@celilo/cli 0.1.0

package/src/cli/commands/module-import.ts

@@ -0,0 +1,80 @@
+/**
+ * Module import command
+ */
+
+import { resolve } from 'node:path';
+import { getModuleStoragePath, shortenPath } from '../../config/paths';
+import { getDb } from '../../db/client';
+import { importModule } from '../../module/import';
+import { getArg, getFlag, validateRequiredArgs } from '../parser';
+import type { CommandResult } from '../types';
+import { generateTypesForImportedModule } from './module-types';
+
+/**
+ * Handle module import command
+ *
+ * Usage: celilo module import <path> [--target <path>]
+ *
+ * @param args - Command arguments
+ * @param flags - Command flags
+ * @returns Command result
+ */
+export async function handleModuleImport(
+  args: string[],
+  flags: Record<string, string | boolean>,
+): Promise<CommandResult> {
+  // Validate arguments
+  const error = validateRequiredArgs(args, 1);
+  if (error) {
+    return {
+      success: false,
+      error: `${error}\n\nUsage: celilo module import <path> [--target <path>]`,
+    };
+  }
+
+  const sourcePath = getArg(args, 0);
+  if (!sourcePath) {
+    return {
+      success: false,
+      error: 'Source path is required',
+    };
+  }
+
+  // Resolve paths
+  const resolvedSourcePath = resolve(sourcePath);
+  const targetBasePath = getFlag(flags, 'target', getModuleStoragePath());
+  const resolvedTargetBasePath = resolve(targetBasePath);
+
+  // Import module
+  const db = getDb();
+  const result = await importModule({
+    sourcePath: resolvedSourcePath,
+    targetBasePath: resolvedTargetBasePath,
+    db,
+    flags,
+  });
+
+  if (!result.success) {
+    return {
+      success: false,
+      error: result.error,
+      details: result.details,
+    };
+  }
+
+  // Belt-and-suspenders: regenerate the module's celilo/types.d.ts so
+  // the imported module can never have stale types. Non-fatal on error —
+  // a codegen failure should not abort a successful import.
+  const typesPath = await generateTypesForImportedModule(result.targetPath);
+  const typesMessage = typesPath ? `\nGenerated types: ${shortenPath(typesPath)}` : '';
+
+  return {
+    success: true,
+    message: `Successfully imported module: ${result.moduleId}\nFiles copied to: ${shortenPath(result.targetPath)}${typesMessage}`,
+    data: {
+      moduleId: result.moduleId,
+      targetPath: result.targetPath,
+      typesPath: typesPath ?? undefined,
+    },
+  };
+}

package/src/cli/commands/module-list.ts

@@ -0,0 +1,43 @@
+import { getDb } from '../../db/client';
+import { modules } from '../../db/schema';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle module list command
+ *
+ * Usage: celilo module list
+ *
+ * @returns Command result
+ */
+export async function handleModuleList(): Promise<CommandResult> {
+  const db = getDb();
+
+  // Query all modules
+  const moduleRows = db.select().from(modules).all();
+
+  if (moduleRows.length === 0) {
+    return {
+      success: true,
+      message: 'No modules installed',
+    };
+  }
+
+  // Format module list
+  const lines = ['Installed modules:', ''];
+  for (const module of moduleRows) {
+    lines.push(`${module.id} (v${module.version}) - ${module.state}`);
+    if (module.description) {
+      lines.push(`  ${module.description}`);
+    }
+    if (module.errorMessage) {
+      lines.push(`  Error: ${module.errorMessage}`);
+    }
+    lines.push('');
+  }
+
+  return {
+    success: true,
+    message: lines.join('\n'),
+    data: moduleRows,
+  };
+}

