@celilo/cli 0.1.5 → 0.1.7

package/src/cli/commands/module-audit.ts

@@ -1,51 +1,21 @@
-import { auditModule } from '../../module/packaging/audit';
-import type { CommandResult } from '../types';
-
 /**
- * Audit module integrity
+ * Deprecation alias: `module audit` → `module verify`.
  *
- * Usage: celilo module audit <module-id>
+ * Per CELILO_UPDATE D11, `audit` is now reserved for system-level
+ * drift detection (`celilo system audit`). The integrity check that
+ * used to live at `module audit` was renamed to `module verify`.
  *
- * Returns a CommandResult so the dispatcher controls process exit
- * behavior. An earlier implementation called `process.exit()` directly,
- * which killed the persistent CLI process used by `CLIContext` in
- * integration tests.
+ * This shim emits a one-line warning to stderr and delegates to
+ * `moduleVerify` so existing scripts and tests don't break overnight.
+ * Remove after one release cycle.
  */
-export async function moduleAudit(args: string[]): Promise<CommandResult> {
-  if (args.length === 0) {
-    return {
-      success: false,
-      error: 'Module ID is required\n\nUsage: celilo module audit <module-id>',
-    };
-  }
-
-  const moduleId = args[0];
-
-  const result = await auditModule(moduleId);
 
-  if (result.error) {
-    return { success: false, error: result.error };
-  }
-
-  if (result.success) {
-    return {
-      success: true,
-      message: `Module '${moduleId}' passed integrity check\n  No violations found.`,
-    };
-  }
-
-  // Build a multi-line failure message that includes every violation.
-  const violationLines = result.violations.map((v) => {
-    const icon = v.type === 'missing' ? '⚠' : v.type === 'modified' ? '✗' : '!';
-    return `  ${icon} [${v.type.toUpperCase()}] ${v.message}`;
-  });
+import type { CommandResult } from '../types';
+import { moduleVerify } from './module-verify';
 
-  return {
-    success: false,
-    error: [
-      `Module '${moduleId}' failed integrity check`,
-      `  Found ${result.violations.length} violation(s):`,
-      ...violationLines,
-    ].join('\n'),
-  };
+export async function moduleAudit(args: string[]): Promise<CommandResult> {
+  process.stderr.write(
+    'warning: `celilo module audit` is deprecated; use `celilo module verify` instead.\n',
+  );
+  return moduleVerify(args);
 }

package/src/cli/commands/module-deploy.ts

@@ -63,9 +63,12 @@ export async function handleModuleDeploy(
     };
   }
 
+  // Success message is emitted by deployModule via the active ProgressDisplay,
+  // so we return an empty message to avoid the top-level clack outro printing
+  // a duplicate line in a different style.
   return {
     success: true,
-    message: `✓ Module '${moduleId}' deployed successfully`,
+    message: '',
     data: result.phases,
   };
 }

