@celilo/cli 0.3.15 → 0.3.17

package/src/cli/commands/{doctor.ts → system-doctor.ts}

@@ -1,19 +1,32 @@
 /**
- * `celilo doctor` — diagnose @celilo/* version drift between the running CLI
- * and the surrounding workspace (if any).
+ * `celilo system doctor` — diagnose system-level health for celilo:
+ *   1. System prerequisites (ansible, terraform, ssh, etc.) present
+ *      and at supported versions.
+ *   2. @celilo/* version drift between the running CLI and the
+ *      surrounding workspace (if any).
  *
- * Catches the canonical "I edited the workspace but my global celilo is
- * still running an older published version" failure mode.
+ * The canonical failures this catches:
+ *   - "I just installed celilo on a fresh box but module install is
+ *     erroring with a child-process exit 127." → prereq section.
+ *   - "I edited the workspace but my global celilo is still running
+ *     an older published version." → drift section.
  *
- * Resolution strategy:
- *   - The running CLI's package.json comes from a relative import — that
- *     anchors us to whatever copy of `@celilo/cli` is actually executing
- *     (workspace TS source or globally-installed node_modules tree).
+ * Renamed from top-level `celilo doctor` (Phase 0; no alias kept) to
+ * fit alongside `system init`, `system audit`, `system config`. See
+ * apps/celilo/designs/PREREQ_DETECTION.md.
+ *
+ * Drift resolution strategy:
+ *   - The running CLI's package.json comes from a relative import —
+ *     that anchors us to whatever copy of `@celilo/cli` is actually
+ *     executing (workspace TS source or globally-installed
+ *     node_modules tree).
  *   - For each `@celilo/*` dependency, we ask the runtime where it
- *     resolves the package's `package.json` and read the version there.
- *   - If we can find a workspace root by walking up from `process.cwd()`,
- *     we read each `packages/*\/package.json` and flag anything where the
- *     loaded version is older than the workspace.
+ *     resolves the package's `package.json` and read the version
+ *     there.
+ *   - If we can find a workspace root by walking up from
+ *     `process.cwd()`, we read each `packages/*\/package.json` and
+ *     flag anything where the loaded version is older than the
+ *     workspace.
  */
 
 import { spawnSync } from 'node:child_process';
@@ -21,6 +34,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import { createRequire } from 'node:module';
 import { dirname, join, resolve } from 'node:path';
 import cliPkg from '../../../package.json' with { type: 'json' };
+import { checkAllPrerequisites, failingPrerequisites } from '../../system/prereqs';
 import type { CommandResult } from '../types';
 
 interface CeliloPkgInfo {
@@ -247,7 +261,42 @@ function applyFix(drifted: DriftedDep[], cliRoot: string): string[] {
   return lines;
 }
 
-export async function handleDoctor(
+/**
+ * Render the system-prerequisites block: every tool from the
+ * PREREQUISITES table with its detection result, formatted into the
+ * doctor's output column-aligned style.
+ */
+function renderPrereqSection(): { lines: string[]; failingCount: number } {
+  const checks = checkAllPrerequisites();
+  const lines: string[] = [];
+
+  lines.push('System prerequisites');
+  // Right-pad column for alignment. Take the longest tool name +1
+  // for spacing.
+  const nameCol = Math.max(...checks.map((c) => c.name.length), 12);
+
+  for (const c of checks) {
+    if (c.present && c.meetsMinimum) {
+      const version = c.version ? c.version : `${ANSI.dim}(version unknown)${ANSI.reset}`;
+      lines.push(`  ${ANSI.green}✔${ANSI.reset} ${c.name.padEnd(nameCol)}  ${version}`);
+    } else if (c.present && !c.meetsMinimum) {
+      // Present but below minimum (or version-parse failed with a minimum).
+      const detail = c.version ? `${c.version} — below minimum required` : 'version unreadable';
+      lines.push(`  ${ANSI.yellow}⚠${ANSI.reset} ${c.name.padEnd(nameCol)}  ${detail}`);
+      lines.push(`    ${ANSI.dim}install: ${c.installHint}${ANSI.reset}`);
+    } else {
+      // Missing entirely.
+      lines.push(
+        `  ${ANSI.red}✗${ANSI.reset} ${c.name.padEnd(nameCol)}  ${ANSI.dim}not installed${ANSI.reset}`,
+      );
+      lines.push(`    ${ANSI.dim}install: ${c.installHint}${ANSI.reset}`);
+    }
+  }
+
+  return { lines, failingCount: failingPrerequisites(checks).length };
+}
+
+export async function handleSystemDoctor(
   _args: string[],
   flags: Record<string, string | boolean>,
 ): Promise<CommandResult> {
@@ -261,6 +310,12 @@ export async function handleDoctor(
   lines.push(`${ANSI.dim}running from ${cliRoot}${ANSI.reset}`);
   lines.push('');
 
