@celilo/cli 0.1.5 → 0.1.6

package/src/cli/commands/status.ts

@@ -13,40 +13,40 @@ import type { ModuleManifest } from '../../manifest/schema';
 import type { CommandResult } from '../types';
 
 /**
- * Determine module status based on configuration and filesystem
+ * Determine module status for display.
+ *
+ * Uses the DB state as the primary source of truth.
+ * Falls back to filesystem / config inspection for IMPORTED/CONFIGURED modules
+ * that haven't yet been deployed.
  */
 async function determineModuleStatus(
   _moduleId: string,
   manifest: ModuleManifest,
   configs: (typeof moduleConfigs.$inferSelect)[],
   generatedPath: string,
+  dbState: string,
 ): Promise<{
-  status: 'IMPORTED' | 'CONFIGURED' | 'GENERATED' | 'DEPLOYED' | 'NEEDS_UPDATE';
+  status: 'IMPORTED' | 'CONFIGURED' | 'GENERATED' | 'DEPLOYED' | 'VERIFIED' | 'NEEDS_UPDATE';
   missingCount?: number;
 }> {
-  // Check if generated directory exists and has recent files
+  // Deployed states come directly from the DB — don't infer from filesystem
+  if (dbState === 'VERIFIED') return { status: 'VERIFIED' };
+  if (dbState === 'INSTALLED') return { status: 'DEPLOYED' };
+
+  // For pre-deploy states, derive from filesystem / config
   if (existsSync(generatedPath)) {
-    // TODO: Add DEPLOYED and NEEDS_UPDATE detection
-    // For now, if generated exists, it's GENERATED
     return { status: 'GENERATED' };
   }
 
-  // Check if all required variables are set
   const requiredVars = manifest.variables?.owns?.filter((v) => v.required) || [];
   const configMap = new Map(configs.map((c) => [c.key, true]));
-
   const missingVars = requiredVars.filter((v) => !configMap.has(v.name));
 
-  if (missingVars.length === 0 && requiredVars.length > 0) {
-    return { status: 'CONFIGURED' };
-  }
-
   if (missingVars.length > 0) {
     return { status: 'IMPORTED', missingCount: missingVars.length };
   }
 
-  // No required variables, but some config set
-  if (configs.length > 0) {
+  if (requiredVars.length > 0 || configs.length > 0) {
     return { status: 'CONFIGURED' };
   }
 
@@ -116,10 +116,16 @@ export async function handleStatus(): Promise<CommandResult> {
           manifest,
           moduleConfigsList,
           generatedPath,
+          module.state,
         );
 
         // Status icon
-        const icon = statusInfo.status === 'GENERATED' ? '✓' : '⚠';
+        const icon =
+          statusInfo.status === 'VERIFIED' ||
+          statusInfo.status === 'DEPLOYED' ||
+          statusInfo.status === 'GENERATED'
+            ? '✓'
+            : '⚠';
 
         lines.push(`  ${icon} ${module.id} (v${module.version})`);
         lines.push(`    Status: ${statusInfo.status}`);
@@ -169,7 +175,11 @@ export async function handleStatus(): Promise<CommandResult> {
         }
 
         // Show when last generated (if applicable)
-        if (statusInfo.status === 'GENERATED') {
+        if (
+          statusInfo.status === 'GENERATED' ||
+          statusInfo.status === 'DEPLOYED' ||
+          statusInfo.status === 'VERIFIED'
+        ) {
           try {
             const stats = await stat(generatedPath);
             const age = Date.now() - stats.mtimeMs;
@@ -197,11 +207,11 @@ export async function handleStatus(): Promise<CommandResult> {
 
     // Legend
     lines.push('Legend:');
-    lines.push('  IMPORTED      - Module imported, not configured');
-    lines.push('  CONFIGURED    - Configuration complete, not generated');
-    lines.push('  GENERATED     - Infrastructure code generated, not deployed');
-    lines.push('  DEPLOYED      - Running in production (not yet implemented)');
-    lines.push('  NEEDS_UPDATE  - Configuration changed, needs regeneration (not yet implemented)');
+    lines.push('  IMPORTED   - Module imported, not configured');
+    lines.push('  CONFIGURED - Configuration complete, not generated');
+    lines.push('  GENERATED  - Infrastructure code generated, not deployed');
+    lines.push('  DEPLOYED   - Deployed (Ansible complete, health check pending)');
+    lines.push('  VERIFIED   - Deployed and health checks passed');
 