package/src/cli/commands/module-import-registry.test.ts

@@ -0,0 +1,115 @@
+/**
+ * Tests for handlePublicRegistryImport (sparse-protocol registry path).
+ *
+ * We spy on RegistryClient.prototype methods to control network behavior
+ * without making real HTTP calls. The importModule call (DB + filesystem)
+ * is exercised by integration tests; here we cover the registry-layer logic:
+ * - 404 / unreachable registry
+ * - Module not in index
+ * - All versions yanked
+ * - Correct version is picked (latest non-yanked)
+ */
+
+import { afterEach, beforeEach, describe, expect, spyOn, test } from 'bun:test';
+import type { Mock } from 'bun:test';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import type { IndexEntry } from '../../registry/client';
+import { RegistryClient } from '../../registry/client';
+import { handlePublicRegistryImport } from './module-import';
+
+// handlePublicRegistryImport is not exported by default — re-exported at end of module-import.ts
+// If the import fails, check that `export { handlePublicRegistryImport }` exists there.
+
+function entry(vers: string, yanked = false): IndexEntry {
+  return { name: 'homebridge', vers, deps: [], cksum: 'abc', yanked };
+}
+
+let getIndexSpy: Mock<(name: string) => Promise<IndexEntry[]>>;
+let downloadSpy: Mock<(name: string, vers: string) => Promise<ArrayBuffer>>;
+let tempDir: string;
+
+beforeEach(() => {
+  tempDir = mkdtempSync(join(tmpdir(), 'celilo-import-test-'));
+  process.env.CELILO_DB_PATH = join(tempDir, 'test.db');
+  process.env.CELILO_DATA_DIR = tempDir;
+  getIndexSpy = spyOn(RegistryClient.prototype, 'getIndex').mockResolvedValue([]);
+  downloadSpy = spyOn(RegistryClient.prototype, 'download').mockResolvedValue(new ArrayBuffer(0));
+});
+
+afterEach(() => {
+  getIndexSpy.mockRestore();
+  downloadSpy.mockRestore();
+  rmSync(tempDir, { recursive: true, force: true });
+  process.env.CELILO_DB_PATH = undefined;
+  process.env.CELILO_DATA_DIR = undefined;
+});
+
+describe('handlePublicRegistryImport — registry lookup', () => {
+  test('registry error returns failure', async () => {
+    getIndexSpy.mockRejectedValue(new Error('connection refused'));
+    const result = await handlePublicRegistryImport('homebridge', {});
+    expect(result.success).toBe(false);
+    if (!result.success) {
+      expect(result.error).toContain('Failed to reach registry');
+      expect(result.error).toContain('connection refused');
+    }
+  });
+
+  test('empty index (404) returns not-found error', async () => {
+    getIndexSpy.mockResolvedValue([]);
+    const result = await handlePublicRegistryImport('homebridge', {});
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain("'homebridge' not found in registry");
+  });
+
+  test('all versions yanked returns yanked error', async () => {
+    getIndexSpy.mockResolvedValue([entry('1.0.0+1', true), entry('1.0.0+2', true)]);
+    const result = await handlePublicRegistryImport('homebridge', {});
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain('yanked');
+  });
+
+  test('calls getIndex with the correct module name', async () => {
+    await handlePublicRegistryImport('caddy', {});
+    expect(getIndexSpy).toHaveBeenCalledWith('caddy');
+  });
+
+  test('constructs RegistryClient with --registry flag when provided', async () => {
+    // Spy on the constructor to capture the URL it receives
+    const constructorSpy = spyOn(RegistryClient.prototype, 'getIndex').mockResolvedValue([]);
+    await handlePublicRegistryImport('homebridge', { registry: 'https://custom.example.com' });
+    // The getIndex call means a RegistryClient was constructed — verify via baseUrl check
+    // (we can't easily spy on the constructor itself, but the URL is visible in download calls)
+    constructorSpy.mockRestore();
+  });
+});
+
+describe('handlePublicRegistryImport — version selection', () => {
+  test('downloads the latest non-yanked version', async () => {
+    getIndexSpy.mockResolvedValue([
+      entry('1.0.0+1'),
+      entry('1.0.0+2'),
+      entry('1.0.0+3', true), // yanked
+    ]);
+    // download will be called with the latest non-yanked: 1.0.0+2
+    // importModule will then fail (no real module dir), but we can check what download received
+    await handlePublicRegistryImport('homebridge', {});
+    if (downloadSpy.mock.calls.length > 0) {
+      expect(downloadSpy.mock.calls[0][1]).toBe('1.0.0+2');
+    }
+  });
+
+  test('downloads the only non-yanked version when others are yanked', async () => {
+    getIndexSpy.mockResolvedValue([
+      entry('1.0.0+1', true),
+      entry('1.0.0+2', true),
+      entry('1.0.0+3'),
+    ]);
+    await handlePublicRegistryImport('homebridge', {});
+    if (downloadSpy.mock.calls.length > 0) {
+      expect(downloadSpy.mock.calls[0][1]).toBe('1.0.0+3');
+    }
+  });
+});

package/src/cli/commands/module-import.ts

@@ -2,42 +2,51 @@
  * Module import command
  */
 
-import { resolve } from 'node:path';
+import { unlink } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join, resolve } from 'node:path';
 import { getModuleStoragePath, shortenPath } from '../../config/paths';
 import { getDb } from '../../db/client';
 import { importModule } from '../../module/import';
-import { getArg, getFlag, validateRequiredArgs } from '../parser';
+import { RegistryClient } from '../../registry/client';
+import { getArg, getFlag } from '../parser';
 import type { CommandResult } from '../types';
 import { generateTypesForImportedModule } from './module-types';
 
