@celilo/cli 0.1.0

package/src/cli/commands/machine-add.ts

@@ -0,0 +1,235 @@
+/**
+ * Machine Add Command
+ * Add a machine to the machine pool with auto-detection
+ */
+
+import { existsSync } from 'node:fs';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { getDb } from '../../db/client';
+import {
+  detectMachineInfo,
+  detectNetworkInterfaces,
+  testSshConnection,
+} from '../../services/machine-detector';
+import { addMachine, getMachineByIp } from '../../services/machine-pool';
+import { loadExistingConfiguration } from '../../services/system-init';
+import { detectZoneFromIp } from '../../services/zone-detector';
+import { celiloIntro, celiloOutro, promptText } from '../prompts';
+import type { CommandResult } from '../types';
+import { validateIpAddress, validateRequired } from '../validators';
+
+/**
+ * Auto-detect SSH private key from system configuration
+ *
+ * Reads ssh.public_key from system config and finds matching private key in ~/.ssh/
+ *
+ * @returns Path to SSH private key, or null if not found
+ */
+function findSshPrivateKey(): string | null {
+  try {
+    const db = getDb();
+    const config = loadExistingConfiguration(db);
+    const publicKey = config['ssh.public_key'];
+
+    if (!publicKey) {
+      return null;
+    }
+
+    // Extract key type from public key (e.g., "ssh-ed25519", "ssh-rsa")
+    const keyType = publicKey.split(' ')[0];
+
+    const sshDir = join(process.env.HOME || '~', '.ssh');
+    if (!existsSync(sshDir)) {
+      return null;
+    }
+
+    // Common private key filenames based on type
+    const keyFileMap: Record<string, string[]> = {
+      'ssh-ed25519': ['id_ed25519'],
+      'ssh-rsa': ['id_rsa'],
+      'ecdsa-sha2-nistp256': ['id_ecdsa'],
+      'ecdsa-sha2-nistp384': ['id_ecdsa'],
+      'ecdsa-sha2-nistp521': ['id_ecdsa'],
+    };
+
+    const candidateFiles = keyFileMap[keyType] || ['id_rsa', 'id_ed25519', 'id_ecdsa'];
+
+    // Try common key files
+    for (const keyFile of candidateFiles) {
+      const keyPath = join(sshDir, keyFile);
+      if (existsSync(keyPath)) {
+        // Verify this is the matching private key by checking if public key exists
+        const pubKeyPath = `${keyPath}.pub`;
+        if (existsSync(pubKeyPath)) {
+          const pubKeyContent = readFileSync(pubKeyPath, 'utf8').trim();
+          // Check if public keys match (compare key type and key data, ignore comment)
+          const [sysType, sysKey] = publicKey.split(' ');
+          const [fileType, fileKey] = pubKeyContent.split(' ');
+          if (sysType === fileType && sysKey === fileKey) {
+            return keyPath;
+          }
+        }
+      }
+    }
+
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Handle machine add command
+ *
+ * @param args - Command arguments (unused for interactive mode)
+ * @param flags - Command flags (--ip, --ssh-user, --ssh-key-file for non-interactive)
+ */
+export async function handleMachineAdd(
+  args: string[],
+  flags: Record<string, boolean | string> = {},
+): Promise<CommandResult> {
+  try {
+    celiloIntro('Add Machine to Pool');
+
+    // Hybrid mode: use flags for what's provided, prompt for what's missing
+    let ipAddress: string;
+    let sshUser: string;
+    let sshKeyPath: string;
+
+    // IP address: from positional arg, --ip flag, or prompt
+    if (args[0] && /^\d+\.\d+\.\d+\.\d+$/.test(args[0])) {
+      ipAddress = args[0];
+    } else if (typeof flags.ip === 'string') {
+      ipAddress = flags.ip;
+    } else {
+      ipAddress = await promptText({
+        message: 'Machine IP address:',
+        validate: validateIpAddress,
+      });
+    }
+
+    // Check for duplicate IP
+    const existing = await getMachineByIp(ipAddress);
+    if (existing) {
+      return {
+        success: false,
+        error: `Machine with IP ${ipAddress} already exists (hostname: ${existing.hostname}, zone: ${existing.zone})`,
+      };
+    }
+
+    // SSH user: from flag, default to 'root', or prompt
+    if (typeof flags['ssh-user'] === 'string') {
+      sshUser = flags['ssh-user'];
+    } else {
