@celilo/cli 0.1.5 → 0.1.6

package/drizzle/0004_caddy_hostname_list.sql

@@ -0,0 +1,25 @@
+-- Caddy hostname list refactor (CADDY_HOSTNAME_LIST design).
+-- web_routes used to carry `subdomain` + `custom_domain` and a flat
+-- unique index on `path`. The new model has a single `hostname` FQDN
+-- and a (hostname, path) unique index. Phase 0 / no production users
+-- means this is a destructive migration — modules repopulate routes
+-- on their next deploy after the migration runs.
+DROP TABLE IF EXISTS `web_routes`;
+--> statement-breakpoint
+CREATE TABLE `web_routes` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`slug` text NOT NULL,
+	`module_id` text NOT NULL,
+	`type` text NOT NULL,
+	`path` text NOT NULL,
+	`hostname` text NOT NULL,
+	`target_host` text,
+	`target_port` integer,
+	`websocket` integer DEFAULT false NOT NULL,
+	`content_hash` text,
+	`created_at` integer DEFAULT (unixepoch()) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch()) NOT NULL,
+	FOREIGN KEY (`module_id`) REFERENCES `modules`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `web_routes_hostname_path_idx` ON `web_routes` (`hostname`,`path`);

package/drizzle/meta/_journal.json

@@ -22,6 +22,20 @@
       "when": 1774881303520,
       "tag": "0002_web_routes",
       "breakpoints": true
+    },
+    {
+      "idx": 3,
+      "version": "6",
+      "when": 1774924800000,
+      "tag": "0003_backup_storage",
+      "breakpoints": true
+    },
+    {
+      "idx": 4,
+      "version": "6",
+      "when": 1777680000000,
+      "tag": "0004_caddy_hostname_list",
+      "breakpoints": true
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@celilo/cli",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "Celilo — home lab orchestration CLI",
   "type": "module",
   "bin": {
@@ -46,10 +46,15 @@
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.1024.0",
-    "@clack/prompts": "^1.1.0",
     "@celilo/capabilities": "^0.1.2",
+    "@celilo/cli-display": "0.1.0",
+    "@clack/prompts": "^1.1.0",
     "ajv": "^8.18.0",
     "drizzle-orm": "^0.36.4",
+    "ink": "^7.0.1",
+    "ink-spinner": "^5.0.0",
+    "ink-text-input": "^6.0.0",
+    "react": "^19.2.5",
     "tar": "^7.5.10",
     "xxhash-wasm": "^1.1.0",
     "yaml": "^2.8.2",
@@ -58,7 +63,9 @@
   "devDependencies": {
     "@biomejs/biome": "^1.9.4",
     "@types/bun": "^1.1.14",
+    "@types/react": "^19.2.14",
     "drizzle-kit": "^0.30.0",
+    "ink-testing-library": "^4.0.0",
     "typescript": "^5.9.3",
     "zod-to-json-schema": "^3.25.2"
   }

package/src/ansible/inventory.test.ts

@@ -75,13 +75,14 @@ describe('generateHostsIni', () => {
   });
 
   test('includes SSH private key file path when provided', () => {
+    const keyPath = '/tmp/celilo-ansible-keys/machine-machine-1.key';
     const hosts: InventoryHost[] = [
       {
         hostname: 'machine-host',
         ansibleHost: '192.168.1.100',
         ansibleUser: 'ubuntu',
         groups: ['machines'],
-        ansibleSshPrivateKeyFile: '/var/lib/celilo/tmp/ansible-keys/machine-machine-1.key',
+        ansibleSshPrivateKeyFile: keyPath,
       },
     ];
 
