@celilo/cli 0.1.0

package/src/services/backup-create.ts

@@ -0,0 +1,532 @@
+/**
+ * Backup creation service.
+ * Orchestrates the backup workflow: create temp files, encrypt, upload to storage.
+ */
+
+import {
+  copyFileSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  rmSync,
+  statSync,
+  writeFileSync,
+} from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { eq } from 'drizzle-orm';
+import { getDbPath } from '../config/paths';
+import { getDb } from '../db/client';
+import { moduleConfigs, modules, secrets as secretsTable } from '../db/schema';
+import { invokeHook } from '../hooks/executor';
+import { createConsoleLogger } from '../hooks/logger';
+import type { ModuleManifest } from '../manifest/schema';
+import { decryptSecret, encryptSecret } from '../secrets/encryption';
+import { getOrCreateMasterKey } from '../secrets/master-key';
+import { shellEscape } from '../utils/shell';
+import { completeBackup, createBackupRecord, failBackup, listBackups } from './backup-metadata';
+import { createStorageProvider, getBackupStorage, getDefaultBackupStorage } from './backup-storage';
+
+export interface BackupCreateOptions {
+  storageId?: string;
+  force?: boolean;
+}
+
+export interface BackupCreateResult {
+  success: boolean;
+  backupId?: string;
+  storagePath?: string;
+  sizeBytes?: number;
+  schemaVersion?: string;
+  error?: string;
+}
+
+export type BackupSchedule = 'hourly' | 'daily' | 'weekly' | 'monthly' | 'manual';
+
+/**
+ * Resolve the target storage destination
+ */
+export function resolveStorage(storageId?: string) {
+  if (storageId) {
+    const storage = getBackupStorage(storageId);
+    if (!storage) {
+      throw new Error(`Storage not found: ${storageId}`);
+    }
+    if (!storage.verified) {
+      throw new Error(
+        `Storage '${storage.storageId}' is not verified. Run: celilo storage verify ${storage.storageId}`,
+      );
+    }
+    return storage;
+  }
+
+  const defaultStorage = getDefaultBackupStorage();
+  if (!defaultStorage) {
+    throw new Error(
+      'No default backup storage configured.\n\nAdd storage first: celilo storage add local',
+    );
+  }
+  if (!defaultStorage.verified) {
+    throw new Error(
+      `Default storage '${defaultStorage.storageId}' is not verified. Run: celilo storage verify ${defaultStorage.storageId}`,
+    );
+  }
+  return defaultStorage;
+}
+
+/**
+ * Create a system state backup (Celilo database)
+ */
+export async function createSystemStateBackup(
+  options: BackupCreateOptions = {},
+): Promise<BackupCreateResult> {
+  const storage = resolveStorage(options.storageId);
+  const provider = await createStorageProvider(storage.id);
+
+  const now = new Date();
+  const dateDir = now.toISOString().slice(0, 10);
+  const timestamp = now.toISOString().replace(/[:.]/g, '-');
+  const storagePath = `${dateDir}/system-${timestamp}.backup`;
+
+  const record = createBackupRecord({
+    moduleId: null,
+    storageId: storage.id,
+    storagePath,
+    backupType: 'system_state',
+  });
+
+  const tempDir = join(tmpdir(), `celilo-backup-${record.id}`);
+
+  try {
+    mkdirSync(tempDir, { recursive: true });
+
+    // Copy the SQLite database to temp (safe point-in-time copy)
+    const dbPath = getDbPath();
+    const tempDbPath = join(tempDir, 'celilo.db');
+    copyFileSync(dbPath, tempDbPath);
+
+    // Also copy WAL file if it exists (for consistency)
+    const walPath = `${dbPath}-wal`;
+    try {
+      copyFileSync(walPath, join(tempDir, 'celilo.db-wal'));
+    } catch {
+      // WAL may not exist — that's fine
+    }
+
+    // Read the database file and encrypt it
+    const dbData = readFileSync(tempDbPath);
+    const masterKey = await getOrCreateMasterKey();
+    const encrypted = encryptSecret(dbData.toString('base64'), masterKey);