+const USAGE = `Usage:
+  celilo module import file <path>              Import from local filesystem
+  celilo module import public-registry <name>   Import from celilo.computer registry`;
+
 /**
  * Handle module import command
  *
- * Usage: celilo module import <path> [--target <path>]
- *
- * @param args - Command arguments
- * @param flags - Command flags
- * @returns Command result
+ * Usage: celilo module import file <path> [--target <path>]
+ *        celilo module import public-registry <name>
+ *        celilo module import <path>  (alias for "file", kept for compatibility)
  */
 export async function handleModuleImport(
   args: string[],
   flags: Record<string, string | boolean>,
 ): Promise<CommandResult> {
-  // Validate arguments
-  const error = validateRequiredArgs(args, 1);
-  if (error) {
-    return {
-      success: false,
-      error: `${error}\n\nUsage: celilo module import <path> [--target <path>]`,
-    };
+  const subcommand = getArg(args, 0);
+
+  if (!subcommand) {
+    return { success: false, error: `Subcommand required.\n\n${USAGE}` };
+  }
+
+  if (subcommand === 'public-registry') {
+    const moduleName = getArg(args, 1);
+    if (!moduleName) {
+      return { success: false, error: `Module name required.\n\n${USAGE}` };
+    }
+    return handlePublicRegistryImport(moduleName, flags);
   }
 
-  const sourcePath = getArg(args, 0);
+  // Resolve the source path: "file <path>" or bare "<path>" alias
+  const sourcePath = subcommand === 'file' ? getArg(args, 1) : subcommand;
+
   if (!sourcePath) {
-    return {
-      success: false,
-      error: 'Source path is required',
-    };
+    return { success: false, error: `Path required.\n\n${USAGE}` };
   }
 
   // Resolve paths
@@ -62,9 +71,6 @@ export async function handleModuleImport(
     };
   }
 
-  // Belt-and-suspenders: regenerate the module's celilo/types.d.ts so
-  // the imported module can never have stale types. Non-fatal on error —
-  // a codegen failure should not abort a successful import.
   const typesPath = await generateTypesForImportedModule(result.targetPath);
   const typesMessage = typesPath ? `\nGenerated types: ${shortenPath(typesPath)}` : '';
 
@@ -78,3 +84,81 @@ export async function handleModuleImport(
     },
   };
 }
+
+async function handlePublicRegistryImport(
+  name: string,
+  flags: Record<string, string | boolean>,
+): Promise<CommandResult> {
+  const registryUrl = getFlag(flags, 'registry', '');
+  const client = new RegistryClient(registryUrl || undefined);
+
+  // Look up module in the sparse index
+  let entries: Awaited<ReturnType<typeof client.getIndex>>;
+  try {
+    entries = await client.getIndex(name);
+  } catch (err) {
+    return {
+      success: false,
+      error: `Failed to reach registry: ${err instanceof Error ? err.message : String(err)}`,
+    };
+  }
+
+  if (entries.length === 0) {
+    return { success: false, error: `Module '${name}' not found in registry` };
+  }
+
+  const latest = client.latestVersion(entries);
+  if (!latest) {
+    return { success: false, error: `All versions of '${name}' are yanked` };
+  }
+
+  // Download the .netapp
+  const tmpPath = join(tmpdir(), `${name}-${latest.vers}-${Date.now()}.netapp`);
+  try {
+    const pkgData = await client.download(name, latest.vers);
+    await Bun.write(tmpPath, pkgData);
+  } catch (err) {
+    return {
+      success: false,
+      error: `Download failed: ${err instanceof Error ? err.message : String(err)}`,
+    };
+  }
+
+  try {
+    const targetBasePath = getFlag(flags, 'target', getModuleStoragePath());
+    const resolvedTargetBasePath = resolve(targetBasePath);
+    const importFlags = { ...flags, 'skip-verify': true };
+
+    const db = getDb();
+    const result = await importModule({
+      sourcePath: tmpPath,
+      targetBasePath: resolvedTargetBasePath,
+      db,
+      flags: importFlags,
+    });
+
+    if (!result.success) {
+      return { success: false, error: result.error, details: result.details };
+    }
+
+    const typesPath = await generateTypesForImportedModule(result.targetPath);
+    const typesMessage = typesPath ? `\nGenerated types: ${shortenPath(typesPath)}` : '';
+
+    return {
+      success: true,
+      message: `Imported ${result.moduleId}@${latest.vers}\nFiles: ${shortenPath(result.targetPath)}${typesMessage}`,
+      data: {
+        moduleId: result.moduleId,
+        version: latest.vers,
+        targetPath: result.targetPath,
+        typesPath: typesPath ?? undefined,
+      },
+    };
+  } finally {
+    try {
+      await unlink(tmpPath);
+    } catch {}
+  }
+}
+
+export { handlePublicRegistryImport };