+      sshUser = await promptText({
+        message: 'SSH username:',
+        defaultValue: 'root',
+        placeholder: 'root',
+        validate: validateRequired('SSH username'),
+      });
+    }
+
+    // SSH key: from flag, auto-detect, or error
+    if (typeof flags['ssh-key-file'] === 'string') {
+      sshKeyPath = flags['ssh-key-file'];
+      const expandedPath = sshKeyPath.replace(/^~/, process.env.HOME || '~');
+      if (!existsSync(expandedPath)) {
+        return { success: false, error: `SSH key file not found: ${expandedPath}` };
+      }
+    } else {
+      // Auto-detect SSH key from system config
+      const detectedKeyPath = findSshPrivateKey();
+      if (!detectedKeyPath) {
+        return {
+          success: false,
+          error:
+            'Cannot find SSH private key.\n\n' +
+            'The ssh.public_key system config is set, but no matching private key was found in ~/.ssh/\n\n' +
+            'Specify manually with: --ssh-key-file ~/.ssh/id_ed25519',
+        };
+      }
+      sshKeyPath = detectedKeyPath;
+      console.log(`Using SSH key: ${sshKeyPath}`);
+    }
+
+    // Expand tilde in path
+    const expandedKeyPath = sshKeyPath.replace(/^~/, process.env.HOME || '~');
+
+    // Read SSH key content
+    const sshKey = readFileSync(expandedKeyPath, 'utf8');
+
+    console.log('\nTesting SSH connection...');
+
+    // Test SSH connectivity
+    const canConnect = await testSshConnection(ipAddress, sshUser, expandedKeyPath);
+    if (!canConnect) {
+      return {
+        success: false,
+        error: `Cannot connect to ${sshUser}@${ipAddress} with provided SSH key`,
+      };
+    }
+
+    console.log('✓ SSH connection successful\n');
+
+    console.log('Detecting machine information...');
+
+    // Auto-detect machine info
+    const detectedInfo = await detectMachineInfo(ipAddress, sshUser, expandedKeyPath);
+
+    console.log('✓ Machine detected:');
+    console.log(`  Hostname: ${detectedInfo.hostname}`);
+    console.log(`  OS: ${detectedInfo.osInfo}`);
+    console.log(
+      `  CPU: ${detectedInfo.hardware.cpu_cores} cores (${detectedInfo.hardware.arch || 'unknown'})`,
+    );
+    console.log(`  Memory: ${detectedInfo.hardware.memory_mb} MB`);
+    console.log(`  Disk: ${detectedInfo.hardware.disk_gb} GB\n`);
+
+    // Auto-detect zone from IP
+    console.log('Detecting network zone...');
+    const zone = await detectZoneFromIp(ipAddress);
+    console.log(`✓ Zone: ${zone}\n`);
+
+    // Detect network interfaces and classify machine
+    console.log('Detecting network interfaces...');
+    const { interfaces, role } = await detectNetworkInterfaces(ipAddress, sshUser, expandedKeyPath);
+
+    console.log(`✓ Role: ${role}`);
+    for (const iface of interfaces) {
+      console.log(`  ${iface.name}: ${iface.ipAddress} (${iface.zone})`);
+    }
+    console.log('');
+
+    // Add machine to pool
+    const earmark = typeof flags.earmark === 'string' ? flags.earmark : undefined;
+    const machine = await addMachine({
+      hostname: detectedInfo.hostname,
+      zone,
+      ipAddress,
+      sshUser,
+      sshKey,
+      hardware: detectedInfo.hardware,
+      role,
+      interfaces,
+      assignedModuleIds: [],
+      earmarkedModule: earmark || null,
+    });
+
+    const earmarkNote = earmark ? `\n  Earmarked for: ${earmark}` : '';
+    const roleNote = role === 'router' ? ` (router - ${interfaces.length} interfaces)` : '';
+    celiloOutro(
+      `Machine '${detectedInfo.hostname}' added successfully!\n\nDetails:\n  Zone: ${zone}${roleNote}\n  IP: ${ipAddress}\n  Hardware: ${detectedInfo.hardware.cpu_cores} cores, ${detectedInfo.hardware.memory_mb} MB RAM, ${detectedInfo.hardware.disk_gb} GB disk${earmarkNote}\n\nNext steps:\n  - List machines: celilo machine list\n  - Check status: celilo machine status ${detectedInfo.hostname}`,
+    );
+
+    return {
+      success: true,
+      message: `Added machine: ${machine.id}`,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: `Failed to add machine: ${error instanceof Error ? error.message : String(error)}`,
+    };
+  }
+}