+  // System prerequisites first — they're the most common reason a
+  // fresh management box can't run modules.
+  const prereqResult = renderPrereqSection();
+  lines.push(...prereqResult.lines);
+  lines.push('');
+
   const workspaceRoot = findWorkspaceRoot(process.cwd());
   const workspaceVersions = workspaceRoot ? collectWorkspaceVersions(workspaceRoot) : [];
   const workspaceMap = new Map(workspaceVersions.map((w) => [w.name, w]));
@@ -347,8 +402,17 @@ export async function handleDoctor(
     lines.push(...applyFix(drifted, cliRoot));
     lines.push('');
     lines.push(
-      `${ANSI.dim}Re-run \`celilo doctor\` to verify; \`bun unlink\` from each workspace dir reverses.${ANSI.reset}`,
+      `${ANSI.dim}Re-run \`celilo system doctor\` to verify; \`bun unlink\` from each workspace dir reverses.${ANSI.reset}`,
     );
+    // Note: --fix only addresses drift, not missing prereqs. If prereqs
+    // failed, surface that even on a successful --fix run.
+    if (prereqResult.failingCount > 0) {
+      return {
+        success: false,
+        error: `${prereqResult.failingCount} system prerequisite(s) missing or below minimum — install before running celilo`,
+        details: lines.join('\n'),
+      };
+    }
     return {
       success: true,
       message: lines.join('\n'),
@@ -360,23 +424,34 @@ export async function handleDoctor(
     lines.push(`${ANSI.dim}--fix: nothing to repair.${ANSI.reset}`);
   }
 
-  if (driftCount > 0 || unresolvedCount > 0) {
+  if (driftCount > 0 || unresolvedCount > 0 || prereqResult.failingCount > 0) {
     const summary: string[] = [];
+    if (prereqResult.failingCount > 0) {
+      summary.push(`${prereqResult.failingCount} prerequisite(s) missing/below-minimum`);
+    }
     if (driftCount > 0) summary.push(`${driftCount} package(s) behind workspace`);
     if (unresolvedCount > 0) summary.push(`${unresolvedCount} unresolved`);
     if (drifted.length > 0) {
       lines.push(
-        `${ANSI.dim}Run \`celilo doctor --fix\` to bun-link drifted packages from the workspace.${ANSI.reset}`,
+        `${ANSI.dim}Run \`celilo system doctor --fix\` to bun-link drifted packages from the workspace.${ANSI.reset}`,
       );
     }
+    // Distinguish prereq-only from drift-only from both — the
+    // operator's next move is different.
+    const errorPrefix =
+      driftCount === 0 && unresolvedCount === 0
+        ? 'System prerequisites missing'
+        : prereqResult.failingCount === 0
+          ? 'Drift detected'
+          : 'Issues detected';
     return {
       success: false,
-      error: `Drift detected: ${summary.join(', ')}`,
+      error: `${errorPrefix}: ${summary.join(', ')}`,
       details: lines.join('\n'),
     };
   }
 
-  lines.push(`${ANSI.green}OK${ANSI.reset} — no drift detected`);
+  lines.push(`${ANSI.green}OK${ANSI.reset} — no issues detected`);
   return {
     success: true,
     message: lines.join('\n'),

package/src/cli/completion.ts

@@ -32,7 +32,6 @@ export async function getCompletions(words: string[], current: number): Promise<
       'backup',
       'capability',
       'completion',
-      'doctor',
       'events',
       'help',
       'hook',
@@ -122,6 +121,7 @@ export async function getCompletions(words: string[], current: number): Promise<
   // Module subcommands
   if (command === 'module' && currentIndex === 1) {
     const subcommands = [
+      'check',
       'import',
       'install',
       'list',
@@ -437,7 +437,7 @@ export async function getCompletions(words: string[], current: number): Promise<
 