package/src/cli/commands/module-logs.ts

@@ -0,0 +1,73 @@
+/**
+ * Module logs command - show deploy logs for a module
+ */
+
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { eq } from 'drizzle-orm';
+import { getModuleStoragePath } from '../../config/paths';
+import { getDb } from '../../db/client';
+import { modules } from '../../db/schema';
+import { getArg, hasFlag, validateRequiredArgs } from '../parser';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle module logs command
+ *
+ * Usage: celilo module logs <id> [--tail <n>]
+ */
+export async function handleModuleLogs(
+  args: string[],
+  flags: Record<string, string | boolean>,
+): Promise<CommandResult> {
+  const error = validateRequiredArgs(args, 1);
+  if (error) {
+    return {
+      success: false,
+      error: `${error}\n\nUsage: celilo module logs <id> [--tail <n>]`,
+    };
+  }
+
+  const moduleId = getArg(args, 0);
+  if (!moduleId) {
+    return { success: false, error: 'Module ID is required' };
+  }
+
+  const db = getDb();
+  const module = db.select().from(modules).where(eq(modules.id, moduleId)).get();
+  if (!module) {
+    return { success: false, error: `Module not found: ${moduleId}` };
+  }
+
+  const logPath = join(getModuleStoragePath(), moduleId, 'generated', 'deploy.log');
+
+  if (!existsSync(logPath)) {
+    return {
+      success: true,
+      message: `No deploy logs found for ${moduleId}.\nLogs are created on the next deployment.`,
+    };
+  }
+
+  const content = readFileSync(logPath, 'utf-8');
+
+  // --tail N: show only the last N lines
+  const tailValue = flags.tail;
+  if (typeof tailValue === 'string') {
+    const n = Number.parseInt(tailValue, 10);
+    if (Number.isNaN(n) || n < 1) {
+      return { success: false, error: '--tail requires a positive number' };
+    }
+    const lines = content.trimEnd().split('\n');
+    const tail = lines.slice(-n);
+    return { success: true, message: tail.join('\n') };
+  }
+
+  // --last: show only the most recent deploy run
+  if (hasFlag(flags, 'last')) {
+    const runs = content.split(/(?=\n--- Ansible deploy )/);
+    const lastRun = runs[runs.length - 1];
+    return { success: true, message: (lastRun || content).trim() };
+  }
+
+  return { success: true, message: content.trim() };
+}