package/src/cli/commands/machine-earmark.ts

@@ -0,0 +1,82 @@
+/**
+ * Machine Earmark Command
+ * Earmark a machine for a specific module, or clear an earmark
+ */
+
+import {
+  getMachineByHostname,
+  getMachineByIp,
+  updateMachineEarmark,
+} from '../../services/machine-pool';
+import { celiloIntro, celiloOutro } from '../prompts';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle machine earmark command
+ *
+ * @param args - [hostname|ip, module-id] or [hostname|ip, --clear]
+ * @param flags - --clear to remove earmark
+ */
+export async function handleMachineEarmark(
+  args: string[],
+  flags: Record<string, boolean | string> = {},
+): Promise<CommandResult> {
+  try {
+    celiloIntro('Earmark Machine');
+
+    const identifier = args[0];
+    if (!identifier) {
+      return {
+        success: false,
+        error:
+          'Machine hostname or IP is required\n\nUsage:\n  celilo machine earmark <hostname|ip> <module-id>\n  celilo machine earmark <hostname|ip> --clear',
+      };
+    }
+
+    // Look up by IP first, then by hostname
+    const isIp = /^\d+\.\d+\.\d+\.\d+$/.test(identifier);
+    const machine = isIp
+      ? await getMachineByIp(identifier)
+      : await getMachineByHostname(identifier);
+
+    if (!machine) {
+      return {
+        success: false,
+        error: `Machine not found: ${identifier}`,
+      };
+    }
+
+    // Clear earmark
+    if (flags.clear) {
+      await updateMachineEarmark(machine.id, null);
+      celiloOutro(`Cleared earmark on '${machine.hostname}' (${machine.ipAddress})`);
+      return {
+        success: true,
+        message: `Cleared earmark on ${machine.hostname}`,
+      };
+    }
+
+    // Set earmark
+    const moduleId = args[1];
+    if (!moduleId) {
+      return {
+        success: false,
+        error:
+          'Module ID is required\n\nUsage:\n  celilo machine earmark <hostname|ip> <module-id>\n  celilo machine earmark <hostname|ip> --clear',
+      };
+    }
+
+    await updateMachineEarmark(machine.id, moduleId);
+    celiloOutro(`Earmarked '${machine.hostname}' (${machine.ipAddress}) for module '${moduleId}'`);
+
+    return {
+      success: true,
+      message: `Earmarked ${machine.hostname} for ${moduleId}`,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: `Failed to earmark machine: ${error instanceof Error ? error.message : String(error)}`,
+    };
+  }
+}