   // System subcommands
   if (command === 'system' && currentIndex === 1) {
-    const subcommands = ['init', 'config', 'secret', 'vault-password', 'audit', 'update'];
+    const subcommands = ['init', 'config', 'secret', 'vault-password', 'audit', 'update', 'doctor'];
     return filterSuggestions(subcommands, args[1] || '');
   }
 
@@ -518,3 +518,30 @@ _celilo() {
 compdef _celilo celilo
 `;
 }
+
+/**
+ * Generate fish completion script.
+ *
+ * Fish doesn't have an equivalent of bash's `compgen -W` or zsh's `compadd`,
+ * so we register a single dynamic completer that calls the CLI's
+ * --get-completions hook on each TAB. The CLI emits one completion per line;
+ * fish picks them up as candidates.
+ *
+ * The shell context fish exposes is `commandline -opc` (tokens before the
+ * in-progress word) plus `commandline -ct` (the in-progress word). We
+ * recombine them into the same words + cword shape the bash/zsh wrappers
+ * use, so the same TypeScript completion logic serves all three shells.
+ */
+export function generateFishCompletion(): string {
+  return `# Celilo fish completion
+function __celilo_complete
+    set -l tokens (commandline -opc)
+    set -l current (commandline -ct)
+    set -l words celilo $tokens[2..-1] $current
+    set -l cword (math (count $words) - 1)
+    celilo --get-completions $words $cword 2>/dev/null
+end
+
+complete -c celilo -f -a '(__celilo_complete)'
+`;
+}

package/src/cli/index.ts

@@ -10,7 +10,6 @@ import { COMMANDS, type CommandDef } from './command-registry';
 import { handleCapabilityInfo } from './commands/capability-info';
 import { handleCapabilityList } from './commands/capability-list';
 import { handleCompletion } from './commands/completion';
-import { handleDoctor } from './commands/doctor';
 import {
   handleEventsAck,
   handleEventsDrain,
@@ -45,6 +44,7 @@ import { handleMachineRemove } from './commands/machine-remove';
 import { handleMachineStatus } from './commands/machine-status';
 import { moduleAudit } from './commands/module-audit';
 import { handleModuleBuild } from './commands/module-build';
+import { handleModuleCheck } from './commands/module-check';
 import { handleModuleConfigGet, handleModuleConfigSet } from './commands/module-config';
 import { handleModuleDeploy } from './commands/module-deploy';
 import { handleModuleGenerate } from './commands/module-generate';
@@ -75,6 +75,7 @@ import { handleServiceVerify } from './commands/service-verify';
 import { handleStatus } from './commands/status';
 import { handleSystemAudit } from './commands/system-audit';
 import { handleSystemConfigGet, handleSystemConfigSet } from './commands/system-config';
+import { handleSystemDoctor } from './commands/system-doctor';
 import { handleSystemInit } from './commands/system-init';
 import { handleSystemSecretGet } from './commands/system-secret-get';
 import { handleSystemSecretSet } from './commands/system-secret-set';
@@ -148,7 +149,6 @@ Usage:
 
 Commands:
   status                   Show system and module status
-  doctor                   Diagnose @celilo/* version drift between the running CLI and the workspace
   audit                    Top-level alias for 'system audit'
   events                   SQLite event-bus operations (status, tail, run dispatcher, etc.)
   capability               View registered module capabilities
@@ -377,6 +377,12 @@ Registry:
       --allow-dirty                    Permit publishing from a dirty git tree
       --allow-stale                    Skip the manifest-vs-src stale-check. Use sparingly.
 
+  check [path]                         Check a module for drift against the framework (default: .)
+    Options:
+      --no-build                       Skip the TypeScript build check
+      --json                           Emit a structured Check[] payload (CI-friendly)
+      --strict                         Treat warnings as failures
+
 Examples:
   celilo module install caddy
   celilo module install namecheap --registry https://my-registry.example.com/registry
@@ -787,6 +793,8 @@ Subcommands:
   update [--module <id>] [--no-backup] [--allow-destructive] [--dry-run] [--json]
                                        Bring the system to the audit-determined READY state
 