+
+    // Write encrypted payload to temp file
+    const encryptedPath = join(tempDir, 'system.enc');
+    writeFileSync(encryptedPath, JSON.stringify(encrypted));
+
+    const encryptedSize = statSync(encryptedPath).size;
+
+    // Upload to storage
+    await provider.upload(encryptedPath, storagePath);
+
+    // Mark backup as completed
+    completeBackup(record.id, {
+      sizeBytes: encryptedSize,
+      metadata: {
+        originalSizeBytes: dbData.length,
+        dbPath,
+      },
+    });
+
+    return {
+      success: true,
+      backupId: record.id,
+      storagePath,
+      sizeBytes: encryptedSize,
+    };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    failBackup(record.id, message);
+    return {
+      success: false,
+      backupId: record.id,
+      error: message,
+    };
+  } finally {
+    // Clean up temp directory
+    try {
+      rmSync(tempDir, { recursive: true, force: true });
+    } catch {
+      // Best effort cleanup
+    }
+  }
+}
+
+/**
+ * Schedule intervals in milliseconds
+ */
+const SCHEDULE_INTERVALS: Record<BackupSchedule, number> = {
+  hourly: 60 * 60 * 1000,
+  daily: 24 * 60 * 60 * 1000,
+  weekly: 7 * 24 * 60 * 60 * 1000,
+  monthly: 30 * 24 * 60 * 60 * 1000,
+  manual: Number.POSITIVE_INFINITY,
+};
+
+/**
+ * Check if a module is due for backup based on its schedule
+ */
+export function isBackupDue(moduleId: string, schedule: BackupSchedule): boolean {
+  if (schedule === 'manual') return false;
+
+  const existing = listBackups({ moduleId, limit: 1 });
+  const lastBackup = existing.find(
+    (b) => b.moduleId === moduleId && b.status === 'completed' && b.backupType === 'module_data',
+  );
+
+  if (!lastBackup) return true;
+
+  const elapsed = Date.now() - new Date(lastBackup.startedAt).getTime();
+  return elapsed >= SCHEDULE_INTERVALS[schedule];
+}
+
+/**
+ * Find all installed modules that have an on_backup hook
+ */
+export function findBackupEligibleModules(): Array<{
+  module: typeof modules.$inferSelect;
+  manifest: ModuleManifest;
+}> {
+  const db = getDb();
+  const allModules = db.select().from(modules).all();
+
+  const eligible: Array<{
+    module: typeof modules.$inferSelect;
+    manifest: ModuleManifest;
+  }> = [];
+
+  for (const mod of allModules) {
+    if (mod.state !== 'INSTALLED' && mod.state !== 'VERIFIED') continue;
+
+    const manifest = mod.manifestData as unknown as ModuleManifest;
+    if (!manifest.hooks?.on_backup) continue;
+
+    eligible.push({ module: mod, manifest });
+  }
+
+  return eligible;
+}
+
+/**
+ * Build config and secret maps for a module (same pattern as health-runner.ts)
+ */
+async function buildModuleContext(moduleId: string): Promise<{
+  configMap: Record<string, unknown>;
+  secretMap: Record<string, string>;
+}> {
+  const db = getDb();
+
+  const configs = db.select().from(moduleConfigs).where(eq(moduleConfigs.moduleId, moduleId)).all();
+  const configMap: Record<string, unknown> = {};
+  for (const c of configs) {
+    configMap[c.key] = c.valueJson ? JSON.parse(c.valueJson) : c.value;
+  }
+
+  const secretRecords = db
+    .select()
+    .from(secretsTable)
+    .where(eq(secretsTable.moduleId, moduleId))
+    .all();
+  const masterKey = await getOrCreateMasterKey();
+  const secretMap: Record<string, string> = {};
+  for (const s of secretRecords) {
+    secretMap[s.name] = decryptSecret(
+      { encryptedValue: s.encryptedValue, iv: s.iv, authTag: s.authTag },
+      masterKey,
+    );
+  }
+
+  return { configMap, secretMap };
+}
+
+/**
+ * Create a module data backup by executing its on_backup hook
+ */
+export async function createModuleBackup(
+  moduleId: string,
+  options: BackupCreateOptions = {},
+): Promise<BackupCreateResult> {
+  const db = getDb();