package/src/cli/commands/machine-list.ts

@@ -0,0 +1,77 @@
+/**
+ * Machine List Command
+ * List all machines in the machine pool
+ */
+
+import type { NetworkZone } from '../../db/schema';
+import { type MachineFilters, listMachines } from '../../services/machine-pool';
+import { celiloIntro } from '../prompts';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle machine list command
+ *
+ * @param args - Command arguments (unused)
+ * @param flags - Command flags (--zone filter)
+ */
+export async function handleMachineList(
+  _args: string[],
+  flags: Record<string, boolean | string> = {},
+): Promise<CommandResult> {
+  try {
+    celiloIntro('Machine Pool');
+
+    // Apply zone filter if provided
+    const filters: MachineFilters = {};
+    if (flags.zone && typeof flags.zone === 'string') {
+      filters.zone = flags.zone as NetworkZone;
+    }
+
+    const machines = await listMachines(filters);
+
+    if (machines.length === 0) {
+      console.log('No machines in pool.\n');
+      console.log('Add a machine:');
+      console.log('  celilo machine add');
+      return { success: true, message: 'No machines found' };
+    }
+
+    console.log('');
+    for (const machine of machines) {
+      const assignedCount = machine.assignedModuleIds.length;
+      const assignedText =
+        assignedCount === 0 ? 'None (available)' : machine.assignedModuleIds.join(', ');
+
+      const roleLabel = machine.role === 'router' ? ' [router]' : '';
+      console.log(`${machine.hostname} (${machine.zone})${roleLabel}`);
+      console.log(`  IP:       ${machine.ipAddress}`);
+      console.log(`  SSH:      ${machine.sshUser}@${machine.ipAddress}`);
+      if (machine.role === 'router' && machine.interfaces.length > 1) {
+        console.log('  Interfaces:');
+        for (const iface of machine.interfaces) {
+          console.log(`    ${iface.name}: ${iface.ipAddress} (${iface.zone})`);
+        }
+      }
+      console.log(
+        `  Hardware: ${machine.hardware.cpu_cores} cores, ${machine.hardware.memory_mb} MB RAM, ${machine.hardware.disk_gb} GB disk`,
+      );
+      console.log(`  Assigned: ${assignedText}`);
+      if (machine.earmarkedModule) {
+        console.log(`  Earmarked: ${machine.earmarkedModule}`);
+      }
+      console.log('');
+    }
+
+    console.log(`Total: ${machines.length} machine${machines.length === 1 ? '' : 's'}\n`);
+
+    return {
+      success: true,
+      message: `Found ${machines.length} machine(s)`,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: `Failed to list machines: ${error instanceof Error ? error.message : String(error)}`,
+    };
+  }
+}