package/src/cli/commands/module-remove.ts

@@ -0,0 +1,162 @@
+/**
+ * Module remove command
+ *
+ * Removes a module, destroying infrastructure if present.
+ * Requires confirmation for infrastructure modules unless --force is passed.
+ */
+
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { eq } from 'drizzle-orm';
+import { getDb } from '../../db/client';
+import { moduleInfrastructure, modules } from '../../db/schema';
+import { deallocateForModule } from '../../ipam/auto-allocator';
+import { executeBuildWithProgress } from '../../services/build-stream';
+import { getContainerService, getServiceCredentials } from '../../services/container-service';
+import { getArg, hasFlag, validateRequiredArgs } from '../parser';
+import { log, promptConfirm } from '../prompts';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle module remove command
+ *
+ * Usage: celilo module remove <id> [--force]
+ *
+ * @param args - Command arguments
+ * @param flags - Command flags
+ * @returns Command result
+ */
+export async function handleModuleRemove(
+  args: string[],
+  flags: Record<string, string | boolean> = {},
+): Promise<CommandResult> {
+  // Validate arguments
+  const error = validateRequiredArgs(args, 1);
+  if (error) {
+    return {
+      success: false,
+      error: `${error}\n\nUsage: celilo module remove <id> [--force]`,
+    };
+  }
+
+  const moduleId = getArg(args, 0);
+
+  if (!moduleId) {
+    return {
+      success: false,
+      error: 'Module ID is required',
+    };
+  }
+
+  const force = hasFlag(flags, 'force');
+  const db = getDb();
+
+  // Check if module exists
+  const module = db.select().from(modules).where(eq(modules.id, moduleId)).get();
+
+  if (!module) {
+    return {
+      success: false,
+      error: `Module not found: ${moduleId}`,
+    };
+  }
+
+  // Check if module has infrastructure that needs to be destroyed
+  const infra = db
+    .select()
+    .from(moduleInfrastructure)
+    .where(eq(moduleInfrastructure.moduleId, moduleId))
+    .get();
+
+  const terraformDir = join(module.sourcePath, 'generated', 'terraform');
+  const hasTerraformState = existsSync(join(terraformDir, 'terraform.tfstate'));
+
+  if (infra && hasTerraformState) {
+    // Module has infrastructure — need to destroy it
+    if (!force) {
+      const confirmed = await promptConfirm({
+        message: `Module '${moduleId}' has deployed infrastructure. This will run terraform destroy to remove it. Continue?`,
+      });
+
+      if (!confirmed) {
+        return {
+          success: false,
+          error: 'Removal cancelled',
+        };
+      }
+    }
+
+    // Build Terraform env vars (need service credentials for destroy)
+    const terraformEnvVars: Record<string, string> = {
+      TF_IN_AUTOMATION: '1',
+    };
+
+    if (infra.infrastructureType === 'container_service' && infra.serviceId) {
+      const service = await getContainerService(infra.serviceId);
+      if (service) {
+        const credentials = await getServiceCredentials(infra.serviceId);
+        if (service.providerName === 'digitalocean' && 'api_token' in credentials) {
+          terraformEnvVars.TF_VAR_digitalocean_token = credentials.api_token;
+        } else if (service.providerName === 'proxmox' && 'api_url' in credentials) {
+          terraformEnvVars.TF_VAR_proxmox_api_url = credentials.api_url;
+          terraformEnvVars.TF_VAR_proxmox_token_id = credentials.api_token_id;
+          terraformEnvVars.TF_VAR_proxmox_token_secret = credentials.api_token_secret;
+        }
+      }
+    }
+
+    // Run terraform destroy
+    log.info(`Destroying infrastructure for ${moduleId}...`);
+
+    const initResult = await executeBuildWithProgress({
+      command: 'terraform',
+      args: ['init', '-upgrade'],
+      cwd: terraformDir,
+      title: 'Initializing Terraform',
+      env: terraformEnvVars,
+    });
+
+    if (!initResult.success) {
+      return {
+        success: false,
+        error: `Terraform init failed: ${initResult.error}`,
+      };
+    }
+
+    const destroyResult = await executeBuildWithProgress({
+      command: 'terraform',
+      args: ['destroy', '-auto-approve', '-no-color'],
+      cwd: terraformDir,
+      title: 'Destroying infrastructure',
+      env: terraformEnvVars,
+    });
+
+    if (!destroyResult.success) {
+      return {
+        success: false,
+        error: `Terraform destroy failed: ${destroyResult.error}\n\nInfrastructure may still exist. Check your provider console.`,
+      };
+    }
+
+    log.success('Infrastructure destroyed');
+  }
+
+  // Remove DNS record (if dns_internal is available)
+  try {
+    const { autoDeregisterDns } = await import('../../services/dns-auto-register');
+    await autoDeregisterDns(moduleId, db, log);
+  } catch {
+    // Non-fatal -- continue with removal
+  }
+
+  // Deallocate IPAM resources (if any)
+  await deallocateForModule(moduleId, db);
+
+  // Delete module (cascade will remove configs, secrets, capabilities, infrastructure records)
+  db.delete(modules).where(eq(modules.id, moduleId)).run();
+
+  return {
+    success: true,
+    message: `Successfully removed module: ${moduleId}`,
+  };
+}