     return {
       success: true,

package/src/cli/commands/system-audit.test.ts

@@ -0,0 +1,138 @@
+import { describe, expect, test } from 'bun:test';
+import type { SystemAuditReport } from '../../services/audit';
+import { formatReport } from './system-audit';
+
+const baseReport = (overrides: Partial<SystemAuditReport> = {}): SystemAuditReport => ({
+  version: 1,
+  verdict: 'READY',
+  generatedAt: '2026-04-25T00:00:00.000Z',
+  findings: [],
+  ...overrides,
+});
+
+describe('formatReport', () => {
+  test('READY report calls out no drift', () => {
+    const out = formatReport(baseReport());
+    expect(out).toContain('READY');
+    expect(out).toContain('No drift detected');
+  });
+
+  test('DRIFT report lists each finding with remediation', () => {
+    const out = formatReport(
+      baseReport({
+        verdict: 'DRIFT',
+        findings: [
+          {
+            category: 'cli_version',
+            severity: 'drift',
+            code: 'cli_version_drift',
+            message: '@celilo/cli 0.1.5 → 0.1.7 available',
+            remediation: '`celilo system update` will self-update first',
+            subject: 'system',
+          },
+        ],
+      }),
+    );
+
+    expect(out).toContain('DRIFT (1 finding)');
+    expect(out).toContain('@celilo/cli 0.1.5 → 0.1.7');
+    expect(out).toContain('→ `celilo system update`');
+  });
+
+  test('BLOCKED report puts blocked findings first', () => {
+    const out = formatReport(
+      baseReport({
+        verdict: 'BLOCKED',
+        findings: [
+          {
+            category: 'cli_version',
+            severity: 'drift',
+            code: 'cli_version_drift',
+            message: 'cli is old',
+            subject: 'system',
+          },
+          {
+            category: 'schema',
+            severity: 'blocked',
+            code: 'schema_pending_migrations',
+            message: '2 pending DB migrations',
+            subject: 'system',
+          },
+        ],
+      }),
+    );
+
+    const blockedIdx = out.indexOf('BLOCKED • schema');
+    const driftIdx = out.indexOf('DRIFT • cli_version');
+    expect(blockedIdx).toBeGreaterThanOrEqual(0);
+    expect(driftIdx).toBeGreaterThan(blockedIdx);
+  });
+
+  test('groups findings by category', () => {
+    const out = formatReport(
+      baseReport({
+        verdict: 'DRIFT',
+        findings: [
+          {
+            category: 'module_versions',
+            severity: 'drift',
+            code: 'x',
+            message: 'caddy: 1.0 → 1.1',
+            subject: 'caddy',
+          },
+          {
+            category: 'module_versions',
+            severity: 'drift',
+            code: 'x',
+            message: 'iptables: 1.0 → 1.1',
+            subject: 'iptables',
+          },
+        ],
+      }),
+    );
+
+    expect(out).toContain('DRIFT • module_versions (2)');
+    expect(out).toContain('caddy: 1.0 → 1.1');
+    expect(out).toContain('iptables: 1.0 → 1.1');
+  });
+
+  test('renders details on indented lines', () => {
+    const out = formatReport(
+      baseReport({
+        verdict: 'BLOCKED',
+        findings: [
+          {
+            category: 'schema',
+            severity: 'blocked',
+            code: 'schema_pending_migrations',
+            message: '2 pending DB migrations',
+            details: '  • 0001_zones\n  • 0002_backups',
+            subject: 'system',
+          },
+        ],
+      }),
+    );
+
+    expect(out).toContain('0001_zones');
+    expect(out).toContain('0002_backups');
+  });
+
+  test('singular wording for exactly one finding', () => {
+    const out = formatReport(
+      baseReport({
+        verdict: 'DRIFT',
+        findings: [
+          {
+            category: 'cli_version',
+            severity: 'drift',
+            code: 'x',
+            message: 'cli is old',
+            subject: 'system',
+          },
+        ],
+      }),
+    );
+    expect(out).toContain('DRIFT (1 finding)');
+    expect(out).not.toContain('1 findings');
+  });
+});