@@ -89,7 +90,7 @@ describe('generateHostsIni', () => {
 
     expect(result).toContain('[machines]');
     expect(result).toContain(
-      'machine-host ansible_host=192.168.1.100 ansible_user=ubuntu ansible_ssh_private_key_file=/var/lib/celilo/tmp/ansible-keys/machine-machine-1.key',
+      `machine-host ansible_host=192.168.1.100 ansible_user=ubuntu ansible_ssh_private_key_file=${keyPath}`,
     );
   });
 });

package/src/ansible/inventory.ts

@@ -66,7 +66,11 @@ export function generateHostsIni(hosts: InventoryHost[]): string {
   // Add [all:vars] section with common variables
   lines.push('[all:vars]');
   lines.push('ansible_python_interpreter=/usr/bin/python3');
-  lines.push('ansible_ssh_common_args=-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null');
+  // Disable ControlMaster to avoid Python format string issues with ControlPath
+  // ControlPath uses %h, %p, %r placeholders which trigger Python's % formatter
+  lines.push(
+    'ansible_ssh_common_args=-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ControlMaster=no',
+  );
   lines.push('');
 
   return lines.join('\n');

package/src/capabilities/public-web-helpers.test.ts

@@ -101,11 +101,11 @@ describe('validatePublishStaticSiteRequest', () => {
     expect(result.errors).toEqual([]);
   });
 
-  test('accepts a request with optional clientConfig and subdomain', () => {
+  test('accepts a request with optional clientConfig and hostname', () => {
     const result = validatePublishStaticSiteRequest(
       basePublishRequest({
         clientConfig: { FOO: 'bar' },
-        subdomain: 'app',
+        hostname: 'app.iamtheinternet.org',
       }),
     );
     expect(result.valid).toBe(true);

package/src/capabilities/public-web-publish.test.ts

@@ -53,9 +53,9 @@ function makeRouteOps(): { ops: RouteOps; routes: WebRoute[] } {
         moduleId: route.moduleId,
         type: route.type,
         path: route.path,
+        hostname: route.hostname,
         targetHost: route.targetHost ?? null,
         targetPort: route.targetPort ?? null,
-        subdomain: route.subdomain ?? null,
         websocket: route.websocket ?? false,
         contentHash: route.contentHash ?? null,
         createdAt: existing >= 0 ? routes[existing].createdAt : now,
@@ -116,6 +116,9 @@ describe('publishStaticSite — clientConfig injection', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     const result = await cap.publishStaticSite({
@@ -157,6 +160,9 @@ describe('publishStaticSite — clientConfig injection', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     await cap.publishStaticSite({
@@ -181,6 +187,9 @@ describe('publishStaticSite — clientConfig injection', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     await cap.publishStaticSite({
@@ -208,6 +217,9 @@ describe('publishStaticSite — clientConfig injection', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     await expect(
@@ -232,6 +244,9 @@ describe('publishStaticSite — clientConfig injection', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     await expect(
@@ -268,6 +283,9 @@ describe('registerReverseProxy', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     const result = await cap.registerReverseProxy({
@@ -301,6 +319,9 @@ describe('registerReverseProxy', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     await expect(
@@ -344,6 +365,9 @@ describe('auto-logging — end-to-end through createPublicWeb', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     await cap.register_route({
@@ -375,6 +399,9 @@ describe('auto-logging — end-to-end through createPublicWeb', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     // Bad path triggers the validator inside register_route, which
@@ -407,6 +434,9 @@ describe('auto-logging — end-to-end through createPublicWeb', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     await cap.publishStaticSite({ path: '/lunacycle', sourceDir });
@@ -439,6 +469,9 @@ describe('auto-logging — end-to-end through createPublicWeb', () => {
       },
       secrets: {},
       routeOps: ops,
+      hostnames: ['www.example.com'],
+      caddyModuleId: 'caddy',
+      dnsManagedDomains: ['www.example.com'],
     });
 
     await cap.register_route({

package/src/cli/cli.test.ts

@@ -574,12 +574,12 @@ secrets:
   });
 
   describe('module import', () => {
-    test('should error on missing path', async () => {
+    test('should error on missing subcommand', async () => {
       const result = await runCli(['node', 'celilo', 'module', 'import']);
 
       expect(result.success).toBe(false);
       if (result.success) return;
-      expect(result.error).toContain('Missing required arguments');
+      expect(result.error).toContain('Subcommand required');
     });
 