+  doctor [--fix]                       Diagnose system prerequisites and @celilo/* version drift
+
 Runbook:
   https://celilo.computer/docs/system-update
   (offline summary in apps/celilo/docs/INDEX.md)
@@ -907,11 +915,6 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
     return handleStatus();
   }
 
-  // Handle doctor command
-  if (parsed.command === 'doctor') {
-    return handleDoctor(parsed.args, parsed.flags);
-  }
-
   // Top-level alias: `celilo audit` → `celilo system audit`
   if (parsed.command === 'audit') {
     return handleSystemAudit(parsed.args, parsed.flags);
@@ -1175,6 +1178,8 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
       }
       case 'publish':
         return handleModulePublish(parsed.args, parsed.flags);
+      case 'check':
+        return handleModuleCheck(parsed.args, parsed.flags);
       default:
         return {
           success: false,
@@ -1512,6 +1517,10 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
       return handleSystemUpdate(parsed.args, parsed.flags);
     }
 
+    if (parsed.subcommand === 'doctor') {
+      return handleSystemDoctor(parsed.args, parsed.flags);
+    }
+
     return {
       success: false,
       error: `Unknown system subcommand: ${parsed.subcommand}\n\nRun "celilo system --help" for usage`,

package/src/module/import.ts

@@ -417,8 +417,10 @@ async function installScriptDependencies(
     return;
   }
 
-  // Run bun install in the scripts directory
-  log.info('Installing script dependencies...');
+  // Run bun install in the scripts directory. The bun-install can take a
+  // few seconds on a cold cache, so we surface a status line — silent
+  // pauses look like hangs.
+  log.info('Installing dependencies for module hook scripts...');
   execSync('bun install', {
     cwd: scriptsDir,
     timeout: 120_000,

package/src/registry/client.ts

@@ -115,11 +115,24 @@ export class RegistryClient {
     version: string;
     netappPath: string;
     token: string;
+    /**
+     * One-line description from the module's manifest.yml. Optional
+     * (server tolerates absence) but recommended — it's what shows
+     * up in the registry's browse UI per
+     * apps/celilo/designs/REGISTRY_BROWSE_UI.md (Phase 2 step 0).
+     */
+    description?: string;
   }): Promise<{ ok: boolean; name: string; vers: string }> {
     const fileData = await readFile(opts.netappPath);
     const cksum = `sha256:${createHash('sha256').update(fileData).digest('hex')}`;
 
-    const meta = JSON.stringify({ name: opts.name, vers: opts.version, deps: [], cksum });
+    const meta = JSON.stringify({
+      name: opts.name,
+      vers: opts.version,
+      deps: [],
+      cksum,
+      ...(opts.description ? { description: opts.description } : {}),
+    });
     const metaBuf = Buffer.from(meta, 'utf-8');
 
     const body = Buffer.allocUnsafe(4 + metaBuf.length + 4 + fileData.length);

package/src/services/module-deploy.ts

@@ -1137,13 +1137,31 @@ async function deployModuleImpl(
           }
         }
 
-        // Inject target IP into hook config — works for both machine and container deploys
+        // Persist target_ip to moduleConfigs (not just inject into the
+        // in-memory hook context). Later hooks like on_backup build
+        // their context from the DB only, so without this they'd see
+        // no target_ip and fail with "No container IP configured".
+        // Mirrors proxmox-state-recovery.ts for the machine-deployed
+        // case.
         if (machineId) {
           const { getMachine } = await import('./machine-pool');
           const deployMachine = await getMachine(machineId);
           if (deployMachine) {
             installConfigMap['ip.primary'] = deployMachine.ipAddress;
             installConfigMap.target_ip = deployMachine.ipAddress;
+
+            await db
+              .insert(pcTable)
+              .values({
+                moduleId,
+                key: 'target_ip',
+                value: deployMachine.ipAddress,
+              })
+              .onConflictDoUpdate({
+                target: [pcTable.moduleId, pcTable.key],
+                set: { value: deployMachine.ipAddress },
+              })
+              .run();
           }
         }
 