+  const mod = db.select().from(modules).where(eq(modules.id, moduleId)).get();
+  if (!mod) {
+    return { success: false, error: `Module not found: ${moduleId}` };
+  }
+
+  const manifest = mod.manifestData as unknown as ModuleManifest;
+  const hookDef = manifest.hooks?.on_backup;
+  if (!hookDef) {
+    return { success: false, error: `Module '${moduleId}' has no on_backup hook` };
+  }
+
+  const storage = resolveStorage(options.storageId);
+  const provider = await createStorageProvider(storage.id);
+
+  const now = new Date();
+  const dateDir = now.toISOString().slice(0, 10);
+  const timestamp = now.toISOString().replace(/[:.]/g, '-');
+  const storagePath = `${dateDir}/${moduleId}-${timestamp}.backup`;
+
+  const record = createBackupRecord({
+    moduleId,
+    storageId: storage.id,
+    storagePath,
+    backupType: 'module_data',
+    moduleVersion: manifest.version,
+  });
+
+  const tempDir = join(tmpdir(), `celilo-backup-${record.id}`);
+  const backupDir = join(tempDir, 'artifacts');
+
+  try {
+    mkdirSync(backupDir, { recursive: true });
+
+    // Build context for hook execution
+    const { configMap, secretMap } = await buildModuleContext(moduleId);
+    const logger = createConsoleLogger(moduleId, 'on_backup');
+
+    // Execute on_backup hook — it writes artifacts to backupDir
+    const hookResult = await invokeHook(
+      mod.sourcePath,
+      'on_backup',
+      manifest.celilo_contract,
+      hookDef,
+      { backup_dir: backupDir },
+      configMap,
+      secretMap,
+      logger,
+      {
+        debug: false,
+      },
+    );
+
+    if (!hookResult.success) {
+      failBackup(record.id, hookResult.error ?? 'on_backup hook failed');
+      return {
+        success: false,
+        backupId: record.id,
+        error: hookResult.error ?? 'on_backup hook failed',
+      };
+    }
+
+    // Tar the backup artifacts
+    const tarPath = join(tempDir, 'backup.tar');
+    const { execSync } = await import('node:child_process');
+    execSync(`tar -cf ${shellEscape(tarPath)} -C ${shellEscape(backupDir)} .`);
+
+    // Encrypt the tar
+    const tarData = readFileSync(tarPath);
+    const masterKey = await getOrCreateMasterKey();
+    const encrypted = encryptSecret(tarData.toString('base64'), masterKey);
+
+    const encryptedPath = join(tempDir, 'backup.tar.enc');
+    writeFileSync(encryptedPath, JSON.stringify(encrypted));
+
+    const encryptedSize = statSync(encryptedPath).size;
+
+    // Upload to storage
+    await provider.upload(encryptedPath, storagePath);
+
+    // Extract schema_version from hook outputs (optional)
+    const schemaVersion =
+      typeof hookResult.outputs.schema_version === 'string'
+        ? hookResult.outputs.schema_version
+        : undefined;
+
+    // Mark backup as completed
+    completeBackup(record.id, {
+      sizeBytes: encryptedSize,
+      metadata: {
+        artifactCount: hookResult.outputs.artifact_count,
+        originalSizeBytes: tarData.length,
+      },
+      schemaVersion,
+    });
+
+    return {
+      success: true,
+      backupId: record.id,
+      storagePath,
+      sizeBytes: encryptedSize,
+      schemaVersion,
+    };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    failBackup(record.id, message);
+    return {
+      success: false,
+      backupId: record.id,
+      error: message,
+    };
+  } finally {
+    try {
+      rmSync(tempDir, { recursive: true, force: true });
+    } catch {
+      // Best effort cleanup
+    }
+  }
+}
+
+export interface ImportBackupOptions {
+  storageId?: string;
+  schemaVersion?: string;
+  name?: string;
+}
+
+/**
+ * Import a local file as a module backup (bypasses on_backup hook).
+ * The file is placed into the backup archive as `db.sqlite`, matching
+ * the artifact name produced by the on_backup hook.