package/src/cli/commands/machine-remove.ts

@@ -0,0 +1,90 @@
+/**
+ * Machine Remove Command
+ * Remove a machine from the machine pool
+ */
+
+import * as p from '@clack/prompts';
+import { getMachineByHostname, getMachineByIp, removeMachine } from '../../services/machine-pool';
+import { celiloIntro, celiloOutro } from '../prompts';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle machine remove command
+ *
+ * @param args - Command arguments [hostname]
+ * @param flags - Command flags (--force)
+ */
+export async function handleMachineRemove(
+  args: string[],
+  flags: Record<string, boolean | string> = {},
+): Promise<CommandResult> {
+  try {
+    celiloIntro('Remove Machine');
+
+    // Get identifier from args (hostname or IP)
+    const identifier = args[0];
+    if (!identifier) {
+      return {
+        success: false,
+        error: 'Hostname or IP address is required\n\nUsage: celilo machine remove <hostname|ip>',
+      };
+    }
+
+    // Look up by IP first, then by hostname
+    const isIp = /^\d+\.\d+\.\d+\.\d+$/.test(identifier);
+    const machine = isIp
+      ? await getMachineByIp(identifier)
+      : await getMachineByHostname(identifier);
+    if (!machine) {
+      return {
+        success: false,
+        error: `Machine not found: ${identifier}`,
+      };
+    }
+    const hostname = machine.hostname;
+
+    // Check for assigned modules
+    if (machine.assignedModuleIds.length > 0) {
+      console.log(
+        `\nError: Machine '${hostname}' has ${machine.assignedModuleIds.length} assigned module(s):`,
+      );
+      for (const moduleId of machine.assignedModuleIds) {
+        console.log(`  - ${moduleId}`);
+      }
+      console.log('\nModules must be unassigned or shut down before removing the machine.\n');
+
+      return {
+        success: false,
+        error: 'Cannot remove machine with assigned modules',
+      };
+    }
+
+    // Confirm deletion
+    if (!flags.force) {
+      const confirmed = await p.confirm({
+        message: `Remove machine '${hostname}' (${machine.ipAddress})?`,
+        initialValue: false,
+      });
+
+      if (p.isCancel(confirmed) || !confirmed) {
+        p.cancel('Operation cancelled');
+        return { success: false, error: 'Cancelled by user' };
+      }
+    }
+
+    // Remove the machine
+    await removeMachine(machine.id);
+
+    celiloOutro(`Machine '${hostname}' removed successfully!`);
+
+    return {
+      success: true,
+      message: `Removed machine: ${hostname}`,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: `Failed to remove machine: ${error instanceof Error ? error.message : String(error)}`,
+    };
+  }
+}

package/src/cli/commands/machine-status.ts

@@ -0,0 +1,131 @@
+/**
+ * Machine Status Command
+ * Show detailed machine status with live connectivity and resource usage
+ */
+
+import { detectMachineInfo, testSshConnection } from '../../services/machine-detector';
+import { getMachineByHostname, getModuleResourcesOnMachine } from '../../services/machine-pool';
+import { ManagedSshKey } from '../../services/ssh-key-manager';
+import { celiloIntro } from '../prompts';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle machine status command
+ *
+ * @param args - Command arguments [hostname]
+ * @param flags - Command flags
+ */
+export async function handleMachineStatus(
+  args: string[],
+  _flags: Record<string, boolean | string> = {},
+): Promise<CommandResult> {
+  try {
+    celiloIntro('Machine Status');
+
+    // Get hostname from args
+    const hostname = args[0];
+    if (!hostname) {
+      return {
+        success: false,
+        error: 'Hostname is required\n\nUsage: celilo machine status <hostname>',
+      };
+    }
+
+    // Verify machine exists
+    const machine = await getMachineByHostname(hostname);
+    if (!machine) {
+      return {
+        success: false,
+        error: `Machine not found: ${hostname}`,
+      };
+    }
+
+    console.log('\nMachine Information');
+    console.log('─────────────────');
+    console.log(`Hostname: ${machine.hostname}`);
+    console.log(`Zone:     ${machine.zone}`);
+    console.log(`IP:       ${machine.ipAddress}`);
+    console.log(`SSH User: ${machine.sshUser}`);
+    console.log('');
+
+    console.log('Hardware Specifications');
+    console.log('──────────────────────');
+    console.log(`CPU:    ${machine.hardware.cpu_cores} cores`);
+    console.log(`Memory: ${machine.hardware.memory_mb} MB`);
+    console.log(`Disk:   ${machine.hardware.disk_gb} GB`);
+    console.log('');
+
+    console.log('Assigned Modules');
+    console.log('───────────────');
+    if (machine.assignedModuleIds.length === 0) {
+      console.log('None (available)');
+    } else {
+      for (const moduleId of machine.assignedModuleIds) {
+        console.log(`  - ${moduleId}`);
+      }
+
+      // Show resource allocation
+      const allocated = await getModuleResourcesOnMachine(machine.id);
+      console.log('');
+      console.log('Resource Allocation');
+      console.log('──────────────────');
+      console.log(`CPU:    ${allocated.cpu} / ${machine.hardware.cpu_cores} cores`);
+      console.log(`Memory: ${allocated.memory} / ${machine.hardware.memory_mb} MB`);
+      console.log(`Disk:   ${allocated.disk} / ${machine.hardware.disk_gb} GB`);
+    }
+    console.log('');
+
+    console.log('Connectivity Status');
+    console.log('──────────────────');
+    console.log('Testing SSH connection...');
+
+    // Get SSH key and test connectivity
+    const managedKey = new ManagedSshKey(machine.id);
+    try {
+      await managedKey.use(async (keyPath) => {
+        const canConnect = await testSshConnection(machine.ipAddress, machine.sshUser, keyPath);
+
+        if (canConnect) {
+          console.log('✓ SSH connection: OK');
+
+          // Try to get live hardware info
+          console.log('\nQuerying current resource usage...');
+          try {
+            const liveInfo = await detectMachineInfo(machine.ipAddress, machine.sshUser, keyPath);
+            console.log('✓ Live hardware info retrieved:');
+            console.log(`  CPU:    ${liveInfo.hardware.cpu_cores} cores`);
+            console.log(`  Memory: ${liveInfo.hardware.memory_mb} MB`);
+            console.log(`  Disk:   ${liveInfo.hardware.disk_gb} GB`);
+            console.log(`  OS:     ${liveInfo.osInfo}`);
+          } catch (error) {
+            console.log('✗ Could not retrieve live hardware info');
+            if (error instanceof Error) {
+              console.log(`  Error: ${error.message}`);
+            }
+          }
+        } else {
+          console.log('✗ SSH connection: FAILED');
+          console.log('  Machine may be offline or SSH key may have changed');
+        }
+      });
+    } catch (error) {
+      console.log('✗ SSH connection: ERROR');
+      if (error instanceof Error) {
+        console.log(`  Error: ${error.message}`);
+      }
+    }
+
+    console.log('');
+    console.log(`Last updated: ${machine.updatedAt.toISOString()}\n`);
+
+    return {
+      success: true,
+      message: `Retrieved status for machine: ${hostname}`,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: `Failed to get machine status: ${error instanceof Error ? error.message : String(error)}`,
+    };
+  }
+}