package/src/cli/commands/module-show.ts

@@ -0,0 +1,208 @@
+/**
+ * Module debugging commands
+ * Show detailed module information including auto-derived values
+ */
+
+import { eq } from 'drizzle-orm';
+import { getDb } from '../../db/client';
+import { modules } from '../../db/schema';
+import type { ModuleManifest } from '../../manifest/schema';
+import { buildResolutionContext } from '../../variables/context';
+import { getArg, validateRequiredArgs } from '../parser';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle module show-config command
+ * Shows ALL configuration including auto-derived values
+ *
+ * Usage: celilo module show-config <module-id>
+ *
+ * @param args - Command arguments
+ * @returns Command result
+ */
+export async function handleModuleShowConfig(args: string[]): Promise<CommandResult> {
+  const error = validateRequiredArgs(args, 1);
+  if (error) {
+    return {
+      success: false,
+      error: `${error}\n\nUsage: celilo module show-config <module-id>`,
+    };
+  }
+
+  const moduleId = getArg(args, 0);
+  if (!moduleId) {
+    return {
+      success: false,
+      error: 'Module ID is required',
+    };
+  }
+
+  const db = getDb();
+
+  // Check if module exists
+  const module = db.select().from(modules).where(eq(modules.id, moduleId)).get();
+  if (!module) {
+    return {
+      success: false,
+      error: `Module not found: ${moduleId}`,
+    };
+  }
+
+  try {
+    // Build resolution context to get ALL config (including auto-derived)
+    const context = await buildResolutionContext(moduleId, db);
+
+    const lines = [`Complete configuration for ${moduleId}:`, ''];
+
+    // Group config by source
+    const userConfig: string[] = [];
+    const autoConfig: string[] = [];
+
+    for (const [key, value] of Object.entries(context.selfConfig)) {
+      // Skip internal/derived keys that aren't useful for display
+      if (key.startsWith('requires.machine.')) continue;
+
+      const line = `  ${key} = ${value}`;
+
+      // Categorize: inventory.* and some others are auto-derived
+      if (
+        key.startsWith('inventory.') ||
+        key === 'vmid' ||
+        key === 'container_ip' ||
+        key === 'gateway' ||
+        key === 'vlan' ||
+        key === 'subnet' ||
+        key === 'bridge'
+      ) {
+        autoConfig.push(line);
+      } else {
+        userConfig.push(line);
+      }
+    }
+
+    if (userConfig.length > 0) {
+      lines.push('User Configuration:');
+      lines.push(...userConfig);
+      lines.push('');
+    }
+
+    if (autoConfig.length > 0) {
+      lines.push('Auto-Derived Configuration:');
+      lines.push(...autoConfig);
+      lines.push('');
+    }
+
+    // Show zone if set
+    if (context.selfConfig.zone) {
+      lines.push(`Network Zone: ${context.selfConfig.zone}`);
+    }
+
+    return {
+      success: true,
+      message: lines.join('\n'),
+      data: context.selfConfig,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: `Failed to get module configuration: ${error instanceof Error ? error.message : String(error)}`,
+    };
+  }
+}
+
+/**
+ * Handle module show-zone command
+ * Shows which zone the module is in
+ *
+ * Usage: celilo module show-zone <module-id>
+ *
+ * @param args - Command arguments
+ * @returns Command result
+ */
+export async function handleModuleShowZone(args: string[]): Promise<CommandResult> {
+  const error = validateRequiredArgs(args, 1);
+  if (error) {
+    return {
+      success: false,
+      error: `${error}\n\nUsage: celilo module show-zone <module-id>`,
+    };
+  }
+
+  const moduleId = getArg(args, 0);
+  if (!moduleId) {
+    return {
+      success: false,
+      error: 'Module ID is required',
+    };
+  }
+
+  const db = getDb();
+
+  // Check if module exists
+  const module = db.select().from(modules).where(eq(modules.id, moduleId)).get();
+  if (!module) {
+    return {
+      success: false,
+      error: `Module not found: ${moduleId}`,
+    };
+  }
+
+  try {
+    // Build resolution context to get zone
+    const context = await buildResolutionContext(moduleId, db);
+    const manifest = module.manifestData as ModuleManifest;
+
+    const zone = context.selfConfig.zone || manifest.requires?.machine?.zone;
+
+    if (!zone) {
+      return {
+        success: true,
+        message: `Module ${moduleId} has no zone configured`,
+      };
+    }
+
+    const zoneDescriptions: Record<string, string> = {
+      dmz: 'DMZ (Public-facing services)',
+      app: 'Application (Internal services)',
+      secure: 'Secure (Authentication/Database)',
+      external: 'External (VPS/Cloud)',
+    };
+
+    const description = zoneDescriptions[zone] || 'Unknown zone';
+
+    const lines = [`Module: ${moduleId}`, `Zone: ${zone} - ${description}`, ''];
+
+    // Show network config if available
+    if (zone !== 'external') {
+      lines.push('Network Configuration:');
+      if (context.selfConfig.gateway) lines.push(`  Gateway: ${context.selfConfig.gateway}`);
+      if (context.selfConfig.vlan) lines.push(`  VLAN: ${context.selfConfig.vlan}`);
+      if (context.selfConfig.subnet) lines.push(`  Subnet: ${context.selfConfig.subnet}`);
+      if (context.selfConfig.bridge) lines.push(`  Bridge: ${context.selfConfig.bridge}`);
+    } else {
+      lines.push('External zone (VPS/Cloud) - no local network config');
+    }
+
+    return {
+      success: true,
+      message: lines.join('\n'),
+      data: {
+        zone,
+        network:
+          zone !== 'external'
+            ? {
+                gateway: context.selfConfig.gateway,
+                vlan: context.selfConfig.vlan,
+                subnet: context.selfConfig.subnet,
+                bridge: context.selfConfig.bridge,
+              }
+            : null,
+      },
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: `Failed to get module zone: ${error instanceof Error ? error.message : String(error)}`,
+    };
+  }
+}