     test('should error on non-existent path', async () => {

package/src/cli/command-registry.ts

@@ -66,6 +66,32 @@ export const COMMANDS: CommandDef[] = [
     name: 'status',
     description: 'Show system and module status',
   },
+  {
+    name: 'audit',
+    description: 'Top-level alias for `system audit`',
+    flags: [
+      {
+        name: 'json',
+        description: 'Output a stable JSON schema instead of the human-readable table',
+        takesValue: false,
+      },
+      {
+        name: 'tui',
+        description: 'Force the interactive TUI (default when stdout is a terminal)',
+        takesValue: false,
+      },
+      {
+        name: 'no-tui',
+        description: 'Force the static text report even when stdout is a terminal',
+        takesValue: false,
+      },
+      {
+        name: 'theme',
+        description: 'TUI color theme (dark|light); defaults to dark',
+        takesValue: true,
+      },
+    ],
+  },
   {
     name: 'capability',
     description: 'View registered module capabilities',
@@ -87,8 +113,26 @@ export const COMMANDS: CommandDef[] = [
     subcommands: [
       {
         name: 'import',
-        description: 'Import module from directory or package',
-        args: [{ name: 'path', description: 'Module path', completion: 'directories' }],
+        description: 'Import a module (file <path> | public-registry <name>)',
+        subcommands: [
+          {
+            name: 'file',
+            description: 'Import from local filesystem',
+            args: [{ name: 'path', description: 'Module path', completion: 'directories' }],
+          },
+          {
+            name: 'public-registry',
+            description: 'Import from celilo.computer registry',
+            args: [{ name: 'name', description: 'Module name' }],
+            flags: [
+              {
+                name: 'registry',
+                description: 'Registry URL (overrides default celilo.computer)',
+                takesValue: true,
+              },
+            ],
+          },
+        ],
         flags: [
           {
             name: 'target',
@@ -141,8 +185,15 @@ export const COMMANDS: CommandDef[] = [
         ],
       },
       {
+        name: 'verify',
+        description: 'Verify module integrity (signature + checksums)',
+        args: [{ name: 'id', description: 'Module ID', completion: 'module_ids' }],
+      },
+      {
+        // Deprecation alias for `module verify`. Removed after one
+        // release cycle. See CELILO_UPDATE D11.
         name: 'audit',
-        description: 'Verify module integrity',
+        description: 'DEPRECATED — use `module verify` instead',
         args: [{ name: 'id', description: 'Module ID', completion: 'module_ids' }],
       },
       {
@@ -277,6 +328,41 @@ export const COMMANDS: CommandDef[] = [
           },
         ],
       },
+      {
+        name: 'install',
+        description: 'Download and import a module from the registry',
+        args: [{ name: 'name', description: 'Module name' }],
+        flags: [{ name: 'registry', description: 'Registry URL', takesValue: true }],
+      },
+      {
+        name: 'search',
+        description: 'Search the module registry',
+        args: [{ name: 'query', description: 'Search query (optional)' }],
+        flags: [
+          { name: 'registry', description: 'Registry URL', takesValue: true },
+          { name: 'limit', description: 'Max results', takesValue: true },
+        ],
+      },
+      {
+        name: 'publish',
+        description: 'Build and publish a module to the registry',
+        args: [{ name: 'module-dir', description: 'Module directory', completion: 'directories' }],
+        flags: [
+          { name: 'token', description: 'Publish token', takesValue: true },
+          { name: 'registry', description: 'Registry URL', takesValue: true },
+          { name: 'revision', description: 'Package revision number', takesValue: true },
+          {
+            name: 'message',
+            description: 'One-line release note stamped into release.json',
+            takesValue: true,
+          },
+          {
+            name: 'allow-dirty',
+            description: 'Bypass the clean-working-tree check (emergency publish)',
+            takesValue: false,
+          },
+        ],
+      },
     ],
   },
   {
@@ -500,6 +586,63 @@ export const COMMANDS: CommandDef[] = [
         ],
       },
       { name: 'vault-password', description: 'Display Ansible vault password' },
+      {
+        name: 'audit',
+        description: 'Report system-wide drift (no mutations)',
+        flags: [
+          {
+            name: 'json',
+            description: 'Output a stable JSON schema instead of the human-readable table',
+            takesValue: false,
+          },
+          {
+            name: 'tui',
+            description: 'Force the interactive TUI (default when stdout is a terminal)',
+            takesValue: false,
+          },
+          {
+            name: 'no-tui',
+            description: 'Force the static text report even when stdout is a terminal',
+            takesValue: false,
+          },
+          {
+            name: 'theme',
+            description: 'TUI color theme (dark|light); defaults to dark',
+            takesValue: true,
+          },
+        ],
+      },
+      {
+        name: 'update',
+        description: 'Bring the system to the audit-determined READY state',
+        flags: [
+          {
+            name: 'module',
+            description: 'Restrict the run to a single module',
+            takesValue: true,
+          },
+          {
+            name: 'dry-run',
+            description: 'Print the plan without executing',
+            takesValue: false,
+          },
+          {
+            name: 'no-backup',
+            description: 'Skip pre-update backups (requires explicit acknowledgement)',
+            takesValue: false,
+          },
+          {
+            name: 'allow-destructive',
+            description: 'Allow destructive terraform plans through',
+            takesValue: false,
+          },
+          {
+            name: 'json',
+            description: 'Output a stable JSON schema instead of the human-readable summary',
+            takesValue: false,
+          },
+        ],
+      },
     ],
   },
   {