package/src/cli/commands/module-audit.ts

@@ -0,0 +1,51 @@
+import { auditModule } from '../../module/packaging/audit';
+import type { CommandResult } from '../types';
+
+/**
+ * Audit module integrity
+ *
+ * Usage: celilo module audit <module-id>
+ *
+ * Returns a CommandResult so the dispatcher controls process exit
+ * behavior. An earlier implementation called `process.exit()` directly,
+ * which killed the persistent CLI process used by `CLIContext` in
+ * integration tests.
+ */
+export async function moduleAudit(args: string[]): Promise<CommandResult> {
+  if (args.length === 0) {
+    return {
+      success: false,
+      error: 'Module ID is required\n\nUsage: celilo module audit <module-id>',
+    };
+  }
+
+  const moduleId = args[0];
+
+  const result = await auditModule(moduleId);
+
+  if (result.error) {
+    return { success: false, error: result.error };
+  }
+
+  if (result.success) {
+    return {
+      success: true,
+      message: `Module '${moduleId}' passed integrity check\n  No violations found.`,
+    };
+  }
+
+  // Build a multi-line failure message that includes every violation.
+  const violationLines = result.violations.map((v) => {
+    const icon = v.type === 'missing' ? '⚠' : v.type === 'modified' ? '✗' : '!';
+    return `  ${icon} [${v.type.toUpperCase()}] ${v.message}`;
+  });
+
+  return {
+    success: false,
+    error: [
+      `Module '${moduleId}' failed integrity check`,
+      `  Found ${result.violations.length} violation(s):`,
+      ...violationLines,
+    ].join('\n'),
+  };
+}