package/src/services/module-validator/capability-versions.test.ts

@@ -0,0 +1,90 @@
+/**
+ * Strict-publish: manifest-claimed versions for known capabilities must
+ * match the framework's runtime registry. Mismatches refuse the publish
+ * and surface as failed checks in `module check`.
+ */
+
+import { describe, expect, test } from 'bun:test';
+import { validateCapabilityVersions } from './capability-versions';
+
+describe('validateCapabilityVersions', () => {
+  test('no errors when no capabilities are declared', () => {
+    expect(validateCapabilityVersions({ id: 'x', version: '1.0.0' })).toEqual([]);
+  });
+
+  test('no errors when provides matches the runtime registry exactly', () => {
+    expect(
+      validateCapabilityVersions({
+        id: 'caddy',
+        version: '3.0.0',
+        provides: { capabilities: [{ name: 'public_web', version: '3.0.0' }] },
+      }),
+    ).toEqual([]);
+  });
+
+  test('error when provides[X].version differs from runtime', () => {
+    const errors = validateCapabilityVersions({
+      id: 'caddy',
+      version: '1.0.0',
+      provides: { capabilities: [{ name: 'public_web', version: '1.0.0' }] },
+    });
+    expect(errors).toHaveLength(1);
+    expect(errors[0]).toContain('provides[public_web]');
+    expect(errors[0]).toContain('1.0.0');
+    expect(errors[0]).toContain('3.0.0');
+  });
+
+  test('error when provides[X].version is newer than runtime', () => {
+    const errors = validateCapabilityVersions({
+      id: 'caddy',
+      version: '4.0.0',
+      provides: { capabilities: [{ name: 'public_web', version: '4.0.0' }] },
+    });
+    expect(errors).toHaveLength(1);
+    expect(errors[0]).toContain('provides[public_web]');
+  });
+
+  test('skips capabilities not in the framework registry (third-party)', () => {
+    expect(
+      validateCapabilityVersions({
+        id: 'odd',
+        version: '1.0.0',
+        provides: { capabilities: [{ name: 'custom_metric', version: '99.0.0' }] },
+      }),
+    ).toEqual([]);
+  });
+
+  test('error when requires[X].version is a higher major than runtime', () => {
+    const errors = validateCapabilityVersions({
+      id: 'lunacycle',
+      version: '1.0.0',
+      requires: { capabilities: [{ name: 'idp', version: '2.0.0' }] },
+    });
+    expect(errors).toHaveLength(1);
+    expect(errors[0]).toContain('requires[idp]');
+  });
+
+  test('no error when requires[X].version is at most the runtime version', () => {
+    expect(
+      validateCapabilityVersions({
+        id: 'caddy',
+        version: '1.0.0',
+        requires: { capabilities: [{ name: 'dns_registrar', version: '4.0.0' }] },
+      }),
+    ).toEqual([]);
+  });
+
+  test('reports multiple errors at once', () => {
+    const errors = validateCapabilityVersions({
+      id: 'broken',
+      version: '1.0.0',
+      provides: {
+        capabilities: [
+          { name: 'public_web', version: '99.0.0' },
+          { name: 'idp', version: '99.0.0' },
+        ],
+      },
+    });
+    expect(errors).toHaveLength(2);
+  });
+});