package/src/cli/commands/module-status.ts

@@ -0,0 +1,131 @@
+/**
+ * Module status command - show detailed information about a module
+ */
+
+import { eq } from 'drizzle-orm';
+import { getDb } from '../../db/client';
+import { capabilities, moduleConfigs, modules, secrets } from '../../db/schema';
+import { getArg, validateRequiredArgs } from '../parser';
+import type { CommandResult } from '../types';
+
+/**
+ * Handle module status command
+ *
+ * Usage: celilo module status <id>
+ *
+ * @param args - Command arguments
+ * @returns Command result
+ */
+export async function handleModuleStatus(args: string[]): Promise<CommandResult> {
+  // Validate arguments
+  const error = validateRequiredArgs(args, 1);
+  if (error) {
+    return {
+      success: false,
+      error: `${error}\n\nUsage: celilo module status <id>`,
+    };
+  }
+
+  const moduleId = getArg(args, 0);
+
+  if (!moduleId) {
+    return {
+      success: false,
+      error: 'Module ID is required',
+    };
+  }
+
+  const db = getDb();
+
+  // Check if module exists
+  const module = db.select().from(modules).where(eq(modules.id, moduleId)).get();
+
+  if (!module) {
+    return {
+      success: false,
+      error: `Module not found: ${moduleId}`,
+    };
+  }
+
+  // Get configuration values
+  const configs = db.select().from(moduleConfigs).where(eq(moduleConfigs.moduleId, moduleId)).all();
+
+  // Get secrets (names only, not values)
+  const moduleSecrets = db.select().from(secrets).where(eq(secrets.moduleId, moduleId)).all();
+
+  // Get capabilities
+  const moduleCapabilities = db
+    .select()
+    .from(capabilities)
+    .where(eq(capabilities.moduleId, moduleId))
+    .all();
+
+  // Build sections as multi-line blocks joined by \n\n.
+  // The display code in index.ts splits on \n\n and passes each section
+  // as a single multi-line string to p.log.message(), avoiding clack's
+  // per-line extra spacing.
+  const sections: string[] = [];
+
+  // Section 1: Module metadata
+  const metadataLines = [
+    `Module: ${module.id}`,
+    `Name: ${module.name}`,
+    `Version: ${module.version}`,
+    `State: ${module.state}`,
+  ];
+  if (module.description) {
+    metadataLines.push(`Description: ${module.description}`);
+  }
+  metadataLines.push(`Source: ${module.sourcePath}`);
+  metadataLines.push(`Imported: ${module.importedAt.toISOString()}`);
+  metadataLines.push(`Updated: ${module.updatedAt.toISOString()}`);
+  if (module.errorMessage) {
+    metadataLines.push(`Error: ${module.errorMessage}`);
+  }
+  sections.push(metadataLines.join('\n'));
+
+  // Section 2: Configuration
+  if (configs.length > 0) {
+    const configLines = ['Configuration:'];
+    for (const config of configs) {
+      const value = config.valueJson ? JSON.stringify(JSON.parse(config.valueJson)) : config.value;
+      configLines.push(`  ${config.key}: ${value}`);
+    }
+    sections.push(configLines.join('\n'));
+  } else {
+    sections.push('Configuration: (none)');
+  }
+
+  // Section 3: Secrets
+  if (moduleSecrets.length > 0) {
+    const secretLines = ['Secrets:'];
+    for (const secret of moduleSecrets) {
+      secretLines.push(`  ${secret.name}: ********`);
+    }
+    sections.push(secretLines.join('\n'));
+  } else {
+    sections.push('Secrets: (none)');
+  }
+
+  // Section 4: Capabilities
+  if (moduleCapabilities.length > 0) {
+    const capabilityLines = ['Provides Capabilities:'];
+    for (const capability of moduleCapabilities) {
+      capabilityLines.push(`  ${capability.capabilityName} (v${capability.version})`);
+    }
+    sections.push(capabilityLines.join('\n'));
+  } else {
+    sections.push('Provides Capabilities: (none)');
+  }
+
+  return {
+    success: true,
+    message: sections.join('\n\n'),
+    data: {
+      module,
+      configs,
+      secrets: moduleSecrets.map((s) => ({ name: s.name })),
+      capabilities: moduleCapabilities,
+    },
+  };
+}