package/src/cli/command-tree-parser.test.ts

@@ -19,7 +19,7 @@ describe('CommandTreeParser', () => {
       CELILO_DB_PATH: ctx.dbPath,
       CELILO_DATA_DIR: ctx.dataDir,
     });
-    parser = new CommandTreeParser(ctx.cli);
+    parser = new CommandTreeParser(cli);
   });
 
   afterEach(async () => {

package/src/cli/command-tree-parser.ts

@@ -5,7 +5,7 @@
  * Used for automated completion testing to ensure 100% coverage.
  */
 
-import { runCli } from '../test-utils/cli';
+import type { CLIContext } from '../test-utils/cli-context';
 
 /**
  * A node in the command tree
@@ -21,7 +21,7 @@ export interface CommandNode {
  * Parser that discovers command structure from help text
  */
 export class CommandTreeParser {
-  constructor(private cli: string) {}
+  constructor(private cli: CLIContext) {}
 
   /**
    * Discover all commands by parsing help output
@@ -30,15 +30,15 @@ export class CommandTreeParser {
    */
   async discover(): Promise<Map<string, CommandNode>> {
     // Get top-level commands
-    const helpOutput = runCli(this.cli, '--help');
-    const topLevelCommands = this.parseHelpText(helpOutput);
+    const helpResult = await this.cli.run('--help');
+    const topLevelCommands = this.parseHelpText(helpResult.stdout);
     const tree = new Map<string, CommandNode>();
 
     // For each top-level command, discover its subcommands
     for (const cmdName of topLevelCommands) {
       try {
-        const subHelpOutput = runCli(this.cli, `${cmdName} --help`);
-        const subcommandNames = this.parseHelpText(subHelpOutput);
+        const subHelpResult = await this.cli.run(`${cmdName} --help`);
+        const subcommandNames = this.parseHelpText(subHelpResult.stdout);
 
         // Check if subcommands are actually the same as top-level commands
         // This happens when a command like 'help' just shows the main help again
@@ -111,10 +111,11 @@ export class CommandTreeParser {
 
       // Check if we're leaving the Commands section
       // Look for major section headers that appear with little/no indentation
-      // Examples: "  Usage:", "  Options:", "  Description:", "  For command-specific help:"
+      // Examples: "Usage:", "Options:", "Description:", "  For command-specific help:"
+      // NOTE: Must NOT match nested "    Options:" (4-space indent) inside subcommand listings
       if (
         inCommandSection &&
-        /^[│\s]{0,4}(Usage|Options|Description|Examples|For|Enable):/i.test(line)
+        /^[│\s]{0,3}(Usage|Options|Description|Examples|For|Enable|Related):/i.test(line)
       ) {
         inCommandSection = false;
         continue;

package/src/cli/commands/hook-run.ts

@@ -10,14 +10,11 @@
 import { eq } from 'drizzle-orm';
 import { FuelGauge } from '../../cli/fuel-gauge';
 import { getDb } from '../../db/client';
-import { moduleConfigs, modules, secrets } from '../../db/schema';
-import { loadCapabilityFunctions } from '../../hooks/capability-loader';
-import { invokeHook } from '../../hooks/executor';
-import { createConsoleLogger } from '../../hooks/logger';
-import { createGaugeLogger } from '../../hooks/logger';
+import { modules } from '../../db/schema';
+import { createConsoleLogger, createGaugeLogger } from '../../hooks/logger';
+import { runNamedHook } from '../../hooks/run-named-hook';
+import type { HookName } from '../../hooks/types';
 import type { ModuleManifest } from '../../manifest/schema';
-import { decryptSecret } from '../../secrets/encryption';
-import { getOrCreateMasterKey } from '../../secrets/master-key';
 import { getArg, hasFlag, validateRequiredArgs } from '../parser';
 import type { CommandResult } from '../types';
 