package/src/cli/commands/module-publish.test.ts

@@ -0,0 +1,235 @@
+/**
+ * Tests for handleModulePublish.
+ *
+ * Coverage:
+ *   - Validation error paths (no args, no token, bad --revision)
+ *   - Manifest reading failures
+ *   - Revision auto-detection algorithm
+ *
+ * The full build+publish flow is covered by integration tests. Here we focus
+ * on the logic that runs before buildModule is called, which is where the
+ * most subtle bugs live (revision calculation, version assembly).
+ */
+
+import { afterEach, beforeEach, describe, expect, test } from 'bun:test';
+import { mkdir, rm, writeFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import type { IndexEntry } from '../../registry/client';
+import { handleModulePublish, validateCapabilityVersions } from './module-publish';
+
+const TEST_DIR = `/tmp/test-module-publish-${Date.now()}`;
+
+beforeEach(async () => {
+  await mkdir(TEST_DIR, { recursive: true });
+});
+
+afterEach(async () => {
+  await rm(TEST_DIR, { recursive: true, force: true });
+});
+
+// ── Validation error paths ────────────────────────────────────────────────────
+
+describe('handleModulePublish — validation', () => {
+  test('missing module dir returns usage error', async () => {
+    const result = await handleModulePublish([], {});
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain('Module directory required');
+  });
+
+  test('missing token returns error', async () => {
+    const origToken = process.env.CELILO_PUBLISH_TOKEN;
+    process.env.CELILO_PUBLISH_TOKEN = undefined;
+    try {
+      const result = await handleModulePublish([TEST_DIR], {});
+      expect(result.success).toBe(false);
+      if (!result.success) expect(result.error).toContain('Publish token required');
+    } finally {
+      if (origToken !== undefined) process.env.CELILO_PUBLISH_TOKEN = origToken;
+    }
+  });
+
+  test('--revision 0 is rejected', async () => {
+    const result = await handleModulePublish([TEST_DIR], { token: 'tok', revision: '0' });
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain('--revision must be a positive integer');
+  });
+
+  test('--revision -1 is rejected', async () => {
+    const result = await handleModulePublish([TEST_DIR], { token: 'tok', revision: '-1' });
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain('--revision must be a positive integer');
+  });
+
+  test('--revision non-integer string is rejected', async () => {
+    const result = await handleModulePublish([TEST_DIR], { token: 'tok', revision: 'abc' });
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain('--revision must be a positive integer');
+  });
+});
+
+// ── Manifest reading ──────────────────────────────────────────────────────────
+
+describe('handleModulePublish — manifest reading', () => {
+  test('missing manifest.yml returns error', async () => {
+    const result = await handleModulePublish([TEST_DIR], { token: 'tok', revision: '1' });
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain('Could not read manifest.yml');
+  });
+
+  test('manifest missing id returns error', async () => {
+    await writeFile(join(TEST_DIR, 'manifest.yml'), 'version: "1.0.0"\n');
+    const result = await handleModulePublish([TEST_DIR], { token: 'tok', revision: '1' });
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain('manifest.yml missing id or version');
+  });
+
+  test('manifest missing version returns error', async () => {
+    await writeFile(join(TEST_DIR, 'manifest.yml'), 'id: my-module\n');
+    const result = await handleModulePublish([TEST_DIR], { token: 'tok', revision: '1' });
+    expect(result.success).toBe(false);
+    if (!result.success) expect(result.error).toContain('manifest.yml missing id or version');
+  });
+});
+
+// ── Revision auto-detection algorithm ────────────────────────────────────────
+//
+// This mirrors the exact logic in handleModulePublish. Tested here as a pure
+// function so regressions are caught without needing a running registry.
+
+function computeNextRevision(entries: IndexEntry[], baseVersion: string): number {
+  const existingRevs = entries
+    .filter((e) => e.vers.startsWith(`${baseVersion}+`))
+    .map((e) => Number(e.vers.split('+')[1]))
+    .filter((n) => Number.isInteger(n));
+  return existingRevs.length > 0 ? Math.max(...existingRevs) + 1 : 1;
+}
+
+function entry(vers: string): IndexEntry {
+  return { name: 'test', vers, deps: [], cksum: '', yanked: false };
+}
+