package/src/services/module-validator/capability-versions.ts

@@ -0,0 +1,115 @@
+import {
+  CAPABILITY_CONTRACT_VERSIONS,
+  type KnownCapabilityName,
+  compareProviderToRuntime,
+} from '@celilo/capabilities';
+import type { Check } from './types';
+
+export interface ManifestCapabilityClaim {
+  name: string;
+  version: string;
+}
+
+export interface ManifestForCapabilityCheck {
+  id?: string;
+  version?: string;
+  provides?: { capabilities?: ManifestCapabilityClaim[] };
+  requires?: { capabilities?: ManifestCapabilityClaim[] };
+}
+
+function isKnownCapability(name: string): name is KnownCapabilityName {
+  return name in CAPABILITY_CONTRACT_VERSIONS;
+}
+
+/**
+ * Strict-publish: every `provides[X].version` must match the framework's
+ * runtime registry; every `requires[X].version` must be at most the
+ * framework's runtime version (consumers can require older minors of
+ * still-supported majors).
+ *
+ * Returns a list of human-readable error messages — empty list means OK.
+ * Used both by `module publish` (which fails on any error) and
+ * `module check` (which surfaces them as failed checks).
+ */
+export function validateCapabilityVersions(manifest: ManifestForCapabilityCheck): string[] {
+  const errors: string[] = [];
+
+  for (const p of manifest.provides?.capabilities ?? []) {
+    if (!isKnownCapability(p.name)) continue;
+    const runtime = CAPABILITY_CONTRACT_VERSIONS[p.name];
+    const r = compareProviderToRuntime(p.version, runtime);
+    if (!r.compatible) {
+      errors.push(
+        `provides[${p.name}].version is ${p.version} but framework registry is ${runtime} ` +
+          `(${r.reason}). Update the manifest, then retry.`,
+      );
+    }
+  }
+
+  for (const need of manifest.requires?.capabilities ?? []) {
+    if (!isKnownCapability(need.name)) continue;
+    const runtime = CAPABILITY_CONTRACT_VERSIONS[need.name];
+    const r = compareProviderToRuntime(need.version, runtime);
+    if (!r.compatible && r.reason === 'major_mismatch_higher') {
+      errors.push(
+        `requires[${need.name}].version is ${need.version} but framework registry is ${runtime}. Bump the framework before publishing, or lower the manifest version.`,
+      );
+    }
+  }
+
+  return errors;
+}
+
+/**
+ * Per-capability `Check[]` form for `module check`. Emits one OK row for
+ * every known capability the manifest references and one FAIL row for
+ * every mismatch. A manifest with no known-capability claims yields a
+ * single synthetic OK so the report is never empty.
+ */
+export function checkCapabilityVersions(manifest: ManifestForCapabilityCheck): Check[] {
+  const checks: Check[] = [];
+
+  for (const p of manifest.provides?.capabilities ?? []) {
+    if (!isKnownCapability(p.name)) continue;
+    const runtime = CAPABILITY_CONTRACT_VERSIONS[p.name];
+    const r = compareProviderToRuntime(p.version, runtime);
+    checks.push({
+      category: 'capability',
+      name: `provides[${p.name}]`,
+      status: r.compatible ? 'ok' : 'fail',
+      message: r.compatible
+        ? `provides ${p.name}@${p.version} matches framework registry ${runtime}`
+        : `provides ${p.name}@${p.version} but framework registry is ${runtime} (${r.reason}). Update the manifest.`,
+      currentValue: p.version,
+      suggestedValue: r.compatible ? undefined : runtime,
+    });
+  }
+
+  for (const need of manifest.requires?.capabilities ?? []) {
+    if (!isKnownCapability(need.name)) continue;
+    const runtime = CAPABILITY_CONTRACT_VERSIONS[need.name];
+    const r = compareProviderToRuntime(need.version, runtime);
+    const tooNew = !r.compatible && r.reason === 'major_mismatch_higher';
+    checks.push({
+      category: 'capability',
+      name: `requires[${need.name}]`,
+      status: tooNew ? 'fail' : 'ok',
+      message: tooNew
+        ? `requires ${need.name}@${need.version} but framework registry is ${runtime}. Bump the framework, or lower the manifest version.`
+        : `requires ${need.name}@${need.version} can be satisfied by framework registry ${runtime}`,
+      currentValue: need.version,
+      suggestedValue: tooNew ? runtime : undefined,
+    });
+  }
+
+  if (checks.length === 0) {
+    checks.push({
+      category: 'capability',
+      name: 'no known-capability claims',
+      status: 'ok',
+      message: 'manifest declares no provides/requires for known framework capabilities',
+    });
+  }
+
+  return checks;
+}

package/src/services/module-validator/contract-version.test.ts

@@ -0,0 +1,24 @@
+import { describe, expect, test } from 'bun:test';
+import { checkContractVersion } from './contract-version';
+
+describe('checkContractVersion', () => {
+  test('ok when manifest declares the latest supported contract', () => {
+    const r = checkContractVersion({ celilo_contract: '1.0' });
+    expect(r.status).toBe('ok');
+    expect(r.message).toContain('latest');
+  });
+
+  test('fail when celilo_contract field is missing entirely', () => {
+    const r = checkContractVersion({});
+    expect(r.status).toBe('fail');
+    expect(r.message).toContain('missing');
+    expect(r.suggestedValue).toBe('1.0');
+  });
+
+  test('fail when celilo_contract claims an unknown version', () => {
+    const r = checkContractVersion({ celilo_contract: '99.0' });
+    expect(r.status).toBe('fail');
+    expect(r.message).toContain('unknown');
+    expect(r.suggestedValue).toBe('1.0');
+  });
+});