+ */
+export async function importModuleBackup(
+  filePath: string,
+  moduleId: string,
+  options: ImportBackupOptions = {},
+): Promise<BackupCreateResult> {
+  const db = getDb();
+  const mod = db.select().from(modules).where(eq(modules.id, moduleId)).get();
+  if (!mod) {
+    return { success: false, error: `Module not found: ${moduleId}` };
+  }
+
+  if (!existsSync(filePath)) {
+    return { success: false, error: `File not found: ${filePath}` };
+  }
+
+  const manifest = mod.manifestData as unknown as ModuleManifest;
+  const storage = resolveStorage(options.storageId);
+  const provider = await createStorageProvider(storage.id);
+
+  const now = new Date();
+  const dateDir = now.toISOString().slice(0, 10);
+  const timestamp = now.toISOString().replace(/[:.]/g, '-');
+  const storagePath = `${dateDir}/${moduleId}-${timestamp}.backup`;
+
+  const record = createBackupRecord({
+    moduleId,
+    storageId: storage.id,
+    storagePath,
+    backupType: 'module_data',
+    moduleVersion: manifest.version,
+  });
+
+  const tempDir = join(tmpdir(), `celilo-backup-${record.id}`);
+  const artifactDir = join(tempDir, 'artifacts');
+
+  try {
+    mkdirSync(artifactDir, { recursive: true });
+
+    // Copy the file as db.sqlite (matching on_backup hook output)
+    const destPath = join(artifactDir, 'db.sqlite');
+    copyFileSync(filePath, destPath);
+
+    // If the module has an on_backup_analyze hook, invoke it to extract metadata
+    let analyzedSchemaVersion: string | undefined = options.schemaVersion;
+    let analyzedMetadata: Record<string, unknown> = {
+      artifactCount: '1',
+      originalSizeBytes: 0,
+      importedFrom: filePath,
+    };
+
+    const analyzeHook = manifest.hooks?.on_backup_analyze;
+    if (analyzeHook) {
+      const { configMap, secretMap } = await buildModuleContext(moduleId);
+      const logger = createConsoleLogger(moduleId, 'on_backup_analyze');
+
+      const analyzeResult = await invokeHook(
+        mod.sourcePath,
+        'on_backup_analyze',
+        manifest.celilo_contract,
+        analyzeHook,
+        { artifact_path: destPath },
+        configMap,
+        secretMap,
+        logger,
+        {
+          debug: false,
+        },
+      );
+
+      if (analyzeResult.success) {
+        // Extract schema_version from hook outputs if available
+        if (typeof analyzeResult.outputs.schema_version === 'string') {
+          analyzedSchemaVersion = analyzeResult.outputs.schema_version;
+        }
+        // Merge all hook outputs into metadata
+        analyzedMetadata = {
+          ...analyzedMetadata,
+          ...analyzeResult.outputs,
+          importedFrom: filePath,
+        };
+      } else {
+        // Hook failed - log warning but continue with import
+        console.warn(
+          `Warning: on_backup_analyze hook failed: ${analyzeResult.error}. Continuing with manual metadata.`,
+        );
+      }
+    }
+
+    // Tar the artifacts
+    const tarPath = join(tempDir, 'backup.tar');
+    const { execSync } = await import('node:child_process');
+    execSync(`tar -cf ${shellEscape(tarPath)} -C ${shellEscape(artifactDir)} .`);
+
+    // Encrypt the tar
+    const tarData = readFileSync(tarPath);
+    const masterKey = await getOrCreateMasterKey();
+    const encrypted = encryptSecret(tarData.toString('base64'), masterKey);
+
+    const encryptedPath = join(tempDir, 'backup.tar.enc');
+    writeFileSync(encryptedPath, JSON.stringify(encrypted));
+
+    const encryptedSize = statSync(encryptedPath).size;
+
+    // Upload to storage
+    await provider.upload(encryptedPath, storagePath);
+
+    // Mark backup as completed
+    completeBackup(record.id, {
+      sizeBytes: encryptedSize,
+      metadata: {
+        ...analyzedMetadata,
+        originalSizeBytes: tarData.length,
+      },
+      schemaVersion: analyzedSchemaVersion,
+    });
+
+    // Set human-readable name if provided
+    if (options.name) {
+      const { updateBackupName } = await import('./backup-metadata');
+      updateBackupName(record.id, options.name);
+    }
+
+    return {
+      success: true,
+      backupId: record.id,
+      storagePath,
+      sizeBytes: encryptedSize,
+      schemaVersion: analyzedSchemaVersion,
+    };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    failBackup(record.id, message);
+    return {
+      success: false,
+      backupId: record.id,
+      error: message,
+    };
+  } finally {
+    try {
+      rmSync(tempDir, { recursive: true, force: true });
+    } catch {
+      // Best effort cleanup
+    }
+  }
+}