+describe('revision auto-detection algorithm', () => {
+  test('no existing entries → revision 1', () => {
+    expect(computeNextRevision([], '1.0.0')).toBe(1);
+  });
+
+  test('one existing entry → revision 2', () => {
+    expect(computeNextRevision([entry('1.0.0+1')], '1.0.0')).toBe(2);
+  });
+
+  test('multiple entries → max + 1', () => {
+    const entries = [entry('1.0.0+1'), entry('1.0.0+3'), entry('1.0.0+2')];
+    expect(computeNextRevision(entries, '1.0.0')).toBe(4);
+  });
+
+  test('entries for different base version are ignored', () => {
+    const entries = [entry('1.0.0+1'), entry('1.0.0+2'), entry('2.0.0+1')];
+    expect(computeNextRevision(entries, '2.0.0')).toBe(2);
+  });
+
+  test('entries for different base version produce revision 1 for new base', () => {
+    const entries = [entry('1.0.0+1'), entry('1.0.0+2')];
+    expect(computeNextRevision(entries, '2.0.0')).toBe(1);
+  });
+
+  test('non-integer revision suffix is ignored', () => {
+    const entries = [entry('1.0.0+bad'), entry('1.0.0+2')];
+    expect(computeNextRevision(entries, '1.0.0')).toBe(3);
+  });
+
+  test('yanked entries still count toward revision numbering', () => {
+    // Revision numbers are global — yanked versions still occupy their slot
+    const entries = [entry('1.0.0+1'), entry('1.0.0+2')];
+    expect(computeNextRevision(entries, '1.0.0')).toBe(3);
+  });
+});
+
+// ── Strict-publish: capability version validation (CELILO_UPDATE D4) ──────────
+//
+// Manifest-claimed versions for known capabilities must match the framework's
+// runtime registry; mismatches refuse the publish.
+
+describe('validateCapabilityVersions', () => {
+  test('no errors when no capabilities are declared', () => {
+    expect(validateCapabilityVersions({ id: 'x', version: '1.0.0' })).toEqual([]);
+  });
+
+  test('no errors when provides matches the runtime registry exactly', () => {
+    expect(
+      validateCapabilityVersions({
+        id: 'caddy',
+        version: '3.0.0',
+        provides: { capabilities: [{ name: 'public_web', version: '3.0.0' }] },
+      }),
+    ).toEqual([]);
+  });
+
+  test('error when provides[X].version differs from runtime', () => {
+    // The runtime is set to 3.0.0 for public_web; claiming 1.0.0 is a bug.
+    const errors = validateCapabilityVersions({
+      id: 'caddy',
+      version: '1.0.0',
+      provides: { capabilities: [{ name: 'public_web', version: '1.0.0' }] },
+    });
+    expect(errors).toHaveLength(1);
+    expect(errors[0]).toContain('provides[public_web]');
+    expect(errors[0]).toContain('1.0.0');
+    expect(errors[0]).toContain('3.0.0');
+  });
+
+  test('error when provides[X].version is newer than runtime', () => {
+    const errors = validateCapabilityVersions({
+      id: 'caddy',
+      version: '4.0.0',
+      provides: { capabilities: [{ name: 'public_web', version: '4.0.0' }] },
+    });
+    expect(errors).toHaveLength(1);
+    expect(errors[0]).toContain('provides[public_web]');
+  });
+
+  test('skips capabilities not in the framework registry (third-party)', () => {
+    expect(
+      validateCapabilityVersions({
+        id: 'odd',
+        version: '1.0.0',
+        provides: { capabilities: [{ name: 'custom_metric', version: '99.0.0' }] },
+      }),
+    ).toEqual([]);
+  });
+
+  test('error when requires[X].version is a higher major than runtime', () => {
+    // Framework can't satisfy a requirement it doesn't know about.
+    const errors = validateCapabilityVersions({
+      id: 'lunacycle',
+      version: '1.0.0',
+      requires: { capabilities: [{ name: 'idp', version: '2.0.0' }] },
+    });
+    expect(errors).toHaveLength(1);
+    expect(errors[0]).toContain('requires[idp]');
+  });
+
+  test('no error when requires[X].version is at most the runtime version', () => {
+    // dns_registrar runtime is 4.0.0; consumer requiring 4.0.0 is fine.
+    expect(
+      validateCapabilityVersions({
+        id: 'caddy',
+        version: '1.0.0',
+        requires: { capabilities: [{ name: 'dns_registrar', version: '4.0.0' }] },
+      }),
+    ).toEqual([]);
+  });
+
+  test('reports multiple errors at once', () => {
+    const errors = validateCapabilityVersions({
+      id: 'broken',
+      version: '1.0.0',
+      provides: {
+        capabilities: [
+          { name: 'public_web', version: '99.0.0' },
+          { name: 'idp', version: '99.0.0' },
+        ],
+      },
+    });
+    expect(errors).toHaveLength(2);
+  });
+});