) {
+    return {
+      success: false,
+      error: `Playbook not found: ${playbookPath}`,
+    };
+  }
+
+  if (!existsSync(inventoryPath)) {
+    return {
+      success: false,
+      error: `Inventory not found: ${inventoryPath}`,
+    };
+  }
+
+  // Run ansible-playbook --syntax-check
+  const env = { ...process.env };
+
+  // If vault password file provided, set environment variable for ansible-vault
+  if (vaultPasswordFile) {
+    env.ANSIBLE_VAULT_PASSWORD_FILE = vaultPasswordFile;
+  }
+
+  const result = Bun.spawnSync(
+    ['ansible-playbook', '--syntax-check', '-i', inventoryPath, playbookPath],
+    {
+      stdout: 'pipe',
+      stderr: 'pipe',
+      env,
+    },
+  );
+
+  const stdout = result.stdout ? new TextDecoder().decode(result.stdout) : '';
+  const stderr = result.stderr ? new TextDecoder().decode(result.stderr) : '';
+
+  if (result.exitCode !== 0) {
+    return {
+      success: false,
+      error: `Syntax check failed (exit code ${result.exitCode})`,
+      stdout,
+      stderr,
+    };
+  }
+
+  return {
+    success: true,
+    stdout,
+  };
+}
+
+/**
+ * Validate Ansible inventory structure
+ *
+ * Execution function - spawns external process
+ *
+ * @param inventoryPath - Path to inventory directory or file
+ * @returns Validation result
+ */
+export async function validateInventory(inventoryPath: string): Promise<ValidationResult> {
+  // Check if ansible-inventory is available
+  if (!isAnsibleInventoryAvailable()) {
+    return {
+      success: false,
+      error: 'ansible-inventory command not found. Please install Ansible.',
+    };
+  }
+
+  // Check if inventory exists
+  if (!existsSync(inventoryPath)) {
+    return {
+      success: false,
+      error: `Inventory not found: ${inventoryPath}`,
+    };
+  }
+
+  // Run ansible-inventory --list
+  const result = Bun.spawnSync(['ansible-inventory', '-i', inventoryPath, '--list'], {
+    stdout: 'pipe',
+    stderr: 'pipe',
+  });
+
+  const stdout = result.stdout ? new TextDecoder().decode(result.stdout) : '';
+  const stderr = result.stderr ? new TextDecoder().decode(result.stderr) : '';
+
+  if (result.exitCode !== 0) {
+    return {
+      success: false,
+      error: `Inventory parsing failed (exit code ${result.exitCode})`,
+      stdout,
+      stderr,
+    };
+  }
+
+  // Try to parse and validate JSON output
+  try {
+    const inventory = parseJsonWithValidation(stdout, AnsibleInventorySchema, 'Ansible inventory');
+
+    return {
+      success: true,
+      stdout,
+      details: inventory,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: 'Failed to parse inventory JSON output',
+      stdout,
+      stderr,
+      details: error,
+    };
+  }
+}

package/src/api-clients/digitalocean.ts

@@ -0,0 +1,94 @@
+/**
+ * Digital Ocean API Client
+ * Validates connection to Digital Ocean API
+ */
+
+import type { TestResult } from '../types/infrastructure';
+
+export interface DigitalOceanCredentials {
+  api_token: string;
+}
+
+/**
+ * Test connection to Digital Ocean API
+ * Makes a simple API call to verify credentials
+ */
+export async function testDigitalOceanConnection(
+  credentials: DigitalOceanCredentials,
+): Promise<TestResult> {
+  try {
+    const { api_token } = credentials;
+
+    // Call /v2/account endpoint (lightweight, returns account info)
+    const response = await fetch('https://api.digitalocean.com/v2/account', {
+      method: 'GET',
+      headers: {
+        Authorization: `Bearer ${api_token}`,
+        'Content-Type': 'application/json',
+      },
+    });
+
+    if (!response.ok) {
+      if (response.status === 401) {
+        return {
+          success: false,
+          message: 'Authentication failed - check API token',
+          details: { status: response.status },
+        };
+      }
+
+      return {
+        success: false,
+        message: `API request failed with status ${response.status}`,
+        details: { status: response.status },
+      };
+    }
+
+    const data = (await response.json()) as unknown;
+
+    // Validate response structure
+    if (
+      typeof data !== 'object' ||
+      data === null ||
+      !('account' in data) ||
+      typeof data.account !== 'object' ||
+      data.account === null
+    ) {
+      return {
+        success: false,
+        message: 'Unexpected API response format',
+        details: { response: data },
+      };
+    }
+
+    const account = data.account as {
+      email: string;
+      status: string;
+      droplet_limit: number;
+    };
+
+    return {
+      success: true,
+      message: `Connected to Digital Ocean (${account.email})`,
+      details: {
+        email: account.email,
+        status: account.status,
+        droplet_limit: account.droplet_limit,
+      },
+    };
+  } catch (error) {
+    if (error instanceof TypeError && error.message.includes('fetch')) {
+      return {
+        success: false,
+        message: 'Network error - check network connectivity',
+        details: { error: error.message },
+      };
+    }
+
+    return {
+      success: false,
+      message: `Connection test failed: ${error instanceof Error ? error.message : String(error)}`,
+      details: { error: String(error) },
+    };
+  }
+}