@celilo/cli 0.1.5 → 0.1.6

package/src/services/health-runner.ts

@@ -8,15 +8,15 @@
 import { eq } from 'drizzle-orm';
 import { FuelGauge } from '../cli/fuel-gauge';
 import type { DbClient } from '../db/client';
-import { moduleInfrastructure, modules } from '../db/schema';
+import { modules } from '../db/schema';
 import { loadCapabilityFunctions } from '../hooks/capability-loader';
 import { invokeHook } from '../hooks/executor';
-import { createConsoleLogger, createGaugeLogger } from '../hooks/logger';
+import { loadHookConfigMap } from '../hooks/load-hook-config';
+import { createCapturingLogger, createConsoleLogger, createGaugeLogger } from '../hooks/logger';
 import type { HookResult } from '../hooks/types';
 import type { ModuleManifest } from '../manifest/schema';
 import { decryptSecret } from '../secrets/encryption';
 import { getOrCreateMasterKey } from '../secrets/master-key';
-import { getMachine } from './machine-pool';
 
 export interface HealthCheckItem {
   name: string;
@@ -34,11 +34,19 @@ export interface HealthCheckResult {
 
 /**
  * Run health checks for a single module
+ *
+ * `onProgress` (when supplied) replaces the FuelGauge animation. Used
+ * by the audit TUI to stream progress messages into its own UI rather
+ * than letting them leak to stdout before the alt-screen takes over.
  */
 export async function runModuleHealthCheck(
   moduleId: string,
   db: DbClient,
-  options: { debug?: boolean; noInteractive?: boolean } = {},
+  options: {
+    debug?: boolean;
+    noInteractive?: boolean;
+    onProgress?: (msg: string) => void;
+  } = {},
 ): Promise<HealthCheckResult> {
   const module = db.select().from(modules).where(eq(modules.id, moduleId)).get();
   if (!module) {
@@ -52,14 +60,13 @@ export async function runModuleHealthCheck(
     return { moduleId, status: 'no-checks', checks: [] };
   }
 
-  // Build config and secrets for hook context
-  const { moduleConfigs, secrets } = await import('../db/schema');
-  const configs = db.select().from(moduleConfigs).where(eq(moduleConfigs.moduleId, moduleId)).all();
-  const configMap: Record<string, unknown> = {};
-  for (const c of configs) {
-    configMap[c.key] = c.valueJson ? JSON.parse(c.valueJson) : c.value;
-  }
+  // Build config + secrets for hook context. The config map shape
+  // (including the machine-IP fallback for machine deploys) lives in
+  // a single helper so health_check, on_install/on_uninstall via
+  // run-named-hook, and capability-loader all see the same thing.
+  const configMap = await loadHookConfigMap(moduleId, db);
 
+  const { secrets } = await import('../db/schema');
   const secretRecords = db.select().from(secrets).where(eq(secrets.moduleId, moduleId)).all();
   const masterKey = await getOrCreateMasterKey();
   const secretMap: Record<string, string> = {};
@@ -70,20 +77,6 @@ export async function runModuleHealthCheck(
     );
   }
 
-  // Inject machine IP for machine-based deployments
-  const infraRecord = db
-    .select()
-    .from(moduleInfrastructure)
-    .where(eq(moduleInfrastructure.moduleId, moduleId))
-    .get();
-  if (infraRecord?.machineId) {
-    const machine = await getMachine(infraRecord.machineId);
-    if (machine) {
-      configMap['ip.primary'] = machine.ipAddress;
-      configMap.target_ip = machine.ipAddress;
-    }
-  }
-
   const requiredCapabilities = manifest.requires.capabilities.map((c) => c.name);
 
   // Run the hook. Logger is constructed BEFORE loadCapabilityFunctions
@@ -104,6 +97,25 @@ export async function runModuleHealthCheck(
       logger,
       { debug: true, capabilities: capabilityFunctions, requiredCapabilities },
     );
+  } else if (options.onProgress) {
+    // TUI mode: emit a progress message instead of drawing FuelGauge
+    // (which writes to stdout and would corrupt the alt-screen render).
+    // Use a capturing logger to absorb hook-level log lines that would
+    // otherwise leak to stdout via createConsoleLogger.
+    options.onProgress(`Checking ${moduleId}`);
+    const { logger } = createCapturingLogger();
+    const capabilityFunctions = await loadCapabilityFunctions(moduleId, db, logger);
+    hookResult = await invokeHook(
+      module.sourcePath,
+      'health_check',
+      manifest.celilo_contract,
+      hookDef,
+      {},
+      configMap,
+      secretMap,
+      logger,
+      { debug: false, capabilities: capabilityFunctions, requiredCapabilities },
+    );
   } else {
     const gauge = new FuelGauge(`Checking ${moduleId}`, {
       skipAnimation: options.noInteractive,
@@ -162,23 +174,83 @@ export async function runModuleHealthCheck(
 }
 