@@ -52,19 +49,15 @@ export async function handleHookRun(
   const debug = hasFlag(flags, 'debug');
   const db = getDb();
 
-  // Look up module
+  // Surface "module not found" / "hook not in manifest" with the same
+  // error messages we used to produce inline. The runNamedHook helper
+  // returns a structured result we can format here.
   const module = db.select().from(modules).where(eq(modules.id, moduleId)).get();
   if (!module) {
-    return {
-      success: false,
-      error: `Module not found: ${moduleId}`,
-    };
+    return { success: false, error: `Module not found: ${moduleId}` };
   }
-
-  // Find hook definition in manifest
   const manifest = module.manifestData as ModuleManifest;
-  const hookDef = manifest.hooks?.[hookName as keyof typeof manifest.hooks];
-  if (!hookDef) {
+  if (!manifest.hooks?.[hookName as keyof typeof manifest.hooks]) {
     const available = Object.keys(manifest.hooks || {});
     return {
       success: false,
@@ -82,48 +75,12 @@ export async function handleHookRun(
     }
   }
 
-  // Build config map from DB
-  const configRecords = db
-    .select()
-    .from(moduleConfigs)
-    .where(eq(moduleConfigs.moduleId, moduleId))
-    .all();
-  const configMap: Record<string, unknown> = {};
-  for (const c of configRecords) {
-    configMap[c.key] = c.valueJson ? JSON.parse(c.valueJson) : c.value;
-  }
-
-  // Build secrets map from DB
-  const secretRecords = db.select().from(secrets).where(eq(secrets.moduleId, moduleId)).all();
-  const masterKey = await getOrCreateMasterKey();
-  const secretMap: Record<string, string> = {};
-  for (const s of secretRecords) {
-    secretMap[s.name] = decryptSecret(
-      { encryptedValue: s.encryptedValue, iv: s.iv, authTag: s.authTag },
-      masterKey,
-    );
-  }
-
-  const requiredCapabilities = manifest.requires.capabilities.map((c) => c.name);
-
-  // Run the hook — use console logger in debug mode, FuelGauge otherwise.
-  // The logger is constructed BEFORE loadCapabilityFunctions so the
-  // auto-logging wrapper (HOOK_API_V2 D6) can capture it for every
-  // capability call.
   if (debug) {
     const logger = createConsoleLogger(moduleId, hookName);
-    const capabilityFunctions = await loadCapabilityFunctions(moduleId, db, logger);
-    const result = await invokeHook(
-      module.sourcePath,
-      hookName,
-      manifest.celilo_contract,
-      hookDef,
+    const result = await runNamedHook(moduleId, hookName as HookName, db, logger, {
+      debug: true,
       inputs,
-      configMap,
-      secretMap,
-      logger,
-      { debug, capabilities: capabilityFunctions, requiredCapabilities },
-    );
+    });
 
     if (!result.success) {
       let errorMsg = result.error || 'Hook execution failed';
@@ -144,19 +101,11 @@ export async function handleHookRun(
   const gauge = new FuelGauge(`Running hook: ${hookName}`);
   gauge.start();
   const logger = createGaugeLogger(gauge, moduleId, hookName);
-  const capabilityFunctions = await loadCapabilityFunctions(moduleId, db, logger);
 
-  const result = await invokeHook(
-    module.sourcePath,
-    hookName,
-    manifest.celilo_contract,
-    hookDef,
+  const result = await runNamedHook(moduleId, hookName as HookName, db, logger, {
+    debug: false,
     inputs,
-    configMap,
-    secretMap,
-    logger,
-    { debug: false, capabilities: capabilityFunctions, requiredCapabilities },
-  );
+  });
 
   if (!result.success) {
     gauge.stop(false);