 /**
- * Run health checks for all deployed modules
+ * Cap on concurrent health checks. Picked small on purpose — the
+ * waits are SSH-bound, but each invocation also spins up a hook
+ * subprocess locally, and an unbounded fan-out can swamp a low-spec
+ * machine or a slow link. Four lets us overlap most network waits
+ * without thrashing.
+ */
+const HEALTH_CHECK_CONCURRENCY = 4;
+
+/**
+ * Run `worker` over `items`, with at most `cap` in flight at a time.
+ * Results land in input order. `worker` errors are wrapped by the
+ * caller — this helper does not catch them itself.
+ */
+async function mapConcurrent<T, R>(
+  items: T[],
+  cap: number,
+  worker: (item: T) => Promise<R>,
+): Promise<R[]> {
+  const results = new Array<R>(items.length);
+  let cursor = 0;
+  async function pump(): Promise<void> {
+    while (cursor < items.length) {
+      const idx = cursor++;
+      results[idx] = await worker(items[idx]);
+    }
+  }
+  const workers = Array.from({ length: Math.min(cap, items.length) }, pump);
+  await Promise.all(workers);
+  return results;
+}
+
+/**
+ * Run health checks for all deployed modules.
+ *
+ * Parallelizes per-module checks with a small concurrency cap so SSH
+ * waits overlap. Per-module failures are converted into `error`
+ * results so one bad module doesn't prevent siblings from being
+ * audited.
  */
 export async function runAllHealthChecks(
   db: DbClient,
-  options: { debug?: boolean } = {},
+  options: { debug?: boolean; onProgress?: (msg: string) => void } = {},
 ): Promise<HealthCheckResult[]> {
-  const allModules = db.select().from(modules).all();
-  const results: HealthCheckResult[] = [];
+  const eligible = db
+    .select()
+    .from(modules)
+    .all()
+    .filter((m) => ['INSTALLED', 'VERIFIED'].includes(m.state));
 
-  for (const module of allModules) {
-    // Only check modules that have been deployed
-    if (!['INSTALLED', 'VERIFIED'].includes(module.state)) {
-      continue;
-    }
-    const result = await runModuleHealthCheck(module.id, db, options);
-    results.push(result);
-  }
+  // Wrap onProgress with a "done N/M" counter so the TUI surfaces
+  // overall progress instead of flickering between the latest of
+  // four concurrent in-flight checks.
+  const total = eligible.length;
+  let done = 0;
+  const wrappedOnProgress = options.onProgress
+    ? (msg: string) => {
+        options.onProgress?.(`${msg} (${done}/${total} done)`);
+      }
+    : undefined;
+  const childOptions = { ...options, onProgress: wrappedOnProgress };
 
-  return results;
+  return mapConcurrent(eligible, HEALTH_CHECK_CONCURRENCY, async (module) => {
+    try {
+      const result = await runModuleHealthCheck(module.id, db, childOptions);
+      done++;
+      // Emit one final "N/M done" tick after each module completes,
+      // so progress moves even when no new check is starting.
+      wrappedOnProgress?.(`Checked ${module.id}`);
+      return result;
+    } catch (err) {
+      done++;
+      return {
+        moduleId: module.id,
+        status: 'error',
+        checks: [],
+        error: err instanceof Error ? err.message : String(err),
+      };
+    }
+  });
 }

package/src/services/module-build.ts

@@ -10,6 +10,7 @@
 import { existsSync, statSync } from 'node:fs';
 import { join } from 'node:path';
 import { eq } from 'drizzle-orm';
+import { log } from '../cli/prompts';
 import type { DbClient } from '../db/client';
 import { type BuildStatus, moduleBuilds, modules } from '../db/schema';
 import type { ModuleManifest } from '../manifest/schema';
@@ -90,21 +91,18 @@ async function executeBuildCommand(
   useNix: boolean,
 ): Promise<{ success: boolean; output: string; error?: string }> {
   const { executeBuildWithProgress } = await import('./build-stream');
+  const { shellEscape } = await import('../utils/shell');
 
-  let command: string;
-  let args: string[];
-
-  if (useNix) {
-    command = 'nix';
-    args = ['develop', '--command', 'bash', '-c', commandStr];
-  } else {
-    command = 'bash';
-    args = ['-c', commandStr];
-  }
+  // build-stream passes through `shell: true`, so spawn re-wraps everything in
+  // `/bin/sh -c`. If we sent ['bash', '-c', commandStr] as command+args, sh
+  // would re-parse the join — `&&` outside the inner quotes splits the chain
+  // and `bun install` runs in modulePath instead of the cd'd subdir. Pass the
+  // full command as one string so sh -c gets a single, unsplit shell command.
+  const command = useNix ? `nix develop --command bash -c ${shellEscape(commandStr)}` : commandStr;
 
   const result = await executeBuildWithProgress({
     command,
-    args,
+    args: [],
     cwd: modulePath,
   });
 
@@ -308,7 +306,7 @@ export async function buildModuleFromSource(moduleId: string, db: DbClient): Pro
 
     // Verify artifacts
     if (artifacts && artifacts.length > 0) {
-      console.log('Verifying build artifacts...');
+      log.message('Verifying build artifacts...');
       const verification = verifyBuildArtifacts(artifacts, modulePath);
       const allExist = verification.every((v) => v.exists);
 
@@ -337,7 +335,7 @@ export async function buildModuleFromSource(moduleId: string, db: DbClient): Pro
       // Display artifact info
       for (const result of verification) {
         const sizeStr = result.size ? ` (${formatBytes(result.size)})` : '';
-        console.log(`✓ Artifact verified: ${result.path}${sizeStr}`);
+        log.success(`Artifact verified: ${result.path}${sizeStr}`);
       }
 
       // Record successful build